IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-mboned-deprecate-interdomain-asm-05

David Mandelberg <david@mandelberg.org> Tue, 17 December 2019 17:21 UTC

Return-Path: <david@mandelberg.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E8CD120BBD for <secdir@ietfa.amsl.com>; Tue, 17 Dec 2019 09:21:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mandelberg.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ntk21W8_1XRV for <secdir@ietfa.amsl.com>; Tue, 17 Dec 2019 09:21:19 -0800 (PST)
Received: from smtp.rcn.com (smtp.rcn.com [69.168.97.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B472E120BB9 for <secdir@ietf.org>; Tue, 17 Dec 2019 09:21:19 -0800 (PST)
X_CMAE_Category: , ,
X-CNFS-Analysis: v=2.3 cv=WOMBoUkR c=1 sm=1 tr=0 a=OXtaa+9CFT7WVSERtyqzJw==:117 a=OXtaa+9CFT7WVSERtyqzJw==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=KGjhK52YXX0A:10 a=IkcTkHD0fZMA:10 a=NTnny0joGdQA:10 a=pxVhFHJ0LMsA:10 a=bmmO2AaSJ7QA:10 a=aWNCq2tAMQIAjycbqW4A:9 a=1mlC-N17ibfXqSNF:21 a=2efB-V6qrHRURD4V:21 a=QEXdDO2ut3YA:10 a=pHzHmUro8NiASowvMSCR:22 a=n87TN5wuljxrRezIQYnT:22
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
X-Authed-Username: ZHNlb21uQHJjbi5jb20=
Authentication-Results: smtp03.rcn.cmh.synacor.com header.from=david@mandelberg.org; sender-id=softfail
Authentication-Results: smtp03.rcn.cmh.synacor.com smtp.mail=david@mandelberg.org; spf=softfail; sender-id=softfail
Authentication-Results: smtp03.rcn.cmh.synacor.com header.DKIM-Signature=@mandelberg.org; dkim=pass
Authentication-Results: smtp03.rcn.cmh.synacor.com smtp.user=dseomn@rcn.com; auth=pass (LOGIN)
Received: from [209.6.43.168] ([209.6.43.168:55552] helo=uriel.mandelberg.org) by smtp.rcn.com (envelope-from <david@mandelberg.org>) (ecelerity 3.6.25.56547 r(Core:3.6.25.0)) with ESMTPSA (cipher=DHE-RSA-AES256-GCM-SHA384) id 05/1B-36082-E8E09FD5; Tue, 17 Dec 2019 12:21:18 -0500
Received: from [192.168.1.152] (DD-WRT [192.168.1.1]) by uriel.mandelberg.org (Postfix) with ESMTPSA id 22CA81C6045; Tue, 17 Dec 2019 12:21:16 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mandelberg.org; s=201909; t=1576603276; bh=aXH//XYu4cPIANIWSz7UGD6arTonmk1iL4uufb8+Cfk=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=g6kquT/tlbP0jKL+ZdgtMEngOn+ucuNyDMHS84cdmbf/EwQVSp1qZsrg26d2WMYJ5 O/O4Kx7oiLZCzH1RXNJIYIoJLwrvpQUTabxHkXoj8amknc/aujv3nIbrLDc0XkqRCi b78/dTRBsjAW26YbA57Y4Buo9DbLj+/lrb3IL+s82HlwIk3alFSWawX+CSVLaygGt5 KQGW3AnF71iCoF3gUoz/3PW5vMxzM4yuEMdnxfCeXOGkclx/4/CEwDx4EMp+WoPY8b dDPYCDPQlh+ctHHz3Q2YTNm1UNWg7U8MYUZ8qCsiPQ6t8opHf02mRLMJ1nEks9NQmZ 5KAJG0b/pIhUQ==
To: Leonard Giuliano <lenny@juniper.net>
Cc: secdir@ietf.org, iesg@ietf.org, draft-ietf-mboned-deprecate-interdomain-asm.all@ietf.org, mikael.abrahamsson@t-systems.se, tim.chown@jisc.ac.uk, tte+ietf@cs.fau.de, gjshep@gmail.com, ibagdona@gmail.com, warren@kumari.net, Colin Doyle <cdoyle@juniper.net>
References: <58b3d90c-185d-b285-865f-d02e23dd22ae@mandelberg.org> <alpine.DEB.2.02.1912170904260.17774@contrail-ubm-wing.svec1.juniper.net>
From: David Mandelberg <david@mandelberg.org>
Message-ID: <01bbde3d-dd1d-f224-e007-c6fcf33663e0@mandelberg.org>
Date: Tue, 17 Dec 2019 12:21:13 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <alpine.DEB.2.02.1912170904260.17774@contrail-ubm-wing.svec1.juniper.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/vc8kQKeFt_35Lz9oJ9kqaaLxcKQ>
Subject: Re: [secdir] secdir review of draft-ietf-mboned-deprecate-interdomain-asm-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Dec 2019 17:21:22 -0000

Yup, that answers my question, thanks.

On 12/17/19 12:14 PM, Leonard Giuliano wrote:
> David,
> 
> Thank you for your review.  BCP38 is not really relevant for multicast, as
> RPF is baked into the cake when it comes to multicast.  If anything, BCP38
> can be thought of as making unicast behave the way multicast has always
> operated, as multicast forwarding is inherently based on the source
> address.
> 
> Please let me know if this answers your question, or if I'm missing
> anything.
> 
> Thanks,
> Lenny
> 
> On Sun, 15 Dec 2019, David Mandelberg wrote:
> 
> | I have reviewed this document as part of the security directorate's
> | ongoing effort to review all IETF documents being processed by the
> | IESG.  These comments were written primarily for the benefit of the
> | security area directors.  Document editors and WG chairs should treat
> | these comments just like any other last call comments.
> |
> | The summary of the review is Ready with issues.
> |
> | Section 3.2.3 talks about using source addresses for security. Doesn't that
> | security rely on adoption of BCP38? (Or does the multicast destination address
> | make BCP38 irrelevant here?)
> |
>

v2.23.0 | Report a Bug | By Email