Re: [sidr] Benjamin Kaduk's No Objection on draft-ietf-sidr-slurm-07: (with COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Tue, 03 April 2018 00:39 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC13612DA21; Mon, 2 Apr 2018 17:39:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tq0aQkF8-FeB; Mon, 2 Apr 2018 17:39:13 -0700 (PDT)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 168A712DA25; Mon, 2 Apr 2018 17:39:10 -0700 (PDT)
X-AuditID: 1209190e-b1fff70000000cd8-bb-5ac2cd2cef9b
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 9E.7D.03288.C2DC2CA5; Mon, 2 Apr 2018 20:39:09 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id w330d3Nv031535; Mon, 2 Apr 2018 20:39:05 -0400
Received: from mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w330cvHK001769 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 2 Apr 2018 20:39:00 -0400
Date: Mon, 2 Apr 2018 19:38:57 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Di Ma <madi@rpstir.net>
Cc: The IESG <iesg@ietf.org>, morrowc@ops-netman.net, draft-ietf-sidr-slurm@ietf.org, sidr@ietf.org, sidr-chairs@ietf.org
Message-ID: <20180403003856.GY80088@mit.edu>
References: <152243246452.20520.7968873255606309518.idtracker@ietfa.amsl.com> <0D527078-A80E-4B45-AD81-CA4F840686E9@rpstir.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <0D527078-A80E-4B45-AD81-CA4F840686E9@rpstir.net>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprDKsWRmVeSWpSXmKPExsUixG6noqt79lCUwY5XfBaNF34xWcz4M5HZ onH1YkaLyws/sll8n3+B1WLZpPOMDmweS5b8ZPJ4MOkou8fqP4wBzFFcNimpOZllqUX6dglc GbPWL2IpWGNacevsTuYGxkOaXYycHBICJhJvzv5i72Lk4hASWMwkcWTCXnaQhJDABkaJk9sY IRJnmCQ+X9wNlmARUJGY+uwkK4jNBmQ3dF9mBrFFBKQlbk98wAbSwCzQxCgxc+o+sISwQLzE o3N9LCA2r4COxKtDq1ggpjYySnzZ9oINIiEocXLmE7AiZgF1iT/zLgE1cwDZ0hLL/3FAhOUl mrfOBpvJKWAn0Tn5LFi5qICyxN6+Q+wTGAVnIZk0C8mkWQiTZiGZtICRZRWjbEpulW5uYmZO cWqybnFyYl5eapGusV5uZoleakrpJkZQJHBK8u1gnNTgfYhRgINRiYe3wPVQlBBrYllxZe4h RkkOJiVR3kmHgUJ8SfkplRmJxRnxRaU5qcWHGCU4mJVEeM/tAcrxpiRWVqUW5cOkpDlYlMR5 F+3fGyUkkJ5YkpqdmlqQWgSTleHgUJLg9TsD1ChYlJqeWpGWmVOCkGbi4AQZzgM03Aukhre4 IDG3ODMdIn+KUVFKnNcJJCEAksgozYPrBSUqiez9Na8YxYFeEea1B6niASY5uO5XQIOZgAbb 5x0AGVySiJCSamA0FLkh7vdI3p+r99v/KMX5dVps195uui1RZ75GYJteZsuFNef3ahtNmZz6 KPVi9b93haULG15vPPLbvVXAiuWCuq3jjs2rrU/+uWsvKdXqaTUnq/voYvesT7J9HKu0OsM2 ngiYfNb3idchhRKW3BPBZzUN035wsZvv9bcOzJ3u4jrD6Pjhc7OUWIozEg21mIuKEwGjncd+ LwMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/7RypzpTtIeV7ooClmJb-jCKPUUw>
Subject: Re: [sidr] Benjamin Kaduk's No Objection on draft-ietf-sidr-slurm-07: (with COMMENT)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Apr 2018 00:39:16 -0000

Hi Di,

Thank you for the extra clarification.  I think that my question is
basically the same as in Warren's DISCUSS, so perhaps we should let
this thread stop and just have the discussion on that thread.

Having said that, I think my question was more about the case when
there were two differet elements in the slurmTarget array, with
different hostnames in them -- exactly as Warren lays out at the end
of his DISCUSS.

Thanks again,

Benjamin

On Sat, Mar 31, 2018 at 03:49:39AM +0800, Di Ma wrote:
> Benjamin,
> 
> Thanks very much for your comments.
> 
> I will exchange notes with co-authors on your editorial suggestions.
> 
> Yet as for your question about slurmTarget, here is the explanation.
> 
> First of all, the FQDN is used by the SLURM file distributor to determine which RP will use this slurm file, noting that RP is identified by FQDN. 
> 
> People might think this design is sort of redundancy, arguing that if the SLURM file distributor does not want a specific RP to effect SLURM, just not do that, why bother to throw this file to that RP, indicating ’this file is not for you’.
> 
> The reason why we do this is to provide the scalability for SLURM in operations.
> 
> Given a SLURM file distributor service several RPs and SLURM file need to change at times to reflect local policy. 
> 
> An easy to do so is that all the registered RPs simply synchronize with SLURM file distributor, telling from the slurmTarget to decide whether to effect ‘a specific version’ of slurm file 'this time'. 
> 
> All in all, to answer your question, if the same SLURM file is provided to multiple RPs, those RPs identified by FQDN, will first to see whether ‘this version’ of slurm file is for itself 'this time'. 
> 
> And then an RP uses this slurm file to form different views for different BGP speakers as specified by slrumtarget ASN.
> 
> BTW, as stated in the document, if the operator does not want to use slrumtarget ‘hostname’ to gain management granularity, just not put it into a slrumtarget element.
> 
> I hope my clarification is making sense here.
> 
> Di
> 
> 
> > Does this mean that if the same SLURM file is
> > provided to multiple RPs, those RPs both need to be "responsible
> > for" all the ASNs and FQDNS contained therein?  Would this present a
> > limit on the ability to reuse SLURM files for multiple recipients
> > within a single administrative domain (that may span multiple ASNs
> > and FQDNs)?
> 
> 
> 
> Di  Ma
> RPSTIR
> https://bgpsecurity.net
> 
> > 在 2018年3月31日,01:54,Benjamin Kaduk <kaduk@mit.edu> 写道:
> > 
> > Benjamin Kaduk has entered the following ballot position for
> > draft-ietf-sidr-slurm-07: No Objection
> > 
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut this
> > introductory paragraph, however.)
> > 
> > 
> > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> > for more information about IESG DISCUSS and COMMENT positions.
> > 
> > 
> > The document, along with other ballot positions, can be found here:
> > https://datatracker.ietf.org/doc/draft-ietf-sidr-slurm/
> > 
> > 
> > 
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> > 
> > The directorate reviews have some good comments, especially about expanding
> > acronyms/defining terms.
> > 
> > I think Section 3.3 would benefit from greater clarity about individual
> > components of the JSON array that is the value of the "slurmTarget" element,
> > versus that element itself.  (Also, slurmTarget appears to be mandatory, so
> > talking about cases where it is present seems strange, and presumably a
> > nonempty value being present is the desired criterion.)
> > 
> > I'm also not entirely sure I understand the intended semantics --
> > when first introduced in Section 3.2, we say that "all targets MUST
> > be acceptable to the RP".  (Presumably that includes both ASN and
> > FQDN entries.) Does this mean that if the same SLURM file is
> > provided to multiple RPs, those RPs both need to be "responsible
> > for" all the ASNs and FQDNS contained therein?  Would this present a
> > limit on the ability to reuse SLURM files for multiple recipients
> > within a single administrative domain (that may span multiple ASNs
> > and FQDNs)?
> > 
> > Some editorial suggestions follow.
> > 
> > Abstract:
> > 
> > OLD:
> > 
> >   [...] ISPs can also be able to use the RPKI to validate the
> >   path of a BGP route.
> > 
> > NEW:
> > 
> >   [...] ISPs can also use the RPKI to validate the
> >   path of a BGP route.
> > 
> > Section 3.2
> > 
> > OLD:
> >   o  A SLURM Version indication that MUST be 1
> > 
> > NEW:
> >   o  A SLURM Version indication.  This document specifies version 1.
> > 
> > Also, in
> > 
> >      *  Zero or more target elements.  In this version of SLURM, there
> >         are two types of values for the target: ASN or Fully Qualified
> >         Domain Name(FQDN).  If more than one target line is present,
> >         all targets MUST be acceptable to the RP.
> > 
> > What's the difference between a target element and a target line?
> > 
> > Section 3.5 (both subsections):
> > 
> > "is locally configured with" does not mention SLURM at all as being
> > involved in that configuration; perhaps it should.
> > 
> > Section 4.2
> > 
> >   [...] To do so, the RP MUST
> >   check the entries of SLURM file with regard to overlaps of the INR
> >   assertions and report errors to the sources that created these SLURM
> >   files in question.
> > 
> > The "report errors to the sources" part seems ineligible for
> > MUST-level requirement.
> > 
> > Also, in case of conflict, does the "MUST NOT use them" apply to all
> > SLURM files, only the ones with directly conflicting inputs, or only
> > enough files to remove the conflict?
> > 
> > Section 6
> > 
> > I'm always a little sad to see security-relevant functionality (such
> > as the transport with authenticity and integrity protection of SLRUM
> > files over the network) left as out of scope with no examples of
> > reasonable usage given.
> > 
> > I also wonder if we would benefit from a little discussion of the
> > potential routing issues that could arise from using a "broken" (or
> > deliberately adversarial) SLURM file, though I expect that the
> > target audience is probably pretty familiar with these already.
> > 
> > 
> > _______________________________________________
> > sidr mailing list
> > sidr@ietf.org
> > https://www.ietf.org/mailman/listinfo/sidr
>