[sidr] Implementer inputs requested (Fw: SecDir Review of draft-ietf-sidr-bgpsec-protocol-20)
"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Thu, 22 December 2016 17:42 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC6EF129621; Thu, 22 Dec 2016 09:42:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DME0GYaGjgBX; Thu, 22 Dec 2016 09:42:02 -0800 (PST)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0115.outbound.protection.outlook.com [23.103.201.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09C6E129406; Thu, 22 Dec 2016 09:42:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=7E9lDqGsbYT67LFIjkgIp6wLqaws6cYZM53Ieyda9Go=; b=CjKDU9CQ26mRoQkdnAWXJb6MTjvkJ9LSgwfaAG9nHwT6UA7y14y2snucWrI8ontq/QuNhXs5Hnx1J1eci53+L4SeAsBAAnHFDzxO23XQVc9UF+gSTlZs6gJHIxrkAvDA9gkG+f1CICbqrVAp7Be9DqDU4YNzv+sai//IMJIPS/s=
Received: from DM2PR09MB0446.namprd09.prod.outlook.com (10.161.252.145) by SN1PR09MB1006.namprd09.prod.outlook.com (10.166.69.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.803.11; Thu, 22 Dec 2016 17:41:59 +0000
Received: from DM2PR09MB0446.namprd09.prod.outlook.com ([10.161.252.145]) by DM2PR09MB0446.namprd09.prod.outlook.com ([10.161.252.145]) with mapi id 15.01.0789.018; Thu, 22 Dec 2016 17:41:59 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: sidr wg list <sidr@ietf.org>
Thread-Topic: Implementer inputs requested (Fw: SecDir Review of draft-ietf-sidr-bgpsec-protocol-20)
Thread-Index: AQHSXHqyAyzM0B3CfkavQnhoYfx3Qw==
Date: Thu, 22 Dec 2016 17:41:59 +0000
Message-ID: <DM2PR09MB0446A2C482C53D6602E2E3D784920@DM2PR09MB0446.namprd09.prod.outlook.com>
References: <D915BDA3-A15D-4445-8C18-DA155A73E0D0@vigilsec.com>, <DM2PR09MB04464E3468A02A51130A89D684920@DM2PR09MB0446.namprd09.prod.outlook.com>
In-Reply-To: <DM2PR09MB04464E3468A02A51130A89D684920@DM2PR09MB0446.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [129.6.220.81]
x-microsoft-exchange-diagnostics: 1; SN1PR09MB1006; 7:akLOHmkLQnd4SdbXNeosSXvpSTIVon6N9bTpleyQtoezmvKT32f//GhHnm7OMZHZpDJF/ZcphLSqa58NToGo5DhU/IAYjFQ9CECTM4AnzlWRalT4YGlzt7WKbgTyZQm27cQYf+9i3Ub3uOoUiCYuEoCsR1HFe1rkZYE6LyFi7ZoAhtmocIHMQqBIxz+FZ+oykhYZF7loeg98gjC7R3ZUPOiYuFG48TJdp/3K28dvlXEmbGLN72b8ooTQtis/2JDP6kILKN0kjg0yX0Us+7bKrmp5GaLDEasIrHGIwj0DkGgFKjQBx1FGsDriRD22bQVnZ8jS8LgqfBzJpSomlrn6caPLiQyYDgmDmCNGqQXVVMmVDN7nt8ktubT12w5JsNCYF0qQ1XZjnmzPfSExU617q9Z5WIYgExIELOAyRX5E5xsIOoqWLSK4hVZWrkVKIY/kB2EGA+MAQJkqWLVnJqRPAg==
x-forefront-antispam-report: SFV:SKI; SCL:-1SFV:NSPM; SFS:(10019020)(6009001)(7916002)(39410400002)(39850400002)(39450400003)(39860400002)(39840400002)(199003)(189002)(5660300001)(81166006)(110136003)(19627405001)(99286002)(105586002)(189998001)(106356001)(2906002)(106116001)(9686002)(4326007)(101416001)(54356999)(50986999)(76176999)(68736007)(3280700002)(7736002)(74316002)(66066001)(92566002)(230783001)(33656002)(25786008)(3660700001)(76576001)(102836003)(3846002)(6116002)(38730400001)(77096006)(97736004)(2900100001)(6506006)(6436002)(8936002)(6916009)(6606003)(2950100002)(81156014)(7696004)(122556002)(8676002)(86362001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR09MB1006; H:DM2PR09MB0446.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
x-ms-office365-filtering-correlation-id: 7877078f-78fb-4453-3f61-08d42a91d4b0
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:SN1PR09MB1006;
x-microsoft-antispam-prvs: <SN1PR09MB1006D2DB9F34C23082B81AB684920@SN1PR09MB1006.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(6041248)(20161123562025)(20161123560025)(20161123564025)(20161123555025)(6072148); SRVR:SN1PR09MB1006; BCL:0; PCL:0; RULEID:; SRVR:SN1PR09MB1006;
x-forefront-prvs: 01644DCF4A
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM2PR09MB0446A2C482C53D6602E2E3D784920DM2PR09MB0446namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Dec 2016 17:41:59.1065 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR09MB1006
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/KYJvlFfdOOG6IUEGFFCC3V8jW5o>
Cc: "sidr-chairs@ietf.org" <sidr-chairs@ietf.org>, Michael Baer <baerm@tislabs.com>
Subject: [sidr] Implementer inputs requested (Fw: SecDir Review of draft-ietf-sidr-bgpsec-protocol-20)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Dec 2016 17:42:04 -0000
Russ Housley had suggested these changes (#1 and #2 below) as part of his SecDir review.
But he also suggested to me to put it out on the mailing list so that
implementers in particular and anyone having an opinion can have a say.
Russ's comment:
Minor:
#1
In Section 3.2, the Signature Length within the Signature Segment does
not count the length field itself. It seems that all of the other
length values in this specification count the size of the length too.
Consistency will avoid implementation errors.
Russ's comment:
Minor:
#2
Section 2.1 says:
... The BGP speaker
sets this bit to 0 to indicate the capability to receive BGPsec
update messages. The BGP speaker sets this bit to 1 to indicate the
capability to send BGPsec update messages.
It seems a bit wasteful to repeat the whole capability for each
direction. Wouldn't it be better to follow the example used in
other capability definitions (such as RFC 7911) by using one of the
unassigned bits? The Send/Receive pair of bits would have these
semantics:
This field indicates whether the sender is (a) able to receive
BGPsec update messages from its peer (value 1), (b) able to send
BGPsec update messages to its peer (value 2), or (c) both (value 3)
for the address family identified in the AFI.
[Sriram] Observation: Two implementations exist and
they were shown to interoperate at the IETF-97 in Seoul.
The changes would cause those implementations to make code modifications.
Sriram
- [sidr] Implementer inputs requested (Fw: SecDir R… Sriram, Kotikalapudi (Fed)
- Re: [sidr] Implementer inputs requested (Fw: SecD… Borchert, Oliver (Fed)