IETF Logo Mail Archive

Re: [sidr] WGLC on draft-ietf-sidr-bgpsec-threats-02

Brian Dickson <brian.peter.dickson@gmail.com> Wed, 15 August 2012 20:28 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8E1E11E808A for <sidr@ietfa.amsl.com>; Wed, 15 Aug 2012 13:28:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.379
X-Spam-Level:
X-Spam-Status: No, score=-3.379 tagged_above=-999 required=5 tests=[AWL=0.219, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hdEEKzYXAilK for <sidr@ietfa.amsl.com>; Wed, 15 Aug 2012 13:28:12 -0700 (PDT)
Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id 2AC8E21F85B1 for <sidr@ietf.org>; Wed, 15 Aug 2012 13:28:12 -0700 (PDT)
Received: by wgbdr13 with SMTP id dr13so1182447wgb.13 for <sidr@ietf.org>; Wed, 15 Aug 2012 13:28:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=TaTzn8+aTmOLAyyDFCA7/sHlF0Ldsc5lRnRvCoayhzA=; b=ihoFxX/sctEae0GwpE2Rh4FDOaeWSA1jQ/pZu2/bwTRl7YnBMlUbpV8Wf3AYLK7/JU HfpULsxuN2f3VcX9MMZs44SRKAguHVJDRWOYS0WU/lb1dX+fbcONy1zqEOt+aEi8L5zH f2cwpUMHW1ttxfkSg422k23P1QPQt2gOnqL658w/Gwia2TAxNjR0gI4SuMdUnpSUVw5c EPAw3RDjLq0AYPkqwSFbFLqzHLRV0Nq6zIq2Ieh0pQcJirdNRVK0wtTXel5kCSNKFHhm 0gNQC7nYTmWaMNTOD5P9PrDWT+uBoxney1KNm8jrup3vwjyLDJ9H6PTGOGaoPL7qaZKj CfTw==
MIME-Version: 1.0
Received: by 10.216.132.25 with SMTP id n25mr10144693wei.25.1345062491034; Wed, 15 Aug 2012 13:28:11 -0700 (PDT)
Received: by 10.223.169.196 with HTTP; Wed, 15 Aug 2012 13:28:10 -0700 (PDT)
In-Reply-To: <CAH1iCipC+Gf4PGyHhUsHgL4H1d5VwvP4+rKGay6nYqfZRrQaEw@mail.gmail.com>
References: <24B20D14B2CD29478C8D5D6E9CBB29F625F5604B@Hermes.columbia.ads.sparta.com> <CAH1iCiorpj6N55B9RQCvWcTgEbUZ+Vgcr4Hhc-+h8A93U8HbHA@mail.gmail.com> <24B20D14B2CD29478C8D5D6E9CBB29F625F5FF30@Hermes.columbia.ads.sparta.com> <CAH1iCipC+Gf4PGyHhUsHgL4H1d5VwvP4+rKGay6nYqfZRrQaEw@mail.gmail.com>
Date: Wed, 15 Aug 2012 16:28:10 -0400
Message-ID: <CAH1iCiqnx4MHwSFYMHJDKKXaLi+DAKUzNpqMoELpWM6NP0RxMQ@mail.gmail.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
To: "Murphy, Sandra" <Sandra.Murphy@sparta.com>
Content-Type: multipart/alternative; boundary="0016e6dd8d69fa95f804c753c332"
Cc: "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] WGLC on draft-ietf-sidr-bgpsec-threats-02
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Aug 2012 20:28:13 -0000

s/2414/2418/ - my bad.

On Wed, Aug 15, 2012 at 4:25 PM, Brian Dickson <
brian.peter.dickson@gmail.com> wrote:

> I'll try to be more clear:
>
> I do not believe comments regarding _any_ version of the draft in
> question, have been adequately addressed (on the mailing list, or in
> person, or in the document).
>
> There are a number of topics of contention, and I believe it is the duty
> of the chairs, not my responsibility, to track the specific items in
> question.
>
> To quote from RFC 2414, section 3.3:
>
>    It is occasionally appropriate to revisit a topic, to re-evaluate
>    alternatives or to improve the group's understanding of a relevant
>    decision.  However, unnecessary repeated discussions on issues can be
>    avoided if the Chair makes sure that the main arguments in the
>    discussion (and the outcome) are summarized and archived after a
>    discussion has come to conclusion.
>
> I would respectfully point out the dates of the discussion, and a few of the subject lines, as follows:
>
> "BGP Thread Model ID" (between 10/29/2011 and 11/14/2011, covering a number of intertwined issues, where the author effectively states that he will only change the text at the direction of the Chair(s), and where there are a significant number of participants who express a desire to have the text changed.)
>
> "Route Leaks message to IDR" (3/21/2012 onward)
>
> Also, given that draft-dickson-sidr-route-leak-solns exists and has not expired, and that IDR has been asked to review the route-leaks issue, and have themselves asked GROW to take a look at it, it would be more appropriate to have the -threats- doc refer to this draft, and to the ongoing IETF process of codifying route-leaks, rather than disingenuously continuing to state that nothing codifies route-leaks in the IETF.
>
> (Technically, discussions in the mailing list archive are IETF materials, at the very least, as are current unexpired I-D docs.)
>
> Even without going into whether or not it is codified officially, the codification can easily be incorporated into the -threats- doc, in the residual threats.
>
> The importance of this is that in considering the body of work of the WG, and in particular potentially deploying BGPSEC (in whatever form it emerges), operators _must_ be given all the necessary information, including whether BGPSEC protects against threats that actually exist. Pretending the threats do not exist, by not detailing them in the "Residual Threats" section, is really not what I would consider IETF-worthy.
>
> So, in summary:
>
> - if the chairs cannot find a volunteer to summarize and track the major issues related to WG discussion (on-list and in-person) that affect the -threats- doc, their duty is to do it themselves.
>
> - I would like to see an assertion on each major issue, the following:
>
> --- has it been discussed to death?
>
> --- has consensus been reached (either way) about whether it should be included in the -threats- doc?
>
> --- has the threats doc adequately addressed the issue (and if so, in which section)?
>
> What I am contending is, that one or more issues have either reached an impasse (and thus the -threats- doc, as such, does not have rough consensus), or have a consensus which the doc does not incorporate adequately.
>
> Is that enough to act on?
>
> Oh, and in case it isn't abundantly clear:
>
> I do not support moving the document forward in its current state.
>
> Brian
>
>
> On Wed, Aug 15, 2012 at 1:56 PM, Murphy, Sandra <Sandra.Murphy@sparta.com>wrote:
>
>>  Brian, I can see that you think that some people brought up some issues
>> some time ago on some previous version(s) that have not been addressed.
>>
>> Unfortunately, that's not clear enough for the chairs or authors to take
>> action.
>>
>> It would help if you could provide more specifics.
>>
>> --Sandy, speaking as wg co-chair
>>
>>  ------------------------------
>> *From:* Brian Dickson [brian.peter.dickson@gmail.com]
>> *Sent:* Tuesday, August 14, 2012 5:20 PM
>> *To:* Murphy, Sandra
>> *Cc:* sidr@ietf.org
>> *Subject:* Re: [sidr] WGLC on draft-ietf-sidr-bgpsec-threats-02
>>
>>  I have reviewed the draft.
>>
>>  It remains vague and incomplete, in the Residual Threats section. This,
>> despite extensive discussion (since the -00 version) on the list regarding
>> very specific, very real, residual threats.
>>
>>  It not only fails to discuss them, it fails to enumerate them.
>>
>>  The extensive discussion is in the archives, and contains substantive
>> comments from at least 1/4 active participants in SIDR, including those
>> with the greatest degree of operational and/or implementation experience.
>>
>>  I would request that the WGLC be retracted until the authors decide to
>> address those previous comments.
>>
>>  Chairs: There should not be a need to re-raise the particulars - if the
>> authors got shot down before, and fail to include text or address the
>> complaints, I fail to see why they are submitting this, or the chair(s) are
>> doing a WGLC.
>>
>>  The objective of a threats model should be to model the threats, and
>> identify known weaknesses. If it is substantially incomplete, it is not
>> ready to go. It fails to accomplish its _only_ goal.
>>
>>  Excluding threats from this doc, because the solution does not address
>> them, is beyond ridiculous. It is laughable.
>>
>>  Sorry if this offends the authors. The authors' work is at issue, not
>> the authors themselves. They are fine and upstanding individuals. This ID,
>> in its current form, however, is, IMHO, junk.
>>
>>  Brian
>>
>> On Tue, Aug 14, 2012 at 12:19 PM, Murphy, Sandra <
>> Sandra.Murphy@sparta.com> wrote:
>>
>>> The authors have indicated that they believe the draft
>>>
>>> Threat Model for BGP Path Security
>>> draft-ietf-sidr-bgpsec-threats-02
>>> http://tools.ietf.org/html/draft-ietf-sidr-bgpsec-threats-02
>>>
>>> is ready for a working group last call.
>>>
>>> This starts the two week working group last call.  It will end on Aug
>>> 28.  Please review the draft and send comments to the list.
>>>
>>> --Sandy
>>> _______________________________________________
>>> sidr mailing list
>>> sidr@ietf.org
>>> https://www.ietf.org/mailman/listinfo/sidr
>>>
>>
>>
>

v2.23.0 | Report a Bug | By Email