Re: [sidr] Ben Campbell's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

"Ben Campbell" <ben@nostrum.com> Wed, 04 January 2017 16:58 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 458E21299D0; Wed, 4 Jan 2017 08:58:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5
X-Spam-Level:
X-Spam-Status: No, score=-5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-3.1] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IsJtf1euvUBO; Wed, 4 Jan 2017 08:58:57 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5D0E1299CE; Wed, 4 Jan 2017 08:58:56 -0800 (PST)
Received: from [10.0.1.39] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v04GwrA2061090 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 4 Jan 2017 10:58:54 -0600 (CST) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.39]
From: "Ben Campbell" <ben@nostrum.com>
To: "Randy Bush" <randy@psg.com>
Date: Wed, 04 Jan 2017 10:58:54 -0600
Message-ID: <661F8C18-7B04-4E88-A97A-BBA8314C3FD4@nostrum.com>
In-Reply-To: <m2d1g3mvo2.wl-randy@psg.com>
References: <148348795694.28027.8646303758093237302.idtracker@ietfa.amsl.com> <m2d1g3mvo2.wl-randy@psg.com>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed
X-Mailer: MailMate (1.9.6r5319)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/UdbqbGqEc9Tw95ROq5Cop6O7g80>
Cc: The IESG <iesg@ietf.org>, sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] Ben Campbell's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2017 16:58:58 -0000

Thanks for the quick response.

On 3 Jan 2017, at 20:00, Randy Bush wrote:

> thanks for the review.
>
>> Update: I noted when reviewing other sidr drafts on this telechat
>> agenda that this draft treats 2119 keywords differently than the 
>> other
>> drafts.  That is, this draft explicitly excludes lower case versions
>> of the 2119 keywords
>
> which is, i believe, the current wisdom; see long discussion on ietf
> list.
>
>> while the other related drafts do not.
>
> have fun with that.

I plan to mention that when I write up my reviews of the other two :-)

I agree with the lower case exclusion. I merely thought the working 
group might want to be consistent on the cluster of drafts. (Assuming 
they are really a cluster--I could see an argument that the protocol and 
overview drafts are for a separate audience than the bgp.)

[...]

>
>> -4, first paragraph: I found "either" followed by "and/or" a bit
>> confusing. I suggest simply dropping the word "either".
>
>    As described in [I-D.ietf-sidr-rtr-keying] BGPsec-speaking routers
>    are either capable of generating their own public/private key-pairs
>    and having their certificates signed and published in the RPKI by 
> the
>    RPKI CA system, and/or are given public/private key-pairs by the
>    operator.
>
> but the router(s) might not be capable of generating key-pairs.  they
> might, they might not, the op may generate or not, or both.  an absurd
> corner case might be that a router with two ASs has the as0 key 
> stuffed
> by the as0 noc, and the as1 key is generated on device because that is
> the as1 policy.
>

I merely meant that "either" seemed odd for non-exclusive options. I 
take your argument to mean that the options really are non-exclusive.

>> -4, last paragraph: "a prudent operator will..." sounds like it might 
>> be
>> worthy of a SHOULD.
>
> given the previous, how about lower case should

That would not seem to change anything :-) My point was that the 
language seemed stated in a way that _might_ justify a 2119 keyword. If 
you don't think so, then I'm fine with the current wording.

>
>> -6, first paragraph: "SHOULD/MUST only" constructions tend to be
>> ambiguous. In this case, are we saying SHOULD only originated signed
>> announcements, as opposed to unsigned announcements? Or as opposed to
>> validating received assignments? If the latter, then the "need not
>> validate" seems to weaken the SHOULD.
>
>    An edge site which does not provide transit and trusts its
>    upstream(s) may only originate a signed prefix announcement and not
>    validate received announcements.

That's much more clear, thanks.

[...]

>
>> -7, paragraph 6: This seems to say that signed paths MUST be signed. 
>> Does
>> the "MUST be signed if sent to external BGP speakers" mean that the
>> existing signature must not be stripped (as stated more weakly in the
>> previous sentence), or does it mean the sender must re-sign the path?
>
>    Because of possible RPKI version skew, an AS Path which does not
>    validate at router R0 might validate at R1.  Therefore, signed 
> paths
>    that are Not Valid and yet propagated (because they are chosen as
>    best path) should have their signatures left intact and MUST be
>    signed if sent to external BGPsec speakers.
>
> i am not seeing where bgpsec stripping was suggested; in fact, the
> opposite.  if router r0 receives a signed path and intends to pass 
> that
> signed path to the next listener, r0 must sign the path.  i am at a 
> loss
> to understand your question.  clue bat please.

Sorry, I did not mean that stripping was suggested; the previous phrase 
(non-normatively) recommends against stripping. My question is, since 
the subject of the sentence is "signed paths" whether the "MUST be 
signed" language means "MUST NOT strip the signature" (which I suspect 
to be the case), or something else.

>
>> -7, paragraph 7: "a signed path learned via iBGP MAY be Not Valid."
>> seems like a statement of fact.
>
> are you suggesting to downcase it?  i will assume so.

Yes, sorry.

>
>> -12.2: [I-D.ietf.sider.bgpsec.overview] is mentioned in section 2 as
>> needed to understand this document. That suggests it should be a
>> normative reference.
>
> ennie meenie.  i think some other reviewer had me push refs around.  i
> don't have a dog in this fight.  my personal opinion would be that
> overview is informative and the protocol spec itself is normative.

As I mentioned in response to Alvaro's comment: Maybe section 2 should 
cite the protocol rather than the overview? (Perhaps with a separate 
mention that the overview is available.)

Ben.