[sidr] comments on draft-ietf-sidr-bgpsec-protocol-14 -- editorial
"Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov> Mon, 04 January 2016 16:40 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FB7B1A8A75 for <sidr@ietfa.amsl.com>; Mon, 4 Jan 2016 08:40:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8EHbqAq1rZ72 for <sidr@ietfa.amsl.com>; Mon, 4 Jan 2016 08:40:44 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0120.outbound.protection.outlook.com [65.55.169.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F6941A8A66 for <sidr@ietf.org>; Mon, 4 Jan 2016 08:40:43 -0800 (PST)
Received: from CY1PR09MB0793.namprd09.prod.outlook.com (10.163.43.143) by CY1PR09MB0795.namprd09.prod.outlook.com (10.163.43.145) with Microsoft SMTP Server (TLS) id 15.1.361.13; Mon, 4 Jan 2016 16:40:41 +0000
Received: from CY1PR09MB0793.namprd09.prod.outlook.com ([10.163.43.143]) by CY1PR09MB0793.namprd09.prod.outlook.com ([10.163.43.143]) with mapi id 15.01.0361.006; Mon, 4 Jan 2016 16:40:41 +0000
From: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
To: "mlepinski@ncf.edu" <mlepinski@ncf.edu>
Thread-Topic: comments on draft-ietf-sidr-bgpsec-protocol-14 -- editorial
Thread-Index: AQHRRw6mDXi/lVbXT0eH1b0rEMlVpw==
Date: Mon, 04 Jan 2016 16:40:41 +0000
Message-ID: <CY1PR09MB07930B69EA25A152552D6E8284F20@CY1PR09MB0793.namprd09.prod.outlook.com>
References: <20151208204116.30503.33351.idtracker@ietfa.amsl.com>, <CY1PR09MB079304AEE00CF6CC8D15278E84F20@CY1PR09MB0793.namprd09.prod.outlook.com>
In-Reply-To: <CY1PR09MB079304AEE00CF6CC8D15278E84F20@CY1PR09MB0793.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [129.6.222.187]
x-microsoft-exchange-diagnostics: 1; CY1PR09MB0795; 5:S7U+BJ9oq0I+MFP9Qx4Notn1axj4dncpULwhdRBt0/anj3Myglgkey7PkaNAujxUklKrA319SbvH/rxC2i+aLYAADGo030pLHtC1y3ZWfZ/18XcSakidEdZRo42Ybdx6JtSuzvtkfEtcP6F5Y/4bNQ==; 24:bSn7G091uo79MS4UIB0GjbAbqSR1JSeNVmaJXk7kv0vds2/a+JfVWJ0FZ98nDfUY8jELjsUlG4j0uhG8SZ7xdI30ZtNKv81cMELCKWH9fo4=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR09MB0795;
x-microsoft-antispam-prvs: <CY1PR09MB07952DD4102CE502F919220B84F20@CY1PR09MB0795.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(5005006)(8121501046)(10201501046)(3002001); SRVR:CY1PR09MB0795; BCL:0; PCL:0; RULEID:; SRVR:CY1PR09MB0795;
x-forefront-prvs: 08118EFC2B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(189002)(78094002)(101416001)(11100500001)(33656002)(229853001)(76176999)(74316001)(102836003)(5003600100002)(6116002)(3846002)(40100003)(1220700001)(1096002)(122556002)(586003)(10400500002)(105586002)(99286002)(106356001)(4326007)(5001960100002)(76576001)(5008740100001)(81156007)(106116001)(2351001)(230783001)(50986999)(5002640100001)(2171001)(87936001)(1730700002)(110136002)(5004730100002)(2950100001)(189998001)(86362001)(66066001)(77096005)(92566002)(2900100001)(54356999)(97736004)(2501003)(11771555001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR09MB0795; H:CY1PR09MB0793.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jan 2016 16:40:41.2712 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR09MB0795
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/qh5i8DcVzE0FfcfuYnnD3gHbdbQ>
Cc: "sidr@ietf.org" <sidr@ietf.org>
Subject: [sidr] comments on draft-ietf-sidr-bgpsec-protocol-14 -- editorial
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jan 2016 16:40:46 -0000
Matt,
I hope you find these comments helpful.
Comments/Suggestions to help improve clarity/presentation:
-----------------------------------------------------¬--------------------------
Page 3, 3rd para: add [20] next to [19]; both are relevant references.
Page 5, 1st para: s/…for the same AFI combination…/…for the same AFI …/
Page 8, 1st para: s/(i.e., the number of AS numbers in the path)/
(i.e., the number of distinct AS numbers in the path)/
Page 14, 1st para: At the end of this para, within the parentheses, I suggest adding:
See Section 4.4 for an algorithm for reconstruction of AS_PATH attribute.
Page 15: 2nd last para:
s/…populated with the length (in octets) of the Signature field/
…populated with the length (in octets) of the value in the Signature field/
Page 17, 2nd para from bottom:
s/ …if the next most recently added Secure_Path segment…/
…if the immediately following Secure_Path segment…/
Note that "next most recently added Secure_Path segment" connotes
"immediately preceding Secure_Path segment" (i.e. going backward in time).
It seems to me, that is not what was intended here.
Page 18, 1st para: At the end, add the following: (see Section 5.2).
Page 18, please append the following at the end of the 1st para:
Before attempting to reconstruct an AS_PATH for the purpose of forwarding
an unsigned (non-BGPsec) update to a peer, a BGPsec speaker MUST
perform the basic integrity checks listed in Section 5.2 to ensure that the received
BGPsec update is properly formed.
Page 19, last para: s/ via the RTR protocol/ via the RPKI-to-Router (RTR) protocol [15]/
Pages 20-21, Section 5.1: The mention of ROA and the second bullet item (top of page 21)
are not needed here, because ROA is not used in BGPsec validation (origin validation does that).
Page 22, last para:
"If there is no Signature_Block
corresponding to an algorithm suite that the BGPsec speaker supports,
then the BGPsec speaker MUST treat the update message in the same
manner that the BGPsec speaker would treat an (unsigned) update…"
Note that the former (without supported algorithm suite) is not the
same as unsigned, so they cannot be treated in the same manner.
So I think it would be more precise to say it the following way:
"If there is no Signature_Block corresponding to an algorithm suite that
the BGPsec speaker supports, then the BGPsec speaker MUST
process the update message as follows: First, convert the Secure_PATH
attribute to AS_PATH attribute, and then treat the update
as if it was received unsigned (non-BGPsec)."
Page 23, in the Figure: s/Rest of Secure_Path/Preceding portion of Secure_Path/
Note that "Rest of Secure Path" implies Secure_Path segments before and after the current one.
Minor modifications in the text on page 24 also need to be made,
wherever "Rest of Secure_Path" is mentioned.
Page 25 (1st full para):
"If at least one Signature_Block is marked as 'Valid', then the
validation algorithm terminates and the BGPsec update message is
deemed to be 'Valid'. (That is, if a BGPsec update message contains
two Signature_Blocks then the update message is deemed 'Valid' if the
first Signature_Block is marked 'Valid' OR the second Signature_Block
is marked 'Valid'.)"
I think we cannot say here "…BGPsec update message is deemed to be 'Valid'."
This document only specifies validation for Signature_Block (or Secure_Path).
It is up to the operator to combine the result of RFC6811 (origin validation)
with the results of this document (path validation) to decide about
the overall validity of the BGPsec update message.
So, instead of "is deemed to be 'Valid' ", should we say "is deemed to be 'Path Valid' "?
Page 27, 1st paragraph (below the bullet):
"That is, the recipient of a valid BGPsec Update message is assured
that the Secure_Path portion of the BGPsec_Path attribute corresponds
to a sequence of autonomous systems who have all agreed in principle
to forward packets to the given prefix along the indicated path. (It
should be noted that BGPsec does not offer any guarantee that the
data packets would flow along the indicated path; it only guarantees
that the BGP update conveying the path indeed propagated along the
indicated path.)"
I find the first sentence problematic. In essence, it contradicts the second sentence.
The first sentence says BGPsec assures something about the data plane.
The second sentence says BGPsec does not guarantee anything about the data plane!
I would reword the first sentence as follows:
"That is, the recipient of a valid BGPsec update message is assured that
the update propagated via the sequences ASes listed in the Secure_Path
portion of the BGPsec_Path attribute."
Page 27, 1st paragraph (below the bullet), in the last sentence:
s/ the recipient is assured that this path terminates.../ the recipient is assured,
due to origin validation, that this path terminates…/
Note: I suggest this wording because BGPsec does not provide this
particular assurance; origin validation does.
Page 30, 2nd para (last para of Section 7.4):
This appears to be a carryover from v.13 draft since it refers to old Sections 4.1 and 4.2.
It is also worth noting that the extremely unlikely attack
being mentioned here is made even more unlikely due to
more data that needs to be signed over at the second AS (based on this v-14 draft).
===========
Typos, Nits:
---------------
Page 12, 3rd para: s/…update message has not been that has not successfully validated/
…update message has not been successfully validated/
Page 15, 1st para: same sentence twice in the same para …
"the Target AS Number is the AS to whom the BGPsec speaker intends to send the update message"
Similar sentence appeared earlier in the same para at bottom of page 14).
Page 16, 1st para: The following phrase is repeated twice in the same para:
"when a confederation member sends a BGPsec update message to a peer
that is a member of the same confederation"
Page 16, 1st para: The following phrase is repeated twice in the same sentence (last sentence):
"in a non-BGPsec update message"
Page 25, 2nd para in Section 6.1:
s/a mandatory algorithm suites document will be created/
a mandatory algorithm suites document exists/
References: [9] should have date of November 2015 (it shows Nov. 2014).
Page 17 and p.22: s/RFC WXYZ/RFC 7606/
Global substitution: s/AS_Path/AS_PATH/g
Global substitution: s/BGPSEC/BGPsec/g
Thank you.
Sriram
- [sidr] I-D Action: draft-ietf-sidr-bgpsec-protoco… internet-drafts
- [sidr] comments on draft-ietf-sidr-bgpsec-protoco… Sriram, Kotikalapudi
- [sidr] comments on draft-ietf-sidr-bgpsec-protoco… Sriram, Kotikalapudi