[Sidrops] RtgDir review: draft-ietf-sidrops-rtr-keying-01
Dhruv Dhody <dhruv.ietf@gmail.com> Fri, 14 December 2018 10:41 UTC
Return-Path: <dhruv.ietf@gmail.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE2DA13112D; Fri, 14 Dec 2018 02:41:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hpbPYnbtWzS2; Fri, 14 Dec 2018 02:41:34 -0800 (PST)
Received: from mail-it1-x12a.google.com (mail-it1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A6071310EF; Fri, 14 Dec 2018 02:41:34 -0800 (PST)
Received: by mail-it1-x12a.google.com with SMTP id a6so8601485itl.4; Fri, 14 Dec 2018 02:41:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=U/u3MZGAWqIMVyPQ/xGfUqe6wO1VOnfjslS+zlrQUVY=; b=IrunAQkUl/MChr6BpV3+RE2XPed/rPqf2DvaOjVRDbFgclObqmfyLaEzfwQiSeSk86 8EEbL0PP0N0b02jxXCmhEeJOCX74/82K54C043j54apOKf0b5I9xYz+QerEmbJj9X4oW R1j5UqMsziy1/s5b/OtuhauN1RjMWs0uQTuEp/pZINNaXAizRLKtMsT0A2oJTjrPLWpH d0TQEaqGCczSSeNnFaI/6SW0scI2OTLICt/KAdMf/RzcBoFzJPcH/eQ+oY9Ug1rKon8X zMdVfrllGyHrcaei4mtHnDoChKbeLJSuXjreLu63tLvizJKuATb28yl+3/INeeWwPqOL JscQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=U/u3MZGAWqIMVyPQ/xGfUqe6wO1VOnfjslS+zlrQUVY=; b=fq7UyqjynuC3z0MMtxjsb4lMm1ImZy2cADAp6FRbwGuURPj57/LfBVwS38keCwhjoU PwD4tMXSMvg1v9jnjATdWqOeinWYhp0mxt8x87ezbwpsNPbDURPc8RFnYz6OH1rUYrrt k4aPaAyCnAFAfUM22eeGEn1jELnTMMSbERcuLJHMnXt+J+M9vcmr9dmXye4OiGCgxThu 6vfZyY/G8DOL75vv4kQwk3UtY7rusWlTGY79/1SmOIcGwB6/w/ESBFBh4XHaIeLJ3EAG Ozfpxk4xF+29crc6Lifl8CB5tUs15JMS7jZQTHODqQa+xY8IJehqIaQ1VGTZAFYkiOnz 9ZYA==
X-Gm-Message-State: AA+aEWapFWIi3kfFa+nyRIxNoaE8QjDQ2eO8wCBbycttqNJhcIXvOAvd FsIwBvL3DxpzopHv83BQhN6LeJj8l7ll/xJ51x4W+2Up1hE=
X-Google-Smtp-Source: AFSGD/X8l4mBoOXKlk8yLu7VYOcxGcXnYK8sRdjpy9Kv79JQ1mtsC/WaZ0wUYSDAsqEgFdFv5jWKUl3fWWx/xxShuPA=
X-Received: by 2002:a02:570d:: with SMTP id u13mr2042083jaa.71.1544784093354; Fri, 14 Dec 2018 02:41:33 -0800 (PST)
MIME-Version: 1.0
From: Dhruv Dhody <dhruv.ietf@gmail.com>
Date: Fri, 14 Dec 2018 16:11:22 +0530
Message-ID: <CAB75xn7Hs8FMg6_HPiDM22+g=boYVVKotkeB5+oq3FuRbmNzfw@mail.gmail.com>
To: rtg-ads@ietf.org
Cc: rtg-dir@ietf.org, draft-ietf-sidrops-rtr-keying.all@ietf.org, sidrops@ietf.org, Dhruv Dhody <dhruv.dhody@huawei.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/JaIR_0AAwM2JnkW8MuW8ewwN73k>
X-Mailman-Approved-At: Thu, 20 Dec 2018 19:43:20 -0800
Subject: [Sidrops] RtgDir review: draft-ietf-sidrops-rtr-keying-01
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Dec 2018 10:41:43 -0000
Hello, I have been selected as the Routing Directorate reviewer for this draft. The Routing Directorate seeks to review all routing or routing-related drafts as they pass through IETF last call and IESG review, and sometimes on special request. The purpose of the review is to provide assistance to the Routing ADs. For more information about the Routing Directorate, please see http://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir Although these comments are primarily for the use of the Routing ADs, it would be helpful if you could consider them along with any other IETF Last Call comments that you receive, and strive to resolve them through discussion or by updating the draft. Document: draft-ietf-sidrops-rtr-keying-01 Reviewer: Dhruv Dhody Review Date: 14 Dec 2018 IETF LC End Date: Unknown Intended Status: Standard Summary: I have some minor concerns about this document that I think should be resolved before publication. Comments: This document describe the provisioning of BGPsec-speaking routers with the appropriate public-private key-pairs. It describes two ways - Router Driven and Operator Driven of doing this. This document does not provide any protocol extensions. Thank you for including Appendix B, it helped a lot. Major Issues: No major issues found. Minor Issues: (1) I am not sure about the status of the document. Since this document does not define any protocol extensions, this document reads to me as Informational or BCP. I am quite sure this is going to be asked during IESG reviews, it would be good idea to discuss and conclude on this early on. (2) I also find 'sub-methods' to describe the two different mechanism (or models) as incorrect. Also, did the authors/WG consider making Router-driven as default and operator-driven to be used with utmost care and only when router-driven is not possible? (3) Introduction mentions only Section 8, suggest to include some more text that describes the flow of the document to increase the readability. (4) Section 4/5 used AS number and the BGP Identifier; where as Appendix B says subject name and serial number for the router. We should link these somehow. (5) Section 5.2.1 has 'AS's End Entity (EE) private key' and AS's EE certificate(s); This is not clear, is this 'AS's key and certificate' belongs to the management station? Can you add a sentence clarifying this. (6) It feels like, this document uses SHOULD as a default level. I am not sure if that is right in every instance of its use. Nits: - section 4 s/a BGP Identifier of 0 may be used/a BGP Identifier of 0 MAY be used/ - section 5 s/transmits the AS it has chosen or the router/transmits the AS it has chosen on the router/ - section 7 s/certs-ony/certs-only - section 9 Took me a while to parse this, might be helpful to make a list or rephrase - When an active router key is to be revoked, the process of requesting the CA to revoke, the process of the CA actually revoking the router's certificate, and then the process of re-keying/renewing the router's certificate, (possibly distributing a new key and certificate to the router), and distributing the status, takes time during which the operator must decide how they wish to maintain continuity of operations, with or without the compromised private key, or whether they wish to bring the router offline to address the compromise. - section 10 Does not parse - ..employees that no longer need access to a routers SHOULD be removed the router to ensure only those authorized have access to a router.
- [Sidrops] RtgDir review: draft-ietf-sidrops-rtr-k… Dhruv Dhody
- Re: [Sidrops] RtgDir review: draft-ietf-sidrops-r… Dhruv Dhody