Re: [Sidrops] Adam Roach's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS and COMMENT)

"Borchert, Oliver (Fed)" <oliver.borchert@nist.gov> Thu, 11 April 2019 21:30 UTC

Return-Path: <oliver.borchert@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1714B120656; Thu, 11 Apr 2019 14:30:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KG1nkdAtBL_5; Thu, 11 Apr 2019 14:30:16 -0700 (PDT)
Received: from GCC01-DM2-obe.outbound.protection.outlook.com (mail-eopbgr840114.outbound.protection.outlook.com [40.107.84.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6359C1204AA; Thu, 11 Apr 2019 14:30:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LxtCEOkarfkplfnshsaoL28W+lHauRmVVTwt/0dKxOs=; b=ywpiP5/wGaBzqZ6VYcqgaG5lSGkefat5gEUAwzKzBvafdBvcYQ1Yn1j+1h5MeB0rPk7FB9TtWF/dZ1hdgVg6QYqmHDlRrttJC+WC2yLL8R/YXr5/02/VXTIKjOPmzRc/3YEZzmcyM/hxOwdXTHDlInPOstz6t7xaUMLlaHy3KxM=
Received: from SN6PR09MB3167.namprd09.prod.outlook.com (20.177.250.204) by SN6PR09MB3165.namprd09.prod.outlook.com (20.177.250.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.21; Thu, 11 Apr 2019 21:30:11 +0000
Received: from SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832]) by SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832%2]) with mapi id 15.20.1771.021; Thu, 11 Apr 2019 21:30:11 +0000
From: "Borchert, Oliver (Fed)" <oliver.borchert@nist.gov>
To: Adam Roach <adam@nostrum.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org" <draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org>, Chris Morrow <morrowc@ops-netman.net>, "sidrops-chairs@ietf.org" <sidrops-chairs@ietf.org>, "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: Adam Roach's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS and COMMENT)
Thread-Index: AQHU7+TomgBeH2NnAEacVxYvcq6yZqY3eeQQ
Date: Thu, 11 Apr 2019 21:30:11 +0000
Message-ID: <SN6PR09MB31673119788269B2C59459A7982F0@SN6PR09MB3167.namprd09.prod.outlook.com>
References: <155493194558.22757.15388423154564497249.idtracker@ietfa.amsl.com>
In-Reply-To: <155493194558.22757.15388423154564497249.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov;
x-originating-ip: [129.6.140.119]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f5f721a6-d27a-4c57-8390-08d6bec4e106
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:SN6PR09MB3165;
x-ms-traffictypediagnostic: SN6PR09MB3165:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <SN6PR09MB31650BB7C59934C46106CE25982F0@SN6PR09MB3165.namprd09.prod.outlook.com>
x-forefront-prvs: 00046D390F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(396003)(366004)(39860400002)(136003)(376002)(199004)(54164003)(13464003)(189003)(14454004)(305945005)(6116002)(478600001)(3846002)(8676002)(966005)(6246003)(81156014)(53936002)(7736002)(45080400002)(81166006)(8936002)(66574012)(102836004)(186003)(53546011)(71200400001)(5660300002)(76176011)(99286004)(7696005)(33656002)(97736004)(4326008)(52536014)(26005)(6506007)(74316002)(25786009)(11346002)(476003)(2906002)(486006)(6436002)(110136005)(446003)(71190400001)(86362001)(55016002)(68736007)(54906003)(316002)(106356001)(105586002)(229853002)(256004)(9686003)(6306002)(66066001)(14444005); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR09MB3165; H:SN6PR09MB3167.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:3;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: +yl3Jn7T4XKZfAA0ZMeSF09QjBQmPRck9KVhfUb8JUMLErTW7vJxRtLlSHlXmBvzGOv23kI9Ly6BE0d3bMR8UEJnx8n4fKQABo32gkSWut66lIAh/Gv7MZytfJhfpwhr2efsU0YbJux/wAT3BvByWkXuD7jn8xxlZveEXpwoHBFc2xqcRNptFhUEFOVVIe/UOGzVSAi618QWDfOn1Ei2JL+w2S1pz031ekAL9s/bS7/xTrE9B2ioKxOeEX9JufRWPggEFqn+CfdF5m+Iyi2ccD3fO/+Z36gRfa2MQE4LUy8AUc5Gg/ulZOxGqcXtl5M34jDeiRHKIZeLsFqBqSCjgica7N0GMJXBgAuyqhOqozcFZJphSO/0JXagCwYsTfbbGtNYSSeRLSPAfxFe6M9Cmx89FJsL4672w5hrnC9Qre8=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: f5f721a6-d27a-4c57-8390-08d6bec4e106
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Apr 2019 21:30:11.6030 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR09MB3165
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/pxCdO0--G6CBqDa6XyAuZx-FVvU>
Subject: Re: [Sidrops] Adam Roach's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS and COMMENT)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2019 21:30:20 -0000

Adam,

A previous comment mentioned to split Special -Use into Experimental and Documentation. 
I made the following modification which also addresses your comment:

In section 2, I removed the Special-Use ID and replaced it with:

o  Experimentation Algorithm ID

      Experimentation algorithm IDs span from 0xF7 (247) to 0xFA (250). 
      To allow experimentation to accurately describe deployment
      examples, the use of publicly assigned algorithm IDs is
      inappropriate, and a reserved block of Experimentation algorithm
      IDs is required.  This ensures that experimentation does not clash
      with assigned algorithm IDs in deployed networks, and mitigates
      the risks to operational integrity of the network through
      inappropriate use of experimentation to perform literal
      configuration of routing elements on production systems.  A router
      that encounters an algorithm ID of this type outside of an
      experimental network, SHOULD treat it the same as
      "unsupported algorithm" as specified in Section 5.2 of [RFC8205].

   o  Documentation Algorithm ID

      Documentation algorithm IDs span from 0xFB (251) to 0xFE (254). 
      To allow documentation to accurately describe deployment examples,
      the use of publicly assigned algorithm IDs is inappropriate, and a
      reserved block of Documentation algorithm IDs is required.  This
      ensures that documentation does not clash with assigned algorithm
      IDs in deployed networks, and mitigates the risks to operational
      integrity of the network through inappropriate use of
      documentation to perform literal configuration of routing elements
      on production systems.  A router that encounters an algorithm ID
      of this type SHOULD treat it the same as "unsupported algorithm"
      as specified in Section 5.2 of [RFC8205].



And in section 7:

...
+------------+-----------------+-----------------+------------------+
| 0x02-0xF6  | Unassigned      | Unassigned      |                  |
+------------+-----------------+-----------------+------------------+
| 0xF7-0xFA  | Experimentation | Experimentation | This Document    |
+------------+-----------------+-----------------+------------------+
| 0xFB-0xFE  | Documentation   | Documentation   | This Document    |
+------------+-----------------+-----------------+------------------+
...

I believe this does resolve the issue,

Thanks,
Oliver


-----Original Message-----
From: Adam Roach via Datatracker <noreply@ietf.org> 
Sent: Wednesday, April 10, 2019 5:32 PM
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org; Chris Morrow <morrowc@ops-netman.net>et>; sidrops-chairs@ietf.org; morrowc@ops-netman.net; sidrops@ietf.org
Subject: Adam Roach's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS and COMMENT)
Importance: High

Adam Roach has entered the following ballot position for
draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: Discuss

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)


Please refer to https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fiesg%2Fstatement%2Fdiscuss-criteria.html&amp;data=02%7C01%7Coliver.borchert%40nist.gov%7Ce3d258b2fec2468669b308d6bdfc0897%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636905287512890505&amp;sdata=V%2Fkt7QEPhMzX6OVeunDQh2B8kAq2yWSaqhyOaP7NS%2FE%3D&amp;reserved=0
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-sidrops-bgpsec-algs-rfc8208-bis%2F&amp;data=02%7C01%7Coliver.borchert%40nist.gov%7Ce3d258b2fec2468669b308d6bdfc0897%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636905287512890505&amp;sdata=EwF%2BbEoX%2BW1%2F171PkKHeeN9NckdnGEUMT9M97wdlWTg%3D&amp;reserved=0



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Thanks to everyone who worked on this document.

This issue should be trivial to fix, but it's still a blocker.

§2.1:

>     Special-Use algorithm IDs span from 0xFA (250) to 0xFE (254).

§7:

>  In addition IANA is asked to register the following address space for
>  "Special-Use":
>
>    Algorithm   Digest          Signature       Specification
>    Suite       Algorithm       Algorithm       Pointer
>    Identifier
>  +------------+---------------+--------------+-----------------------+
>  | 0xFB-0xFE  | Special-Use   | Special-Use  | This Document         |
>  +------------+---------------+--------------+-----------------------+


The ranges here do not match ([0xFA-0xFE] != [0xFB-0xFE]). Presuming that the text in Section 2.1 is what was intended, this issue impacts all of the tables in section 7.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I agree with Alexey's discuss.

---------------------------------------------------------------------------

§7:

>  To be modified to:
>
>    Algorithm   Digest          Signature       Specification
>    Suite       Algorithm       Algorithm       Pointer
>    Identifier
>  +------------+---------------+--------------+-----------------------+
>  | 0x2-0xFA   | Unassigned    | Unassigned   |                       |
>  +------------+---------------+--------------+-----------------------+

Nit: The prose has been updated to use "0x02" rather than "0x2". It would be nice if the IANA section matched this update.