IETF Logo Mail Archive

Re: [Sidrops] WGLC for draft-ietf-sidrops-bgpsec-rollover-00 - ENDS: 04/21/2017 (April 21 2017)

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Sun, 23 April 2017 04:53 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A7F412940D; Sat, 22 Apr 2017 21:53:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MwWdRtia3i7s; Sat, 22 Apr 2017 21:53:38 -0700 (PDT)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0108.outbound.protection.outlook.com [23.103.201.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B81791292F4; Sat, 22 Apr 2017 21:53:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=dVGC4eAA3h1V0/1Yaw4aJexHVB8TBgbn0+vPUNj6iWs=; b=QPGWiRFk+Txu+lZcWXD8PQgyDux8d1ySjXqHXPio1EDHbxKd40Dl9rM+dOWvGlYml0DYcjb9ZO05RPtgq3pRj3ke3rATIuwdOV3AuoH4V7E/PQQnoZf/GU0BI/YrFlF9bzsga9Ick/BIFWxkbwg1iIvShNnRpT1B64O2zXQTE1Q=
Received: from DM2PR09MB0446.namprd09.prod.outlook.com (10.161.252.145) by DM2PR09MB0446.namprd09.prod.outlook.com (10.161.252.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1047.13; Sun, 23 Apr 2017 04:53:33 +0000
Received: from DM2PR09MB0446.namprd09.prod.outlook.com ([10.161.252.145]) by DM2PR09MB0446.namprd09.prod.outlook.com ([10.161.252.145]) with mapi id 15.01.1047.018; Sun, 23 Apr 2017 04:53:33 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: "bew@cisco.com" <bew@cisco.com>, "keyur@arrcus.com" <keyur@arrcus.com>, "Roque Gagliano (rogaglia) (rogaglia@cisco.com)" <rogaglia@cisco.com>
CC: "sidrops@ietf.org" <sidrops@ietf.org>, "sidrops-chairs@ietf.org" <sidrops-chairs@ietf.org>, Christopher Morrow <christopher.morrow@gmail.com>, "sidr-chairs@ietf.org" <sidr-chairs@ietf.org>
Thread-Topic: [Sidrops] WGLC for draft-ietf-sidrops-bgpsec-rollover-00 - ENDS: 04/21/2017 (April 21 2017)
Thread-Index: AQHSu+CYdM3RbugUgkmZcx58NwhSiQ==
Date: Sun, 23 Apr 2017 04:53:33 +0000
Message-ID: <DM2PR09MB0446B5F4C75D65324545E92E841C0@DM2PR09MB0446.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.222.110]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM2PR09MB0446; 7:PlXc4Jw0tWhrDHsEeS+8fu8dkPigtgzm1eAxmwPJyvyjYRTsXlWE+/akeRA+k9VoRKvb6khMgGOD59deuKIu9X05lBT0uB2tpYFiin+YwLMD9hZiiVyabOIcRFlUh26+0RvDkzKA/wZqOcRvE4Ue4oRYwyz9kaxTEgRXexDhPdUakRQfp/RAkhgkH2EW5kXTjG958UcC5nLHGIpo2VBWQiToyew3QpYL/CxdS3oy1yxgQKjHas/Wyb5JU+6E/3nr1uzV7Czuau5NoeYCgoD3ffd8rcTjPPQSpiomF+AUkt6InwyB/ONj+J/ChE9AeXZAs4KSzkhdl8VkAU47YHDdIQ==
x-ms-office365-filtering-correlation-id: 6cf1379d-5fd8-4e24-caaa-08d48a04b1e9
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081)(201702281549075); SRVR:DM2PR09MB0446;
x-microsoft-antispam-prvs: <DM2PR09MB0446A7140123304825534629841C0@DM2PR09MB0446.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(20161123562025)(20161123560025)(20161123555025)(20161123564025)(6072148); SRVR:DM2PR09MB0446; BCL:0; PCL:0; RULEID:; SRVR:DM2PR09MB0446;
x-forefront-prvs: 0286D7B531
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39410400002)(39400400002)(39850400002)(39840400002)(39450400003)(5423002)(69224002)(39060400002)(6436002)(4326008)(305945005)(106356001)(7696004)(77096006)(7736002)(6506006)(229853002)(5890100001)(2906002)(86362001)(2501003)(54356999)(99936001)(50986999)(3280700002)(3660700001)(81166006)(8936002)(66066001)(53936002)(54906002)(55016002)(99286003)(33656002)(9686003)(74316002)(3846002)(122556002)(2900100001)(189998001)(25786009)(38730400002)(6246003)(8676002)(5660300001)(6116002)(102836003)(230783001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR09MB0446; H:DM2PR09MB0446.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/mixed; boundary="_002_DM2PR09MB0446B5F4C75D65324545E92E841C0DM2PR09MB0446namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Apr 2017 04:53:33.3442 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR09MB0446
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/jzUFj5lKSq4PgBYH7mpEwIBYRTw>
Subject: Re: [Sidrops] WGLC for draft-ietf-sidrops-bgpsec-rollover-00 - ENDS: 04/21/2017 (April 21 2017)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Apr 2017 04:53:40 -0000

Hi Brian, Keyur, Roque:

Thanks for all your efforts in authoring this document. 
I have carefully read the draft and have comments.
Some of my comments are listed here and I have also comments in the attached document
(marked in the MS word file using track changes).
My comments are aimed to help get the document into a good shape before advancing it to IESG review. 
The technical accuracy of the method described in not in question but 
still I feel that the draft needs a careful revision.

First, it needs to clear some English issues (grammatical errors, some difficult to parse sentence structures).
Some of these are pointed out below here, and the rest in the attached word file.

Second, the document needs to eliminate errors in terms of technical terms or phrases used.
For example:
s/BGPsec certificate/router certificate/g
(Note: It is the router that has a certificate, not the BGPsec protocol)
s/BGPsec rollover/router key rollover/g
s/BGPsec emergency rollover/Emergency key rollover/g
Generally, "BGPsec_Path attributes" needs replaced with "BGPsec updates"
throughout the document.
For example:  
s/...BGPsec_Path attributes signed with a new private key.../...BGPsec updates signed with a new private key.../
(Note: The current AS’s signature covers the prefix, previous BGPsec_Path attribute including all previous signatures, 
the current Secure_Path segment, and the Target AS.
So it is not correct to say “BGPsec_Path attribute is signed”; instead simply say “BGPsec update is singed”.)

The following comments pertain only to the Abstract and the Introduction section.
(Please see the attached MS word document for my comments on the other sections.)
Abstract: minor problem with phrasing

OLD>
This memo provides general recommendations for
   that process, as well as describing reasons why the rollover of
   BGPsec EE certificates might be necessary.

NEW>
This document provides general recommendations for
   the rollover process, while describing reasons why the rollover of
   BGPsec-router EE certificates might be necessary.

Section 2 (Introduction):

OLD>
   When a router receives or creates a new key pair (using a key
   provisioning mechanism), this key pair will be used to sign new
   BGPsec_Path attributes … 

NEW>
   When a router receives or creates a new key pair (using a key
   provisioning mechanism), this key pair will be used to sign new
   BGPsec updates … 

s/to include a signature using the new key (replacing the replaced key)./
include a signature using the new key (replacing the old key).

Note: “replacing the replaced key” sounds like a bad phrase

s/ the old BGPsec certificate (and its key) will not longer be valid,/
the old BGPsec certificate (and its key) will no longer be valid,/

s/ and thus any BGPsec Update that includes a BGPsec_Path attribute with a signature performed by/
and thus any BGPsec Update that includes a signature performed by/

OLD>
Consequently, if the router does not
   refresh its outbound BGPsec Update messages, routing information may
   be treated as unauthenticated …
NEW>
Consequently, if the router does not
   refresh its outbound BGPsec Update messages, previously sent routing information may be treated as unauthenticated …

OLD>
   It is therefore extremely important that the BGPsec router key
   rollover be performed in such a way that the probability of new
   router EE certificates have been distributed throughout the RPKI
   before the router begin signing BGPsec_Path attributes with a new
   private key.
(Note: sentence is structurally cumbersome)

NEW>
   It is therefore extremely important that NEW
   router EE certificates should have been distributed throughout the RPKI system
   before the router begins signing BGPsec updates with the NEW private key.

Please see comments on other sections in the attached MS word document.
Thank you.
Sriram

v2.23.0 | Report a Bug | By Email