IETF Logo Mail Archive

Re: [spring] CRH is not needed - Re: How CRH support SFC/Segment Endpoint option?

John Scudder <jgs@juniper.net> Tue, 26 May 2020 20:44 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53A853A077F; Tue, 26 May 2020 13:44:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=HgnFRhuz; dkim=pass (1024-bit key) header.d=juniper.net header.b=dYvC8tYf
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XXWiyHmmLybJ; Tue, 26 May 2020 13:44:24 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DA7A3A0764; Tue, 26 May 2020 13:44:24 -0700 (PDT)
Received: from pps.filterd (m0108157.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 04QKXhQl002677; Tue, 26 May 2020 13:44:23 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=16gbO+cOLXRapfGbo3gSbqKWqeOLhGahAVSJuTHxdeE=; b=HgnFRhuzlz9fg3H3kRGCtvPp8tUp0OMAi8/nfYtPKQX4j7rD4ACMvYSgWjvU35Gm4s8B 5Xno66K6FhYJdSM8iy/ohdfpfk3ctPmJkIyv8x9ECIlUtG4zowYQC6gMNCeywxmf9HCj M3TdY8evbN0pdxlqf/7+xterAuni52WpSSwY3O7aflxoLLgFLERZDNOLlyGfUb17ZGFo DFkrM6jwDWpgVnGul8dbnX6Q/lSiWtFoNSsIXhXBP2Zw94TL4f4XibmAJ0GVAc6udXn7 QP/pzxm9Vw401v9Jy74HrNLmdtJ7ikHXdNAnnV7yjEwMpgCwJcKxxgQNULffxM6PH2SI nA==
Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2100.outbound.protection.outlook.com [104.47.55.100]) by mx0a-00273201.pphosted.com with ESMTP id 31733nw037-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2020 13:44:23 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SJmQT7bTTSx8GWNnb8jWhPCl8qZbRKJRkuBhOtWXVtDqAT0BrEcxRXLMNk6EPLu6q/yUJzgzu/eiiLPr/A2qrEpZy0dHwQs3G9CKRg9+DvHR/GPs07ep1jTaxFKq8b9C3getIRmkC+Xekh5FszTN5JOhV2i27Y7hSP5J6fH3hkCRVFXdbCpz8shxxLgzavHaBp2/HvMCyt4Y/dHCknHlUts4EGjQK1twSRErV3o/AfwsZhJz0LaHL4wWKJo1fAUhvSHlA3diPSdBjyXmivyidoj/fC1sws2l6R5yO6azWloJBbHTW1QIFsnnr6RF36pSoyb4Kh3walh3MWtwmQ+pjQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=16gbO+cOLXRapfGbo3gSbqKWqeOLhGahAVSJuTHxdeE=; b=XBOMLaukyc+WcqRLLOhvOPqkRGE8SpMILKlqm/nExRLw2uV3aHyEXnvBSbvvtcRtBr+1zPJ9Siu497hICaA4DIYDMm+zQWW3vKH8KbPlVo/XabaTotH4cJY5Es8DhK/dO5DnJgwp7L2D5uhSxEuPPYVCyEGmmwDsQwXjBsCkUhTxT+vjBB/UGeOx7xYdIE+4Y4TXkWR28H0JFkinC/QF82nK1uoDKBVWgEuQXIZuiScLIXX8rEmHOHs2O+PaFUzRNqoUxMVxxl2uYVsSaDiWaJuGFpdtQiNBVhDUYjT30BflEJ8yVbe37ugpp+OzL3sXWoX5BJZfSkctXPNBUmdqTA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=16gbO+cOLXRapfGbo3gSbqKWqeOLhGahAVSJuTHxdeE=; b=dYvC8tYfzruPxHTr//7bhjHQKM1B36Xey0+m5L5shhgSsD3dNNXffNhogIUqSkQqD4X8WD+w+1R7jsRDVxaBxbPV1BR0f3Ib2kEM1dDSbSWmIPlPYU18b3OH9V4xzY1SpBOshVtWXPdJYHa0zUszYT3/H/3u8GEJ5ehTGLbWuFw=
Received: from BL0PR05MB5076.namprd05.prod.outlook.com (2603:10b6:208:83::12) by BL0PR05MB5428.namprd05.prod.outlook.com (2603:10b6:208:66::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3045.8; Tue, 26 May 2020 20:44:21 +0000
Received: from BL0PR05MB5076.namprd05.prod.outlook.com ([fe80::499e:c613:2d2:b09f]) by BL0PR05MB5076.namprd05.prod.outlook.com ([fe80::499e:c613:2d2:b09f%7]) with mapi id 15.20.3045.009; Tue, 26 May 2020 20:44:21 +0000
From: John Scudder <jgs@juniper.net>
To: Sander Steffann <sander@steffann.nl>
CC: Robert Raszuk <robert@raszuk.net>, Ron Bonica <rbonica@juniper.net>, 6man <6man@ietf.org>, "Zafar Ali (zali)" <zali@cisco.com>, "spring@ietf.org" <spring@ietf.org>
Thread-Topic: [spring] CRH is not needed - Re: How CRH support SFC/Segment Endpoint option?
Thread-Index: AQHWM2iKHTGjzhu8xUiU5Ns4LfPFf6i6baWAgAAkhgD//9++gIAAItQA///1HQCAACPkAP//6qoAAASDrID//+B1AIAAI10A///iLgCAAC3qAP//7UUAgAAHZICAAAJfAIAADpMA
Date: Tue, 26 May 2020 20:44:21 +0000
Message-ID: <DB768488-AC2B-4B2B-A2FC-F8E07B88356C@juniper.net>
References: <CAOj+MMHRAuT1931reBLe-1UQ5gac4RmCtybk-OXn03atoAjDkA@mail.gmail.com> <5265F3D0-BAB8-41E3-B932-85ED4DEDA468@steffann.nl>
In-Reply-To: <5265F3D0-BAB8-41E3-B932-85ED4DEDA468@steffann.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.80.23.2.2)
authentication-results: steffann.nl; dkim=none (message not signed) header.d=none;steffann.nl; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [66.129.241.13]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 54d44565-6adb-4c59-0fd2-08d801b591b0
x-ms-traffictypediagnostic: BL0PR05MB5428:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BL0PR05MB5428DEA7CFA9E31F8771B695AAB00@BL0PR05MB5428.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2803;
x-forefront-prvs: 041517DFAB
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: tUs2oyv+OTfZQlqTYjKFx6rlxaAVusvyqQjIZOAkytsjckQacdh+ZWTCedFaSgRvz+OTGxp6x7yXA1KZzA6CuVKFNUN8U5PdSyR01qL8aSFzsFDPHKojnG71q1aHQqUvE/vN0s7g9b6jHa2Ij6bQajkOYSR5nE0xrOdo6lSHnh1YRHQD5H0BN2lmwl7Op5TN/O8CfEopDsBND76we8F7yezdF8hHrxupopVDuMYjbsgFx3rgwg5NEAtz7OxMJy/HpY26dDldmG39ncT9g5LUOoTRs10wWmX8kvHla83oZpJjnoFfNbrtxZIZPpMBwxEqcvEEBARthCdi5jj/TBOyQw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR05MB5076.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(396003)(376002)(39860400002)(366004)(346002)(86362001)(478600001)(33656002)(54906003)(4326008)(2906002)(71200400001)(6916009)(6506007)(53546011)(186003)(26005)(36756003)(4744005)(66574014)(6512007)(316002)(5660300002)(66446008)(8676002)(8936002)(66556008)(91956017)(64756008)(66476007)(66946007)(2616005)(6486002)(76116006); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: dnrrhXw0TSFmGOPWTUTUSuC3A+cmp3NST5HZfOxX1jCgjXcXCMgOHpJm/3Qvbi3QvlCz0O+4hYY2uQAAwmWXOb50rf8oslk+QPI5tltDo5WYBvkF4yfSAJx58X2ITmpqkWmdvCHdpu7x0zGulqQ/E+qd7nMpPqyt+DtGzeUqayEu66AEsZ1sDW1r7vUaawEkuDtsquB2+kyxXUUU+0hch1gTd3VrXjrtqpcJ/Z5cB0ZLuWU42KxocEx6bQaGMn3ukhrG7b5UF8MY1ttrGj9b1AU8ECLZSfuKEvSA78KX+PmwzaqskmAd8QgglLTGokuj/ZTkF+iN6cBOsD5juXs4ncVTtZudLM4d8PcQ0BY93vhbmhebK7SyN0q7DxmtdK41SshfAnfrDGoFsOcPZGac79jmpyXneJxiO6GrjE/nH/rrYAJkXn89qmTf2p8fZ5FVmYhWxNtgWvFZzT9jCHpUJ2QU7/UjpNpnlMsqbV+IRvyBAifBEF/VazHtoZl86/4h
Content-Type: multipart/alternative; boundary="_000_DB768488AC2B4B2BA2FCF8E07B88356Cjunipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 54d44565-6adb-4c59-0fd2-08d801b591b0
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 May 2020 20:44:21.6539 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 81lsT6ganuAVx0QO95UcbFUr3pRe0ginEWfHmkXUBIL9UgVX0RmofpGTvbx6i7eh
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR05MB5428
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-05-26_02:2020-05-26, 2020-05-26 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxlogscore=878 impostorscore=0 adultscore=0 priorityscore=1501 cotscore=-2147483648 mlxscore=0 spamscore=0 malwarescore=0 bulkscore=0 suspectscore=0 clxscore=1015 phishscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2005260160
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/39ymoYU8w8TJxMLtkGp77Iht2jk>
Subject: Re: [spring] CRH is not needed - Re: How CRH support SFC/Segment Endpoint option?
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 May 2020 20:44:26 -0000

On May 26, 2020, at 3:52 PM, Sander Steffann <sander@steffann.nl<mailto:sander@steffann.nl>> wrote:

Source and destination are in the same domain. Who says that the domain is contiguous? Let's change the example to main and branch offices. Same administrative domain, while still traversing the internet.

This is an interesting point. You can protect it with AH to address security concerns about sending the CRH across the big-I Internet, too. I feel like it provides another illustration of the “look at the benefits you get if you work within an existing architecture instead of trying to invent a whole new one” case. You didn’t have to invent a whole new security architecture of your own — you fit into an existing architecture, and got to inherit its security properties.

$0.02,

—John

v2.23.0 | Report a Bug | By Email