IETF Logo Mail Archive

Re: [spring] Barry Leiba's No Objection on draft-ietf-spring-srv6-network-programming-19: (with COMMENT)

"Pablo Camarillo (pcamaril)" <pcamaril@cisco.com> Wed, 23 September 2020 16:27 UTC

Return-Path: <pcamaril@cisco.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F1843A12C0; Wed, 23 Sep 2020 09:27:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.62
X-Spam-Level:
X-Spam-Status: No, score=-9.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=L6azyNs7; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=C8WnMtRO
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MwEcYBl-GHDb; Wed, 23 Sep 2020 09:27:53 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 277EE3A129A; Wed, 23 Sep 2020 09:27:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4984; q=dns/txt; s=iport; t=1600878473; x=1602088073; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=zGCff2CiDGzuFJZR8Zm9C4meSCgeZ30Oh9EVgtZilBk=; b=L6azyNs7gS+bNqWaQf4Bh+hnik0SaN2S9A0criYaYtgd63Ze9E7vNlwm qmnHiA6rL+ICT6VTK+93pQmxBwKyY+IRfOY5XiU/S2mIUArphNU1MMY+m 99K4p4xB03HadMnRfu+7231NbJcglIxZqnvLcddPysWCRQBc0fb27JtiE s=;
IronPort-PHdr: 9a23:b6D18RfpY3L/KopdfmPI7W0rlGMj4e+mNxMJ6pchl7NFe7ii+JKnJkHE+PFxlwaTBdfQ7PdclvbbqebnQ2NTqZqCsXVXdptKWldFjMgNhAUvDYaDDlGzN//laSE2XaEgHF9o9n22Kw5ZTcD5YVCBqXq39SMOFw+5MhB6daz5H4fIhJGx0Oa/s5TYfwRPgm+7ZrV/ZBW7pAncrI8Ym4xnf60w0RDO5HBPfrdb
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CvCQC4dmtf/40NJK1ggQmDIVEHcFkvLAqDcECDRgONe5h2glMDVQsBAQENAQElCAIEAQGESwIXghMCJDgTAgMBAQsBAQUBAQECAQYEbYVcDIVyAQEBAQIBDAYREQwBATcBCwQCAQYCEQQBAQMCJgICAjAVCAgCBA4FCBqDBYJLAw4gAQ6bVZBpAoE5iGF2gTKDAQEBBYE3Ag5Bgy4YghADBoEOKoJxg2mGUhuBQT+BEUOCTT6CXAEBAgEBFYFIBTOCXTOCLZARgmk8onmBCAqCZ4h5kXuDDIl7lAKdYpUdAgQCBAUCDgEBBYFrI4FXcBU7gmlQFwINjigDFxSDOoUUhUJ0NwIGAQkBAQMJfIxSAYEQAQE
X-IronPort-AV: E=Sophos;i="5.77,293,1596499200"; d="scan'208";a="831053013"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 23 Sep 2020 16:27:52 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 08NGRpvB029714 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 23 Sep 2020 16:27:52 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 23 Sep 2020 11:27:51 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 23 Sep 2020 12:27:50 -0400
Received: from NAM04-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 23 Sep 2020 12:27:50 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CWUnHLoW+Bt+1OaKNxQe0kTMy2HX3Uix+y2k09JEhpgCU4eSNTWEdzHP4fmANshflDhMPkSatIvfkEkVuCBYoWLxKwReXSGHY+peA6F6tkER/6f6BhvslYyyJUejP4ciUVgFGAh7bw0whu7sZUqKVjwQiDtNzuAflC6+fcedZgT/B5a4eTD9jj4/mU1H+a15myd6KA1BHjjqEkt/QPO4ua79VtpHKu2jx49gWlj3e+yemTlcfiQkQy/YuCCCREd6FnFD4qcjFKV5Xydmi7TvZ2GaNFIBX3q0bV3HMS13ijDv1drfouc3mdqW+XCdZSsenFnx1qq/ipbDb0OwCpur1Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zGCff2CiDGzuFJZR8Zm9C4meSCgeZ30Oh9EVgtZilBk=; b=U7KFj7MyE9mKTslrgqffhh20hWg0d/M1dv4hRQLCOtjIwn75le1fkrO24abXLAuhst7KNWMYZ1YXBrG4EkOZIpPG4GIMbI2vVVv1TuhI7DSs/YYE8JAdnFRByxdkVIPaK+NbB86Fg+rpAHMaj+hY49BEYD1NyGL5DfEMGkeh6XbSXtLWGxFgJx4I9NgXkN3kA5wiidaSGfa/SdZz1lrSuxj8GWkhXFBYmnkHn4KiY5Z9nOGdr4ILpaaB2UlM0Amvy7frfmDMoyuDMCLbXOtnPdfr07WTAGxYel0Bxssjazd3F3KHoD6hodiQMc7XeeRX+5f0fSB2sOypLceUEb9XKA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zGCff2CiDGzuFJZR8Zm9C4meSCgeZ30Oh9EVgtZilBk=; b=C8WnMtRO6bpu9nxHCQr4eyltK4jnWKYldJy2Btqxh9o/+dRIYbIjHGUpwaj9cngLHgn08IpfW4EduR1avWBV+/gzcNK0oEVo7DY6H+lJIhu1Bh7LB5O9Y9+glZd50gfjlELEoQqAglH3J8FiyMd1mpsLKXLkH//zfcla4fYP9A4=
Received: from MWHPR11MB1374.namprd11.prod.outlook.com (2603:10b6:300:24::8) by MWHPR1101MB2191.namprd11.prod.outlook.com (2603:10b6:301:5a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.20; Wed, 23 Sep 2020 16:27:49 +0000
Received: from MWHPR11MB1374.namprd11.prod.outlook.com ([fe80::91c6:cab8:6b42:58ca]) by MWHPR11MB1374.namprd11.prod.outlook.com ([fe80::91c6:cab8:6b42:58ca%3]) with mapi id 15.20.3412.022; Wed, 23 Sep 2020 16:27:49 +0000
From: "Pablo Camarillo (pcamaril)" <pcamaril@cisco.com>
To: Barry Leiba <barryleiba@computer.org>
CC: The IESG <iesg@ietf.org>, "draft-ietf-spring-srv6-network-programming@ietf.org" <draft-ietf-spring-srv6-network-programming@ietf.org>, "spring-chairs@ietf.org" <spring-chairs@ietf.org>, "spring@ietf.org" <spring@ietf.org>, Bruno Decraene <bruno.decraene@orange.com>, Joel Halpern <jmh@joelhalpern.com>
Thread-Topic: Barry Leiba's No Objection on draft-ietf-spring-srv6-network-programming-19: (with COMMENT)
Thread-Index: AQHWkDsbUqokCDrI3Ey8wmFDPAy7s6l0z0cggABYOwCAAUR5IA==
Date: Wed, 23 Sep 2020 16:27:49 +0000
Message-ID: <MWHPR11MB13744C95F78F30B03438D0B5C9380@MWHPR11MB1374.namprd11.prod.outlook.com>
References: <160070863224.16553.3215584446210310666@ietfa.amsl.com> <MWHPR11MB1374BF051545FDAF40103604C93B0@MWHPR11MB1374.namprd11.prod.outlook.com> <CALaySJLZKBT3WUF9_yDA2hdBe4pKBQLKRzOKu2LGAJm33Y_HYg@mail.gmail.com>
In-Reply-To: <CALaySJLZKBT3WUF9_yDA2hdBe4pKBQLKRzOKu2LGAJm33Y_HYg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: computer.org; dkim=none (message not signed) header.d=none;computer.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.220.53]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1d289137-a442-476a-3f44-08d85fdd9cf0
x-ms-traffictypediagnostic: MWHPR1101MB2191:
x-microsoft-antispam-prvs: <MWHPR1101MB2191ED6E4D74D824013210BAC9380@MWHPR1101MB2191.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wFyR19r36AkVVwDEeYzegHfebqIDj4lrpj6BQohd+ub4tsCjLDMGQTh4+xIYAUfTyO6HmErj0qozZmFuUa+fFGUOrfLwNqhsZbEtG/XljRpBg8vjTgO4s6D3K7JBi58SitD1neDeT6+4GNO5FJ/EL/FQjek05dp8jh+9gQJQjWdmGKTQGViV1foeqO+1DAYPLUSmUSYq7BlepPxK4n+IYncTXdVFhfBNRLE1Wwmta3xQJ4q/0IVP8y30wIUhFAx3o6SGcUppsZf4rZDPOSWhJRga2Ht3h2gVDyi627666jjUMTukKvfDOQKIzcggrvtaZevXBGPN8GpcrrISEh4bgtBJK6viz5fWTvqvsjFVYV91RdLuqk8QDE3nekJJDOz1sgG9LHZdcBJb4bBIWmKsh0dixTrs4/FqN9OmPM9q2ASOoVGA3cYzBIbU8klEndbNAPwfC3dO5dsk6QGg67sjEQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR11MB1374.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(136003)(346002)(39860400002)(366004)(396003)(53546011)(86362001)(316002)(26005)(186003)(6506007)(2906002)(5660300002)(8936002)(966005)(52536014)(83380400001)(66946007)(71200400001)(7696005)(8676002)(66476007)(76116006)(66446008)(64756008)(478600001)(4326008)(9686003)(6916009)(33656002)(55016002)(54906003)(66556008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: A8EaDiHWCDdygxxhhdU1lXBrYe8gydGEzzoPVvCzgrVxE0f/MBm7TJTihd9+mCSHfUeWdnOtPM7ojt9+mR/RMgNxIWmi0RnVlMPiCmUnKYbgNfjmxg78ThA/UonBxNNtmnHHNYzplWvmwbC42PxxjlfeKHhXIRgz4vZ+yARYwUK1hGT5rf+ehW8hGz/jRGDGlpsw0LIAzXmKi+ytnr9RuA2OiC+8ZiQIDu2yo14aLDpKYCaIgNQahLExBBzqm+4uXh0S+pCtb4/88gLMSzO/Rahft1wZUQQDLbhm9aZO2nA9+UNjImBTHuBW7Xh77jFY/umpxISOfeW3Ef4Nasxn0uyMO6lUSeBRp/xCDFXRw6FVj8kPIyxMpiENgeGk+wk/cv56MIbKj7LpG7E+QmZkCTjXpG5KBygsHRWCJAhzrm9psjPL09U4GMDUnXLX0ot6rUlt+b0eB1WM7cKLq6+a8UFbWADzE4kll96yylV624jRn8FT3A2EZ2yitKeRVIl/+RVhYcQEd08ZsA9itN4EJ50YZvd12t9u8uIC+VNajCsbfGcOd8bF0eUji1ee+yLpkwH0paYZ2IKXnnnG2QN3trVS/k63FjsklR0xyOoGQREMI856bs4PddA9ltltCBrwKsnhHogfTEecbJ0L5XDJmQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB1374.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1d289137-a442-476a-3f44-08d85fdd9cf0
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Sep 2020 16:27:49.7257 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: kXXoaMC23Vuwr1Uhy1CaLAPg+QWYX55ohLAv4+w16i5AiLwZ+/66FKiqHJnv+4qkIkJEvlA69LF7ZYZI2TkRTw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR1101MB2191
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.14, xch-aln-004.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/iIRrdLbk1EVm43zSskAFhk1Rtiw>
Subject: Re: [spring] Barry Leiba's No Objection on draft-ietf-spring-srv6-network-programming-19: (with COMMENT)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2020 16:27:55 -0000

Barry, 

Many thanks for the confirmation of those three points.
We have posted an updated version of the I-D with all the changes discussed below.

Regards,
Pablo.

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-spring-srv6-network-programming-20
https://datatracker.ietf.org/doc/html/draft-ietf-spring-srv6-network-programming-20

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-spring-srv6-network-programming-20

-----Original Message-----
From: Barry Leiba <barryleiba@computer.org> 
Sent: martes, 22 de septiembre de 2020 23:05
To: Pablo Camarillo (pcamaril) <pcamaril@cisco.com>
Cc: The IESG <iesg@ietf.org>; draft-ietf-spring-srv6-network-programming@ietf.org; spring-chairs@ietf.org; spring@ietf.org; Bruno Decraene <bruno.decraene@orange.com>; Joel Halpern <jmh@joelhalpern.com>
Subject: Re: Barry Leiba's No Objection on draft-ietf-spring-srv6-network-programming-19: (with COMMENT)

Thanks for the reply, Pablo (and thanks also to Joel for his reply).
All good here.  And just confirming three items in particular:

>> It should be “an SID”, “an FIB”, “an RIR”, and some others, not “a”, 
>> because one reads these as “ess-eye-dee” and “eff-eye-bee”, not as the expansions thereof.
>
> [PC] Agreed for RIR. For the other ones I’ve seen some disagreement on 
> this regard in between native English speakers. I’m not a native 
> English speaker, hence I would prefer to leave the decision up to RFC Editor.

As Joel said also, and I agree.

>> I can’t figure this out.  It looks like it should be “required to 
>> terminate”, but I don’t know what it means
> to “terminate less bytes”.  Can you reword this?
>
> [PC] I propose the following diff:
> <OLD>
> as part of the decapsulation process the egress PE is required to terminates less bytes from the packet.
> </OLD>
> <NEW>
> as part of the decapsulation process the egress PE is required to parse and remove fewer bytes from the packet.
> </NEW>

A very fine change; thanks.

>>    This document introduces SRv6 Endpoint and SR Policy Headend
>>    behaviors for implementation on SRv6 capable nodes in the network.
>>    As such, this document does not introduce any new security
>>    considerations.
>>
>> I’m not convinced of this.  It seems that misuse (such as injection 
>> or alteration) of some of these Behaviors could, for example, result 
>> in packets being forwarded to nodes they were not intended to go to.  Is it not important to discuss issues such as that: how these Behaviors might be attacked?  Is that really fully covered in 8754 and 8402?
>
> [PC] You mention injection alteration or misuse of these behaviors, 
> the paragraph preceding the one you quote in revision 19 states:
>   “Additionally, [RFC8754] defines an HMAC TLV permitting SR
>    Endpoint Nodes in the SR domain to verify that the SRH applied to a
>    packet was selected by an authorized party and to ensure that the
>    segment list is not modified after generation, regardless of the
>    number of segments in the segment list.”
>
> This text was added to revision 19 as part of the SECDIR review, and I 
> think this provides a reminder of how misuse or alteration within the 
> SR domain of trust can be handled based on RFC8754. Can you please check if this addresses your comment?

It does, and thanks for pointing it out.  I think I must have had that comment left over from an earlier start on reviewing, and hadn't double-checked it with the latest version.

Barry

v2.23.0 | Report a Bug | By Email