IETF Logo Mail Archive

Re: [spring] John Scudder's Discuss on draft-ietf-spring-segment-routing-policy-17: (with DISCUSS and COMMENT)

John Scudder <jgs@juniper.net> Wed, 16 February 2022 19:42 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D20443A15AD; Wed, 16 Feb 2022 11:42:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.676
X-Spam-Level:
X-Spam-Status: No, score=-2.676 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=KAMzgwl3; dkim=pass (1024-bit key) header.d=juniper.net header.b=U1ZR+KcN
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BHEbDegZb50t; Wed, 16 Feb 2022 11:42:41 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AF4A3A15A6; Wed, 16 Feb 2022 11:42:07 -0800 (PST)
Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 21GF3QUm031655; Wed, 16 Feb 2022 11:42:04 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=jt4EHNKK3OH/Oe4PnBy1SpST+hXRGhJh9xSMm+dSyhA=; b=KAMzgwl3+4BjuNFl0YIwLx5MLruQLgElAy96Q6OJWfs2l9Ew0CEiHIEnI/r0u/fXiAnH cI1jzu4xtRu6TyVDVMZZXbFoXanyYR8c1k4Ogm/FEVugEScef21nechQB3IuEqnQE58d X1vABbCp2zNrH0pg6gJmJBz0EyK/pKPy0jg9PLh5lDHDj86f3ljrpc+uSNF6IETUa0VW 0zZRtvpJ8g0cUWWpvqLFtPtIfCnWROT4TZ/zN8/WQdybVP2RAEsc/XsYApJBy1sGSUtV G5wQK0Ys5SHdmogiW6ep1W0crZFBGrMMc4vvZpxENAlmF/brTE+KkV2oZuGPopd5VL9h Qw==
Received: from nam10-bn7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2106.outbound.protection.outlook.com [104.47.70.106]) by mx0a-00273201.pphosted.com (PPS) with ESMTPS id 3e93jxgga8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 16 Feb 2022 11:42:04 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SHZV7DsR/5QAoK0sX/Ss87yUV5ipY5c/YN2tPF1b6yCKmt1D+2e/oEPjXAz0uEO8WjxREfaiK02Uhf34FtxDFGzNitYFe/8F8RU+ja9L54nqWZP2/3WYVKz0HmozVHAnpdxJlReQFYAltnefcltrjUKXncRa41nsulon42upE7UpVyhWgTDl7r4NeKtJbl7cn0xZ0MTWHvahE0+5aMZAvtXkHIglap/SP8OPd3JNSW+2uuf8CtR7o2ei6U1WSemhtGyN3GM3/cvZGCPAYXyDhaCJSTOQ94RaluZnv5dms8MqrxUcYtZ1SOS3JSCUsnmPJc6yq6MrzNd5lPvfJQk3vw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jt4EHNKK3OH/Oe4PnBy1SpST+hXRGhJh9xSMm+dSyhA=; b=Z/mWdv1UnQc7HKn/ohuHy1P2nxODOJiqSZ1baCLLW6+9AQvT6eheehlmqXGDFF2r3pW3vuDWkHBEzo/OpHFdYYBQhe2YZ+cpWneAr4GrXjs48i96Lmr3bo55LkEmHNKVOhzJLIceLyoiV/j3EzDA+9uAm7PbQzOPAB8GDnCuzy0SmISJtSG6arRlpHermx++9m/xI7tCz7Y9aGi2YaNCy8EbO5BsQC6RFRxDsVm2xwPwAsHti7A9vWGSR5N4L5NR/ztfBKBlv/sYYu0P9CupYizMBOArcTFBKllnuvJz2sfnZK3N7dWXi89wFisapaPVgELFnqc31GIxjM6eom3UPg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jt4EHNKK3OH/Oe4PnBy1SpST+hXRGhJh9xSMm+dSyhA=; b=U1ZR+KcNRA/dmF1UwUycYWbXbzHEB4bYsI7p7E3CDloq8u0e+WxWu25UbtzigRbn06wiRYnechySHgr3mPT0JEwheamcuvKg4vTovbpprjcLXEUDUXJT4Q8wKf2WFivKQX09nBkzcrtMHbz6bxyj3PVHwr3zalfiEVT/IWa987o=
Received: from MN2PR05MB6109.namprd05.prod.outlook.com (2603:10b6:208:c4::20) by SN6PR05MB3997.namprd05.prod.outlook.com (2603:10b6:805:17::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.7; Wed, 16 Feb 2022 19:42:00 +0000
Received: from MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::1cf9:4765:c8df:81b7]) by MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::1cf9:4765:c8df:81b7%5]) with mapi id 15.20.4995.015; Wed, 16 Feb 2022 19:42:00 +0000
From: John Scudder <jgs@juniper.net>
To: Ketan Talaulikar <ketant.ietf@gmail.com>
CC: "james.n.guichard@futurewei.com" <james.n.guichard@futurewei.com>, "draft-ietf-spring-segment-routing-policy@ietf.org" <draft-ietf-spring-segment-routing-policy@ietf.org>, SPRING WG <spring@ietf.org>, "spring-chairs@ietf.org" <spring-chairs@ietf.org>, The IESG <iesg@ietf.org>
Thread-Topic: John Scudder's Discuss on draft-ietf-spring-segment-routing-policy-17: (with DISCUSS and COMMENT)
Thread-Index: AQHYI1ajQRbh7M614068Bbz53eGtPayWiSeAgAAKsYA=
Date: Wed, 16 Feb 2022 19:42:00 +0000
Message-ID: <A7535E25-8DE8-4CBF-9C25-2F12A4692917@juniper.net>
References: <164503079307.9996.17286143339105134181@ietfa.amsl.com> <CAH6gdPzo+OAoHHQkJD82OdyO=rth8qPPAcco-8STjucnaXNsew@mail.gmail.com>
In-Reply-To: <CAH6gdPzo+OAoHHQkJD82OdyO=rth8qPPAcco-8STjucnaXNsew@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3654.120.0.1.13)
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1aa89960-671a-4967-363e-08d9f1846669
x-ms-traffictypediagnostic: SN6PR05MB3997:EE_
x-ms-exchange-atpmessageproperties: SA|SL
x-microsoft-antispam-prvs: <SN6PR05MB3997397734509B55B3E2E36EAA359@SN6PR05MB3997.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: UrtnTPNCCryEOk0IMPmdlnApDj4xcpEQuruKAFFjIjpypcPv6/L5fc0MGbb22Fg6U5mCoxkmanOQQr8uzc6PYMBN1Z2FadBqvrcOBvYlL4yc8sYicakGkAlokXj9A8kLsQc5goS3HLc7QnW9Q1aILZ5vJ7Utz3iT9m0bkPqz1PtizxAYtvsLO4Wc2CiPlpur76qPJxtytrBhEz2KOMZFh1gUooH71u3sUyr7ZlfdYZhjAsJYEbCZLBJSKCtfdGTUM5CnqZSldOPyjxZ/aMaFor6MeELjM90FRTzEOhgG41VU36mmCPJCAGM/8g2o9H3a3R32l0pZGq2JbCtuw4+oLoYMQo2lpZDDkS0gSuiEZULvy0pVXU+FuaqwWrXbOVd2Nu5bTby1g3soGbSo4mRxtpx4lFJSnYleo2gPgZKLAPn9DZ/+wMZ11GzAmL3HRVs9g3z4YFhejsyx9ZjaUY9cpmkIidp6crQrbazlZwdsp28aBqZZn1L8/IPAmyfOOctHk0KI4AKVYv7LPv/afm1DL8ZHPia1//ZmuSj4JaFN60tl8x07mmZKKzrACkeLWbBNl7XdDfKOBHj93NIotfKTRNj7Oi+RjONFyH6119bvNlqQRkZJNVHyqMe77/PkC9vaxxFPCLk4coav/1zpVRBdgjEU57IB3BRAZS/36p6vTEZPv1QJyK2DFxxKV6g1IIHbGb5sUbb8Xw262CjTdUkDclkRGarb3q9/x7q7NvUpo2s2sXthMsma0iwSCvjCG0fuvBA1Ko9DUmZSmgEK5fWI7dQ/lp09v9J0sje4prmg+CM=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR05MB6109.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(8936002)(33656002)(6512007)(6506007)(83380400001)(53546011)(508600001)(122000001)(5660300002)(38070700005)(54906003)(76116006)(91956017)(316002)(8676002)(66946007)(6916009)(64756008)(66556008)(66446008)(38100700002)(4326008)(66476007)(6486002)(71200400001)(36756003)(2906002)(2616005)(26005)(186003)(86362001)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: uXKihrCMr8RNmNkR3VqaH5/aLFPCCJGRhJiMylxzSeqX1jAfmkrpx0pEWfHC6Wi2ewUtmwGD1TNDf7Mp2sPxORqC81UMAKUN+bqjOjQOjJPFdP07tD5B+MvQYdPnAi1DLixX5vM7iNbtMmpUEcd3u06LvrSuqIJLc8E81uZBqsLxcTyMJ94qXy+foKXmhZ03INUrCfj8tgsQPREjQwdlc5ozzuPxqnvciVMtYjgSnWIC0TtUETg01y2S3RtbaSadhs8OoHfuKJeJ0mYm39SvL979jrUwA0nvPbs883Vp26qPRcCJ1jS6x8IzTLLhtNq6FgR8mWLM4qUzTnTTY7jYl9AGnF0N0WuI/eJYD8SlPqn/1lUBo1NZeQoec+9XVXlpt4+6XZkVfi23of+Kw/e79BkMvfXUnc3pKhXpttTXL1wGXAzfc5vCNnauIEHF43MrTAPJBNdqdF7JBz1zucaizBKmFjwCopJNSACyPpvumeWCuVnKQGJCRbSADWTdNIcTiTsxPVRki+7EpOxPVtdLNVJurVyIjED8K+OyUA6oxrBZjxi3plySIr2oyjxFR1nviicL360CSlj89tYF9Ep5kKWwCXFiIJ5ZxLDSGOg3W37hUTbljRPC96cXf4LtJET4V5D3WgXyh7KnpqIfNuEczr4HlIZCxO34u2t8eYs45fkpJCg+D3yCmBrmRlU+St27zQzpdMgJK2gMOuCBXVepILZrf9LORN1QqJNPH8bXPVcEeVbiFmBadGpKsIT8jfcplHJFK47fj3IuPwyZ03qpdJ+m+Jgsod77jZRiGrPlijJMavA3XGODelm9vZfV2jw8RdFqOL8aCzLC2WwdYQQxdfzy7lczOoRNPkflWazctiksbC2btwYEB7yF5yC1M2H/AgEvMxZM+TythaEm0BRkzBFOyFmOMVUA162GTf0588y3YcbTIZ+BVjf0ffvsp9DuKtMBzElwiKNz93cK50ayEkoq7ZzLbRGsbsITsKRINc5oQAbwL04xfRgk4V0umGxe5ThrsjbhYAydGuyS/TJunGnG1SIL/7+4wdwPBMxGsJ0mtKTIrQQFWIdNkVtoGwBVkBOP6LwgayFWrMXPH/ab7FAD8fpkWRHtNlcHRvKTWlfVbrW9GFrJV+OeJu56NZn1SdmoyGN4DRg6Qz9Ed0I2d0IUf+fgwy/QB5ZJqY6ZQXDsmCi+wTrkeywleB5Sf8HSOVOdKOgO6YxHOluykVxKni92ulh2TYqaij//P0ZSq0Vxttd00R6iF+EVvX2FU9IN4OgA0TVpvR1b1+z79v1b/HK+NMgiagMd20EiqYxWv3w9aut5O99v1KyqPWUptWUJwJXd9AyAFIPk8sAVeyyUTuGkZl1+lY8AFMbSRQre2ZVNS0NnQ28U9Y2iZn7y7r3XjreqmZmj7WNMmgcDlScg1s/OEM1aVh34ACLXBbCwFBTOwlwKynR+NtLM6YrDbpBADIvU7gk13Dq83gsDshC137Rlopf3BNZ7yQpGP+uI0MOfzufwike1lqa3egBgAhGPQMlq8JJd8jDaL1vDCq+9iAhR91kxwsCXkDNZz2bz8kWn0Bkng05A4OWiARjq7kR9
Content-Type: text/plain; charset="utf-8"
Content-ID: <33C77165C83A2A4DBD89B3AB3E01A43D@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR05MB6109.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1aa89960-671a-4967-363e-08d9f1846669
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Feb 2022 19:42:00.4377 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: W8oYSmHzXfopyHGRc+37J3PpBv+6HtRRyqfDht3wm1fkl00SvovhQdrX9aJb2Sza
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR05MB3997
X-Proofpoint-ORIG-GUID: US5lBxgUBLhL78k2A667xKASrM6XfDio
X-Proofpoint-GUID: US5lBxgUBLhL78k2A667xKASrM6XfDio
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-02-16_09,2022-02-16_01,2021-12-02_01
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 impostorscore=0 spamscore=0 clxscore=1011 phishscore=0 suspectscore=0 priorityscore=1501 mlxlogscore=999 adultscore=0 bulkscore=0 malwarescore=0 lowpriorityscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000 definitions=main-2202160110
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/t8fqlAneqbde7fN7e0YgIAvut84>
Subject: Re: [spring] John Scudder's Discuss on draft-ietf-spring-segment-routing-policy-17: (with DISCUSS and COMMENT)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Feb 2022 19:42:46 -0000

Hi Ketan,

> On Feb 16, 2022, at 2:03 PM, Ketan Talaulikar <ketant.ietf@gmail.com> wrote:
> 
> Hi John,
> 
> Thanks for your review and please check inline below for responses. 

Thanks for your reply. For this response I’m confining myself to points 3 and 4.

[snip]

> 3. Related to the above, at least one of the references listed as informational
> clearly has to be normative with the document as it stands.
> draft-ietf-idr-segment-routing-te-policy is the one I’m thinking of, for
> example its use in §2.4 seems like it may rise to the "normative" level, §2.5
> almost surely does, §4.1 surely does, and §8.8.1 is the icing on the cake
> because this document defines semantics for a field that isn’t even allocated
> until and unless draft-ietf-idr-segment-routing-te-policy is published.
> 
> KT> It is the other way round. The SPRING document specifies the information model and the constructs of the SR Policy. The IDR document is primarily about signaling of the SR Policy from a controller to the headend using the new SR Policy SAFI (73) - as such it does refer normatively to the SPRING SR Policy. 

Without getting too far into the details on this one, you just can’t write a spec about a field (or set of flags) that doesn’t (don’t) exist. The way you’ve structured these two documents, that field (I will call it a field) doesn’t formally exist until and unless draft-ietf-idr-segment-routing-te-policy is published. Therefore, draft-ietf-spring-segment-routing-policy has a hard dependency on it, and this is one thing that makes a reference “normative”. These would hardly be the first two documents to normatively reference one another, it’s what the RFC Editor uses clusters for (amongst other things).

You could also resolve this particular issue by restructuring the documents to make them more self-contained. If you do, then perhaps we would need to revisit the other references to draft-ietf-idr-segment-routing-te-policy in more detail — but until then it wouldn’t be time well spent, as the §8.8.1 reference is sufficient to cement the requirement.

> 4. In §2.1 you talk about the signaling of symbolic names for candidate paths.
> Although you are careful to say that such symbolic names are only used for
> presentation purposes, it seems to me they still could be considered a new
> potential source of vulnerability, since a string that has no sanity-checking
> whatsoever applied by the protocol can display literally anything to an
> operator viewing it. Shouldn’t this be addressed in your Security
> Considerations? (For an example of a related Security Considerations, see RFC
> 9003. It’s probably not the best example, but it’s the one I had at my
> fingertips…)
> 
> KT> RFC9003 uses UTF-8 while this document uses printable ASCII. As such, I am not aware of security issues around printable ASCII - please do point me to any references.

You’re thinking too much like a protocol designer. The kind of concern I’m thinking about has to do with using the string as a vector to put some words in front of an operator, as part of a larger social engineering attempt. I don’t have a detailed attack scenario to paint for you, but a quick sketch is along the lines of 

- Attacker manages to inject a candidate path with the name “Big_Bank_Low_Latency”
	- ProTip: the candidate path does not actually terminate at Big_Bank
- Attacker then phones NOC, feigns urgency, asks NOC to redirect Big_Bank traffic onto that path

You get the idea, I hope.

> Also note that this document does not specify protocol encodings where some extra verbiage is normally required (e.g. that it is signaled without NULL, handling truncation/overruns, etc.).

But yet it does specify the precise character set to be used, and a near-obsolescent one at that. Why is that? I mean, I don’t hate ASCII, but I just find it odd and assume you actually have a reason for it, instead of taking either the option of leaving the character set unspecified (as you point out there are many such details you don’t concern yourself with in this document) or if specifying it, using UTF-8 or similar.

> KT> As discussed in the WG, we are sticking to printable ASCII. When the encoding is specified to be printable ASCII, it is expected that implementations valid that.

I admire your optimism.

—John

v2.43.4 | Report a Bug | By Email | System Status