[Status] Jari Arkko's BLOCK on charter-ietf-spring-00-06
Stewart Bryant <stbryant@cisco.com> Thu, 10 October 2013 05:24 UTC
Return-Path: <stbryant@cisco.com>
X-Original-To: status@ietfa.amsl.com
Delivered-To: status@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADE4421E828B; Wed, 9 Oct 2013 22:24:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.454
X-Spam-Level:
X-Spam-Status: No, score=-110.454 tagged_above=-999 required=5 tests=[AWL=0.144, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8QMecKDbpdlP; Wed, 9 Oct 2013 22:24:35 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by ietfa.amsl.com (Postfix) with ESMTP id A3E1121E8285; Wed, 9 Oct 2013 22:24:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9246; q=dns/txt; s=iport; t=1381382672; x=1382592272; h=message-id:date:from:reply-to:mime-version:to:cc:subject; bh=mAsr6cFrHMk3MJluFaY+e3KeAdXmbIz+9ayCJvskeQU=; b=Mp3YJgbLgWEgQCN8Z504ghAzwsplrs1ZkRg1fjBQapK3/uYuOBR/QHO2 IMh8qLGYassVTboIR1NtSUqDhrEZrePpSFXD/J4/PbkZT+A0qz6s89qSs NqllTh/Vfkq+vtaVPb5z/rmSvF1qnOyQm/4+1DCvlHXBf4O/F3wXXR3A2 Q=;
X-Files: comment.png : 309
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ai8FANI4VlKQ/khN/2dsb2JhbABagweKD69kiDCBHhZ0gjFzATgBAgEWEQcDAgECAQUBDjcBDAEEAQIBAQKIAJ8GmjyNfIFJhCoDjg+DSgGGKZIBgyWBcA
X-IronPort-AV: E=Sophos; i="4.90,1069,1371081600"; d="png'150?scan'150,208,217,150"; a="160514259"
Received: from ams-core-4.cisco.com ([144.254.72.77]) by ams-iport-1.cisco.com with ESMTP; 10 Oct 2013 05:24:22 +0000
Received: from cisco.com (mrwint.cisco.com [64.103.70.36]) by ams-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id r9A5OHH7019147 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 10 Oct 2013 05:24:19 GMT
Received: from [IPv6:::1] (localhost [127.0.0.1]) by cisco.com (8.14.4+Sun/8.8.8) with ESMTP id r9A5O6bc000468; Thu, 10 Oct 2013 06:24:08 +0100 (BST)
Message-ID: <525639F6.8010503@cisco.com>
Date: Thu, 10 Oct 2013 06:24:06 +0100
From: Stewart Bryant <stbryant@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: "iesg@ietf.org" <iesg@ietf.org>, Jari Arkko <jari.arkko@piuha.net>
Content-Type: multipart/alternative; boundary="------------020509030304060705060505"
Cc: "status@ietf.org" <status@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Subject: [Status] Jari Arkko's BLOCK on charter-ietf-spring-00-06
X-BeenThere: status@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: stbryant@cisco.com
List-Id: "Stacked Tunnels for Source Routing \(STATUS\)." <status.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/status>, <mailto:status-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/status>
List-Post: <mailto:status@ietf.org>
List-Help: <mailto:status-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/status>, <mailto:status-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 05:24:40 -0000
Jari SB> Maybe my emailer has lost the email, but this block did not seem SB> to have been mailed out. Early in my AD career I had to deal with the RH0 situation, and we ended up deprecating it. Like we have, for all practical purposes, done with the similar IPv4 mechanisms. What had initially seen as simple and useful tools turned out to be far trickier than people believed. The RH0 deprecation was not merely an IETF action - we deployed emergency patches to many products, worried about people taking down networks, worried about code left in unupdated routers, and so on. I am not opposed to dealing with new and better mechanisms for source routing. We've since then succeeded in defining very constrained source routing models (RH2, for instance) that do not have the same problems. But if we do start the work, we need to take the concerns that torpedoed earlier designs seriously. I'll observe that the charter has no text about the security, denial-of-service, or perimeter security concerns. It also talks about cross-AS designs. And it paints a very powerful, flexible model that supports a number of different applications. The combination of having something that doesn't open up all kinds of vulnerabilities and is still flexible is particularly worrying. SB> I think perhaps you mean challenging, or useful? Certeainly SB> providing the capability with adequate security would be very SB> welcome by many operators. SB> Currently the most developed work is MPLS, and that has exactly SB> the same security model as MPLS has today, i.e. no new SB> security vulnerabilities are introduced in the MPLS case. SB> The expection is that a similar security model, i.e. strict SB> ingress policing, encapsulation and address management SB> would provide a similar level of security for IPv6 SB> SB> I think you are looking for some text of the form: SB> SB> For each data plane technology that SPRING specifies, a security SB> analysis must be provided showing how protection is provided SB> against an attacker disrupting the network by maliciously SB> injecting SPRING packets. SB> SB> Would that address your concern? I'd like to understand what is our plan to address this and and I'd like to see some words in the charter text to talk about this aspect. Also, this text: "Source-based routing mechanisms have previously been specified for network protocols, but have not seen widespread adoption other than in MPLS traffic engineering. These applications may require greater flexibility and per packet source imposed routing than can be achieved through the use of the previously defined methods." seems like it is saying that the lack of flexibility caused the mechanisms to be not used. I don't think that is what happened. It was more about the security headaches that they caused to network managers... SB> No the text is saying that SR has not seen wide deployment SB> other than in MPLS traffic engineering, but there are new SB> applications that people now wish to deploy that would SB> benefit from SR. *Comment (2013-10-09)* A colleague commented that service chaining is not listed as a motivation. Should be it be? SB> It is not precluded. We only give examples and if someone wants to SB> propose an SC use case they are welcome. This text seemed somehow odd: "The SPRING working group will not work on any mechanisms for use in networks that forward IPv4 packets." Did you mean that the mechanisms can only work in v6-only networks, or that the mechanisms support only v6 traffic? I think you want the latter, not the former... SB> Yes, SPRING intend to do MPLS and IPv6 SB> We did not find anyone wanting to do IPv4, but just in case. - Stewart
- [Status] Jari Arkko's BLOCK on charter-ietf-sprin… Stewart Bryant
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Thomas Narten
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Stewart Bryant
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Jari Arkko
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Stewart Bryant
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Jari Arkko
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… joel jaeggli
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Ted Lemon
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Ted Lemon
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Stefano Previdi (sprevidi)
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Hannes Gredler
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Stewart Bryant
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Robert Raszuk
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Hannes Gredler
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Robert Raszuk
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Jari Arkko
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Stewart Bryant
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… joel jaeggli
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Jari Arkko
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Hannes Gredler
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Hannes Gredler
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Robert Raszuk
- Re: [Status] Jari Arkko's BLOCK on charter-ietf-s… Stewart Bryant