Re: [v6ops] Benjamin Kaduk's No Objection on draft-ietf-v6ops-conditional-ras-06: (with COMMENT)

Jen Linkova <furry13@gmail.com> Thu, 02 August 2018 02:51 UTC

Return-Path: <furry13@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5DBB130E5B; Wed, 1 Aug 2018 19:51:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QvcGwZiSnjSz; Wed, 1 Aug 2018 19:51:09 -0700 (PDT)
Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED0B6130E48; Wed, 1 Aug 2018 19:51:08 -0700 (PDT)
Received: by mail-lf1-x132.google.com with SMTP id g6-v6so425909lfb.11; Wed, 01 Aug 2018 19:51:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=XtdUdH2JbaD6pPVZiGbuIC+y2ipKbGYAARkqmU41Ys0=; b=X4bEKNrZjOGR6BNLsblE5e+NEGSnDbV+mfN7NlDLW45PH45krcYeEbjG8ohMMoAbt9 5UTeBM4BoNGdRkC1x623LmHjxA9epTuJIzoisVOfwXyz0+jYMgfoc6tz/phjDOhacvoF 9i2nIzuyed7yuvCCl6dhVoYtgwsgKj22waJLfFMSGrqGfiHdqU22XkjdLeDiOE3aMY0/ 7YZWf9oV35OdMe38HE25R4/Uvrd6znhCtjQhk8u5azLzwZbfKvO2CZkKKGvcEUoepxnL hG8081XfV1Gikwmy/nEb1ocBKjxHRaFZhtmoddHvhzGZ32PnGoFvkwgB8r/fod0sYuRJ QWIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=XtdUdH2JbaD6pPVZiGbuIC+y2ipKbGYAARkqmU41Ys0=; b=ZWTQTTv52MLqaZqsK2IpIIe1Q+SAyFP72A0jUngeg/7WYoY5cCgN9X8CSULfJ4U+Co bKz8aoqDTs1r1XXafoUTxDL10ndTqYYKjhcGdxi5OBrri0VadUCUqrmYzv4D0InDIoch UwNemYb1zxhuQuOKOx8uTrGZRA1zzeHX3NWKW1MmSqzhZDzru75EiIGX4XZF+CB9Ep1B SwjkEzVJmAK4nN9pyO2XGQ6pjACpgM2PvxwxYyBrdoAuz+ksPsX9iIW0MFgvMTzjf+R7 9/rtRpupJWPH9OvinzbC2sM16NbrxH99PlNV52nJhQmfU1fd06SyofqPtPTM1qiQRSG9 eDYQ==
X-Gm-Message-State: AOUpUlEIo+2fsZ3ZYO23vKvyr8cn5XKM4mC45Kf9GO8wZjdf3Uj7s3GE PmhDEmlCLh5Y5Hfeb5iNGsEN+HEHmNkO+lD8iv0=
X-Google-Smtp-Source: AAOMgpe/8a814yUowoeoymw/26OuJucZRBsbtWhorQoDpZHoPGQUKPJD6oGJF/GDcXXFm0cdObkwj6hfn8eYCaI87x4=
X-Received: by 2002:a19:f104:: with SMTP id p4-v6mr393827lfh.137.1533178267123; Wed, 01 Aug 2018 19:51:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a19:1d82:0:0:0:0:0 with HTTP; Wed, 1 Aug 2018 19:50:46 -0700 (PDT)
In-Reply-To: <153317681682.21918.12970450956130307676.idtracker@ietfa.amsl.com>
References: <153317681682.21918.12970450956130307676.idtracker@ietfa.amsl.com>
From: Jen Linkova <furry13@gmail.com>
Date: Thu, 02 Aug 2018 12:50:46 +1000
Message-ID: <CAFU7BARsDaOnk6LNxFeZkKKGcjhbFVjkMLEiyMpPcQkG5U+Zpg@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: The IESG <iesg@ietf.org>, Russ White <russ@riw.us>, v6ops-chairs@ietf.org, V6 Ops List <v6ops@ietf.org>, draft-ietf-v6ops-conditional-ras@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/beNOWh9bCwD_6OevJUBSjZBOoaA>
Subject: Re: [v6ops] Benjamin Kaduk's No Objection on draft-ietf-v6ops-conditional-ras-06: (with COMMENT)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Aug 2018 02:51:11 -0000

Hi Benjamin,

> I'll echo Mirja and Spencer's question about the "empty" security
> considerations.  (I actually don't much care for the "This memo introduces no
> new security considerations" formulation in general, unless it's literally the
> only content of the section -- it's either followed by new security
> considerations, in which it's just wrong, or followed by calling out specific
> portions of the referenced security considerations that are particularly
> relevant.  In the latter case, it seems useful to provide more of a lead-in
> like "The general security considerations of [X] and[Y] apply, and in
> particular [...]".)

The most recent version (-06) submitted yesterday now has some text in
the Security Considerations section:

https://tools.ietf.org/html/draft-ietf-v6ops-conditional-ras-06#section-5

I hope it addresses your question.

> Unfortunately, I don't seem to be in a good position to comment on actual
> additions to the security considerations section, since I don't have a clear
> picture of what the proposal in this document actually changes when compared to
> current/normal practices.  This is presumably just a matter of my lacking the
> appropriate background knowledge for the routing bits, but in a scenario like
> Figure 3, with distinct edge and first-hop routers, what kind of RAs would the
> first-hop routers normally be sending?  Would they be announcing the routes in
> question here just without the PIO markings, or not advertising anything at
> all, or something else?

Normally the first-hop routers are sending RAs which contain PIOs for
the prefixes configured in the network.
If the preferred-lifetime is not explicitly specified in the
configuration by the administrator, those prefixes would have
the default value of lifetime (7 days). Or any other value explicitly
configured on the router (e.g. to deprecate a prefix for
renumbering/if the wrong
prefix has been configured, I have to edit routers configuration and
set "prefix 2001:db8:1::/54 preferred-lifetime 0").

-- 
SY, Jen Linkova aka Furry