I don't see anything around MD5/TCPAO authentication. >From https://tools.ietf.org/html/rfc6198
" Security considerations MUST be addressed by the proposed solutions. In particular, they SHOULD address the issues of bogus g-shut messages and how they would affect the network(s), as well as the impact of hiding a g-shut message so that g-shut is not performed." I may have missed it somewhere? if (initial_ttl!=255) then (rfc5082_compliant==0) donald.sm...@centurylink.com ________________________________________ From: GROW [grow-boun...@ietf.org] on behalf of bruno.decra...@orange.com [bruno.decra...@orange.com] Sent: Thursday, December 14, 2017 7:42 AM To: Ben Campbell Cc: grow-cha...@ietf.org; draft-ietf-grow-bgp-gs...@ietf.org; grow@ietf.org; The IESG Subject: Re: [GROW] Ben Campbell's Yes on draft-ietf-grow-bgp-gshut-12: (with COMMENT) Ben, Thanks for your review and comments. More inline. [Bruno] > From: Ben Campbell [mailto:b...@nostrum.com] > > Ben Campbell has entered the following ballot position for > draft-ietf-grow-bgp-gshut-12: Yes > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-grow-bgp-gshut/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I'm balloting "yes" because I think it's important to publish this. But, like > Alvaro, I wonder why this is not standards track, BCP, or just about > anything > but informational. So I support his DISCUSS, including his the comments on > how > to resolve it. [Bruno] Well noted: we now have 3 AD asking for STD track. If you don't mind, to avoid duplication, I'll follow up on Alvaro's email. (in short, STD track is ok for me) > -1, last paragraph: This references RFC 8174, but does not use the actual > 8174 > boilerplate. Is there a reason not to do so? [Bruno] My mistake: I had a comment to reference RFC 8174 rather than RFC 2119. I was not aware that this also implied changing the text. My understanding is the following: OLD: <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 8174 <xref target="RFC8174"/>.</t> NEW <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [BCP14] <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here.</t> That being said, the irony is that RFC 8174 does not use an upper case "should": "Authors who follow these guidelines should incorporate this phrase near the beginning of their document:" https://tools.ietf.org/html/rfc8174#section-2 --Bruno _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _______________________________________________ GROW mailing list GROW@ietf.org https://www.ietf.org/mailman/listinfo/grow This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments. _______________________________________________ GROW mailing list GROW@ietf.org https://www.ietf.org/mailman/listinfo/grow
