Re: [sidr] Fw: New Version Notification for draft-ietf-sidr-bgpsec-protocol-19.txt

[Chris Morrow]

At Sun, 27 Nov 2016 14:53:17 +,
"Sriram, Kotikalapudi (Fed)"  wrote:
> 
> This new version of the BGPsec specification draft incorporates
> Alvaro's (Routing AD) comments.  Another email follows that provides
> responses to the comments and clarifies how each of the comments were
> incorporated in the revision.

Great, thanks! (for getting this done in short order, and after a long
week away)

-chris

>   
> Sriram
> 
>  From:
> internet-dra...@ietf.org  Sent: Sunday,
> November 27, 2016 9:30 AM To: Matthew Lepinski; Sriram, Kotikalapudi
> (Fed) Subject: New Version Notification for
> draft-ietf-sidr-bgpsec-protocol-19.txt
> 
> A new version of I-D, draft-ietf-sidr-bgpsec-protocol-19.txt has been
> successfully submitted by Kotikalapudi Sriram and posted to the IETF
> repository.
> 
> Name: draft-ietf-sidr-bgpsec-protocol Revision: 19 Title: BGPsec
> Protocol Specification Document date: 2016-11-27 Group: sidr Pages: 40
> URL:
> https://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-protocol-19.txt
> Status:
> https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-protocol/
> Htmlized:
> https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-protocol-19 Diff:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-bgpsec-protocol-19
> 
> Abstract:
>This document describes BGPsec, an extension to the Border Gateway
>Protocol (BGP) that provides security for the path of autonomous
>systems through which a BGP update message passes.  BGPsec is
>implemented via an optional non-transitive BGP path attribute that
>carries a digital signature produced by each autonomous system that
>propagates the update message.
> 
> 
> 
> 
> Please note that it may take a couple of minutes from the time of
> submission until the htmlized version and diff are available at
> tools.ietf.org.
> 
> The IETF Secretariat

___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

Re: [sidr] AD Review of draft-ietf-sidr-bgpsec-protocol-18

[Sriram, Kotikalapudi (Fed)]

Hi Alvaro,

Thank you very much for this thorough and detailed set of comments.

They greatly help improve the clarity, accuracy, and presentation in the 
document.

I have worked with each of the comments and incorporated changes accordingly

in the document. Please see version-19 that was just submitted.

Many thanks to Sean Turner for his help with the updated IANA considerations 
section.

My responses to your individual comments are shown below and are marked with 
[Sriram].

Let me know if the pdf opens OK for you.

Also, please let me know if I missed anything.

Regards,

Sriram

P.S. I tried to send this message with a pdf attachment earlier to the SIDR 
list.

But looks like that post was not accepted by the IETF email exploder due to the 
attachment, may be?

So I have copied and pasted here the text from the pdf.

There may be line-wrap issue -- let us see.

---

Dear authors:

Hi!  First of all, thank you for taking on the duties of editing this document.


I have several comments (see below).  For the most part, I think they should be 
easy to solve as many are related to clarifications.  Most of the comments I 
classified as Major are due to the use of Normative language.


The biggest concern I have with this document is the lack of an Operations and 
Management Considerations Section – please take a look at RFC5706 (Guidelines 
for Considering Operations and Management of New Protocols and Protocol 
Extensions).  Some of the information suggested there is present in 
draft-ietf-sidr-bgpsec-ops, and (ironically) in the “Design and Deployment 
Considerations” section of draft-ietf-sidr-bgpsec-overview.  However, important 
items such as migration or management are missing.  I would like to see a well 
thought out Operations and Management Section in this document before moving it 
forward.  Note that I’m not suggesting that a YANG model (for example) is 
required to move forward, but I would like to see considerations about 
migration, and the impact on network operations, to mention two items, all in 
one place in the document.  I would like the authors/Chairs/Shepherd/WG to 
consider even merging in draft-ietf-sidr-bgpsec-ops as the base for this new 
section (or at least reference it prominently).

[Sriram] Following the clarifications and additional guidance you provided in 
Seoul (when you, Chris, and I met), I have added a new Section 7 (Operations 
and Management Considerations). The topics you mention above are all covered in 
the new Section 7. Additional responses noted here below under your specific 
comments.

Thanks!

Alvaro.

Major:

M1. Registry Definitions

M1.1. Section 2.1. (The BGPsec Capability) includes a Version field and some 
Reserved bits, but there are no IANA registries defined for how to manage these 
spaces.  Please define the registries and the corresponding registration 
procedures.

[Sriram] Done. Please see the updated IANA Considerations section.

M1.2. Section 3.1. (Secure_Path) defines the Flags field and assigns the first 
bit (BTW, is that the MSB or the LSB, please clarify), but doesn't set up the 
registry or registration procedures.

[Sriram] It is the MSB (left most bit) and that is now clarified in Section 
3.1. Set up of the registry for the Flags field is now included in the updated 
IANA Considerations section.



M2. Error Handling — Several sections don't have proper error handling 
procedures specified. (This is a management issue that I think is 
underspecified.)

[Sriram] Now there is management and operations section (Section 7) added where 
error handling and other ops/mgmt. issues are discussed.

M2.1. Section 2.2. (Negotiating BGPsec Support) doesn't fully specify the error 
handling behavior of the Capability, and it fails open.

[Sriram] See my responses below for M2.1.1.

The new management and operations section (Section 7) covers this case.

M2.1.1. What should the action be if the Version is not 0?

[Sriram]: From Section 2.2:

“BGP

   update messages without the BGPsec_Path attribute MAY be sent within

   a session regardless of whether or not the use of BGPsec is

   successfully negotiated.”

[Sriram] Based on the above, there is a possibility that BGPsec is not 
successfully negotiated but BGP is session is established – I think that is 
what you are calling fail open. If the intersection of BGPsec capability 
advertisements from both sides does not include Version 0, then BGPsec Version 
0 has not been successfully negotiated. But a BGP session is still negotiated 
and BGP (unsigned) messages are exchanged. I have now included this wording in 
the new ops/mgmt. Section 7.

M2.1.2. "…a BGP speaker MUST NOT advertise the capability of BGPsec support for 
a particular AFI unless it has also advertised the multiprotocol extension 
capability for the same AFI [RFC4760]."  What should happen if it does 
advertise an AFI that is not covered by the multiprotocol extension capability? 
  Or if the multi-protocol capability is 

[sidr] Fw: New Version Notification for draft-ietf-sidr-bgpsec-protocol-19.txt

[Sriram, Kotikalapudi (Fed)]

This new version of the BGPsec specification draft incorporates Alvaro's 
(Routing AD) comments. 
Another email follows that provides responses to the comments and 
clarifies how each of the comments were incorporated in the revision.
  
Sriram


From: internet-dra...@ietf.org 
Sent: Sunday, November 27, 2016 9:30 AM
To: Matthew Lepinski; Sriram, Kotikalapudi (Fed)
Subject: New Version Notification for draft-ietf-sidr-bgpsec-protocol-19.txt

A new version of I-D, draft-ietf-sidr-bgpsec-protocol-19.txt
has been successfully submitted by Kotikalapudi Sriram and posted to the
IETF repository.

Name:   draft-ietf-sidr-bgpsec-protocol
Revision:   19
Title:  BGPsec Protocol Specification
Document date:  2016-11-27
Group:  sidr
Pages:  40
URL:
https://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-protocol-19.txt
Status: 
https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-protocol/
Htmlized:   https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-protocol-19
Diff:   
https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-bgpsec-protocol-19

Abstract:
   This document describes BGPsec, an extension to the Border Gateway
   Protocol (BGP) that provides security for the path of autonomous
   systems through which a BGP update message passes.  BGPsec is
   implemented via an optional non-transitive BGP path attribute that
   carries a digital signature produced by each autonomous system that
   propagates the update message.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

[sidr] I-D Action: draft-ietf-sidr-bgpsec-protocol-19.txt

[internet-drafts]

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Inter-Domain Routing of the IETF.

Title   : BGPsec Protocol Specification
Authors : Matthew Lepinski
  Kotikalapudi Sriram
Filename: draft-ietf-sidr-bgpsec-protocol-19.txt
Pages   : 40
Date: 2016-11-27

Abstract:
   This document describes BGPsec, an extension to the Border Gateway
   Protocol (BGP) that provides security for the path of autonomous
   systems through which a BGP update message passes.  BGPsec is
   implemented via an optional non-transitive BGP path attribute that
   carries a digital signature produced by each autonomous system that
   propagates the update message.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-protocol/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-protocol-19

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-bgpsec-protocol-19


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr