On 2026-06-02 14:20, Tom Hill wrote:
Hi Weiqiang, Nick,
On 2026-05-29 22:47, Nick Buraglio wrote:
On Tue, May 19, 2026 at 11:53 PM Weiqiang Cheng <
[email protected]> wrote:
Two minor comments to help define scope earlier:
1.
Section 2 could note that inter-SR-domain scenarios are out of
scope
(as already stated in Section 4).
2.
The point that SRv6 inherits IPv6 vulnerabilities but that this is
out
of scope (currently in Section 6.2.4) could also be mentioned in
Section 2
or the introduction.
How does this sound?
OLD:
We note that SRv6 is under active development and, as such, the above
documents might not cover all protocols employed in an SRv6
deployment.
NEW:
Inter-Domain Segment Routing scenarios are out of scope for this
document
as are existing and future protocol specific IPv6 vulnerabilities.
Additionally, we note that SRv6 is under active development and, as
such,
the above documents might not cover all protocols employed in an SRv6
deployment.
We can leave the existing statements further in the document unless
the WG
feels that they are unnecessary.
Per RFC8402 S8, if you take that a 'domain' is the "trusted domain",
e.g. "By default, SR operates within a trusted domain. Traffic MUST be
filtered at the domain boundaries." then by that assumption there is no
such definition of 'Inter-domain SRv6', because it violates Section 8
of RFC8402 as written.
If you take "inter-domain" to mean any EPE boundary (per RFC8402, S4.2)
then I don't think should be out of scope of this document, as it is
entirely valid for an operator to have multiple eBGP boundaries within
their trusted domain (for reasons of acquisition, blast radius, etc.)
and for us to be concerned about the security of those deployments.
Irrespective of the assumption made, I do not believe that it is for
this document to define "inter-domain SRv6", and thus we should not do
so (especially at this late stage). Detailing the security
considerations of SRv6 domains that exceed the trusted domains of the
operator would be nebulous, and there-in lies one of the reasons that
this document exists; it builds upon the clear statement made in S4.2
of RFC8402.
I do not support this proposed change to the document.
Further to the above, I think we can make the text in the last paragraph
of Section 4 of this draft, somewhat clearer of its intention - please
do let me know if I have perceived that intent correctly.
OLD TEXT: Inter-SR-domain scenarios are out of scope, including cases
where
multiple SR instances exist under the same administrative entity but
are logically or operationally distinct; such cases are treated as
separate SR domains for the purposes of this draft. Specifically, an
attack on one domain that is invoked from within a different domain
is considered an external attack in the context of the current
document.
NEW TEXT: SRv6 deployments that exceed their trusted domain (per
[RFC8402, Section 4.2) including cases where multiple SR instances exist
under the same administrative entitty, but are logically or
operationally distinct, are out of the scope of this document. Where an
attack originates from within a different trusted domain it is
considered an external attack in the context of this document.
--
This appears to me at least to have fewer uses of ambiguous terms, and
much more clearly defines the scope of this document.
Tom
_______________________________________________
spring mailing list -- [email protected]
To unsubscribe send an email to [email protected]
