Benjamin Kaduk has entered the following ballot position for draft-ietf-lisp-gpe-12: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-lisp-gpe/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for the updates in -10 through -12 to leave nonce/versioning to additional shim headers/extensions; that does alleviate the concerns that left me balloting Abstain on the -09. I do have some (new) comments on the -12. Section 3 Conceptually, I'm thinking about this document as allocating the 'P' bit in the header and specifying its format when the P bit is set to 1; I don't expect it to be making changes to generic non-GPE LISP behavior. So it's a little surprising to see that bits 0-3 are now marked as Reserved (though that could probably be wordsmithed away, and the existing Section 2 probably sets the reader up to do the right thing already), and fairly surprising to see the following in the P-Bit description: If the P-bit is clear (0) the LISP header is bit-by-bit equivalent to the definition in [I-D.ietf-lisp-rfc6830bis] with bits N, L, E and V set to 0. Is the claim that once an implementation supports GPE, it will never use the non-shim-header versions of echo-nonce, map-versioning, etc? If not, then I don't think it's appropriate to say "with bits N, L, E, and V set to 0" here. I'm also not sure I fully understand the motivation for pulling out the Locator-Status-Bits, as that field's width is unchanged from stock 6830bis. Leaving them to a TBD shim-header does prevent the conflict with the Instance ID field, and perhaps the current usage patterns justify such a shift, so this may be more of a side note than an indication of a flaw in the document. Section 7 LISP-GPE, as many encapsulations that use optional extensions, is subject to on-path adversaries that by manipulating the g-Bit and the packet itself can remove part of the payload. Typical integrity Is "g-Bit" supposed to be "P-Bit"? I am failing to remember what the g-Bit is, at least... With LISP-GPE, issues such as data-plane spoofing, flooding, and traffic redirection may depend on the particular protocol payload encapsulated. I'd consider adding another clause, "noting that an attacker that is spoofing LISP-GPE traffic can claim to encapsulate any protocol payload type" -- the risk here is based on what types the receiver's implementation supports, not just what the legitimate sender is encapsulating. _______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
