Alissa Cooper has entered the following ballot position for draft-ietf-opsawg-ipfix-bgp-community-11: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-opsawg-ipfix-bgp-community/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 7: "BGP speakers that support the extended message SHOULD be careful to export the BGP communities in the IPFIX message properly, so that they only convey as many communities as possible in the IPFIX message. The Collector which receives an IPFIX message with maximum length and BGP communities contained in its data set SHOULD be aware that the BGP communities may be truncated due to limited message space." This uses normative language improperly. "SHOULD be careful" and "SHOULD be aware" are not actionable by implementations. It seems like in the first case this is trying to convey something more like "SHOULD only convey as many communities as possible without exceeding the 65536-byte limit of an IPFIX message." The second one seems like it should not be a normative recommendation. Section 8: "This document itself does not directly introduce any new security issues." I question whether this is true. The motivation for the document describes the use of BGP communities in IPFIX as inputs to, e.g., traffic optimization applications. Given that there are known problems associated with the integrity and authenticity of BGP communities (e.g., [1]), couldn't the propagation of false BGP communities to these other applications cause the applications to misbehave in ways above and beyond whatever damage the false communities do to the operation of BGP itself? [1] https://datatracker.ietf.org/meeting/103/materials/slides-103-grow-bgp-communities-spread-their-wings-01 _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg