Advertising Node Administrative Tags in OSPF
draft-ietf-ospf-node-admin-tag-09
Yes
(Alia Atlas)
No Objection
(Deborah Brungard)
(Jari Arkko)
(Martin Stiemerling)
(Terry Manderson)
Note: This ballot was opened for revision 05 and is now closed.
Alia Atlas Former IESG member
Yes
Yes
(for -05)
Unknown
Alvaro Retana Former IESG member
(was Discuss)
No Objection
No Objection
(2015-10-19 for -08)
Unknown
I am clearing my DISCUSS because we seem to be going around in circles in my exchanges with the authors. I still have some concerns about the normative language in section 3.2 (some of it has been updated as a result of our discussions) — I think that some of the text is not in line with what seems to be the intent of the extension: "…allows simplification, ease of management and control over…policies. …node-tags can be used to express and apply locally-defined network policies." Specifically, I have strong concerns about the ability (or not, as defined in the text) to flood the same tag value with different scopes, and about potential instability caused by sources other than topology changes. To all this, I trust the responsible AD and hope that the WG had the appropriate discussions, so I'm changing my ballot and not standing in the way.
Barry Leiba Former IESG member
No Objection
No Objection
(2015-10-14 for -06)
Unknown
The abstract reads a bit oddly, repeating "This document describes an extension to OSPF protocol". Perhaps while you're making changes to address the other IESG comments, you could re-word the abstract to avoid that repetition.
Ben Campbell Former IESG member
No Objection
No Objection
(2015-10-14 for -06)
Unknown
The shepherd write up says that there have been no IPR disclosures, but there has in fact been a disclosure on an earlier version. Wast he working group aware of this disclosure? 3.2, paragraph 4: "Each tag MUST be treated as an independent identifier that MAY be used in policy to perform a policy action." Given the context of the previous MUST, the MAY seems more descriptive than normative.
Benoît Claise Former IESG member
No Objection
No Objection
(2015-10-12 for -06)
Unknown
- "Tags carried by the administrative tag TLV SHOULD be used to indicate independent characteristics of a node." I was initially confused by that sentence. So there are tags carried by a different TLV than the administrative one? Actually, no (I checked with one of the authors). I would simply write: "Administrative tag TLV SHOULD be used to indicate independent characteristics of a node." This would be in line with the definition: An administrative Tag is a 32-bit integer value that can be used to identify a group of nodes in the OSPF domain. - Router information LSA [RFC4970] can have link, area or AS level flooding scope. Choosing the flooding scope to flood the group tags are defined by the policies and is a local matter. "and is a local matter". Hopefully there is some sort of centralized management application that checks consistency.
Brian Haberman Former IESG member
No Objection
No Objection
(2015-10-15 for -07)
Unknown
I support Alvaro's DISCUSS position. I also wonder why we are turning OSPF into a generic container protocol. That approach has caused issues with BGP and I don't see it being any better doing it in OSPF.
Deborah Brungard Former IESG member
No Objection
No Objection
(for -07)
Unknown
Jari Arkko Former IESG member
No Objection
No Objection
(for -07)
Unknown
Joel Jaeggli Former IESG member
No Objection
No Objection
(2015-10-12 for -06)
Unknown
David Black did the opsdir / genart review updates were applied to the reviewed version
Kathleen Moriarty Former IESG member
No Objection
No Objection
(2015-10-13 for -06)
Unknown
Thanks for your responsive and helpful feedback to the SecDir review. The suggested and agreed changes look good and I'll continue to watch the thread as the discussion seems to be going very well and is managed very well on both ends. Thank you! https://mailarchive.ietf.org/arch/msg/secdir/FT81G3Iml0J1alWq5wdVaBYXiao
Martin Stiemerling Former IESG member
No Objection
No Objection
(for -06)
Unknown
Spencer Dawkins Former IESG member
No Objection
No Objection
(2015-10-14 for -06)
Unknown
I share Alvero's Discuss about whether these tags are opaque.
Stephen Farrell Former IESG member
No Objection
No Objection
(2015-10-15 for -07)
Unknown
- I think Alavaro and Brian make some good points. I'll be interested in how that discussion turns out. - Good to see that you recognise that even opaque tag values can expose sensitive information (the attacker isn't limited in how they are allowed interpret what they see). However, given that we recognise that confidentiality ought be provided sometimes, isn't there an onus on us to actually provide some usable way to get that service? If so, then who is looking at that problem? If not, then why is that acceptable? (This isn't a discuss as I don't think there is any PII or similar information being transferred, and the confidentiality requirement here really relates to network topology etc. But please do correct me if one of these tags could be PII-like and I'll make this a discuss if that's better.)
Terry Manderson Former IESG member
No Objection
No Objection
(for -07)
Unknown