BGPsec Considerations for Autonomous System (AS) Migration
draft-ietf-sidr-as-migration-06
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2017-09-25
|
06 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2017-06-16
|
06 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2017-06-07
|
06 | (System) | RFC Editor state changed to RFC-EDITOR from REF |
2017-06-02
|
06 | (System) | RFC Editor state changed to REF from EDIT |
2017-04-27
|
06 | (System) | RFC Editor state changed to EDIT from MISSREF |
2017-02-07
|
06 | (System) | RFC Editor state changed to MISSREF |
2017-02-07
|
06 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2017-02-07
|
06 | (System) | Announcement was received by RFC Editor |
2017-02-07
|
06 | (System) | IANA Action state changed to No IC |
2017-02-07
|
06 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2017-02-07
|
06 | Cindy Morgan | IESG has approved the document |
2017-02-07
|
06 | Cindy Morgan | Closed "Approve" ballot |
2017-02-07
|
06 | Cindy Morgan | Ballot approval text was generated |
2017-02-07
|
06 | Alvaro Retana | A couple of minor changes will be incorporated later in the process. |
2017-02-07
|
06 | Alvaro Retana | IESG state changed to Approved-announcement to be sent from Approved-announcement to be sent::Revised I-D Needed |
2017-01-05
|
06 | Jean Mahoney | Request for Telechat review by GENART Completed: Ready with Nits. Reviewer: Wassim Haddad. |
2017-01-05
|
06 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Revised I-D Needed from IESG Evaluation |
2017-01-05
|
06 | Alvaro Retana | Ballot writeup was changed |
2017-01-05
|
06 | Jari Arkko | [Ballot comment] Per Wassim Haddad's Gen-ART review (thanks!), there seems to be a word missing here: "Route Origin Validation as defined by RFC 6480 [ … |
2017-01-05
|
06 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2017-01-04
|
06 | Joel Jaeggli | [Ballot Position Update] New position, Yes, has been recorded for Joel Jaeggli |
2017-01-04
|
06 | Amanda Baber | IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed |
2017-01-04
|
06 | Stephen Farrell | [Ballot Position Update] Position for Stephen Farrell has been changed to No Objection from No Record |
2017-01-04
|
06 | Ben Campbell | [Ballot comment] (The deferral of this draft until the bgpsec protocol draft is on the agenda resolves my comment about timing.) From a strictly style … [Ballot comment] (The deferral of this draft until the bgpsec protocol draft is on the agenda resolves my comment about timing.) From a strictly style perspective (that is, you can take this or leave it), I find the heavy use of present continuous tense confusing to read. |
2017-01-04
|
06 | Ben Campbell | Ballot comment text updated for Ben Campbell |
2017-01-04
|
06 | Kathleen Moriarty | [Ballot comment] I think the Abstract & introduction are too brief. A lot of concerns might have been avoided with a little more explanation up … [Ballot comment] I think the Abstract & introduction are too brief. A lot of concerns might have been avoided with a little more explanation up front. I removed my discuss points as expanding the abstract to include more details in the introduction that appear in the security consideration section isn't really discussable, but would help the draft IMO. Comments are left, I didn't comb through them, so take or leave the ones that have not been addressed. Thank you. --- Standards Track *is* right for this document, but it takes a little to understand that while the document doesn't make any changes to the protocol, it does describe how implementations use the protocol to deliver a specific function. --- Some rewording of the introduction could go a long way in helping with document clarity: Possibly: "This document describes how ASN migration may be performed securely using the RPKI and BGPSec mechanisms. It defines the implementation behavior during ASN migration, but does not define any changes to the BGPSec protocol." *Note - if the last part remains true --- 1.2 refers to "private ASNs" and this term is well understood. But the referenced RFC 1930 doesn't use that term. It uses the term "Reserved AS Numbers" and describes them as "reserved for private use". --- Section 2 has "...merging two or more ASNs..." I think it is ASes that are being merged. Ditto "...is not enabled between the ASNs..." --- Section 3 has Since they are using methods to migrate that do not require coordination with customers, they do not have a great deal of control over the length of the transition period as they might with something completely under their administrative control I can't parse this. If the methods do NOT require coordination with customers, surely the methods are wholly under the control of the operator. Is there a typo: s/do not require/require/ ? Or is there some other message? --- Section 3 As solutions were being proposed for RPKI implementations to solve this transition case, operational complexity and hardware scaling considerations associated with maintaining multiple legacy ASN keys on routers throughout the combined network have been carefully considered. As worded (passive voice) it demands a citation. Possibly it is meant to say that operators have carefully considered this. Maybe that the SIDR WG has done the consideration. --- Section 3 It would be helpful to add a final sentence saying what this section goes on to do. I think it examines the basic functions of RPKI to determine whether they already handle ASN migration and to identify any issues that might arise when an ASN changes. --- 3.1 Route Origin Validation as defined by RFC 6480 [RFC6480] does not need a unique solution to enable AS migration, as the existing protocol and procedure allows for a solution. That doesn't read too well to me at least, do you mean something like: Route Origin Validation as defined by RFC 6480 [RFC6480] does not need modification to enable AS migration, as the existing protocol and procedure allows for a solution as follows. --- 3.1 In the scenario discussed, AS64510 is being replaced by AS64500. s/discussed/discussed in RFC 7705/ --- There are some abbreviations that will need to be expanded (e.g., ROA) --- 3.2.1 has... However, there is currently no guidance in the BGPSec protocol specification [I-D.ietf-sidr-bgpsec-protocol] on whether or not the forward-signed ASN value is required to match the configured remote AS to validate properly "currently" looks unlikely to change at this stage given the status of draft-ietf-sidr-bgpsec-protocol. So, either - make the changes to draft-ietf-sidr-bgpsec-protocol while you can or - change this text to reflect reality as... "However, there is no guidance..." --- 3.2.1 s/remote as 64510/remote AS 64510/ s/local as 64510/local AS 64510/ --- 3.2.1 It took me several attempts to parse... Assuming that this mismatch will be allowed by vendor implementations and using it as a means to solve this migration case is likely to be problematic. Did you mean: If we assume that this mismatch will be allowed by vendor implementations and that using it as a means to solve this migration case, then we are likely to see problems when implementations disallow the mismatch. --- 3.2.2 However, if the updates are left intact, this will cause the AS Path length to be increased, which is undesirable as discussed in RFC7705 [RFC7705]. On reading this I thought: "Undesirable is OK for a short transition period," but I went and read 7705. There, in the introduction, it says "it is critical that the ISP does not increase AS_PATH length during or after ASN migration". So I would s/is undesirable/must be avoided/ (Note: Section 4 has this as MUST NOT.) --- The text before the bullets in section 4 should... s/listed in no particular order:/listed in no particular order. BGPSec:/ Then "BGPSec" can be deleted from the first bullet. --- In section 5... Since that PE has been moved to AS64500, it is not possible for it to forward-sign AS64510 with pCount=0 without some minor changes to the BGPSec implementation to address this use case. I know what this is saying, but it is a bit skewed since implementations are not normally in scope for our specs. Perhaps... Since that PE has been moved to AS64500, this described a new behavior for implementations to forward-sign AS64510 with pCount=0. --- Section 5 This document proposes applying a similar technique Too late! If this is to be an RFC on the Standards Track then This document describes how to apply a similar technique --- Section 5 has (see section 4.4 of the above-referenced draft) Really? Too tired to actually include the reference? But by the time this document is published the reference will be an RFC and this text will be left dangling. ---- 5.2 The requirement to sign updates in iBGP represents a change to the normal behavior for this specific AS-migration implementation only. s/implementation/scenario/ --- I always love it when the Acknowledgements section thanks one of the authors :-) --- Section 8 This has happened before, but it usually leads the IESG to say "Hang on, why don't you just fix the protocol spec?" At the least, the Abstract and Introduction need to include the right text that would be present for an "Update". That is: what document is updated and what change is made. --- Section 9 Is "reasonably secure" should be replaced with something more accurate. Maybe this will come with the new text Sandy is working on. this is not fundamentally altering the existing security risks for BGPSec. That seems to say "...is somewhat (or marginally) altering..." which doesn't sound good. --- I hope the more detailed review is helpful. I still need to look at BGPsec to feel more comfortable with this one. |
2017-01-04
|
06 | Kathleen Moriarty | [Ballot Position Update] Position for Kathleen Moriarty has been changed to No Objection from Discuss |
2017-01-04
|
06 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2017-01-04
|
06 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2017-01-03
|
06 | Suresh Krishnan | [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan |
2016-12-16
|
06 | Alvaro Retana | IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead |
2016-12-15
|
06 | Jean Mahoney | Request for Telechat review by GENART is assigned to Wassim Haddad |
2016-12-15
|
06 | Jean Mahoney | Request for Telechat review by GENART is assigned to Wassim Haddad |
2016-12-09
|
06 | Rifaat Shekh-Yusef | Request for Telechat review by SECDIR Completed: Has Nits. Reviewer: Rifaat Shekh-Yusef. |
2016-12-08
|
06 | Tero Kivinen | Request for Telechat review by SECDIR is assigned to Rifaat Shekh-Yusef |
2016-12-08
|
06 | Tero Kivinen | Request for Telechat review by SECDIR is assigned to Rifaat Shekh-Yusef |
2016-12-07
|
06 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2016-12-07
|
06 | Wesley George | New version available: draft-ietf-sidr-as-migration-06.txt |
2016-12-07
|
06 | (System) | New version approved |
2016-12-07
|
06 | (System) | Request for posting confirmation emailed to previous authors: sidr-chairs@ietf.org, "Sandra Murphy" , "Wesley George" |
2016-12-07
|
06 | Wesley George | Uploaded new revision |
2016-12-01
|
05 | Alvaro Retana | Placed on agenda for telechat - 2017-01-05 |
2016-07-14
|
05 | Jean Mahoney | Closed request for Last Call review by GENART with state 'No Response' |
2016-05-24
|
05 | Alvaro Retana | IESG state changed to Waiting for AD Go-Ahead from IESG Evaluation::AD Followup |
2016-05-12
|
05 | Alvaro Retana | Just changing the state to AD Followup because I have the action to put this document back on the IESG Telechat agenda when the BGPSec … Just changing the state to AD Followup because I have the action to put this document back on the IESG Telechat agenda when the BGPSec spec makes it there. |
2016-05-12
|
05 | Alvaro Retana | IESG state changed to IESG Evaluation::AD Followup from IESG Evaluation |
2016-05-12
|
05 | Tero Kivinen | Closed request for Telechat review by SECDIR with state 'No Response' |
2016-05-04
|
05 | Alvaro Retana | Several of the ADs have made the point that for the proper review of this document a previous review and understanding of the BGPSec Protocol … Several of the ADs have made the point that for the proper review of this document a previous review and understanding of the BGPSec Protocol Specification (draft-ietf-sidr-bgpsec-protocol) is needed. I took this document off the May/5.16 Telechat agenda and will put it back at the time that BGPSec is ready for IESG review. |
2016-05-04
|
05 | Alvaro Retana | Removed from agenda for telechat |
2016-05-04
|
05 | Alexey Melnikov | [Ballot Position Update] New position, No Objection, has been recorded for Alexey Melnikov |
2016-05-04
|
05 | Stephen Farrell | [Ballot comment] I've yet to review this one, but I'd like to join the chorus asking that this be put onto the same telechat as … [Ballot comment] I've yet to review this one, but I'd like to join the chorus asking that this be put onto the same telechat as bgpsec - based on a quick scan I can't see how I can evaluate this without also evaluating bgpsec. If this stays on this week's telechat I may not have time to review both (I do think bgpsec deserves a proper review), in which case I may have to hit the "defer" button tomorrow. (This note is just a heads up for that, in the hope that someone else pushes this out in the meantime:-) |
2016-05-04
|
05 | Stephen Farrell | Ballot comment text updated for Stephen Farrell |
2016-05-03
|
05 | Terry Manderson | [Ballot comment] I agree with Kathleen (and others) in terms of timing on seeing this particular document. What is the time-line for seeing BGPSec at … [Ballot comment] I agree with Kathleen (and others) in terms of timing on seeing this particular document. What is the time-line for seeing BGPSec at the IESG now that the in-WG discussion regarding its status has concluded? |
2016-05-03
|
05 | Terry Manderson | [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson |
2016-05-03
|
05 | Ben Campbell | [Ballot comment] I agree with other comments that it seems odd to publish this in advance of BGPSec. The need to "update" a document that … [Ballot comment] I agree with other comments that it seems odd to publish this in advance of BGPSec. The need to "update" a document that has not yet been published seems telling. From a strictly style perspective (that is, you can take this or leave it), I find the heavy use of present continuous tense confusing to read. |
2016-05-03
|
05 | Ben Campbell | [Ballot Position Update] New position, No Objection, has been recorded for Ben Campbell |
2016-05-03
|
05 | Deborah Brungard | [Ballot comment] Similar to other comments, not sure why this is being progressed now. If progress with BGPsec (or after), would help to ensure alignment … [Ballot comment] Similar to other comments, not sure why this is being progressed now. If progress with BGPsec (or after), would help to ensure alignment and avoid the need to update the metadata later (Section 8 RFC Editor note). As BGPsec has a pointer to this draft (seems a bit strange for it to have a pointer to it's update) - why not include the appropriate text in BGPsec itself to support. And then this draft would not need to "update" and both documents could simply reference each other. |
2016-05-03
|
05 | Deborah Brungard | Ballot comment text updated for Deborah Brungard |
2016-05-03
|
05 | Deborah Brungard | [Ballot comment] Similar to other comments, not sure why this is being progressed now. If progress with BGPsec (or after), would help to ensure alignment … [Ballot comment] Similar to other comments, not sure why this is being progressed now. If progress with BGPsec (or after), would help to ensure alignment and avoid the need to update the metadata later (Section 8 RFC Editor note). |
2016-05-03
|
05 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2016-05-03
|
05 | Kathleen Moriarty | [Ballot discuss] I'm wondering a few things that I think are important to discuss. If this is all fine, I may have more comments as … [Ballot discuss] I'm wondering a few things that I think are important to discuss. If this is all fine, I may have more comments as I think I'll need to dig into the BGPsec draft first and then this one again. 1. Why is this document preceding the BGP spec? Shouldn't this be part of the BGPSec protocol document? If BGPSec isn't getting deployed because of the AS path migration problem and this gets us a little further, but not quite as secure, maybe that's a trade off we need to accept. But this document coming through first is a little concerning even though the protocol spec is a normative reference. 2. The introduction makes this sound rather innocuous, but the security considerations section is more explicit that this is a work around BGPSec and isn't quite as secure. I'd like to see some text explaining this better in the introduction, more similar to what's in the first paragraph of the security considerations section. See comments below too with some text. Sandy said she was working on this section as well, thanks for that! Thank you |
2016-05-03
|
05 | Kathleen Moriarty | [Ballot comment] I think the Abstract & introduction are too brief. A lot of concerns might have been avoided with a little more explanation up … [Ballot comment] I think the Abstract & introduction are too brief. A lot of concerns might have been avoided with a little more explanation up front. --- Standards Track *is* right for this document, but it takes a little to understand that while the document doesn't make any changes to the protocol, it does describe how implementations use the protocol to deliver a specific function. --- Some rewording of the introduction could go a long way in helping with document clarity: Possibly: "This document describes how ASN migration may be performed securely using the RPKI and BGPSec mechanisms. It defines the implementation behavior during ASN migration, but does not define any changes to the BGPSec protocol." *Note - if the last part remains true --- 1.2 refers to "private ASNs" and this term is well understood. But the referenced RFC 1930 doesn't use that term. It uses the term "Reserved AS Numbers" and describes them as "reserved for private use". --- Section 2 has "...merging two or more ASNs..." I think it is ASes that are being merged. Ditto "...is not enabled between the ASNs..." --- Section 3 has Since they are using methods to migrate that do not require coordination with customers, they do not have a great deal of control over the length of the transition period as they might with something completely under their administrative control I can't parse this. If the methods do NOT require coordination with customers, surely the methods are wholly under the control of the operator. Is there a typo: s/do not require/require/ ? Or is there some other message? --- Section 3 As solutions were being proposed for RPKI implementations to solve this transition case, operational complexity and hardware scaling considerations associated with maintaining multiple legacy ASN keys on routers throughout the combined network have been carefully considered. As worded (passive voice) it demands a citation. Possibly it is meant to say that operators have carefully considered this. Maybe that the SIDR WG has done the consideration. --- Section 3 It would be helpful to add a final sentence saying what this section goes on to do. I think it examines the basic functions of RPKI to determine whether they already handle ASN migration and to identify any issues that might arise when an ASN changes. --- 3.1 Route Origin Validation as defined by RFC 6480 [RFC6480] does not need a unique solution to enable AS migration, as the existing protocol and procedure allows for a solution. That doesn't read too well to me at least, do you mean something like: Route Origin Validation as defined by RFC 6480 [RFC6480] does not need modification to enable AS migration, as the existing protocol and procedure allows for a solution as follows. --- 3.1 In the scenario discussed, AS64510 is being replaced by AS64500. s/discussed/discussed in RFC 7705/ --- There are some abbreviations that will need to be expanded (e.g., ROA) --- 3.2.1 has... However, there is currently no guidance in the BGPSec protocol specification [I-D.ietf-sidr-bgpsec-protocol] on whether or not the forward-signed ASN value is required to match the configured remote AS to validate properly "currently" looks unlikely to change at this stage given the status of draft-ietf-sidr-bgpsec-protocol. So, either - make the changes to draft-ietf-sidr-bgpsec-protocol while you can or - change this text to reflect reality as... "However, there is no guidance..." --- 3.2.1 s/remote as 64510/remote AS 64510/ s/local as 64510/local AS 64510/ --- 3.2.1 It took me several attempts to parse... Assuming that this mismatch will be allowed by vendor implementations and using it as a means to solve this migration case is likely to be problematic. Did you mean: If we assume that this mismatch will be allowed by vendor implementations and that using it as a means to solve this migration case, then we are likely to see problems when implementations disallow the mismatch. --- 3.2.2 However, if the updates are left intact, this will cause the AS Path length to be increased, which is undesirable as discussed in RFC7705 [RFC7705]. On reading this I thought: "Undesirable is OK for a short transition period," but I went and read 7705. There, in the introduction, it says "it is critical that the ISP does not increase AS_PATH length during or after ASN migration". So I would s/is undesirable/must be avoided/ (Note: Section 4 has this as MUST NOT.) --- The text before the bullets in section 4 should... s/listed in no particular order:/listed in no particular order. BGPSec:/ Then "BGPSec" can be deleted from the first bullet. --- In section 5... Since that PE has been moved to AS64500, it is not possible for it to forward-sign AS64510 with pCount=0 without some minor changes to the BGPSec implementation to address this use case. I know what this is saying, but it is a bit skewed since implementations are not normally in scope for our specs. Perhaps... Since that PE has been moved to AS64500, this described a new behavior for implementations to forward-sign AS64510 with pCount=0. --- Section 5 This document proposes applying a similar technique Too late! If this is to be an RFC on the Standards Track then This document describes how to apply a similar technique --- Section 5 has (see section 4.4 of the above-referenced draft) Really? Too tired to actually include the reference? But by the time this document is published the reference will be an RFC and this text will be left dangling. ---- 5.2 The requirement to sign updates in iBGP represents a change to the normal behavior for this specific AS-migration implementation only. s/implementation/scenario/ --- I always love it when the Acknowledgements section thanks one of the authors :-) --- Section 8 This has happened before, but it usually leads the IESG to say "Hang on, why don't you just fix the protocol spec?" At the least, the Abstract and Introduction need to include the right text that would be present for an "Update". That is: what document is updated and what change is made. --- Section 9 Is "reasonably secure" should be replaced with something more accurate. Maybe this will come with the new text Sandy is working on. this is not fundamentally altering the existing security risks for BGPSec. That seems to say "...is somewhat (or marginally) altering..." which doesn't sound good. --- I hope the more detailed review is helpful. I still need to look at BGPsec to feel more comfortable with this one. |
2016-05-03
|
05 | Kathleen Moriarty | Ballot comment and discuss text updated for Kathleen Moriarty |
2016-05-03
|
05 | Mirja Kühlewind | [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind |
2016-05-02
|
05 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2016-05-02
|
05 | Alia Atlas | [Ballot comment] I will note that progressing this as Standards track does presume that BGsec will also progress as Standards track, or that there will … [Ballot comment] I will note that progressing this as Standards track does presume that BGsec will also progress as Standards track, or that there will be a downref from PS to Experimental. |
2016-05-02
|
05 | Alia Atlas | [Ballot Position Update] New position, Yes, has been recorded for Alia Atlas |
2016-05-02
|
05 | Kathleen Moriarty | [Ballot discuss] I'm wondering a few things that I think are important to discuss. If this is all fine, I may have more comments as … [Ballot discuss] I'm wondering a few things that I think are important to discuss. If this is all fine, I may have more comments as I think I'll need to dig into the BGPsec draft first and then this one again. 1. Why is this document preceding the BGP spec? Shouldn't this be part of the BGPSec protocol document? If BGPSec isn't getting deployed because of the AS path migration problem and this gets us a little further, but not quite as secure, maybe that's a trade off we need to accept. But this document coming through first is a little concerning even though the protocol spec is a normative reference. 2. The introduction makes this sound rather innocuous, but the security considerations section is more explicit that this is a work around BGPSec and isn't quite as secure. I'd like to see some text explaining this better in the introduction, more similar to what's in the first paragraph of the security considerations section. Thank you |
2016-05-02
|
05 | Kathleen Moriarty | [Ballot Position Update] New position, Discuss, has been recorded for Kathleen Moriarty |
2016-04-28
|
05 | (System) | IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed |
2016-04-27
|
05 | Jean Mahoney | Request for Last Call review by GENART is assigned to Wassim Haddad |
2016-04-27
|
05 | Jean Mahoney | Request for Last Call review by GENART is assigned to Wassim Haddad |
2016-04-22
|
05 | Alvaro Retana | IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead::AD Followup |
2016-04-22
|
05 | Alvaro Retana | Ballot has been issued |
2016-04-22
|
05 | Alvaro Retana | [Ballot Position Update] New position, Yes, has been recorded for Alvaro Retana |
2016-04-22
|
05 | Alvaro Retana | Created "Approve" ballot |
2016-04-22
|
05 | Alvaro Retana | Ballot writeup was changed |
2016-04-21
|
05 | Tero Kivinen | Request for Telechat review by SECDIR is assigned to Matthew Miller |
2016-04-21
|
05 | Tero Kivinen | Request for Telechat review by SECDIR is assigned to Matthew Miller |
2016-04-18
|
05 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2016-04-18
|
05 | Wesley George | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2016-04-18
|
05 | Wesley George | New version available: draft-ietf-sidr-as-migration-05.txt |
2016-04-15
|
04 | Alvaro Retana | IESG state changed to Waiting for AD Go-Ahead::Revised I-D Needed from Waiting for AD Go-Ahead |
2016-04-15
|
04 | Alvaro Retana | Changed consensus to Yes from Unknown |
2016-04-15
|
04 | Alvaro Retana | === AD Review (Mar/25.16) === I just finished reviewing this document. Please see detailed comments below. The set of Major comments looks long, but I … === AD Review (Mar/25.16) === I just finished reviewing this document. Please see detailed comments below. The set of Major comments looks long, but I think it is mostly comprised of clarifications (and items that were also discussed when processing RFC7705). Most of the items made it to the Major list just because of the use of normative language. Because I think that even the Major comments should be easy to resolve and won't represent a significant change in the content or intent of this document, I am going to start the IETF Last Call and schedule this document in the next available IESG Telechat. Thanks! Alvaro. Major 1. Section 3.1. (Origin Validation): "Therefore, for each ROA that authorizes AS64510 to originate a prefix, a new ROA MUST also be created that authorizes AS64500 to originate the same prefix." Given that this text is normative, please use a generic description (not specific to the example). 2. Section 3.2.1. (Outbound announcements (PE-->CE)): "…no guidance in the BGPSec protocol specification [I-D.ietf-sidr-bgpsec-protocol] on whether or not the forward-signed ASN value MUST match the configured remote AS to validate properly…" That "MUST" is not normative in this document, nor it is being quoted. Please find a way to convey the same meaning w/out rfc2119 language. Suggestion: s/MUST/must 3. There are some places where this document uses language around configuration or knobs, or even uses configuration snippets. Please avoid those and use the language from RFC7705. Here are some examples, but there may be others that I missed: * "configuration/transition/migration knobs" are mentioned several times. Please use "mechanisms" (or something like that) instead. * 3.1: "replace-as as defined in RFC 6480" I believe the correct reference is to "Replace OLD AS" in RFC7705. * 3.2.1: "…if CE1's BGP session is configured as "remote-as 64510", the presence of "local-as 64510" on PE1…" * 5: "…using the transition knobs detailed in draft-ietf-idr-as-migration…" * 5.1: "…locally configured with AS-migration knobs as discussed in draft-ietf-idr-as-migration…" * 5.2: "…locally configured with AS-migration knobs …" * 5.3: "…applying AS migration knobs…" 4. Section 4. (Requirements): * "BGPSec MUST support AS Migration... It SHOULD do this without reducing BGPSec's protections for route path" Why is the "SHOULD" not a "MUST"? In other words, are there cases when it may be ok for reducing the protection? * "SHOULD confine configuration changes to the migrating PEs e.g. can't require global configuration changes to support migration" This requirement is about configuration, not about the mechanism itself. Is there a way to express the same requirement in terms of functionality of the mechanism (and not configuration)? 5. Section 5.3. (Other considerations) There are a couple of places where normative language is used, but where it seems to me that what is described is "business as usual" and then shouldn't be mandated here. See below. Is my interpretation correct? * "…routers that receive updates from iBGP neighbors MUST accept updates with new (properly-formed) BGPSec attributes…" Are you referring here to routers in general, as in routers that may not support the migration mechanism? Shouldn't these non-RFC7705 routers accept BGPSec attributes anyway? In other words, it is not something you need to mandate here because the updates are not really different from other BGPSec updates. Maybe the overall consideration is really that "BGPSec should be fully deployed" (or something like that) -- note that if other routers don't accept BGPSec attributes then BGPSec in general won't work and not just the migration mechanisms. * "…any route-reflectors in the path of these updates MUST reflect them transparently to their clients." draft-ietf-sidr-bgpsec-protocol doesn't explicitly talk about RRs, but it contains the text below in 4.1. (reference [18] is this document). The text basically says (paraphrasing) that a RR SHOULD NOT change the update…which is equivalent to if the peer supports BGPSec then it MUST NOT change the update…which is the same as what you wrote (with the MUST, except for the caveat of the peer supporting BGPSec — which I think is implicit in your text). All this is to say that as with the case above the "MUST" is not needed. * "The case where the BGPsec speaker sends a BGPsec update message to an internal (iBGP) peer is quite simple. …the BGPsec speaker typically populates the BGPsec_Path attribute by copying the BGPsec_Path attribute from the received update message. That is, the BGPsec_Path attribute is copied verbatim. However, in the case that the BGPsec speaker is performing an AS Migration, the BGPsec speaker may add an additional signature on ingress before copying the BGPsec_Path attribute (see [18] for more details). Note that when a BGPsec speaker chooses to forward a BGPsec update message to an iBGP peer, the BGPsec attribute SHOULD NOT be removed, unless the peer doesn't support BGPsec." 6. Section 8. (Security Considerations) * "BGPSec MUST be able to manage this legitimate use of AS_Path manipulation…" This sounds like a requirement for BGPSec, but skimming that document it looks like it doesn't do anything special as a result (just reference this document for more information). Having said that, this document uses BGPSec mechanisms to solve the problem — the procedure is changed, but I don't think that the characteristics of the solution is. I'm trying to argue eliminating the "MUST" because the solution is realized without BGPSec having to do anything extra. 7. As with RFC7705 updating RFC4271, should this document be marked as updating the BGPSec document? I think it does. Minor 1. s/I-D.ietf-idr-as-migration/RFC7705 2. Section 2. (General Scenario). The scenario is not fully described in this section (which is ok), and I know there's a forward reference to 5.4. It might be good to mention that the rest of the document will rely heavily on the example and the figures in RFC7705 so that people read them before going on. 3. Section 3. (RPKI Considerations): As you know, I'm not thrilled about text like this: "While SPs SHOULD NOT remain in this transition phase indefinitely…" because I think it can't be enforced and it is an unnecessary use of rfc2119 language. I am really happy that we avoided such language in RFC7705. Maybe a compromise is to point this document to the Operational Considerations (Section 5) which basically discusses the same thing (and avoid having the same discussion is two places). 4. Please check the section references to BGPSec — the latest version (-15) doesn't seem to match the references in the document. 5. I think it would be worth pointing at RFC7705 in the Security Considerations. Nits: 1. s/The reason that this migration requires a slightly different solution in BGPSec than for a standard confederation is that unlike in a confederation, eBGP peers…/This migration requires a different solution in BGPSec because unlike in a confederation, eBGP peers… 2. s/(section 5.4) (Section 5.4)/(section 5.4) 3. 5.4: "…the "keep" AS" This is only used in this section. Maybe better to stick with old AS. |
2016-04-15
|
04 | (System) | IESG state changed to Waiting for AD Go-Ahead from In Last Call |
2016-03-31
|
04 | Jean Mahoney | Request for Last Call review by GENART is assigned to Wassim Haddad |
2016-03-31
|
04 | Jean Mahoney | Request for Last Call review by GENART is assigned to Wassim Haddad |
2016-03-31
|
04 | (System) | IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed |
2016-03-31
|
04 | Sabrina Tanamal | (Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-sidr-as-migration-04.txt, which is currently in Last Call, and has the following comments: We understand that this … (Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-sidr-as-migration-04.txt, which is currently in Last Call, and has the following comments: We understand that this document doesn't require any IANA actions. While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, IANA does not object. If this assessment is not accurate, please respond as soon as possible. Thank you, Sabrina Tanamal IANA Specialist ICANN |
2016-03-28
|
04 | Chris Morrow | As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated … As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated 24 February 2012. (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? ProposedStandard (This is indicated in the document header.) (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary This draft discusses considerations and methods for supporting and securing a common method for AS-Migration within the BGPSec protocol. Working Group Summary There was considerable discussion about this document in both SIDR and IDR working groups. I believe there were not any show stopping parts to this conversation. Document Quality This document describes methods and considerations that could be used in supporting and securing a common method of AS Migration used in networks today. Personnel Who is the Document Shepherd? Who is the Responsible Area Director? Document Shepherd: Chris Morrow AD: Alvaro Retana (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. I read the document (a few times now) and believe the document is ready for publication. Folk in the working group seem to agree, and the partner document in IDR (draft-ietf-idr-as-migration-03) is moving forward at this time as well. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The document shepherd does not harbor any concerns about this document. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. I believe the parts of this document which require specialized review have been reviewed. That review was done by IDR folk during the working group work on that document as well. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. I'm not concerned about this document. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why. Yes (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. N/A (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? The wg consensus appears to be solid for this document. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) There are no threats at this time. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. The idnits process turned up no significant issues. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. N/A (13) Have all references within this document been identified as either normative or informative? Yes (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? There are 2 normative references to drafts: I-D.ietf-idr-as-migration - should be changed to: RFC 7705 I-D.ietf-sidr-bgpsec-protocol The final reference should be resolved prior to final publication, I believe. The first (idr draft) should be changed in auth48. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. RFC5398 is referenced in this document, because AS numbers are used in the document, numbers which are from the reserved AS number space. Noting that the numbers used in this document are private/reserved seems to be on point, and the references seem to be relevant to the flow and intent of the document. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. No (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). I reviewed the IANA considerations section in this document, there are no considerations for IANA here. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. N/A (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. N/A |
2016-03-25
|
04 | Cindy Morgan | The following Last Call announcement was sent out: From: The IESG To: "IETF-Announce" CC: morrowc@ops-netman.net, aretana@cisco.com, draft-ietf-sidr-as-migration@ietf.org, sidr-chairs@ietf.org, sidr@ietf.org Reply-To: ietf@ietf.org … The following Last Call announcement was sent out: From: The IESG To: "IETF-Announce" CC: morrowc@ops-netman.net, aretana@cisco.com, draft-ietf-sidr-as-migration@ietf.org, sidr-chairs@ietf.org, sidr@ietf.org Reply-To: ietf@ietf.org Sender: Subject: Last Call: (BGPSec Considerations for AS Migration) to Proposed Standard The IESG has received a request from the Secure Inter-Domain Routing WG (sidr) to consider the following document: - 'BGPSec Considerations for AS Migration' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2016-04-15. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document discusses considerations and methods for supporting and securing a common method for AS-Migration within the BGPSec protocol. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-sidr-as-migration/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-sidr-as-migration/ballot/ No IPR declarations have been submitted directly on this I-D. |
2016-03-25
|
04 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2016-03-25
|
04 | Alvaro Retana | Placed on agenda for telechat - 2016-05-05 |
2016-03-25
|
04 | Alvaro Retana | Last call was requested |
2016-03-25
|
04 | Alvaro Retana | IESG state changed to Last Call Requested from AD Evaluation |
2016-03-25
|
04 | Alvaro Retana | Last call announcement was changed |
2016-03-25
|
04 | Alvaro Retana | Last call announcement was generated |
2016-03-23
|
04 | Alvaro Retana | Notification list changed to aretana@cisco.com |
2016-03-23
|
04 | Alvaro Retana | IESG state changed to AD Evaluation from Publication Requested |
2016-03-03
|
04 | Chris Morrow | Tag Revised I-D Needed - Issue raised by AD cleared. |
2016-03-03
|
04 | Chris Morrow | As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated … As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated 24 February 2012. (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? ProposedStandard (This is indicated in the document header.) (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary This draft discusses considerations and methods for supporting and securing a common method for AS-Migration within the BGPSec protocol. Working Group Summary There was considerable discussion about this document in both SIDR and IDR working groups. I believe there were not any show stopping parts to this conversation. Document Quality This document describes methods and considerations that could be used in supporting and securing a common method of AS Migration used in networks today. Personnel Who is the Document Shepherd? Who is the Responsible Area Director? Document Shepherd: Chris Morrow AD: Alia Atlas (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. I read the document (a few times now) and believe the document is ready for publication. Folk in the working group seem to agree, and the partner document in IDR (draft-ietf-idr-as-migration-03) is moving forward at this time as well. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The document shepherd does not harbor any concerns about this document. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. I believe the parts of this document which require specialized review have been reviewed. That review was done by IDR folk during the working group work on that document as well. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. I'm not concerned about this document. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why. Yes (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. N/A (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? The wg consensus appears to be solid for this document. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) There are no threats at this time. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. The idnits process turned up: An old date (30 days ago). 1 downref to RFC5398 (which seems ok in this case) (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. N/A (13) Have all references within this document been identified as either normative or informative? Yes (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? There are not normative references to unfinished documents. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. RFC5398 is referenced in this document, because AS numbers are used in the document, numbers which are from the reserved AS number space. Noting that the numbers used in this document are private/reserved seems to be on point, and the references seem to be relevant to the flow and intent of the document. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. No (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). I reviewed the IANA considerations section in this document, there are no considerations for IANA here. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. N/A (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. N/A |
2016-03-03
|
04 | Chris Morrow | IETF WG state changed to Submitted to IESG for Publication from WG Document |
2016-03-03
|
04 | Chris Morrow | IESG state changed to Publication Requested from AD is watching |
2016-01-14
|
04 | Alvaro Retana | IESG state changed to AD is watching from Dead |
2015-10-16
|
04 | Wesley George | New version available: draft-ietf-sidr-as-migration-04.txt |
2015-10-14
|
03 | (System) | Notify list changed from "Chris Morrow" to (None) |
2015-08-08
|
03 | (System) | Document has expired |
2015-08-08
|
03 | (System) | IESG state changed to Dead from AD is watching |
2015-07-02
|
03 | Jean Mahoney | Closed request for Last Call review by GENART with state 'No Response' |
2015-03-25
|
03 | Amy Vezza | Shepherding AD changed to Alvaro Retana |
2015-03-02
|
03 | Tero Kivinen | Closed request for Last Call review by SECDIR with state 'No Response' |
2015-03-01
|
03 | Gunter Van de Velde | Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Susan Hares. |
2015-02-09
|
03 | Alia Atlas | Passing back to WG for discussion about the handling of the iBGP case and impact on BGPsec, if any. |
2015-02-09
|
03 | Alia Atlas | Tag Revised I-D Needed - Issue raised by AD set. |
2015-02-09
|
03 | Alia Atlas | IETF WG state changed to WG Document from Submitted to IESG for Publication |
2015-02-09
|
03 | Alia Atlas | Draft needs WG discussion to handle the iBGP cases. |
2015-02-09
|
03 | Alia Atlas | IESG state changed to AD is watching from In Last Call |
2015-02-09
|
03 | Alia Atlas | Removed from agenda for telechat |
2015-02-05
|
03 | Jean Mahoney | Request for Last Call review by GENART is assigned to Wassim Haddad |
2015-02-05
|
03 | Jean Mahoney | Request for Last Call review by GENART is assigned to Wassim Haddad |
2015-02-05
|
03 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Shaun Cooley |
2015-02-05
|
03 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Shaun Cooley |
2015-02-04
|
03 | Wesley George | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2015-02-04
|
03 | Wesley George | New version available: draft-ietf-sidr-as-migration-03.txt |
2015-02-02
|
02 | Chris Morrow | As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated … As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated 24 February 2012. (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? ProposedStandard (This is indicated in the document header.) (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary This draft discusses considerations and methods for supporting and securing a common method for AS-Migration within the BGPSec protocol. Working Group Summary There was considerable discussion about this document in both SIDR and IDR working groups. I believe there were not any show stopping parts to this conversation. Document Quality This document describes methods and considerations that could be used in supporting and securing a common method of AS Migration used in networks today. Personnel Who is the Document Shepherd? Who is the Responsible Area Director? Document Shepherd: Chris Morrow AD: Alia Atlas (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. I read the document (a few times now) and believe the document is ready for publication. Folk in the working group seem to agree, and the partner document in IDR (draft-ietf-idr-as-migration-03) is moving forward at this time as well. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The document shepherd does not harbor any concerns about this document. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. I believe the parts of this document which require specialized review have been reviewed. That review was done by IDR folk during the working group work on that document as well. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. I'm not concerned about this document. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why. Yes (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. N/A (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? The wg consensus appears to be solid for this document. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) There are no threats at this time. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. The idnits process turned up: An old date (30 days ago). 1 downref to RFC5398 (which seems ok in this case) (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. N/A (13) Have all references within this document been identified as either normative or informative? Yes (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? There are not normative references to unfinished documents. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. RFC5398 is referenced in this document, because AS numbers are used in the document, numbers which are from the reserved AS number space. Noting that the numbers used in this document are private/reserved seems to be on point, and the references seem to be relevant to the flow and intent of the document. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. No (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). I reviewed the IANA considerations section in this document, there are no considerations for IANA here. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. N/A (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. N/A |
2015-02-01
|
02 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2015-02-01
|
02 | Amanda Baber | IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-sidr-as-migration-02, which is currently in Last Call, and has the following comments: We understand that this document doesn't require … IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-sidr-as-migration-02, which is currently in Last Call, and has the following comments: We understand that this document doesn't require any IANA actions. While it is helpful for the IANA Considerations section of the document to remain in place upon publication, if the authors prefer to remove it, IANA doesn't object. If this assessment is not accurate, please respond as soon as possible. |
2015-01-31
|
02 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Susan Hares |
2015-01-31
|
02 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Susan Hares |
2015-01-30
|
02 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2015-01-30
|
02 | Amy Vezza | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (BGPSec Considerations for AS Migration) … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (BGPSec Considerations for AS Migration) to Proposed Standard The IESG has received a request from the Secure Inter-Domain Routing WG (sidr) to consider the following document: - 'BGPSec Considerations for AS Migration' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-02-13. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This draft discusses considerations and methods for supporting and securing a common method for AS-Migration within the BGPSec protocol. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-sidr-as-migration/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-sidr-as-migration/ballot/ No IPR declarations have been submitted directly on this I-D. |
2015-01-30
|
02 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
2015-01-30
|
02 | Alia Atlas | Ballot writeup was changed |
2015-01-30
|
02 | Alia Atlas | Placed on agenda for telechat - 2015-02-19 |
2015-01-30
|
02 | Alia Atlas | Last call was requested |
2015-01-30
|
02 | Alia Atlas | Last call announcement was generated |
2015-01-30
|
02 | Alia Atlas | Ballot approval text was generated |
2015-01-30
|
02 | Alia Atlas | Ballot writeup was generated |
2015-01-30
|
02 | Alia Atlas | IESG state changed to Last Call Requested from AD Evaluation |
2015-01-26
|
02 | Jonathan Hardwick | Request for Early review by RTGDIR Completed: Has Nits. Reviewer: Keyur Patel. |
2015-01-05
|
02 | Alia Atlas | IESG state changed to AD Evaluation from Publication Requested |
2014-12-08
|
02 | Jonathan Hardwick | Request for Early review by RTGDIR is assigned to Keyur Patel |
2014-12-08
|
02 | Jonathan Hardwick | Request for Early review by RTGDIR is assigned to Keyur Patel |
2014-10-29
|
02 | Chris Morrow | As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated … As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated 24 February 2012. (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? ProposedStandard (This is indicated in the document header.) (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary This draft discusses considerations and methods for supporting and securing a common method for AS-Migration within the BGPSec protocol. Working Group Summary There was considerable discussion about this document in both SIDR and IDR working groups. I believe there were not any show stopping parts to this conversation. Document Quality This is not a protocol, but configuration and implementation details being codified for future implementers to be aware of, so operations of networks can continue. The document outlines processes and procedures which are used today in networks, most vendors implement a set of this document's features. Personnel Who is the Document Shepherd? Who is the Responsible Area Director? Document Shepherd: Chris Morrow AD: Alia Atlas (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. I read the document (a few times now) and believe the document is ready for publication. Folk in the working group seem to agree, and the partner document in IDR (draft-ietf-idr-as-migration-03) is moving forward at this time as well. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The document shepherd does not harbor any concerns about this document. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. I believe the parts of this document which require specialized review have been reviewed. That review was done by IDR folk during the working group work on that document as well. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. I'm not concerned about this document. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why. Yes (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. N/A (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? The wg consensus appears to be solid for this document. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) There are no threats at this time. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. The idnits process turned up: An old date (30 days ago). 1 downref to RFC5398 (which seems ok in this case) (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. N/A (13) Have all references within this document been identified as either normative or informative? Yes (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? There are not normative references to unfinished documents. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. RFC5398 is referenced in this document, because AS numbers are used in the document, numbers which are from the reserved AS number space. Noting that the numbers used in this document are private/reserved seems to be on point, and the references seem to be relevant to the flow and intent of the document. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. No (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). I reviewed the IANA considerations section in this document, there are no considerations for IANA here. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. N/A (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. N/A |
2014-10-29
|
02 | Chris Morrow | Responsible AD changed to Alia Atlas |
2014-10-29
|
02 | Chris Morrow | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2014-10-29
|
02 | Chris Morrow | IESG state changed to Publication Requested |
2014-10-29
|
02 | Chris Morrow | IESG process started in state Publication Requested |
2014-10-29
|
02 | Chris Morrow | Tag Waiting for Referenced Document cleared. |
2014-10-29
|
02 | Chris Morrow | IETF WG state changed to WG Consensus: Waiting for Write-Up from WG Document |
2014-10-29
|
02 | Chris Morrow | Changed document writeup |
2014-10-29
|
02 | Chris Morrow | Notification list changed to "Chris Morrow" <morrowc@ops-netman.net> |
2014-10-29
|
02 | Chris Morrow | Document shepherd changed to Chris Morrow |
2014-10-29
|
02 | Chris Morrow | Intended Status changed to Proposed Standard from None |
2014-07-29
|
02 | Wesley George | New version available: draft-ietf-sidr-as-migration-02.txt |
2014-07-25
|
01 | Sandra Murphy | Tag Waiting for Referenced Document set. |
2014-05-09
|
01 | Wesley George | New version available: draft-ietf-sidr-as-migration-01.txt |
2013-07-10
|
00 | Wesley George | New version available: draft-ietf-sidr-as-migration-00.txt |