Hi Orie,
Thank you for the review.
Please see inline.
Cheers,
Med
> -----Message d'origine-----
> De : Orie Steele via Datatracker <nore...@ietf.org>
> Envoyé : vendredi 17 janvier 2025 23:57
> À : The IESG <i...@ietf.org>
> Cc : draft-ietf-opsawg-teas-common...@ietf.org; opsawg-
> cha...@ietf.org; opsawg@ietf.org; rro...@ciena.com;
> rro...@ciena.com
> Objet : Orie Steele's No Objection on draft-ietf-opsawg-teas-
> common-ac-14: (with COMMENT)
>
>
> Orie Steele has entered the following ballot position for
> draft-ietf-opsawg-teas-common-ac-14: No Objection
>
> When responding, please keep the subject line intact and reply to
> all email addresses included in the To and CC lines. (Feel free
> to cut this introductory paragraph, however.)
>
> -----------------------------------------------------------------
> COMMENT:
> -----------------------------------------------------------------
>
> # Orie Steele, ART AD, comments for draft-ietf-opsawg-teas-
> common-ac-14
> CC @OR13
>
>
> ## Comments
>
> ### md5
>
> ```
> 573 +--:(md5)
> 574 | +-- md5-keychain? key-chain:key-
> chain-ref
> ```
>
> I assume there is no other choice?
[Med] This choice is to accommodate the installed base. This is mentioned in
the narrative text right after the trees: ("..to accommodate legacy
implementations").
>
> https://www.rfc-editor.org/rfc/rfc8177.html#section-5
> ```
> Similarly, the MD5 and SHA-1 algorithms have been proven to be
> insecure ([Dobb96a], [Dobb96b], and [SHA-SEC-CON]), and usage is
> NOT
> RECOMMENDED. Usage should be confined to deployments where it is
> required for backward compatibility.
> ```
>
[Med] ACK. This is covered in security considerations:
CURRENT:
As such, modules that will reuse these
groupings will inherit the security considerations discussed in
Section 5 of [RFC8177].
Note that we provide the following text jointly to an example that uses the MD5
choice in the ACaaS:
The module supports MD5 to basically accommodate the installed BGP
base (including by some Cloud Providers). Note that MD5 suffers
from the security weaknesses discussed in Section 2 of [RFC6151]
and Section 2.1 of [RFC6952].
> ## Nits
[Med] Fixed, thanks.
>
> ### this identity can _be_ used...
>
> ```
> 310 type in an AC. For example, this identity can used
> to indicate
> ```
>
> ### is _used_ to control...
>
> ```
> 321 'l2-tunnel-type': Uses to control the Layer 2 tunnel
> selection for
> ```
>
>
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou
falsifie. Merci.
This message and its attachments may contain confidential or privileged
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been
modified, changed or falsified.
Thank you.
_______________________________________________
OPSAWG mailing list -- opsawg@ietf.org
To unsubscribe send an email to opsawg-le...@ietf.org
