Re: [6tisch] Roman Danyliw's No Objection on draft-ietf-6tisch-architecture-24: (with COMMENT)

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Thu, 22 August 2019 15:19 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7465B12092A; Thu, 22 Aug 2019 08:19:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=E1bZixY+; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=XRbpg3cx
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OCr03GZ-Lpww; Thu, 22 Aug 2019 08:19:55 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1A7F120902; Thu, 22 Aug 2019 08:19:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13482; q=dns/txt; s=iport; t=1566487194; x=1567696794; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=VP5ZIGIP/Zqar9VmACkaeJdyCh5k8yprqC+i2xqv7q0=; b=E1bZixY+Dla8g2cPHfGM7ZbvJTlIEPyBZuUO+2E68TdvV1ilo/GyeZoS siB8MOQ9PhgiSRjWXfSW+bNwuKQn1GxzdNq9r2K28UIOB53R+NA7y1X0N X/ASNkPhrrX9eppEDmT6dZlUpQXn8OE1BoqUXyVi2RA+NPxsfpM3SscXZ g=;
IronPort-PHdr: =?us-ascii?q?9a23=3AOBon/Bx1jbegTGPXCy+N+z0EezQntrPoPwUc9p?= =?us-ascii?q?sgjfdUf7+++4j5YhWN/u1j2VnOW4iTq+lJjebbqejBYSQB+t7A1RJKa5lQT1?= =?us-ascii?q?kAgMQSkRYnBZudFU3mJvPwcwQxHd9JUxlu+HToeUU=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CqAADpsV5d/51dJa1kGgEBAQEBAgE?= =?us-ascii?q?BAQEHAgEBAQGBZ4FFUAOBQiAECyqEIINHA4pqglyXZoFCgRADVAkBAQEMAQE?= =?us-ascii?q?tAgEBhD8CF4JIIzgTAgkBAQQBAQMBBgRthS0MhUoBAQEBAgESEREMAQE3AQQ?= =?us-ascii?q?LAgEGAg4ECAImAgICMBUCDgIEAQ0NGoRrAw4PAQKOeZBhAoE4iGFzgTKCewE?= =?us-ascii?q?BBYUbGIIWCYEMKIR6hSIQgUMYgUA/gRFGgkw+hAgcAQEGGoMJMoImjB0SEoJ?= =?us-ascii?q?XjhSNTWcJAoIdlFiCMYcwikqEH41fmBMCBAIEBQIOAQEFgWchDYFLcBWDJ4J?= =?us-ascii?q?CCQMXFYM6ilNygSmJDw0XB4IlAQE?=
X-IronPort-AV: E=Sophos;i="5.64,417,1559520000"; d="scan'208";a="311960264"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Aug 2019 15:19:53 +0000
Received: from XCH-ALN-020.cisco.com (xch-aln-020.cisco.com [173.36.7.30]) by rcdn-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id x7MFJrq3007928 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 22 Aug 2019 15:19:53 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-ALN-020.cisco.com (173.36.7.30) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 22 Aug 2019 10:19:53 -0500
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 22 Aug 2019 10:19:51 -0500
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 22 Aug 2019 10:19:51 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IsShHL+899ocZ7PhoiCFJhhRqWVmkE5sgUpWDILQnWefPFGM1kOQ9E3HHZmfqIluHMLEOxW9epaXAzJ54bbq38JBlsnmeySFn8g/sZ198Y8eskgTb/scU03qWMJQwjpyE9+TCoMnVmBR71l/QqfSm+JYL65GFdbVS5JlDqzHXlk1A12eiydzX/Y5xRRghXWpmIXuMUGSf0X2B7fvhbwAaq244KhjSSMt78VSAFXF5kbqV45WH+FHNQUeqg7abjfRkftZ5OHA/0yk7j7W6ZGYXgzFssNMHZMn6csFmVlX4M2RzCjuJ6H0pMHFcMZ1xeqoTJJIzPWMkS9J4uhDArjHdQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VP5ZIGIP/Zqar9VmACkaeJdyCh5k8yprqC+i2xqv7q0=; b=RolMJqa34AMaZWjxDIqNlcU+bMJes16yDi6axYMzJ9RxgcuuAPUjo7C4OtD/girnXY9UrChDgUugvAduZQO61n4ykvedAblAA29APWGkFycu12I7h/D0/sKKwaJX3jnzsrCzbRxCFpbceu4rKc8JcqqQOsWTkeDTIGWqVazmc39a2uyswlcQmzNAPP2liBXhkXJijh0fuZR/3X0S9vqThyXWLNuHjYc87RetmS+/m0QaH2Nw03XXEdeRFU7DKsI/D/aRVoebIQc5rQ+OOy7R2ZixAoc7FaJcQD0+wl8saLTEES/SCVh/rjNuimRF3s0X3XGnNepSAcw46gPK/b2Btg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VP5ZIGIP/Zqar9VmACkaeJdyCh5k8yprqC+i2xqv7q0=; b=XRbpg3cxBZZAkvDd5Q5IRucdZuG+bsEbL2R0In+vkq9iI4BhA6pumdYvJ147utI6f1HsWaajklbL13wYa7KrqM/oVos1yjgG0o+qW9SgFSPM3PUOSfZEbvfVKobfAeCbDnIdvRyQYjCScwj1Dzp2QnWoytDMpIy633vvnHErKNY=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB4429.namprd11.prod.outlook.com (52.135.37.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.20; Thu, 22 Aug 2019 15:19:50 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::89cf:9d:8a75:266e]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::89cf:9d:8a75:266e%3]) with mapi id 15.20.2178.018; Thu, 22 Aug 2019 15:19:50 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-6tisch-architecture@ietf.org" <draft-ietf-6tisch-architecture@ietf.org>, "6tisch-chairs@ietf.org" <6tisch-chairs@ietf.org>, "shwetha.bhandari@gmail.com" <shwetha.bhandari@gmail.com>, "6tisch@ietf.org" <6tisch@ietf.org>
Thread-Topic: Roman Danyliw's No Objection on draft-ietf-6tisch-architecture-24: (with COMMENT)
Thread-Index: AQHVTaF+G14hOr6SnEK7QAov53sg46cHSeKw
Date: Thu, 22 Aug 2019 15:19:21 +0000
Deferred-Delivery: Thu, 22 Aug 2019 15:18:14 +0000
Message-ID: <MN2PR11MB3565FC066DB6EB01DA5E30F1D8A50@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <156523837973.8301.2864865066450595993.idtracker@ietfa.amsl.com>
In-Reply-To: <156523837973.8301.2864865066450595993.idtracker@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:44f3:1300:8170:98a7:7988:d19d]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1d1602a1-7d54-42f5-7bbd-08d727142cf6
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600166)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:MN2PR11MB4429;
x-ms-traffictypediagnostic: MN2PR11MB4429:
x-microsoft-antispam-prvs: <MN2PR11MB4429E402C8E9F8A7CB65C4D0D8A50@MN2PR11MB4429.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 01371B902F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(136003)(376002)(346002)(366004)(199004)(189003)(110136005)(8936002)(9686003)(81156014)(8676002)(74316002)(305945005)(316002)(7736002)(6436002)(66446008)(53936002)(45080400002)(6246003)(478600001)(55016002)(66556008)(52536014)(64756008)(66476007)(5660300002)(54906003)(6666004)(229853002)(86362001)(14454004)(2906002)(66574012)(76176011)(71200400001)(14444005)(71190400001)(46003)(6506007)(256004)(102836004)(7696005)(25786009)(76116006)(4326008)(11346002)(33656002)(476003)(446003)(66946007)(186003)(6116002)(99286004)(486006)(81166006); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4429; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: udE8jxHe63Tou+nr2zCoAsKDg3ToyJN7lkLiR5GkhGAK/GE1CnJPHng+7CX349BDNllJ7O67zgufNXBbPH1/k68R20dS9EUHGPWEY1UU/TszBmccbxFwS6EAn/eO6Fv0OIIZsLhi9o/spqCWErAPMNlK7nrHZ5thOtohVJvtF3G3j+YEyxmVDN4jEx9/XUAU2FaKC+0znuit8CNFewAX4ED5tHG67QJajbqVhyIPmJ20ScX6CRAk5a5+NJRgCD/0cDdYlmi1ASF4g/2k0/LbXySnIyx1zg+j8WwasGWIWWttZbcUlStSXDcnTWIo0mZjUxPFjn2Kg0xRyutR2VdAjoqOLNZsj3uHpuob+bUkaE7vaKfgrxFmItouHInWvNK6bXrGKSnaxKm4lFCBL5IpwYOy/xvAA717qV7z3SVWa+8=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 1d1602a1-7d54-42f5-7bbd-08d727142cf6
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Aug 2019 15:19:50.2125 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: m0VuJ9ZDcDfHqNrOq7OISAP8Uqk34kWt5hNKLNzjhVGcY5eOd+nZjaJ4oBZnUzJ4asA9wW9gMXhzrb0J9WNc0Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4429
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.30, xch-aln-020.cisco.com
X-Outbound-Node: rcdn-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/eb6aY9ulx3HV0XRjXesRUJ2QBY4>
Subject: Re: [6tisch] Roman Danyliw's No Objection on draft-ietf-6tisch-architecture-24: (with COMMENT)
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Aug 2019 15:19:58 -0000

Hello Roman:

Many thanks for your review, your time is much appreciated.

Please see below:

> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> ** Why are both Section 3.4 and Section 4.4 needed?  Both appear to explain
> the four scheduling mechanisms.  Section 4.4. appears to have more details.

Section 3 is a high level architecture, section 4 a low level. Having both in 1 document was  a conscious decision since the early review by Ralph. We split in a high and a low level architecture and kept them combined to avoid the explosion of documents. For the same reason, we later incorporated the terminology that was initially a separate spec.

As a result this draft has 2/3 documents in one, with commonalities in section 3.4 and 4.4 for instance. That's where we are and as you say, there is no fundamental new reason to undo that.
 
There was a desire to make section 4 self-sufficient, with the idea of possibly splitting section 3 and 4 which we never did. Still it might be useful to the reader who just reads that section.
And there was a desire to have a discussion at the high level architecture on this topic so removing 3.4 is not good either.

I'm quite afraid to destabilize the document by doing a major change now.


> ** Section 3.6. Per the summary table in this section, what is the routing
> technique “reactive P2P”.  It doesn’t appear to be explained in the text above.

PT> I removed the P2P which is not explained. The relevant text otherwise is
"
or by in a distributed fashion using a reactive routing protocol and
   a Hop-by-Hop scheduling protocol.
"


> ** Section 3.6.  Per the “Hop-by-Hop  (TBD)” in the scheduling column in the
> summary table, to what does the “TBD”?

PT> good catch. It is now AODV RPL, updated the picture


> ** Section 6.  In reviewing the Security Considerations section, there is a
> substantial amount of technical detail (thank you!).  However, despite this
> detail, understanding the overall security properties of the architecture and
> associate implementations mechanisms used by the architecture was
> challenging for me.  Specifically, if 6TiSCH “is subject to the observations in
> section 5 of [I-D.ietf-detnet-architecture]”, then per [I-D.ietf-detnet-
> architecture] it should provide “confidentiality of data traversing the DetNet”,
> “authentication and authorization … for each connected device”, availability,
> and precision timing. The text needs to be clearer on how those properties are
> realized, and if there are residual threat.  My recommended way to realize this
> clarity is restructure the text into blocks around the relevant security
> properties and explicitly state the property as an introduction. 

PT >  I made an attempt at it, please see -25 once published.
The outlook would be

   6.  Security Considerations . . . . . . . . . . . . . . . . . . .  51
     6.1.  Availability of Remote Services . . . . . . . . . . . . .  51
     6.2.  MAC-Layer Security  . . . . . . . . . . . . . . . . . . .  52
     6.3.  Time Synchronization  . . . . . . . . . . . . . . . . . .  53
     6.4.  Selective Jamming . . . . . . . . . . . . . . . . . . . .  53
     6.5.  Validating ASN  . . . . . . . . . . . . . . . . . . . . .  53
     6.6.  Rekeying  . . . . . . . . . . . . . . . . . . . . . . . .  54
     6.7.  Deeper Considerations . . . . . . . . . . . . . . . . . .  54

More below


> A few additional points:
> 
> -- Per precision timing, the text in this section says “measures must be taken
> to protect the time synchronization, and for 6TiSCH this includes ensuring that
> the Absolute Slot Number (ASN), which is used as ever incrementing counter
> for the computation of the Link-Layer security nonce, is not compromised,
> more below on this.”  In the subsequent text there is “[t]he standard
> [IEEE802154] assumes that the ASN is distributed securely by other means.
> The ASN is not passed explicitly in the data frames”.  To confirm, is this the
> intended guidance on avoiding “compromising” the ASN – distribute it out of
> band and don’t pass it in the data frame?

PT > ASN is not passed in the frame because it would was 5 octets. A network is non-functional if nodes do not have the right sense of ASN so if the network works, it means the 5 bytes can be saved.
PT > With 6TiSCH, ASN is learned from unsecured beacons, and needs t be proven before used. We hint how that is done in this spec, and detail in minimal security.
PT > once installed and as long as the node is synchronized to the network ASN is implicit and cannot be compromised.
PT > One of the new sections deals with ASN protection and the details are in the 6tisch minimal security draft

> -- Per confidentiality (but it is really more than that), a series of security
> mechanisms/assumptions are inherited from [IEEE Std. 802.15.4] around link-
> layer security. They need to be explicitly stated (i.e., confidentiality,
> authenticity, with what crypto, relative to whom, etc.).  The operational
> details of key management has no treatment.

PT>
PT > For the most part, I pointed at the minimal security draft for more details, made it a normative reference: this comes from a chat with Ben Kaduk and the authors of minimal security. We wish to place the gory details in the security section of minimal security, and that includes key management. Still I added some of the text below, a section on rekeying, and MAC security, which is basically CCM* with a network-wide key, using ASN and MAC addresses in the nonce:
"

6.4.  Rekeying

   Though it is possible to use peer-wise keys, a 6TiSCH network
   typically uses a network-wide key that is common for all
   transmissions in the LLN.  [I-D.ietf-6tisch-minimal-security] enables
   to obtain that key and to rekey the network when needed.  Since the
   ASN is expressed in 5 octets, it should never wrap during a network
   lifetime, and it is possible that a network never needs to rekey.

   Still, there are occasions where rekeying is necessary, for instance:

   o  An unwelcome node has joined and needs to be expelled

   o  The JRC needs to reassign a short address that was already
      assigned while the current network key was in use.

   o  Resetting Epoch time when rebooting the network.
"

" 6.2.  Relative to MAC-Layer Security

   This architecture operates on IEEE Std. 802.15.4 and expects the
   Link-Layer security to be enabled at all times between connected
   devices, except for the very first step of the device join process,
   where a joining device may need some initial, unsecured exchanges so
   as to obtain its initial key material.  In a typical deployment, all
   joined nodes use the same keys and rekeying needs to be global.

   The 6TISCH Architecture relies on the join process to deny
   authorization of invalid nodes and preserve the integrity of the
   network keys.  A rogue that managed to access the network can perform
   a large variety of attacks from DoS to injecting forged packets and
   routing information.  "Zero-trust" properties would be highly
   desirable but are mostly not available at the time of this writing.
   [I-D.ietf-6lo-ap-nd] is a notable exception that protects the
   ownership of IPv6 addresses and prevents a rogue node with L2 access
   from stealing and injecting traffic on behalf of a legitimate node.

...
"

> -- Per availability, the text notes “communication with the PCE must be
> secured and protected against DoS”.  Secured how?

PT > This is what section 9 of RFC 8453 discusses. Note that it mostly insists on PKI / AAA as opposed to delay attacks and black holes.
How can take us in network architecture, isolation, firewalls. That seems to take us quite off topic , doesn't it? 
 



> ** Section 6.  Per “Section 9 of [RFC8453] applies equally to 6TiSCH”, this
> reference organizes threats and mitigations around the CMI and MPI
> interfaces.
> What is the analog to those in this architecture?

PT> This is the same parallel as done in the DetNet architecture from which this is inherited, using the same reference.
The security issues that arise when a centralized control is separate from the forwarding plane are similar: rogue access to one of the components, and attacks on the connectivity on the control path, including interception, blackholing or latency injection.
I can remove the reference and replace by text like the above, please advise. In parammme please condsider the security section of the detnet architecture, it is in AUTH 48 but still changeable.


> 
> ** Section 6.  Please provide a citation for “CCM*”

PT > Added

> ** Editorial
> -- Section 3.1. Typo. s/an homogenous/a homogenous/
> 
> -- Section 3.5. Typo. s/[RFC6550]is/[RFC6550] is/
> 
> -- Section 3.6. Typo. s/A central/a central/
> 
> -- Section 3.6. Typo.  s/an hybrid/a hybrid/
> 
> -- Section 3.7.  The paragraph starting with “The reference stack that the
> 6TiSCH architecture presents …” doesn’t seem to add any clarity.
> 
> -- Section 4.2.1. Typo.  s/(JP):/(JP),/
> 
> -- Section 4.2.2.  Typo. /ND ot the/ND to the/
> 
> -- Section 4.3.1.1. Typo. s/are are/are/
> 
> -- Section 4.3.1.1. Duplicate phrase.  “added/moved/deleted, in which case
> 6top can only act as instructed,” appears twice.
> 
> -- Section 4.3.5.  Typo.  s/an height/a height/

PT> all nits processed, many thanks!

I will publish 25 to provide a abase on which we can refine in the next minutes.
Please consider it before replying to this mail.

Many thanks again!

Pascal