Re: [alto] SECDIR Last Call review of draft-ietf-alto-new-transport-15
Kai GAO <godrickk@gmail.com> Wed, 01 November 2023 13:54 UTC
Return-Path: <godrickk@gmail.com>
X-Original-To: alto@ietfa.amsl.com
Delivered-To: alto@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AFD2C14CF09; Wed, 1 Nov 2023 06:54:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.105
X-Spam-Level:
X-Spam-Status: No, score=-6.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pwXJgpNMIk-i; Wed, 1 Nov 2023 06:54:48 -0700 (PDT)
Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CC25C15106B; Wed, 1 Nov 2023 06:54:48 -0700 (PDT)
Received: by mail-lf1-x133.google.com with SMTP id 2adb3069b0e04-507cee17b00so9602650e87.2; Wed, 01 Nov 2023 06:54:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698846886; x=1699451686; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=EeYhkwH0iEQ59vtCsE3SiB+q2oH0VhINAaxlGdBDg7g=; b=kzOo/ppvKN8VTlbz7K3NViGTm7qn4hxGueQieFNeQBrvCmnwpSy2fxU3c06cc6nYTQ SxCHD8TOdPtE1m2z27t5iGrjOLYikPA8gjKb/6t0lJiWxv+r7uRuCc0u7p3H2KY2Kdi7 eCp4mtJx0Ao4yLrGQbdL148yQl8LKMRrO3jfVwuAtsa02TPkOmztJKDGhd3q4YF1JpNt hjCRj7ntn94oDE1/76/hl3nwB2ZcvZBRoDXqly6wBKLIJamFN4xdCygwiUYCrwLTS+AF MwBUtXCkz2dLg0V23sroQW60SFhUMZS5FqyB6fKwwoOs2EIJrR0W+4ijeLkOJkFP43sU xJdw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698846886; x=1699451686; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=EeYhkwH0iEQ59vtCsE3SiB+q2oH0VhINAaxlGdBDg7g=; b=ADA3kOYaJUWO9AlAWK9DJlGWRPorH/Bvzu8lW14kpprZm9NEpQ65/YGgDK8mvgsDUX uRGwtjsRLyllYOr6XuFDzmoo+pd/zxIs0ELuof6ikxlfqJI+dRxtb3xuFjfOhLj9kw3Q UUAIeeLsArSouLiaUxVh1e0zz88e6I/Db6uyQANrBoDuKDklBqu5GqETsGbVYxx4IQgL cjBi/iC3lHtsSa/B0nogkUZxX6bH+vGA7XJkIIgVYgozsrEkT69a3mw4KUTWpBpe/5B9 rWBV/D+zj4BInZ8aPEEDAgWMOymHdt6RDkM1eoQLIkZHLWHDZWklLot2Xw0YQd2m1NF0 YQEQ==
X-Gm-Message-State: AOJu0Yyv9N4w7WSxKK0nunoZOpLMQG8newPY6UqEY24Dx4vw/uJCQKbQ durVYCHO5nnJk31uMYQO1RpeL1XGMeYbzx0DQzs=
X-Google-Smtp-Source: AGHT+IGI1W0X28pSdt6VsYq3GZsJE+UtxyUS3DJx9UcB2lf+8RoIpV5FbcANSdMy9bDbO7JZBWF+uT1/5gU7m/zsMFI=
X-Received: by 2002:a19:4f42:0:b0:507:a40e:d8bf with SMTP id a2-20020a194f42000000b00507a40ed8bfmr12037467lfk.7.1698846885874; Wed, 01 Nov 2023 06:54:45 -0700 (PDT)
MIME-Version: 1.0
References: <CAF4+nEFjO7k=h80hFHD3M6FZMgM43cj4=-VNOw2BVUsDgGJ6-g@mail.gmail.com>
In-Reply-To: <CAF4+nEFjO7k=h80hFHD3M6FZMgM43cj4=-VNOw2BVUsDgGJ6-g@mail.gmail.com>
From: Kai GAO <godrickk@gmail.com>
Date: Wed, 01 Nov 2023 21:54:33 +0800
Message-ID: <CAOELiNOpXmfq4qz6dfLmUY_rqDivxmbx1+SJJB6Qe=HCfm__ig@mail.gmail.com>
To: Donald Eastlake <d3e3e3@gmail.com>
Cc: "iesg@ietf.org" <iesg@ietf.org>, secdir <secdir@ietf.org>, draft-ietf-alto-new-transport.all@ietf.org, IETF ALTO <alto@ietf.org>, Last Call <last-call@ietf.org>, Kai Gao <kaigao@scu.edu.cn>
Content-Type: multipart/alternative; boundary="00000000000029109f0609179d8b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/alto/CiDzpNHl7381_5IVFNgX0UsBHO0>
Subject: Re: [alto] SECDIR Last Call review of draft-ietf-alto-new-transport-15
X-BeenThere: alto@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Application-Layer Traffic Optimization \(alto\) WG mailing list" <alto.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/alto>, <mailto:alto-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/alto/>
List-Post: <mailto:alto@ietf.org>
List-Help: <mailto:alto-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/alto>, <mailto:alto-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Nov 2023 13:54:52 -0000
Hi Donald, Sorry for the late reply as the mail is not properly forwarded to my primary email. Please see our responses inline and feel free to let us know if there are further comments. Best, Kai On Thu, Oct 12, 2023 at 10:38 AM Donald Eastlake <d3e3e3@gmail.com> wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. Document editors and WG chairs should treat these comments just > like any other last call comments. Sorry this review is a bit late. > > The summary of this review is Ready with Issues. > > (I did an early review of the -07 version of this draft at which time > I found only nits all of which were fixed.) > > *Security* > > While I'm not all that into ALTO, it seems to me that this draft is all > about messages and message exchanges between ALTO entities where the > security (authentication, encryption, ...) has been specified in previous > standards track documents such as RFC 7285; however, in Section 9.3, > it says the spoofed URIs can be avoided by "encrypting the requests" > where I think it should say "authenticating" the requests. There are a > few additional security considerations which seem to be covered by the > Security Considerations section of this draft. > [KAI] You are right. In the meantime, after discussing with the AD and the HTTPDIR reviewer, we eventually dropped the design of explicitly deleting a TIPS view. So, it seems that spoofed URI is no longer a concern. > > *Other possible issues* > > - In the update from -14 to -15, huge numbers of all caps RFC 2119 key > words have been lowercased. In many instances, this does not look > right to me. (There are many other cases but one example is that in > Section 8.4, all words in all upper case were lowercased.) > > [KAI] We went over the keywords and hopefully they are in the right case now. Some of the operational consideration sections are repetitive to sections in RFC 8895 and are removed in -17, including Sec 8.4 in -15. > - Although there is correct text elsewhere, the last paragraph of > Section 6.4, page 24, seems to say you delete a TIPS view if > heartbeats time out on one connection for that view. But shouldn't it > be all connections going away as there might be multiple? > > [KAI] Yes indeed. However, the heartbeat mechanism is no longer needed as the server now has full control of TIPS views' lifecycles. But similarly, the server is > - I am a bit surprised there is nothing about jittering the heartbeat > messages to be sure they can't get synchronized between muldtiple > clients. Something like the time between them should be varied by an > amount randomly selected in the range +0% to -40%. > > [KAI] Previously the idea was to use multiple heartbeat messages to detect the liveness of clients. Even for 2 messages, the variation is 100%, which should be good enough. Of course, as we no longer have the heartbeat mechanism now, this probably will not be an issue anymore. > - Section 2.1, Page 6: I think there is something not quite right with > the sentence "Prefetching updates can reduce the time to send the > request, making it possible to achieve sub-RTT transmission of ALTO > incremental updates." It seems muddled. Transmission speed / > transmission time isn't affected by prefetching although, of course, > the time to satisfy a request can be vastly reduced. Maybe > "Prefetching updates can reduce the time to satisfy a request, makit > it possible to achieve rapid, sub-RTT ALTO incremental updates." > > [KAI] Thanks for the proposal. Will use the suggested text. > > *Nits* > > - Section 3.1, page 10, "(tag" -> "(a tag" > [KAI] Nice catch. Updated as suggested. > > - Section 6.2, page 22, "time unit is second" -> "time unit is a second" > [KAI] The sentence is no longer there as heartbeat is removed in the new version. > > Hope these comments are helpful. > > Thanks, > Donald > =============================== > Donald E. Eastlake 3rd +1-508-333-2270 (cell) > 2386 Panoramic Circle, Apopka, FL 32703 USA > d3e3e3@gmail.com > > _______________________________________________ > alto mailing list > alto@ietf.org > https://www.ietf.org/mailman/listinfo/alto >
- [alto] SECDIR Last Call review of draft-ietf-alto… Donald Eastlake
- Re: [alto] SECDIR Last Call review of draft-ietf-… Kai GAO
- Re: [alto] SECDIR Last Call review of draft-ietf-… Donald Eastlake