Re: [alto] SECDIR Last Call review of draft-ietf-alto-new-transport-15
Donald Eastlake <d3e3e3@gmail.com> Wed, 01 November 2023 19:49 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: alto@ietfa.amsl.com
Delivered-To: alto@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00F56C15C2B0; Wed, 1 Nov 2023 12:49:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.855
X-Spam-Level:
X-Spam-Status: No, score=-1.855 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id toWM9DmgBtyR; Wed, 1 Nov 2023 12:49:35 -0700 (PDT)
Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AAA9C1705FB; Wed, 1 Nov 2023 12:49:35 -0700 (PDT)
Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-5431614d90eso244413a12.1; Wed, 01 Nov 2023 12:49:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698868174; x=1699472974; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=E3rpe/hE1RchWQqLEUIIdvYhDKNK1mfGvlgal/4ZJCk=; b=YzXU8ICc4pg9MVSPNRfxXkkQx0ZXtVnNxBpYzY5A5Fh52ButJita2TL7QPdQyo0gPt VvKKyDbgCGXKQJ3/I+5+Zx0qOwGxD1JBF8tpAM5jNnl5mMa1YdHEV8kM2bwuha9SLLmd UmW4zbNDmIr8n06KsUMzXIjDjWcaLD3tfNLCSjKYU7vUo7rBzMVnfNbvdeTzgsCsSkb7 3X9WLWylXv1LQM2HVGu0N6n/t4E6CqTUbyFt5w/Ba3tYtfzPE0wYY9yE6iO3DONLZtXM gvmlc7PvJfGPDWrgqn0DN9fgqU2+JLBuQCtA0NF8Y3NhiFshD+AHvEajoLzTwjH18tqB z8DA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698868174; x=1699472974; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=E3rpe/hE1RchWQqLEUIIdvYhDKNK1mfGvlgal/4ZJCk=; b=nixc65f2d8tJbAkvX8DLuVRrHGxaaGte+A6Gz83kPcchtJHOopZrqQkwQDhRJHy569 Sw4ErYlRZcZesGtPmhcSWZ75fBxPRsrGXE45DuegL8+HXPn+Uth6iUwZJfZp+X5jIDn3 mBmGDVOwZD72rsX6mSM4MrQw47XF5yKYSyXaxVvNeTtWASbWnOj116HtOTRhZxAHG6pf G+YETBjy/gliSPtblaCCBpQLgKut2eqj1P54AfPrwC2hGPDwGnx7ZVe/rN932SdWKgwN wvWxZagXbzoO/6gDluDRR/pLkpl1KU83xMCPJ5CQjacb9a2Pcb9sgPKH8sZP8Sv0+CBK 3BRw==
X-Gm-Message-State: AOJu0YxClzK6r8BnUC/UdOi6dOJfyb6ccoEFghSAI17Rjuw9peZPYcTv WkpiQjyXCJzwNyQyouf7v/LIWdVVP0mEXIYbQPM=
X-Google-Smtp-Source: AGHT+IFe8Ake6eJcJBc4VG3PGNLWVMLxn8hF0viaU8bjG1EfJ41bp/7eH6ZIIMOmCVJiYTNkmw9g0KgydkxnCljkHKM=
X-Received: by 2002:a17:907:7b99:b0:9be:30c2:b8fd with SMTP id ne25-20020a1709077b9900b009be30c2b8fdmr3291209ejc.66.1698868173505; Wed, 01 Nov 2023 12:49:33 -0700 (PDT)
MIME-Version: 1.0
References: <CAF4+nEFjO7k=h80hFHD3M6FZMgM43cj4=-VNOw2BVUsDgGJ6-g@mail.gmail.com> <CAOELiNOpXmfq4qz6dfLmUY_rqDivxmbx1+SJJB6Qe=HCfm__ig@mail.gmail.com>
In-Reply-To: <CAOELiNOpXmfq4qz6dfLmUY_rqDivxmbx1+SJJB6Qe=HCfm__ig@mail.gmail.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Wed, 01 Nov 2023 15:49:21 -0400
Message-ID: <CAF4+nEG8G7ue903=_T7U5HPvsGAZiVfPY88XQnSwfKda-Za-xQ@mail.gmail.com>
To: Kai GAO <godrickk@gmail.com>
Cc: "iesg@ietf.org" <iesg@ietf.org>, secdir <secdir@ietf.org>, draft-ietf-alto-new-transport.all@ietf.org, IETF ALTO <alto@ietf.org>, Last Call <last-call@ietf.org>, Kai Gao <kaigao@scu.edu.cn>
Content-Type: multipart/alternative; boundary="0000000000000088a006091c9245"
Archived-At: <https://mailarchive.ietf.org/arch/msg/alto/G8cvVV4n3PO_Tu1De1pL8WisdbI>
Subject: Re: [alto] SECDIR Last Call review of draft-ietf-alto-new-transport-15
X-BeenThere: alto@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Application-Layer Traffic Optimization \(alto\) WG mailing list" <alto.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/alto>, <mailto:alto-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/alto/>
List-Post: <mailto:alto@ietf.org>
List-Help: <mailto:alto-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/alto>, <mailto:alto-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Nov 2023 19:49:40 -0000
HI Kai, Thanks for your response which sounds good. I'll consider my issues resolved. Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e3e3@gmail.com On Wed, Nov 1, 2023 at 9:54 AM Kai GAO <godrickk@gmail.com> wrote: > > Hi Donald, > > Sorry for the late reply as the mail is not properly forwarded to my > primary email. Please see our responses inline and feel free to let us know > if there are further comments. > > Best, > Kai > > On Thu, Oct 12, 2023 at 10:38 AM Donald Eastlake <d3e3e3@gmail.com> wrote: > >> I have reviewed this document as part of the security directorate's >> ongoing effort to review all IETF documents being processed by the >> IESG. Document editors and WG chairs should treat these comments just >> like any other last call comments. Sorry this review is a bit late. >> >> The summary of this review is Ready with Issues. >> >> (I did an early review of the -07 version of this draft at which time >> I found only nits all of which were fixed.) >> >> *Security* >> >> While I'm not all that into ALTO, it seems to me that this draft is all >> about messages and message exchanges between ALTO entities where the >> security (authentication, encryption, ...) has been specified in previous >> standards track documents such as RFC 7285; however, in Section 9.3, >> it says the spoofed URIs can be avoided by "encrypting the requests" >> where I think it should say "authenticating" the requests. There are a >> few additional security considerations which seem to be covered by the >> Security Considerations section of this draft. >> > > [KAI] You are right. In the meantime, after discussing with the AD and the > HTTPDIR reviewer, we eventually dropped the design of explicitly deleting a > TIPS view. So, it seems that spoofed URI is no longer a concern. > > >> >> *Other possible issues* >> >> - In the update from -14 to -15, huge numbers of all caps RFC 2119 key >> words have been lowercased. In many instances, this does not look >> right to me. (There are many other cases but one example is that in >> Section 8.4, all words in all upper case were lowercased.) >> >> > [KAI] We went over the keywords and hopefully they are in the right case > now. Some of the operational consideration sections are repetitive to > sections in RFC 8895 and are removed in -17, including Sec 8.4 in -15. > > >> - Although there is correct text elsewhere, the last paragraph of >> Section 6.4, page 24, seems to say you delete a TIPS view if >> heartbeats time out on one connection for that view. But shouldn't it >> be all connections going away as there might be multiple? >> >> > [KAI] Yes indeed. However, the heartbeat mechanism is no longer needed as > the server now has full control of TIPS views' lifecycles. But similarly, > the server is > > >> - I am a bit surprised there is nothing about jittering the heartbeat >> messages to be sure they can't get synchronized between muldtiple >> clients. Something like the time between them should be varied by an >> amount randomly selected in the range +0% to -40%. >> >> > [KAI] Previously the idea was to use multiple heartbeat messages to detect > the liveness of clients. Even for 2 messages, the variation is 100%, which > should be good enough. Of course, as we no longer have the heartbeat > mechanism now, this probably will not be an issue anymore. > > >> - Section 2.1, Page 6: I think there is something not quite right with >> the sentence "Prefetching updates can reduce the time to send the >> request, making it possible to achieve sub-RTT transmission of ALTO >> incremental updates." It seems muddled. Transmission speed / >> transmission time isn't affected by prefetching although, of course, >> the time to satisfy a request can be vastly reduced. Maybe >> "Prefetching updates can reduce the time to satisfy a request, makit >> it possible to achieve rapid, sub-RTT ALTO incremental updates." >> >> > [KAI] Thanks for the proposal. Will use the suggested text. > > >> >> *Nits* >> >> - Section 3.1, page 10, "(tag" -> "(a tag" >> > > [KAI] Nice catch. Updated as suggested. > > >> >> - Section 6.2, page 22, "time unit is second" -> "time unit is a second" >> > > [KAI] The sentence is no longer there as heartbeat is removed in the new > version. > > >> >> Hope these comments are helpful. >> >> Thanks, >> Donald >> =============================== >> Donald E. Eastlake 3rd +1-508-333-2270 (cell) >> 2386 Panoramic Circle, Apopka, FL 32703 USA >> d3e3e3@gmail.com >> >> _______________________________________________ >> alto mailing list >> alto@ietf.org >> https://www.ietf.org/mailman/listinfo/alto >> >
- [alto] SECDIR Last Call review of draft-ietf-alto… Donald Eastlake
- Re: [alto] SECDIR Last Call review of draft-ietf-… Kai GAO
- Re: [alto] SECDIR Last Call review of draft-ietf-… Donald Eastlake