Re: [Anima] An IOT DIR review of draft-ietf-anima-autonomic-control-plane

[Toerless Eckert <tte@cs.fau.de>]

Thanks, pascal. the "standard (issue)" got fixed too in -14, forgot to
include a specific note to you.

Cheers
    Toerless

On Tue, May 22, 2018 at 02:06:17PM +0000, Pascal Thubert (pthubert) wrote:
> Hello Toerless:
> > 
> > Thanks, Pascal, sorry for the delay,
> > 
> > Comments inline.
> > 
> > Version:
> > 
> > https://raw.githubusercontent.com/anima-wg/autonomic-control-
> > plane/2ae8f47399ae0d0811cb45209186d01f9e0d3077/draft-ietf-anima-
> > autonomic-control-plane/draft-ietf-anima-autonomic-control-plane-14.txt
> > 
> > 
> > Diff to prior version (-14 for Joel Halpern)
> > 
> > http://tools.ietf.org/tools/rfcdiff/rfcdiff.pyht?url1=https://raw.githubusercon
> > tent.com/anima-wg/autonomic-control-
> > plane/8b4436edaa720eadb5839120400fd1e89d3289b0/draft-ietf-anima-
> > autonomic-control-plane/draft-ietf-anima-autonomic-control-plane-
> > 14.txt&url2=https://raw.githubusercontent.com/anima-wg/autonomic-
> > control-plane/2ae8f47399ae0d0811cb45209186d01f9e0d3077/draft-ietf-
> > anima-autonomic-control-plane/draft-ietf-anima-autonomic-control-plane-
> > 14.txt
> > 
> > Will commit as -14 when i am through with the other -13 feedback.
> > 
> > Cheers
> >     Toerless
> > 
> > 
> > On Mon, Feb 26, 2018 at 05:25:58PM +0000, Pascal Thubert (pthubert)
> > wrote:
> > > Reviewer: Pascal Thubert on behalf of IOT-DIR;
> > >
> > > I am an assigned IoT directorate reviewer for draft-ietf-anima-autonomic-
> > control-plane-13.
> > >
> > > These comments were written primarily for the benefit of the INT and OPS
> > Areas Directors from the IoT perspective. Document editors and shepherd(s)
> > should treat these comments just like they would treat comments from any
> > other IETF contributors and resolve them along with any other Last Call
> > comments that have been received. For more details on the IoT Directorate,
> > please see https://datatracker.ietf.org/group/iotdir/about/ and for
> > Directorates in general please see
> > https://www.ietf.org/about/groups/directorates/.
> > >
> > >
> > > I'll be away for  the next 2 weeks and could not finish the review in time for
> > this heavy document, but at least I made it through till the RPL section. In the
> > interest of time, let me share what I already have.
> > >
> > >
> > >
> > > Summary
> > >
> > > -------------
> > >
> > > The summary of the review is that the document is Ready for Publication,
> > with comments.
> > >
> > >
> > >
> > >
> > >
> > > Major comments
> > >
> > > ------------------------
> > >
> > >
> > >
> > > -          " in-band" and "out of band network "
> > >
> > > should be defined since it is fundamental to understand that the ACP
> > > takes place in the same physical links as the data plane, as opposed
> > > to dedicated management ports (correct?);
> > 
> > Good point, done. (got a bit too long to paste here, so pls. check diff).
> > 
> > >
> > > -          Section 3; the IOT certainly could use an ACP. It would be useful to
> > scope the feature that is proposed in this document, whether it is compatible
> > of not with constrained environments, whether it needs adaptations, point on
> > Michael's enrollment draft. It would also be useful to indicate whether the
> > ACP works between L3 bridges, IOW whether ACP operates the same (over IP)
> > regardless of the packet forwarding layer in the data plane;
> > 
> > Not sure i understand the "point on Michaels enrollment draft".
> > 
> > I am happy to add pointers to variations of ACP design aspects for
> > informational purposes to show that/how it can be modified, but Michaels
> > drafts i think are all variation of the BRSKI design, so the ACP would be
> > completly unaffected by them, right ?
> > 
> [PT>] I guess you're right there
> 
> > Wrt. constrained devices and L2. I didn't want to touch section 3 for what you
> > suggested because that really a very formulistic section going back to the
> > charter 1 justifications of ANIMA  and matched with the three numbered use
> > case explanations in the introduction.
> > 
> [PT>] OK
> 
> > Instead i wrote text at the end of the introduction, now section 1.1, This got
> > longer than i hoped, but it was really a big missing piece to pitch the ACP and
> > give early on context for implementers and reminding of the charter goal of
> > reusing the best available existing protocols/function.
> [PT>] 
> [PT>] I read it, very cool.
> > 
> > The text got longer specifically also because i did not want to fall into the trap
> > of making claims whether or not ACP is applicable to specific IOT networks or
> > (even worse) assuming IOT is always constrained. Therefore mentioning of OT
> > networks (IMHO big part of IOT, and often totally non-constrained),
> > explanation of why RPL, and at the end a statement about constrained
> > environments. There is also a new paragraph in 10.8 about TCP/TLS vs.
> > CoAP/DTLS as a possible constained environment variant in the future.
> > 
> > > -         " Inside the ACP VRF, each node sets up a loopback interface with its
> > ULA IPv6 address"
> > > This is the first time, IPv6 is discussed; would have been nice to
> > > introduce that the Node has IPv6, that it needs a ULA and that ACP
> > > assigns it. This discussion could be done in conjunction with the
> > > comment above;
> > 
> > Actually, section 1. introduction already mentions that the ACP provides
> > IPv6 and that the stable-connectivity document describes how to interoperate
> > with IPv4 only OAM.
> > 
> > I added to the new 1.1 section (see above) the following paragraph, which i
> > hope is a useful context setting and pitch:
> > 
> > <t>The ACP uses only IPv6 to avoid complexity of dual-stack ACP operations
> > (IPv6/IPv4). Nevertheless, it can without any changes be integrated into even
> > otherwise IPv4-only network devices. The data-plane itself would not need to
> > change, it could continue to be IPv4 only. For such IPv4 only devices, the IPv6
> > protocol itself would be additional implementation footprint only used for the
> > ACP.</t>
> [PT>] OK
> 
> > 
> > > -         About  "The ttl
> > > parameter SHOULD be 3.5 times the period so that up to three
> > > consecutive messages can be dropped before considering an
> > > -           announcement expired. "
> > >
> > > This is the only discussion on the ttl field of the M_FLOOD. Though its
> > meaning is quite obvious, the behavior associated to it should be defined.
> > 
> > Added:
> > 
> > When a service announcer
> > using these parameters unexpectely dies immediately after sending the
> > M_FLOOD, receivers would consider it expired 210 seconds later. When a
> > receiver tries to connect this dead service earlier, it will experience a failing
> > connection and use that as an indication the service is dead and select
> > another instance of the same service instead.
> > 
> [PT>] OK
> 
> > > -         "In the above (recommended) example the period of sending of the"
> > > Is this RECOMMENDED IOW normative??
> > 
> > Hmmm... Sure, why not. Less guessing/experiementation for this.
> > Modified to RECOMMENDED.
> [PT>] OK
> 
> > 
> > > -         Text P 25 says "At this time in the lifecycle of ACP nodes, it is unclear
> > whether it
> > > is feasible to even decide on a single MTI (mandatory to implement)
> > > security association protocol across all ACP nodes"
> > > but then P27 "It MUST support ESP
> > > with AES256 for encryption and SHA256 hash and MUST NOT permit
> > weaker
> > > crypto options."
> > >
> > > and then "   A baseline ACP node MUST support IPsec natively and MAY
> > support IPsec
> > > via GRE. A constrained ACP node MUST support dTLS.  ACP nodes
> > > connecting constrained areas with baseline areas MUST therefore
> > >
> > > support IPsec and dTLS."
> > >
> > > Seems that text P25 should go?
> > 
> > P27: An ACP node supporting native IPsec MUST use IPsec security setup via
> > IKEv2, tunnel mode, local and peer link-local IPv6 addresses used for
> > encapsulation. It MUST support ESP... (parameters).
> > 
> > clarified to:
> > 
> > P27: An ACP node that is supporting native IPsec MUST use IPsec security
> > setup via IKEv2, tunnel mode, local and peer link-local IPv6 addresses used for
> > encapsulation. It MUST then support ESP... (parameters).
> > 
> > Also:
> > 
> > ACP nodes supporting ACP via GRE/IPsec MUST support IPsec security setup..
> > 
> > clarified to:
> > 
> > An ACP node that is supporting ACP via GRE/IPsec MUST then support IPsec
> > security setup..
> > 
> [PT>] OK
> 
> > Aka: P25 is correct, there is no single MTI. 6.7.3 defines the actual
> > requirement for two different profiles: "baseline ACP node" and "constrainted
> > ACP node".
> > The two requirements in P27 are only conditional MUSTs defining the details
> > of the IPsec profiles assuming a node does support IPsec or IPsec/GRE.
> > 
> > Let me know if this is still unclear, and if so, how you would suggest to make it
> > better readable.
> [PT>] Someone else need to do it now I'm biased
> 
> > 
> > > -           "Use-ULA: For loopback interfaces of ACP nodes, we use Unique
> > Local
> > >
> > > Addresses (ULA), specifically ULA-Random, as defined in [[RFC4193]
> > >
> > > with L=1]."
> > >
> > > This needs to be more crisp. ULA is defined in RFC 4193 but the term
> > > ULA-Random is not. I think you mean that 3.2.2.  of RFC 4193 is the
> > > way addresses are formed, if so please say so.  The best practice RFC
> > > 8064 recommends use of RFC 7217. I understand that privacy is not a
> > > concern but does it hurt? Anyway please point at section 6.10 and
> > > 6.11.1.11
> > 
> > The term "ULA-Random" was used in the discussions on ANIMA mailing list re.
> > ULA, so admittedly i didn't check that the term as it stands is actually not
> > defined/used in rfc4193 - but its just meant to imply ULA with L=1, nothing
> > more. I've removed the use of ULA-Random from the text and just refer now
> > to 4193 with L=1 (also pointing to 3.1. of rfc4193 defining L).
> > 
> [PT>] cool;
> 
> > I have also added a note that the hash uses our own ACP definition instead of
> > rfc4193 3.2.2.
> > 
> > Paragraph is now:
> > 
> > <t>Use-ULA: For loopback interfaces of ACP nodes, we use Unique Local
> > Addresses (ULA), as defined in <xref target="RFC4193"/> with L=1 (as defined
> > in section 3.1 of <xref target="RFC4193"/>). Note that the random hash for
> > ACP loopback addresses uses the definition in <xref target="scheme"/> and
> > not the one of <xref target="RFC4193"/> section 3.2.2.</t>
> > 
> > 8064/7217 are irrelevant here if i understand it correctly because we define
> > the addressing scheme for anything following the ULA prefix ourselves for
> > ACP addresses. Let me know if i do misunderstad what you where trying to
> > suggest re. 8064/7217.
> [PT>] 
> [PT>] I guess I missed that you defined the IID.
> 
> > 
> > > -           "
> > > RPL Mode of Operations (MOP): mode 3 "Storing Mode of Operations with
> > multicast support".  Implementations should support also other modes.
> > >
> > > Note: Root indicates mode in DIO flow"
> > >
> > > Why "should" ? there is no much point supporting the other modes is
> > there? Section 6.11.1.13 says that SRH is not used so this is inconsistent. You
> > only need MOP 2 or 3, 3 is you do multicast which at the moment does not
> > appear to be the case. SO I would MUST a MOP of 2 and MAY a MOP of 3
> > which is a superset of MOP 2, and that's it (see 6.3.1 of RFC 6550).
> > 
> > Probably a transcription error on my side when i took your RPL summary and
> > wrote it down. Fixed according to above.
> > 
> [PT>] cool
> 
> > 
> > > -           "The lack of a RPI (the header defined by [RFC6553]), means that the
> > > data-plane will have no rank value that can be used to detect loops.
> > > As a result, traffic may loop until the TTL of the packet reaches
> > > zero. "
> > >
> > > Since we have reliable links and no stretch (section 6.11.1.7), loops
> > > should be exceedingly rare. It could be recommended to send the DIOs
> > > 2-3 times to inform children when losing the last parent. Note that
> > > the technique in section "8.2.2.6.  Detaching" of RFC 6550 should be
> > > favored over that in section "8.2.2.5.  Poisoning" because it allows
> > > local connectivity. Also, It should be said that a node should select
> > > more than one parent, at least 3 if possible, and send DAOs to all of
> > > then in parallel. This provides multi
> > 
> > Not sure why your paragraph ends apruptly, buts its also in the archive, so its
> > not a mistake on my email end. Hopefully nothing significant missing.
> [PT>] 
> [PT>] Dunno what happened. Selecting multiple parents enables NECM back. Could be useful.
> 
> > 
> > I have replaced the suggestive text that followed your above quoted text in
> > the draft:
> > 
> > <t>There are a variety of heuristics that can be used to signal from the
> >   data-plane to the RPL control plane that a new route is needed.
> > 
> > With a hopefuly correct transcription of your suggestion:
> > 
> > <t>
> >   Since links in the ACP are assumed to be mostly reliable (or have link
> >   layer protection against loss) and because there is no stretch
> >   according to <xref target="rpl-dodag-repair"/>, loops should be
> >   exceedingly rare though.</t>
> > <t>
> >   There are a variety of mechanisms possible in RPL to further
> >   avoid temporary loops: DIOs SHOULD be sent 2...3 times to inform children
> >   when losing the last parent. The technique in <xref target="RFC6550"/>
> >   section 8.2.2.6. (Detaching) SHOULD be favored over that in section 8.2.2.5.
> >   (Poisoning) because it allows local connectivity. Also, nodes SHOULD select
> >   more than one parent, at least 3 if possible, and send DAOs to all
> >   of then in parallel.</t>
> > 
> [PT>] Yes, I'm good with all this.
> 
> > > -           "ACP nodes MUST perform standard IPv6 operations across ACP
> > virtual
> > > interfaces including SLAAC (Stateless Address Auto-Configuration -
> > > RFC4862])"
> > >
> > > They may actually prefer Optimistic DAD RFC 4429 since address duplication
> > is highly improbable as long as you .
> > 
> 
> > Added:
> > 
> >         <t>"Optimistic Duplicate Address Detection (DAD)" according to
> >         <xref target="RFC4429"/> is RECOMMENDED because the likelyhood for
> >         duplicates between ACP nodes is highly improbable as long as
> >         the address can be formed from a globally unique local assigned
> > identifier
> >         (e.g.: EUI-48/EUI-64, see below).</t>
> > 
> [PT>] 
> [PT>] I'm unsure what your recommendation for the interface ID is thus the discussion on RFC 7217.
> 
> Note: I have only one slight comment left below:
> 
> 
> > > Minor comments
> > >
> > > ------------------------
> > >
> > >
> > >
> > >
> > >
> > > -         About "[RFC7575] defines the fundamental ...  "
> > >
> > > for readability, it may be nicer to indicate the title of an RFC when
> > > it is referenced first; e.g. the text above would become
> > >
> > > " Autonomic Networking: Definitions and Design Goals" [RFC7575] defines
> > the fundamental ...
> > 
> > Ok, i am punting this one for now to RFC editor after playing around a bit with
> > the XML options - and not being satisfied... and having references for 50 RFCs
> > in the doc:
> > 
> > <t>[RFC Editor: Question: Is it possible to change the first occurrances of
> > [RFCxxxx] references to "<rfcxxx title>" [RFCxxxx] ? the XML2RFC format does
> > not seem to offer such a format, but i did not want to duplicate 50 first
> > references to be duplicate - one reference for title mentioning and one for
> > RFC number.]</t>
> > 
> > If RFC editor comes back and can't do this easier than i can in XML, i'll try to
> > go through the chores when doc is in RFC editor queue.
> > 
> > > -         about "or network plane (there is no well-established name  for this)"
> > >
> > > The term network plane is not used again in the document. This text may go
> > away.
> > 
> > Done.
> > 
> > > You may consider using "security and transport substrate" instead, since it is
> > used elsewhere in the document.
> > 
> > "autonomic communications fabric" = ACP including ACP GRASP (ACP GRASP
> > provides discovery etc..). "security and transport substrate" == the parts of
> > ACP used by "ACP GRASP" (aka: The secure IPv6 forwarding of ACP).
> > 
> > Subtle difference.
> > 
> > > Also, please be consistent on whether you use hyphen or not and use
> > > that globally, e.g. for the above, and pane like in "forwarding plane"
> > > or "out of band network ";
> > 
> > Fixed up "out of band" (no hyphens) and "in-band" (with hyphen).
> > Not sure why but this is what MS word spelling checker suggested to me. RFC
> > editor will override if these are not the best choices.
> > 
> > 
> > 
> > > -         "data-plen"
> > > Typo?
> > 
> > Done
> > 
> > 
> > > -         "OAM applications ("Operations Administration and Management)"
> > >
> > > Consider using "Operations Administration and Management (OAM)
> > applications " instead; same goes for SDN, ASA, VRF, etc...
> > 
> > Ok. Tried to fix up all the instances i could find.
> > 
> > > -          "   MIC:  "Manufacturer Installed Certificate".  Another word not used
> > in this document to describe an IDevID."
> > >
> > > MIC is not used in the document, maybe inform of this equivalence in the
> > IDevID definition instead; same goes for SUDI. Note that UDI is use just once
> > and may not need an entry here.
> > 
> > The definitions of those non-necessary terms are there to help others who
> > like me start out not being security experts and are confused about those
> > equivalent or related terms.
> > 
> > I specifically didn't want to include discussions about these terms in the
> > definitions that are relevant (eg: IDevID) so as not to clobber up that text.
> > Instead, readers would just look up those redundant terms when they are like
> > me initially confused about them.
> > 
> > > -               "RPL:  \"IPv6 Routing Protocol for Low-Power and Lossy
> > Networks\".  The routing protocol used in the ACP."
> > >
> > > Maybe point on [RFC6550]?
> > 
> > Done
> > 
> > > -         "Connecting over non-ACP Layer-3 clouds initially requires a tunnel
> > between ACP nodes."
> > >
> > > I understands that it is one tunnel between each pair of adjacent ACP
> > > nodes, correct? I read "a tunnel" as an end-to-end tunnel, which
> > > sounds different
> > 
> > Changed to:
> > 
> > <t>Connecting over non-ACP Layer-3 clouds requires explicit configuration.
> > See <xref target="remote-acp-neighbors"/>. This may be automated in in the
> > future through autodiscovery mechanisms across L3.</t>
> > 
> > 
> > > -          "ACP relies on group security"
> > >
> > > Add "The"
> > 
> > 
> > Done
> > 
> > > -          "An ACP node MUST have keying
> > >    material consisting of a certificate (LDevID), with which it can
> > >      cryptographically assert its membership in the ACP domain and trust
> > >      anchor(s) associated with that certificate with which it can verify
> > >      the membership of other nodes (see Section 6.1.2)."
> > >
> > > This is convoluted. Could you make it 2 sentences?
> > 
> > Fixed to:
> > 
> > <t>The ACP relies on group security.  An ACP domain is a group of nodes that
> > trust each other to participate in ACP operations.  To establish trust, each ACP
> > member requires keying material: An ACP node MUST have a certificate
> > (LDevID) and a trust anchor (TA) consisting of a certificate (chain) used to sign
> > the LDevID of all domain members. The LDevID is used to cryptographically
> > assert membership in the ACP domain, the TA to verify the membership of
> > other nodes in the ACP domain (see <xref target="certcheck"/>).</t>
> > 
> > > -         "  Note: LDevID ("Local Device IDentification") is the term used to
> > >      indicate a certificate that was provisioned by the owner of a
> > > node as opposed to IDevID ("Initial Device IDentifier") that may has
> > > been loaded on the node during manufacturing time.  Those IDevID do
> > > not include owner and deployment specific information to allows
> > > autonomic establishment of trust for the operations of an ACP domain (e.g.:
> > > between two ACP nodes without relying on any third party)."
> > 
> > > LDevID was already defined in the terminology. This text may move there or
> > go away.
> > 
> > Gone. I added the note that LDevID can not be used directly for ACP to the
> > terminology definition of IDevID.
> > 
> > > -          "   This document uses the term ACP in many places where its
> > reference
> > > document use the word autonomic."
> > >
> > > Add [RFC7575] after "reference document"
> > 
> > Done.
> > 
> > > -          "   "routing-subdomain" is the autonomic subdomain that is used to
> > > calculate the hash for the ULA prefix of the ACP address of the node."
> > >
> > > Do you mean ULA suffix?
> > 
> > No, the Global ID. Fixed.
> > 
> > Actually, i also sumbled across this:
> > 
> >  RFC4193 uses "Prefix" for the first 7 bits of a ULA address, but we have used
> > use the term ULA prefix to refer to the first 48 bits of a ULA address, so i've
> > clarified this more in the terminology.
> > 
> > > -          "   o  If the node certificates indicate a CDP (or OCSP) then the peer's
> > > certificate must be valid according to those criteria. e.g.: OCSP
> > > check across the ACP or not listed in the CRL retrieved from the CDP."
> > >
> > > Please define CDP and OSCP, and/or reference a RFC is possible.
> > 
> > Done. Using RFC5280. Hope thats correct, otherwise IESG SEC review should
> > help.
> > 
> > > -          "enrolment"
> > > Typo
> > 
> > Fixed.
> > 
> > > -          "This can
> > > use a single GRASP M_FLOOD message as shown in above example."
> > > Actually the example is now below. Please reference the figure.
> > 
> > Done. Actually its still "above", or i am heavily confused.
> > 
> > >
> > > -           "The protocol could for example could have been"
> > >
> > > Typo
> > 
> > Fixed.
> > 
> > > -           "if the IPsec connecting"
> > >
> > > Typo?
> > 
> > More like sentence structure was strange.
> > 
> > Fixed to:
> > 
> >  "Even if the IPsec connection from Bob succeeded, Alice might prefer another
> > secure protocol over IPsec"
> > 
> > > -           "ACP wide service discovery"
> > > ACP-wide
> > 
> > Fixed.
> > 
> > > -           "if the IPsec connecting In most other solution
> > > designs such distributed discovery does not exist at all or was added
> > > as an afterthought and relied upon inconsistently"
> > >
> > > Consider removing or rephrasing : )
> > 
> > Removed:
> > 
> > Sentence wasn't that bad, but easier removed instead of trying to justify
> > negative observations about reality without being called out to provide even
> > more proof.
> > 
> > >
> > > -         Maybe consider moving the discussion on multicast P29 -30 to annex?
> > Why Multicast is not used is an interesting discussion but not critical for the
> > protocol operation.
> > 
> > Done.
> > 
> > > -           "it is not quite clear yet what exactly the implications are
> > > to make GRASP flooding depend on RPL DODAG convergence and how
> > > difficult it would be to let GRASP flooding access the DODAG
> > > information"
> > >
> > > Let's chat then. There's work on reliable multicast for RPL using BIER.
> > 
> > Yeah if i would just get around to that ;-)
> > 
> > For now moved together into informative section together with te multicast
> > discus.
> > 
> > > -         "In the terminology of GRASP ([I-D.ietf-anima-grasp]), the ACP is the
> > > security and transport substrate for the GRASP instance run inside the
> > > ACP ("ACP GRASP"). "
> > >
> > > "running" inside the ACP? Maybe rephrase more globally?
> > >
> > 
> > This instance of GRASP runs across the ACP secure channels..
> > 
> > > -           "OAM protocols no not require IPv4: The ACP may carry OAM "
> > > Typo no->do
> > 
> > Fixed.
> > 
> > > -           "Consider a network that has multiple NOCs in different locations.
> > > Only one NOC will become the DODAG root.  Other NOCs will have to send
> > > traffic through the DODAG (tree) rooted in the primary NOC."
> > 
> > > A figure would help. I remember all the discussions we had about
> > > setting the prf bits in remote NOCs
> > 
> > Sorry. A bit low on cycles right now. Hopefully i'll get around to it later.
> > Created a wish list entry in changelog.
> > 
> > > -           "RPPL."
> > > Typo
> > 
> > Fixed.
> > 
> > > -           "Administrative Preference ([RFC6552], 3.2.6  "
> > >
> > > The section is correct but that is RFC 6550.
> > 
> > Done
> > 
> > >
> > > -           "This is a standard issue
> > > with tunneling, not specific to running the ACP across it."
> > > Do you really mean Standard or would Classical work better?
> > 
> > This is an issue of tunnels, not an issue of running the ACP across a tunnel.
> [PT>] 
> [PT>] Sure but I was pointing at the word "standard", probably ill-chosen in a standard doc...
> 
> > 
> > > -           "Even though loopback interfaces where originally d"
> > > Typo Where -> were
> > 
> > Done.
> > 
> > > -         Section 3, 4, 9 and 10 may move to Annex (by moving the section after
> > the </references> tag) since they are not normative and do not contribute to
> > the understanding of the protocol. This way there should not be a need to
> > indicate normative in other sections.
> > 
> > Sections 3, 4 and 9 are fairly short and the flow of the document depends on
> > them being in their particular location.
> > 
> > Section 10 could go into an appendix, but it makes not a lot of difference, but
> > past experience has shown that Annex text is a lot less likely to be read given
> > how the RFCs are structured.
> > We had 10 in Annex and moved it up for exactly that reason.
> > 
> > > -         Well Noted that Section 14 Will be removed/.
> > 
> > > Sorry for being interrupted here,
> > 
> > 
> > Thanks you so much!
> > 
> 
> [PT>] My pleasure,
> 
> Take care;
> 
> Pascal

-- 
---
tte@cs.fau.de