[Anima] Barry Leiba's Discuss on draft-ietf-anima-autonomic-control-plane-28: (with DISCUSS and COMMENT)
Barry Leiba via Datatracker <noreply@ietf.org> Thu, 13 August 2020 03:46 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: anima@ietf.org
Delivered-To: anima@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B4EFF3A16D6; Wed, 12 Aug 2020 20:46:21 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Barry Leiba via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-anima-autonomic-control-plane@ietf.org, anima-chairs@ietf.org, anima@ietf.org, Sheng Jiang <jiangsheng@huawei.com>, jiangsheng@huawei.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.13.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Barry Leiba <barryleiba@computer.org>
Message-ID: <159729038171.27222.4709796804527924124@ietfa.amsl.com>
Date: Wed, 12 Aug 2020 20:46:21 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/5XY1viRYY2YqLNmR6VyiEZcJWR0>
Subject: [Anima] Barry Leiba's Discuss on draft-ietf-anima-autonomic-control-plane-28: (with DISCUSS and COMMENT)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2020 03:46:29 -0000
Barry Leiba has entered the following ballot position for draft-ietf-anima-autonomic-control-plane-28: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-anima-autonomic-control-plane/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- This DISCUSS should be easy to resolve: it's mostly that I find the text in Section 6.5 related to Bob and Alice to be confusing and unclear. I see that EKR also found it so and asked for the step-by-step diagram, which does help. But I find the whole Bob/Alice thing to be messy and wish you could instead use some functionally descriptive terms for the roles, rather than using arbitrary names that aren't meaningful and lead the reader to say, "Wait, which one is Bob now?" Specifically: — Section 6.5 — The node with the lower Node-ID in the ACP address of its ACP certificate becomes Bob, the one with the higher Node-ID in the certificate Alice. A peer with an empty ACP address field in its ACP certificate becomes Bob (this specification does not define such peers, only the interoperability with them). What’s with “becomes Bob” and “Alice” here? Without any introduction I don’t know what’s going on. Do you mean something like, ‘One node has a lower Node-ID in the ACP address of its ACP certificate than the other. For this discussion, we will call that node “Bob”, and the other “Alice”.’ ? Or do you mean something else? And then what does the next sentence mean? For example, originally Bob could have been the initiator of one ACP secure channel protocol that Bob prefers and the security association succeeded. The roles of Bob and Alice are then assigned and the connection setup is completed. Again I’m confused: you’re talking about Bob doing something, and *then* the role of Bob is assigned? What does that mean? How can we talk about Bob doing something before we know who Bob is? And are there no more descriptive terms to use here, as opposed to “Bob” and “Alice”? Something like “initiator” and “responder”, or whatever, which might be easier to follow? I also have a few easy-to-address issues here: — Section 6.7.3.1.2 — The IKEv2 Diffie-Hellman key exchange group 19 (256-bit random ECP), listed as a SHOULD, is to be configured, along with the 2048-bit MODP (group 14). I don’t understand the requirement level here, because I’m not sure what “is to be configured” means. You mention “SHOULD”, but then “is to be configured” seems to say that it has to be supported. And you seem to be saying that he same requirement, whatever it is, applies to both group 19 and group 14... but I’m not certain about that. Can you please rephrase this to make the requirements clearer? — Section 6.7.5 — A baseline ACP node MUST support IPsec natively and MAY support IPsec via GRE. If GRE is supported, it MAY be preferred over native IPec. But Section 6.7.3.2 says: If IKEv2 initiator and responder support IPsec over GRE, it has to be preferred over native IPsec. Which is it? “MAY” be preferred? Or “has to be preferred”? — Section 6.10.6 — IANA is asked need to assign a new "type" for each new addressing sub-scheme. With the current allocations, only 2 more schemes are possible, so the last addressing scheme MUST provide further extensions (e.g., by reserving bits from it for further extensions). I don’t understand the first sentence. It doesn’t parse, for one thing, so please fix that. And it would be better to clearly match it with the corresponding request in the IANA Considerations section. For the second sentence (the DISCUSS part), I’m very skeptical that this is the right approach: if you’re already acknowledging that “only” 2 schemes are possible now, it seems time *now* to prepare the way for additional ones, rather than waiting. What’s the reasoning for putting in a warning rather than just doing it, especially as you’re setting up a new registry anyway? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- We have to use “virtual out-of-band” more often, because “VOOB” is a great acronym. — Section 1 — is therefore intended to combine as good as possible the resilience Nit: this needs an adverb rather than an adjective, “as well as possible”. the ACPs functions instead of implementing them seperately for each Nit: “separately”. In the list that follows you should also put a comma after “traffic” to make it clear what the third list item is, as there are five “and”s in there. — Section 1.1 — Infrastructure (PKI) code for the ACP certificate, the GRASP protocol, UDP, TCP and TLS 1.2 ([RFC5246], for security and Why specifically TLS 1.2? Probably this should say “TLS” without a version, and reference the now-current TLS 1.3 spec (8446), but it shouldn’t be tied to a specific TLS version. Similarly, mentions of DTLS shouldn’t be tied to the version number. Alternatively for both, they could say “version 1.2 or greater”. I do see that some places in the document mention 1.2 as a minimum, so I'm just looking for a little clean-up here to make sure it's clear that we don't want to use <1.2, but anything from 1.2 on is fine. Plane itself would not need to change, it could continue to be IPv4 only. For such IPv4 only devices, the IPv6 protocol itself would be additional implementation footprint only used for the ACP. Nit: this is a comma splice. Either change the comma to a semicolon or change “, it” to “and”. Also, “IPv4-only” should be hyphenated when it’s a modifier, as it is in the second case (but not the first). I don’t understand “would be additional implementation footprint only used for the ACP.” I think “that is only used” would help, but I also don’t think “footprint” is the right word here. The ACP design can be applicable to (cpu, memory) constrained devices and (bitrate, reliability) constrained networks This is an odd use of parentheses, and it threw me at first, before I realized it’s an attempt at grouping and shorthand. Better to avoid it, as you also need some hyphens anyway: NEW1 The ACP design can be applicable to cpu- and memory-constrained devices and to bitrate- and reliability- constrained networks END Or if you find the hyphens awkward, maybe reword to avoid using modifiers: NEW2 The ACP design can be applicable to devices constrained with respect to cpu and memory, and to networks constrained with respect to bitrate and reliability. END (And I really don’t think the rest of the sentence (“but this document...”) adds anything, and I’d just skip it.) — Section 2 — Normative sections are labelled "(Normative)" and use [RFC2119]/[RFC8174] keywords. A small thing you can ignore if you like, but I would skip the citations here and just say, “and use BCP 14 key words.” You’ll have the proper citations with the boilerplate later. A CA uses its private key to sign the certificates it issues, relying parties use the public key in the CA certificate to validate the signature. Comma splice; please split the sentences. This signing certificate can be considered to be an identifier of the CA, so the term CA is also loosely used to refer to the certificate used by the CA for signing. Really? I’ve never seen a signing cert called a “CA”. In any case, I wouldn’t like to see that usage encouraged. Does this really need to be here? — Section 4 — ACP5: The ACP must provide security: Messages coming through the ACP must be authenticated to be from a trusted node, and should (very strong should) be encrypted. That last bit feels odd; I suggest instead, “and it is very strongly recommended that they be encrypted.” written ASA could potentially all communicate exclusively via GRASP Nit: “ASAs” — Section 6.1 — The LDevID certificate is called the ACP certificate, the TA is the Certification Authority (CA) root certificate of the ACP domain. Comma splice. — Section 6.8.2 — GRASP unicast messages inside the ACP are transported via TLS which MUST comply with [RFC7525] execept that only TLS 1.2 ([RFC5246]) is REQUIRED and TLS 1.3 ([RFC8446] is RECOMMENDED. This ties into my earlier comment about text that seems to tie this to the TLS version. I strongly recommend that you say early on (not here in 6.8.2) what’s here in the quoted text and elsewhere: that, for TLS and DTLS, 1.2 is REQUIRED, 1.3 is RECOMMENDED, and 1.1 and earlier MUST NOT be used. Include text “up there” about backward compatibility and making sure 1.2-only situations can be accommodated via negotiation. Possibly add a sentence about supporting post-1.3 versions when they are developed. And then don’t say anything about versions elsewhere in the document. — Section 6.10.1 — o Addresses in the ACP are not considered sensitive on privacy grounds because ACP nodes are not expected to be end-user host. Is there something missing here? This looks like an incomplete sentence. Or should it just be “end user hosts”? If that’s it, I suggest wording it as “...not expected to host end users.” It might also help to say, “ACP nodes are part of the data center infrastructure [or some such] and are not expected...” — Section 6.11.1.7 — Global Repair: we assume stable links and ranks (metrics), so no need to periodically rebuild DODAG. DODAG version only incremented under catastrophic events (e.g., administrative action). This is one of the most egregious of the poor-grammar issues in the document. I’m generally not happy with expecting the RPC to turn text like this into proper English, and wish that working groups would be more careful about it. Something like this, in this case, perhaps?: NEW Global Repair: we assume stable links and ranks (metrics), so there is no need to periodically rebuild the DODAG. The DODAG version is only incremented under catastrophic events (e.g., administrative action). END And is administrative action really an example of a catastrophic event? It would seem that administrative action would be a *response* to such an event. What’s an example of an event itself? Or is it “catastrophic” that’s the wrong word, maybe? (The “Local Repair” paragraph also has some incomplete sentences and missing articles.) — Section 6.12.5.1 — 2. IPv6 implementations do commonly not allow to assign the same A common English usage issue: “allow to assign” (in general, “allow <infinitive>”) doesn’t work in English, because the infinitive needs a subject (“allow <some entity> to assign”). If you don’t have a subject to put there, you can say, “IPv6 implementations commonly do not allow assignment of the same...” (which also fixes the issue that “commonly” shouldn’t split “do not”). — Section 8.1.1 — interface looks like a normal network interface (without any encryption/novel-signaling). What is “novel-signaling”? This is sometimes called "RPF filtering". This MAY be changed through administrative measures. Two things here: One is that this feels like a “may” (or “might” or “can”... a statement, not a directive) rather than a BCP 14 key word. The other is that I don’t follow what it is that may be changed: what does “this” refer to in the second sentence?
- [Anima] Barry Leiba's Discuss on draft-ietf-anima… Barry Leiba via Datatracker
- Re: [Anima] Barry Leiba's Discuss on draft-ietf-a… Toerless Eckert