IETF Logo Mail Archive

Re: [Anima] Review draft-ietf-anima-reference-model-04

"Michael H. Behringer" <michael.h.behringer@gmail.com> Wed, 26 July 2017 20:17 UTC

Return-Path: <michael.h.behringer@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA23412942F for <anima@ietfa.amsl.com>; Wed, 26 Jul 2017 13:17:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zNb3AwSsrYJl for <anima@ietfa.amsl.com>; Wed, 26 Jul 2017 13:17:20 -0700 (PDT)
Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94565124234 for <anima@ietf.org>; Wed, 26 Jul 2017 13:17:20 -0700 (PDT)
Received: by mail-wm0-x22d.google.com with SMTP id c184so88188160wmd.0 for <anima@ietf.org>; Wed, 26 Jul 2017 13:17:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=UnOCX7VeDdY8i6ucYsFonkRvPCW3UiJLdkZtxpIMJGs=; b=PoOkna9Yo52xazd2BrYsdiJ29qvAHlgMyy6qF40w6Dr3gVfFXD1FhfAhSaAG0t2d0e vzWOLzG350vfWFrmrcI8Io44o9IS68r0l0d1dXsQTTgipFpRsU5aBCF2nTsoxx8wEf/z sau60ZmoYWNADcpqbh66UnqY5k+usJCsoYqxaNiVwGceJzdwfVV5eqRsieCb4UwW2fGu TMs2k1A6T7Fc4fIO+qHdnVo0Qkl16Neg48etWeCQdzVwF0LPB6eWzi7o0dnMXoPr6LhO betamwgo8+yhS9Wmz7fq5josGeQphoIL7RsG2TJ9iaZoa7uXzB0E0I2brjd6fSTkjyOl DZQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=UnOCX7VeDdY8i6ucYsFonkRvPCW3UiJLdkZtxpIMJGs=; b=CAUffr81byWrg+N3CmCC8uKyXikfs4RVDR8Xuign1Zh4cwJvqT6U5kqTLf3XpVyYOa hLwV/wn9pmvAvEKMHckJM31glLqnhBt/9WLSPHqbKsQ2ivBDfZUZgyYt6beUjyzzH14x 9KMq22cgoxCumVTnrdxS2xCuIS6LxL2UIMa36dqJjTCosxGZ3iC4d6KltfSi4QyW7tMc iPO3QURi/32v8Tcugif9gSz1QVCwm5gJrpqARN+X+ob7lHz3zckc2Qe7OOtyJE2qfawW tNBSqt0wJCfcvrMOkWVmGBwueQX9FCbeELXs1vJyuu4IqrC3DkfFrECPPaCuYc18L0Jw i+Fw==
X-Gm-Message-State: AIVw110BzVkjrOrbtU0rjjt28sKg+4E49APxOsofi/6IK0kaK6c3DBrY KMd0EU16GRg0kIT6ec0=
X-Received: by 10.28.148.148 with SMTP id w142mr1688363wmd.55.1501100238778; Wed, 26 Jul 2017 13:17:18 -0700 (PDT)
Received: from [192.168.1.25] (ANice-652-1-131-208.w83-201.abo.wanadoo.fr. [83.201.82.208]) by smtp.gmail.com with ESMTPSA id j29sm2443138wrb.9.2017.07.26.13.17.17 for <anima@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 26 Jul 2017 13:17:18 -0700 (PDT)
From: "Michael H. Behringer" <michael.h.behringer@gmail.com>
X-Google-Original-From: "Michael H. Behringer" <Michael.H.Behringer@gmail.com>
To: anima@ietf.org
References: <8DA547FB1280754AAC43A3E56DCB7AD20AEC33E8@lhreml501-mbx>
Message-ID: <a09d67d7-9df9-582f-8596-580c077a9746@gmail.com>
Date: Wed, 26 Jul 2017 22:17:17 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <8DA547FB1280754AAC43A3E56DCB7AD20AEC33E8@lhreml501-mbx>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/w-2LCKhqvnfKH-uEFN5PoP_NZHM>
Subject: Re: [Anima] Review draft-ietf-anima-reference-model-04
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jul 2017 20:17:23 -0000

Thanks for your comments, Artur. I'm in the middle of vacations, but 
will incorporate your comments when back, in the next version!

Brian, seen your response, too. Will catch up...

Michael


On 26/07/17 19:55, Artur Hecker wrote:
> Dear community, dear Authors,
>
>
> I reread the draft-ietf-anima-reference-model-04. I hope it's not arriving at an inappropriate moment, but please find some notes and remarks below:
>
>
> 1. Page 6: s/potentiall/potential
>
> 2. Page 8: Section 4. The text mentions "must implement" and "other" functions, but fails to correctly guide the reader as to the MUST or not MUST of the functions in the following subsections. It is partly not even clear from the semantics of the subsections.
>
> Suggestion: clearly group MUST, SHOULD and MAY IMPLEMENT functions in the subsections.
>
> 3. Page 12: Information Distribution - consider rewriting parts of this section entirely. Several problems:
>
> a) Remove repetitive text in the beginning:
> "Certain forms of information, such as Intent, must be distributed across an autonomic domain. The distribution of information is also a function of the Autonomic Control Plane.  One form of such information is Intent."
>
> Suggestion: Either remove the first inclusion, or the entire last sentence. I would rewrite these three, see next point:
>
> b) There seems to be a problem with the statement above, as the "must" is somehow misleading in a potentially normative text. What is meant here is that some information requires dissemination, while other might not require that.
>
> Suggestion - please REWRITE e.g. as follows:
> "Certain forms of information require per its nature distribution across a (part of) autonomic domain. Such information distribution is a function of the Autonomic Control Plane. As an example, Intents require distribution across the whole autonomic domain as per definitions from RFC7575."
>
> c) Later, the text in this section somehow confuses the high level requirements (=information distribution) with a specific implementation, notably flooding. Note that there is a subtle difference between the requirement to reach all recipients (indeed, the current text seems to equal flooding to that) and flooding, which technically usually means "unconstrained broadcast". [E.g. Wikipedia: "Flooding is a simple computer network routing algorithm in which every incoming packet is sent through every outgoing link except the one it arrived on"]. This will lead to explosive message number growth, as the ACP uses routing - which does not guarantee a tree structure - while the scale of an autonomic domain is, by definitions of RFC7575, only constrained by the Intent as such ("the autonomic domain is the set of nodes, to which the intent needs to be sent"). At the same time, there are better known algorithms for routing, which achieve "distribution to all recipients" without "sending on al
>   l links except the one it arrived on" (e.g. structured broadcast, etc).
>
> Suggestion: stay at the requirements level in the Reference text, which this draft represents. In other words, remove suggestions of implementations, or reword if the requirement to reach all nodes is meant.
>
> 4. Page 17, Section 6.3.3.  The Information Distribution ASA (*).
> While the text above (on page 12: Information Distribution) says that Information Distribution is function of ACP, somehow there is a distinct section in this draft, talking about an Information Distribution ASA, which is NOT ACP ASA, and which is not obligatory.
>
> How to read this correctly?
>
> 5. Page 17, Section 7.1: "How an AN Network Is Managed"
> a) Please consider changing the title. AN is "autonomic network" network network :-)
> b) The first paragraph says that the co-existence is twofold. However, I can think of at least one other way: the ACP could be used as a transport channel for "traditional" management. E.g. ACP could be used to transport NETCONF messages, instead of SSH or BEEP in NETCONF. Not clear, what twofold means here (just an example, limitation, strong statement, etc).
>
> 6. Page 18, Section 7.2: "Intent"
> Please reread and correct this phrase: "It is expected Intent definitions from autonomic function(s) and even from traditional network management elements". (missing verb)
>
> Later in the text, the section references I-D.liu-anima-grasp-distribution, which is odd, given that the actual Information Distribution section (see above) does not. Yet, information distribution in I-D.liu-anima-grasp-distribution is not limited to intents.
>
> 7. Page 19, Section 7.5: "Control loops"
> The section talks about an "Autonomic System". Unless I am mistaken, an autonomic system is not defined (e.g. in RFC7575). This is a minor issue, as we all can imagine what a "system" is.
>
> 8. Page 20, Section 7.6: "APIs"
> There is a strong "MUST" requirement in this section (express and preserve semantics across different domains), which is not as clear as a MUST should be. First, it's not clear what "express and preserve semantics" means (semantics of what? Of objects? Of object methods? Of the results delivered by object methods? Of all of them?). Second, the "domain" is not defined: is an autonomic domain meant? Note that this notion is dynamic, as per intent scope, so probably not a very good reference. Third, the requirement is not corroborated clearly. Instead, an example is given, which we might discuss in its relevance to the ANIMA WG and work scope. Is ANIMA implementing software contracts? Is it a MUST requirement? Probably not. Note that web-based systems today have no such formal specifications, as mentioned in this section. Example: invariants; these are nice to have, but hard to determine for any complex piece of software (like a web service, etc).
>
> 9. Page 20, Section 7.7: "Data Model"
> Question: why do we need this section? This looks like some text book. Do we have a specification of data model in ANIMA? Information model? Anything like that? If not, I guess this can be shortened, as it is "for reference" only. (What is MRACL? Used without explanation in text).
>
> 10. Page 22, Section 8.1:
> s/mechanisms exists/mechanisms exist.
>
> 11.  Page 23, Section 9: "Security Considerations"
> Please rephrase "run inside the encrypted ACP". I hope that it's not simply "encrypted" but actually features the full range of cryptographic data protection methods.
>
> Rationale: I would argue that integrity is more important than confidentiality in the ANIMA scope. As encryption alone does not provide any protection against modification, and since hopefully the used mechanisms (see Section 9.2) go beyond encryption, I would recommend to use a more correct wording, something like "protected" or "cryptographically protected ACP".
>
> Generally, the section does not sufficiently presents the threat of message modification and replay, including the discovery messages. Also, authentication is not sufficiently covered, even though a reference to I-D.ietf-anima-bootstrapping-keyinfra is made. Not sure it's the best approach, as bootstrapping refers to how to enroll the node, and the authentication is probably using standard mechanisms? Normally, the threats should be described independently of the specific mechanisms.
>
>
>
> Regards
> artur
>
> _______________________________________________
> Anima mailing list
> Anima@ietf.org
> https://www.ietf.org/mailman/listinfo/anima

v2.23.0 | Report a Bug | By Email