Re: [babel] Early review on draft-ietf-babel-dtls ...
David Schinazi <dschinazi@apple.com> Mon, 08 October 2018 19:26 UTC
Return-Path: <dschinazi@apple.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C985F130F5E; Mon, 8 Oct 2018 12:26:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fvj2tzNf1tgd; Mon, 8 Oct 2018 12:26:10 -0700 (PDT)
Received: from nwk-aaemail-lapp02.apple.com (nwk-aaemail-lapp02.apple.com [17.151.62.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E20A1311B4; Mon, 8 Oct 2018 12:25:48 -0700 (PDT)
Received: from pps.filterd (nwk-aaemail-lapp02.apple.com [127.0.0.1]) by nwk-aaemail-lapp02.apple.com (8.16.0.22/8.16.0.22) with SMTP id w98JNFvA028976; Mon, 8 Oct 2018 12:25:48 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=mime-version : content-type : sender : from : message-id : subject : date : in-reply-to : cc : to : references; s=20180706; bh=E2Uf1U4ACaGIvImRGSBZraj7kisTgVJ8M4ROxe9sHBo=; b=LfViKZHnTii9/OCDS7QvrwYDaTSlnCsy13s5Drgpk7ntDk+Z0SqQlX7mm5on1gq19MqC GE+U3Y8cU5Cc3ZF2j500dni7e8e6C2M5B/rZMtNh5mpKQH2+ydxNgDh+VZHxov4q0g9O nMd/G+fQ1T1JJHjeIcAeyuDOHu2wvplPFHsLiu02qXORFfbNKvi9DoZF/xPgu52+51S3 iFmVY3/GVOwr5JihxAUTBPnxi2wIEp7A27PJS68JZIt1X1dfdZ3TmeGPQBICwMMhbB3u LAGSXS/sQtex9CjayVzQGZekUqI2VJc/ORMtffc04Yj7JqmAazhzkUfFnmde0wr8GIq4 SQ==
Received: from mr2-mtap-s01.rno.apple.com (mr2-mtap-s01.rno.apple.com [17.179.226.133]) by nwk-aaemail-lapp02.apple.com with ESMTP id 2mxsmndv7p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 08 Oct 2018 12:25:48 -0700
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_9U7ciEiOoeWobWeFBfLCnQ)"
Received: from nwk-mmpp-sz09.apple.com (nwk-mmpp-sz09.apple.com [17.128.115.80]) by mr2-mtap-s01.rno.apple.com (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14 2018)) with ESMTPS id <0PGA00D5BOMXEEB0@mr2-mtap-s01.rno.apple.com>; Mon, 08 Oct 2018 12:25:45 -0700 (PDT)
Received: from process_viserion-daemon.nwk-mmpp-sz09.apple.com by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14 2018)) id <0PGA00C00O853600@nwk-mmpp-sz09.apple.com>; Mon, 08 Oct 2018 12:25:45 -0700 (PDT)
X-Va-A:
X-Va-T-CD: b471bb14502b0c9f048fb748925b32d4
X-Va-E-CD: 331b50dd13a5cf00d5a196d37f3ecdfe
X-Va-R-CD: 10093262cf6007056c650c1337cfe00a
X-Va-CD: 0
X-Va-ID: 6ad43e5c-5c0c-4fab-bb12-3278fa4e044d
X-V-A:
X-V-T-CD: eee5912c886d26727d0188de4fff19f1
X-V-E-CD: 331b50dd13a5cf00d5a196d37f3ecdfe
X-V-R-CD: 10093262cf6007056c650c1337cfe00a
X-V-CD: 0
X-V-ID: 09603839-95bc-4ee0-918a-2c37a061cc8f
Received: from process_milters-daemon.nwk-mmpp-sz09.apple.com by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14 2018)) id <0PGA00E00OIIXK00@nwk-mmpp-sz09.apple.com>; Mon, 08 Oct 2018 12:25:45 -0700 (PDT)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-10-08_09:,, signatures=0
X-Proofpoint-Scanner-Instance: nwk-grpmailp-qapp14.corp.apple.com-10000_instance1
Received: from [17.192.155.180] (unknown [17.192.155.180]) by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14 2018)) with ESMTPSA id <0PGA008IKOMX9LB0@nwk-mmpp-sz09.apple.com>; Mon, 08 Oct 2018 12:25:45 -0700 (PDT)
Sender: dschinazi@apple.com
From: David Schinazi <dschinazi@apple.com>
Message-id: <EC49AD0D-8F56-4966-A463-7C7435415B49@apple.com>
Date: Mon, 08 Oct 2018 12:25:44 -0700
In-reply-to: <AC0D10DA-6225-4441-9B08-5127689D4BE1@juniper.net>
Cc: babel-chairs@ietf.org, "rtg-dir@ietf.org" <rtg-dir@ietf.org>, "babel@ietf.org" <babel@ietf.org>
To: Antoni Przygienda <prz@juniper.net>
References: <AC0D10DA-6225-4441-9B08-5127689D4BE1@juniper.net>
X-Mailer: Apple Mail (2.3445.9.1)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-10-08_09:, , signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/sVu-T-c0O6aluQNWHzKTHlpQkYw>
Subject: Re: [babel] Early review on draft-ietf-babel-dtls ...
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Oct 2018 19:26:13 -0000
Thank you for your review, Tony. The authors have updated the draft to incorporate your comments: https://tools.ietf.org/html/draft-ietf-babel-dtls-01 <https://tools.ietf.org/html/draft-ietf-babel-dtls-01> A diff between -00 and -01 is available here: https://www.ietf.org/rfcdiff?url2=draft-ietf-babel-dtls-01 <https://www.ietf.org/rfcdiff?url2=draft-ietf-babel-dtls-01> (note that the links above may take a few minutes to be functional) Thanks, David > On Sep 26, 2018, at 14:37, Antoni Przygienda <prz@juniper.net> wrote: > > I have been selected to do a routing directorate “early” review of this draft. > https://datatracker.ietf.org/doc/draft-ietf-babel-dtls <https://datatracker.ietf.org/doc/draft-ietf-babel-dtls> > > Document: draft-ietf-babel-dtls > Reviewer: Tony Przygienda > Intended Status: STD > Summary: > Choose from this list... > I have some minor concerns about this document that I think should be resolved before it is submitted to the IESG. Concerns are not defects but basically request for some clarification in document and reconsideration on minor issues > Comments: > · Draft makes inherent sense, of significance for future work in the routing area IMO for other protocols if the security requirements for routing keep on tightening > · I think that the draft will benefit from an explicit justification why I solution based on SHA-1 cannot satisfy the security profile desired. Reading the draft I assumed that the main requirement was confidentiality which was incorrect. Discussions with the authors let to quite interesting insights that should be captured in the draft IMO. > · The section explaining that all the babel frames must be unicast with DTLS could benefit from a small rewrite to read easier > · I recommend the authors to rethink where they want to change base spec babel MTU by a hard offset. Even the DTLS can evolve in a Backwards compatible manner changing sizes. From experience with tunnels and routing protocols it may be better to just keep the original spec and imply than an implementation supporting DTLS has to deal with the according size overhead > > thanks > > --- tony > > _______________________________________________ > babel mailing list > babel@ietf.org <mailto:babel@ietf.org> > https://www.ietf.org/mailman/listinfo/babel <https://www.ietf.org/mailman/listinfo/babel>
- [babel] Early review on draft-ietf-babel-dtls ... Antoni Przygienda
- Re: [babel] Early review on draft-ietf-babel-dtls… David Schinazi
- Re: [babel] Early review on draft-ietf-babel-dtls… David Schinazi