IETF Logo Mail Archive

[Cbor] Document shepherd review of draft-ietf-cbor-network-addresses

Barry Leiba <barryleiba@computer.org> Mon, 19 July 2021 14:18 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9945F3A352B for <cbor@ietfa.amsl.com>; Mon, 19 Jul 2021 07:18:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.65
X-Spam-Level:
X-Spam-Status: No, score=-1.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vk4oADU4JCNf for <cbor@ietfa.amsl.com>; Mon, 19 Jul 2021 07:18:35 -0700 (PDT)
Received: from mail-lf1-f53.google.com (mail-lf1-f53.google.com [209.85.167.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0612D3A352A for <cbor@ietf.org>; Mon, 19 Jul 2021 07:18:34 -0700 (PDT)
Received: by mail-lf1-f53.google.com with SMTP id q16so30477444lfa.5 for <cbor@ietf.org>; Mon, 19 Jul 2021 07:18:34 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=3ylhZC/Y9M3Oi5hswA0DJURy5E5hSrQWWyur76uwCVY=; b=il/U2dOvgQZ7L7n4Kpmms4dhZX89ZnGFAYVqr9ef1LK622+TPrPHr4+rJQfh3uNuf9 OfrrJ3/naOfI7te08Gz02/oF1XtNsd1O4UDf7Fz4zkYz74CCD7fW0RXw0gZXB2s6QAuF i3F01MaeS2QCB95rNbp/B9CbMsAAbvxyyuNpCLoaN5k959/v6jGDx3+xP1E4RUKbSLvM /265S3joYX5byUPoHBOxF/moFPgrV68n2gMGLgIHddNdN8Arn++9DzvOODz2V10pK5w/ uWQPOa7r4t8d0TtXqgk/G4m/zR/mQxnWiGpw4KYoblnL+vOON3oDeOaFVTmkLC0vXbkt TP1Q==
X-Gm-Message-State: AOAM5334eueihwpzY3PLDiIwEaAOBjXv1cxDEueloZPKxCr3Wx/WKarf 84zbDiHhBmYhFGYgpT8UbNWSHBDvrEX/iQ7nA93yUqdDxqsO6A==
X-Google-Smtp-Source: ABdhPJxzSWXdKKsxbkwC6s6bax3sMYA18/OLoLhmf/zV/Rynmj3/xiA9pK1CGC1G9GUo5TXiYCVa15ObftWZuh3YvVY=
X-Received: by 2002:a19:8506:: with SMTP id h6mr18744732lfd.313.1626704312293; Mon, 19 Jul 2021 07:18:32 -0700 (PDT)
MIME-Version: 1.0
From: Barry Leiba <barryleiba@computer.org>
Date: Mon, 19 Jul 2021 10:18:21 -0400
Message-ID: <CALaySJ+wieWsNU+hk6dj2OUxQbioRcqhAQM6+zWYzuV08XQ7kA@mail.gmail.com>
To: cbor@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/rbwfv5EGZVO3OGHUfoiv1y0HlA4>
Subject: [Cbor] Document shepherd review of draft-ietf-cbor-network-addresses
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jul 2021 14:18:37 -0000

Hi, all.  Here's my shepherd review of draft-ietf-cbor-network-addresses-05.

— Section 1 —

I would merge the one-sentence first paragraph into the second paragraph.

   Tag 260 and tag 261 was later defined through IANA.

“were”, plural.  I might also say “Tags 260 and 261” rather than
repeating the word “tag”, but keep this as you please.

   The present specification achieves an explicit indication of IPv4 or
   IPv6, and the possibility to omit trailing zeroes.

What is “the present specification”?  The one associated with the IANA
registration (I don’t think that’s what you mean, as there's no detail
there)?  Or this document?  Assuming the latter, it would be a lot
clearer if you just merged this sentence into the following paragraph,
where you already talk about what “this document” does.  If you really
mean something else, it could use a reference citation and rewording
of “the present specification”.

   Due to the complexity of testing the value of
   omitting trailing zeros for addresses was considered non-essential
   and support for that was removed in this specification.

This seems hard to parse.  As I read this, I see “testing the value”
as a unit, but I think you mean for there to be a comma after
“testing”?  Or maybe you do mean that “testing the value” is complex,
but then the word “of” seems wrong.  Can you reword this to clean that
up?

— Sections 3.1 and 3.2 —

There are examples of [prefix-length, addr] and [addr, prefix-length],
but no examples of just [addr], so it’s easy to miss that that’s also
valid.  It would be useful to add an example after this paragraph:

   An IPv6 address is to be encoded as a sixteen-byte byte string
   (Section 3.1 of [RFC8949], major type 2), enclosed in Tag number 54.

…and similarly for Section 3.2.

— Section 4 —

   An encoder may omit as many right-hand (trailing) bytes which are all
   zero as it wishes.

How does this fit with “Trailing zero bytes MUST be omitted.” in
Sections 3.1 and 3.2?

— Section 7 —

   Identifying which byte sequences in a protocol are addresses may
   allow an attacker or eavesdropper to better understand what parts of
   a packet to attack.

   Reading the relevant RFC may provide more information, so it would
   seem that any additional security that was provided by not being able
   to identify what are IP addresses falls into the security by
   obscurity category.

Does this mean the following (and if so, might this be a better way to say it?):

   Identifying which byte sequences in a protocol are addresses may
   allow an attacker or eavesdropper to better understand what parts of
   a packet to attack.  That information, however, is likely to be
   found in the relevant RFCs anyway, so this is not a significant
   exposure.

-- 
Barry

v2.23.0 | Report a Bug | By Email