[core] Roman Danyliw's Discuss on draft-ietf-core-sid-22: (with DISCUSS and COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Thu, 26 October 2023 14:43 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: core@ietf.org
Delivered-To: core@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0136FC151524; Thu, 26 Oct 2023 07:43:52 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-core-sid@ietf.org, core-chairs@ietf.org, core@ietf.org, Carsten Bormann <cabo@tzi.org>, jaime@iki.fi, jaime@iki.fi
X-Test-IDTracker: no
X-IETF-IDTracker: 11.13.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <169833143199.10921.3629900073692762292@ietfa.amsl.com>
Date: Thu, 26 Oct 2023 07:43:52 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/DJUXfo-C0JEOliE6mQXaWuJjRs0>
Subject: [core] Roman Danyliw's Discuss on draft-ietf-core-sid-22: (with DISCUSS and COMMENT)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.39
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Oct 2023 14:43:52 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-core-sid-22: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-core-sid/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- ** Section 6.4.3 The ".sid" file MUST NOT be published as part of the RFC: the IANA Registry is authoritative and a link is to be inserted in the RFC. Can the basis for this decision be explained. Why isn't the authoritative source of the SID's coming from the RFC? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- (ballot revised based on telechat discussions) ** Section 2.4 Objective 2 requires that there is only one SID assigner for each module. While neither Objective 2 or this text uses formal normative language, by my read, Objective 2 does not “require” anything. It suggests since (“SHOULD”) is used. ** Section 2.4 Editorial. The text goes through the trouble of introducing “type-1”, “type-2”, etc. However, this taxonomy is not used later in the document. Is it needed? ** Section 5. The Security Considerations helpfully point out the criticality of retrieving the SID files from an authoritative source. How would that work for an entity outside of the IETF? The requirements of a “mega-range” allocations include a few requirements, but nothing explicitly says distribution of SID files. Could something be said? ** Section 5. Conceptually, SID files could be processed by less-constrained target systems such as network management systems. Such systems need to take extra care to make sure that they are only processing SID files from authoritative sources, as authoritative as the YANG modules that they are using. Thanks for flagging this as a security consideration. Rob Wilton also mentioned it in his ballot. I’m a puzzled by this use case. Is this suggesting that “less constrained … systems” would download SID files based on some kind of real-time input? If so, this seems highly problematic because (a) it could leak information to an outside party; and (b) seems like it could cause a DDoS on the distributor of the SID files or even the system itself (depending on the caching strategy). Is the use case here that the SID file would be distributed “offline” by the system vendor or operator through configuration making it more akin to the developer use case mentioned previously? I appreciate that CBOR is intended to be self-describing, but I’m not sure how a network management system would be parsing arbitrary formats. ** Section 6.3.3. “iana.org” is provided as a URL for IANA, but that value is technically not a valid URL (as it is missing a schema). ** Section 6.5.3 After Working Group Adoption, any modification of a ".sid" file is expected to be discussed on the mailing list of the appropriate Working Groups. Specific attention should be paid to implementers' opinion after Working Group Last Call if a SID value is to change its meaning. In all cases, a ".sid" file and the SIDs associated with it are subject to change before the publication of an internet draft as an RFC. This text is here to bring clarity to an important issue, but it isn’t clear to me what it is. The text appears to be describing what is true for any significant change to a WG document. ** Section 6.5.3 Due to the difficulty in changing SID values during IETF document processing, it is expected that most documents will ask for SID allocations using Early Allocations [BCP100]. The details of the Early Allocation should be included in any Working Group Adoption call. ... In all cases, a ".sid" file and the SIDs associated with it are subject to change before the publication of an internet draft as an RFC. -- I have no experience with early allocation of an IANA code point happening concurrent with a WG adoption of a document. Is that common? -- What difficulty is expected in changing SID values? -- Why is early allocation happening if the draft is not stable (which seems unlikely at adoption time)?
- [core] Roman Danyliw's Discuss on draft-ietf-core… Roman Danyliw via Datatracker
- Re: [core] Roman Danyliw's Discuss on draft-ietf-… Carsten Bormann
- Re: [core] Roman Danyliw's Discuss on draft-ietf-… Michael Richardson