Re: [core] Review of draft-ietf-core-echo-request-tag-07

Göran Selander <goran.selander@ericsson.com> Tue, 05 November 2019 14:51 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E123F120B1E; Tue, 5 Nov 2019 06:51:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zczc3-rLAUBH; Tue, 5 Nov 2019 06:51:31 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80087.outbound.protection.outlook.com [40.107.8.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E0C4120905; Tue, 5 Nov 2019 06:38:04 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lZjg6hhb3ayceSSVZeN/OErMiZx/Qh6SOJwFF/qzIRBO0T54tv8UttK0mcglxf1eejAPwuvgxeXxQwtvjlHQeldWR6e5cWlOVErQtbKQlDfZC0eJRPWMVC6DukS1wKFo4Ham92grmmkJ3Dept63yswDtCw749poVmWTmE6tkVTyxjz7kaTZPIftxFhL/oaepX5DwxQ/Yi9sUdKt8aspxf7mrYXHgpPM6e0FD/D3dCFxnN5GVSUAr6AI098T2T05X5NqDBuJKWBrEe9mJmJV0tdRFe5eIMJcE90TfJRmUVtP80Di/LFjyAgOsD+lONzVdys+89Hp9TPByIFn1BSdi4Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4MLHh7wOF2uP3/VPpvstWyCbc1SuBrn8P4M7G+uQXRw=; b=HZc/oZNDSAJimLrhFW3bnCo/u7hYTtznP3nU8kvsw7vTCZp8vEFtNYOf3+cQah2xb3j1VjllougWJQBgstf8bXNUVZ799qTju5jM16+86Y6Sqy1yPVcFTlW6pzb8PAAoxWjvTcofRPOuwEN18Qp7tle2Y905xEoYPqcptzaP8oE244Ui6TL8ojTkrCIH4KhNZ5qQ+8/8zXi4wOpbFAnT+32/WqvhgdVSR4vsF8+J22iAkZW17QArAuj4R0qUAfByDQqq5cd7Rn9mAZxrGiL8OKGSQqLFp26x0yaSeLIathC5AH9u74SbNbInwazzP8T9Bj4pVH/wLU1SWeMAI6CR4g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4MLHh7wOF2uP3/VPpvstWyCbc1SuBrn8P4M7G+uQXRw=; b=dlVBirDcICIyvdSZ//cucPS6JF1gVePv7spD4YHIfhPd7KDo5NCnbzrU7IpD3PwB5dZjcyRpI8Im2Y6eHmG51jYZByEuo2iXuL6xyvH/1N7KwDCh59lE3E2EiCxysEOuAibjXw2Ge4bDOaSOoxQqXRGBzrVb4oWVlLOwwF2GxZc=
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com (20.176.163.140) by HE1PR07MB4220.eurprd07.prod.outlook.com (20.176.168.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.16; Tue, 5 Nov 2019 13:48:58 +0000
Received: from HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::d007:2731:b669:9c13]) by HE1PR07MB4172.eurprd07.prod.outlook.com ([fe80::d007:2731:b669:9c13%3]) with mapi id 15.20.2430.014; Tue, 5 Nov 2019 13:48:58 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Francesca Palombini <francesca.palombini@ericsson.com>, "draft-ietf-core-echo-request-tag@ietf.org" <draft-ietf-core-echo-request-tag@ietf.org>, "core@ietf.org" <core@ietf.org>
Thread-Topic: Review of draft-ietf-core-echo-request-tag-07
Thread-Index: AQHVcui/aH+go2Py6U2ZAyzYnkkAbqd86nyA
Date: Tue, 05 Nov 2019 13:48:57 +0000
Message-ID: <A2F45A66-4FBB-4B00-AEB2-D7C2093DE553@ericsson.com>
References: <A4E2062A-364C-448D-81EF-A96D5E29FCD9@ericsson.com>
In-Reply-To: <A4E2062A-364C-448D-81EF-A96D5E29FCD9@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
authentication-results: spf=none (sender IP is ) smtp.mailfrom=goran.selander@ericsson.com;
x-originating-ip: [192.176.1.87]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 42ad4835-9694-4279-0a3a-08d761f6e87c
x-ms-traffictypediagnostic: HE1PR07MB4220:|HE1PR07MB4220:
x-ms-exchange-purlcount: 2
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <HE1PR07MB4220CCB71883865DC3228AECF47E0@HE1PR07MB4220.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0212BDE3BE
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(366004)(376002)(39860400002)(396003)(136003)(189003)(199004)(66066001)(110136005)(2616005)(446003)(99286004)(66446008)(3846002)(6116002)(2201001)(2906002)(305945005)(33656002)(6246003)(6512007)(966005)(478600001)(66574012)(71190400001)(71200400001)(450100002)(14454004)(14444005)(256004)(25786009)(5660300002)(64756008)(76116006)(85182001)(85202003)(6506007)(8676002)(81156014)(76176011)(2501003)(81166006)(476003)(11346002)(486006)(26005)(7736002)(36756003)(6306002)(86362001)(58126008)(316002)(102836004)(66476007)(66556008)(8936002)(66946007)(186003)(6436002)(229853002)(6486002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4220; H:HE1PR07MB4172.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +a/KpkBUFVw6o8oX6zSrYpHB5fQk0tFNJmxKmDVmN3oqOEfjzSgxxKSHGolmI6FjdFKWs4FRGlO5Km7eBhqtnwvTEpS9kYCFNgbyc53rWMXBf0eGBMl8RMM6AYfkJv/sNbxrfAj3uRoZ+aj8Wy4pTVkCxg0Zc7Vofwnv8/yU4R3NPq0WBTLj5eKcuzUfnSa7fEd/3ECGFJf/1yjRpkceYrpsdsbWX/Wi1DLQlvw41GUXfLbJtifYkH7b58DBJXNkvs+tx1yat/+4Cv7+fgWfmOk9Vb++Kloz4fVQKZ1NAspDZ6hAhfc36Rg4vI+CV2JnTAAAfh+NuWYZ3Y0nHpCjSN4R4M2Xp4Gq07sMz16NMz0S7s+77oNr3X2D1KLUUcuRbhq6HnPTS0IR8GE2o6rh0qA1JIIQ5pM8yZQj2pPqTcISQRKyd8cpedVAvZ+oeII4NGMBEh0f1ENV5vl/u11NpAWgA7eWsk1wzL4VJ2kVfmQ=
Content-Type: text/plain; charset="utf-8"
Content-ID: <5CEE7563B70F73468DCEECC73CA36052@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 42ad4835-9694-4279-0a3a-08d761f6e87c
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2019 13:48:58.1109 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 89yBwn1epx270acLw06oMBIiPt/3TXk/riujRKfBGDQqhuOkhDkLE3Edm+ApBfeuf9a9iu3fn4nh3vyq6O/XkcX6dETJOv84ppljX7j1N2I=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4220
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/Nz0u7aUa4G8UWuLuphaZiCNlhRo>
Subject: Re: [core] Review of draft-ietf-core-echo-request-tag-07
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2019 14:51:41 -0000

Hi Francesca, 

Please find inline the remaining comments responding to your review.  (The other part is here: https://mailarchive.ietf.org/arch/msg/core/ccN-2OIAtrScW9u-ddhiBf4tmzc)

The changes are tracked on the CoRE WG github and proposed resolution is compiled in -08 which was submitted yesterday:
https://tools.ietf.org/html/draft-ietf-core-echo-request-tag-08


On 2019-09-24, 17:00, "Francesca Palombini" <francesca.palombini@ericsson.com> wrote:

    Finally, I have compiled a list of nits and will soon make a PR for it.

GS: Looking forward to that!

    # High level suggestions #
    
    * Move the Terminology section (current section 1.4) as section 1.1 (under Introduction).
    
    * Current sections 1.1, 1.2, 1.3 are very useful background sections about the problem this document sets out to solve. I do not see why they need to be in this order, for readability I would have: 1.1 as new section 2.1, moving the text in 2. to the current 2.1 (that would become 2.2); 1.2 as new section 3.1, moving the text in 3. to current 3.1 (new 3.2); 1.3 as new section 5.1, old 5. text becoming 5.2. This will require mainly copy-paste and minor introductory text in sections 2, 3, and 5.
    
    The goal with this restructuring would be to help keep the 3 parallel topics in focus (Echo options, Request Tag option, Token update), without having to switch from one to the other.
    
GS: These changes are in -08.

    * Move appendix A to the main body: there is already RECOMMENDED text, it would fit to have that as the last subsection of the Echo section.

GS: This we didn't do to avoid the details of this example in the main body.
    
    # Questions, Open points #
    
    * Section 1.4
    
    "   (Concurrent block-wise request operations are impossible with the
       options of [RFC7959] because the second operation's block overwrites
       any state of the first exchange.).
    "
    
    I believe this is true, but could you point to the section that states that? I didn't manage to find it while checking.

GS: Reference to section in RFC 7959 is now stated.

    
    * Section 2.1
    
    "   When receiving an Echo option in a request, the server MUST be able
       to verify when the Echo option value was generated.  This implies
       that the server MUST be able to verify that the Echo option value was
       generated by the server or some other party that the server trusts.
    "
    
    I don't necessarily agree with the "This implies", would just replace with "and". These are two parallel requirements.

GS: Agree. "This implies" is removed and sentence rephrased.
    
    * Section 2.1 : event-based freshness is mentioned, but no example of it is given of how that would work with the echo option, while the time based one is quite clear thanks to the example in Figure 2. Would it be possible to add one for an event based as well?

GS: Included.
    
    * Section 2.2
    
    "  The server MAY include the same Echo
       option value in several different responses and to different clients.
    "
    
    First, I was confused about this: I wondered if "different responses" referred to different response codes or actual responses. I think the answer is both is correct, but here you meant actual responses; this would need more discussion on why re-using the same option value is OK (i.e. highlight this is not a binding of response to next request, it just provides freshness). If that is already done elsewhere, I missed it.
    
GS: A following sentence is added to clarify this.


    * Section 2.2
    
    "...  the
       server MUST use the Echo option to verify that the request is fresh
       enough. 
    "
    
    A RECOMMENDED way of specifying "fresh enough" would be good, to help implementers. For time based, it would be enough to point to Figure 2. For event based, I don't know.
    
GS: Removed "enough".  Is that better?


    * Section 2.2
    
    "
    When used to serve freshness requirements (including client aliveness
       and state synchronizing), CoAP messages containing the Echo option
       MUST be integrity protected between the intended endpoints, e.g.
       using DTLS, TLS, or an OSCORE Inner option ([RFC8613]). 
    "
    
    Why do the both messages (request and response) need to be integrity protected? 

GS: Because we don’t have a mechanism for mixing integrity protected messages with non-integrity protected messages.

Also Inner option is not used for protecting CoAP messages, but options.

GS: Changed "CoAP messages containing the Echo option" to " the Echo option value"

 So I am a bit confused if here you meant option (which is a different discussion) or message. Also the following sentence ("when used to demonstrate...") belongs with the discussion about the option being Inner or Outer (Section 2.1 4th par), rather than here where we are talking about the message.
    
GS: Section 2.1 deals with OSCORE, but this statement is more general.  We think it is better to keep here: This paragraph describes when and when not to integrity protect.


    * Section 2.3
    
    "
    the authority of the property
    "
    
    can you explain this terminology?

GS: Yes, see if you agree.
    
----------------------------------------------------->8

    * Section 3.2
    
    "
      They can
       still be treated as independent messages by the server (e.g. when it
       sends 2.01/2.04 responses for every block), or initiate a new
       operation (overwriting kept context) when the later message carries
       Block1 number 0.
    "
    
    I have a hard time parsing/understanding this paragraph, particularly from "or initiate..."
    
    * Section 3.2
    
    I am not sure it is said anywhere what the server should do if it supports the Request-Tag option and it receives it in a non-blockwise message... I guess just discard, but it would be good to explicitely state.
    
    Also, could this option be used for something else? For example, I am thinking of Observe operations, re-registration... Does not need to be defined here, but if we MANDATE that it can only be used with blockwise, we are practically stopping any other use that might come up...
    
    * Section 3.3
    
    "
       Clients MUST NOT recycle a request tag unless the first operation has
       concluded. 
    "
    
    in the case where a client supports but does not use Request-Tag, this implies "concurrent block operations without Request-Tag are not allowed". If that is the case, I would like that to be stated explicitely.
    
    (also minor, I'd like to add "that support Request-Tag" after "Clients")
    
    * Section 3.3
    
    The last sentence gives some requirements about where the Request-Tag option can/musty be used per message. I felt the document was missing on usage requirements (e.g. if it is set, it MUST be set for all requests for a specific operation)
    
    * Section 3.4.2
    
    "
       When initializing a new block-wise operation, a client has to look at
       other active operations:
    
       o  If any of them is matchable to the new one, and the client neither
          wants to cancel the old one nor postpone the new one, it can pick
          a Request-Tag value that is not in use by the other matchable
          operations for the new operation.
    
       o  Otherwise, it can start the new operation without setting the
          Request-Tag option on it.
    "
    
    Does not cover the fact that Request-Tag can be omitted if that is a different from the other matchable operations. ("pick a new value" excludes it)
    
    * Section 3.4.3
    
    I believe this section is missing something on the lines of: 
    
    "Proxies that are aware of this specification can modify their implementation to simply forward block operations."
    
    Would you agree?
    
----------------------------------------------------->8


    * Section 6
    
    Missing references/terminology for monotonic and wall clock.

GS: Monotonic clock seems to be well defined. We removed the reference to wall clock.

    
    * Section 6.1
    
    cought a couple of normative text not being normative:
    
    "message must be discarded"
    
    "approach is recommended"
    
    "need to be blacklisted"
    
    Any particular reason why?

GS: The first and third are not normative -- we clarified that. The second one is so we made it upper case.

Thanks,
Göran