Re: [core] Roman Danyliw's No Objection on draft-ietf-core-hop-limit-06: (with COMMENT)
<mohamed.boucadair@orange.com> Tue, 15 October 2019 14:06 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDC94120123; Tue, 15 Oct 2019 07:06:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HFJrxDchg2So; Tue, 15 Oct 2019 07:06:30 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D904120119; Tue, 15 Oct 2019 07:06:29 -0700 (PDT)
Received: from opfedar05.francetelecom.fr (unknown [xx.xx.xx.7]) by opfedar24.francetelecom.fr (ESMTP service) with ESMTP id 46sy042PQLz5vcV; Tue, 15 Oct 2019 16:06:28 +0200 (CEST)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.86]) by opfedar05.francetelecom.fr (ESMTP service) with ESMTP id 46sy040t1Bz2xCT; Tue, 15 Oct 2019 16:06:28 +0200 (CEST)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBMA4.corporate.adroot.infra.ftgroup ([fe80::4538:d7b0:3c64:8ed3%22]) with mapi id 14.03.0468.000; Tue, 15 Oct 2019 16:06:27 +0200
From: mohamed.boucadair@orange.com
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-core-hop-limit@ietf.org" <draft-ietf-core-hop-limit@ietf.org>, Jaime Jimenez <jaime@iki.fi>, "core-chairs@ietf.org" <core-chairs@ietf.org>, "core@ietf.org" <core@ietf.org>
Thread-Topic: Roman Danyliw's No Objection on draft-ietf-core-hop-limit-06: (with COMMENT)
Thread-Index: AQHVg1IR0QgtnvodZ0GDYUrkKtzUlqdboNQw
Date: Tue, 15 Oct 2019 14:06:27 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93303133EC0A@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <157114165574.18182.16808947015511781451.idtracker@ietfa.amsl.com>
In-Reply-To: <157114165574.18182.16808947015511781451.idtracker@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/XT6_MZKfE5cuXbelN6MQvpSEBtI>
Subject: Re: [core] Roman Danyliw's No Objection on draft-ietf-core-hop-limit-06: (with COMMENT)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2019 14:06:32 -0000
Hi Roman, Thank you for the review. Please see inline. Cheers, Med > -----Message d'origine----- > De : Roman Danyliw via Datatracker [mailto:noreply@ietf.org] > Envoyé : mardi 15 octobre 2019 14:14 > À : The IESG > Cc : draft-ietf-core-hop-limit@ietf.org; Jaime Jimenez; core- > chairs@ietf.org; jaime@iki.fi; core@ietf.org > Objet : Roman Danyliw's No Objection on draft-ietf-core-hop-limit-06: (with > COMMENT) > > Roman Danyliw has entered the following ballot position for > draft-ietf-core-hop-limit-06: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-core-hop-limit/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > ** Section 1.0, What is an “involved application agent”? [Med] Agents (client, server, proxy) that are involved in an application-specific communication. > > ** Section 1.1 Per “CoAP proxies that do not have specific knowledge that > proxy > loops are avoided in some way …”, how would a proxy know that? > [Med] Fair point. FYI, this point was raised recently in the WG (https://mailarchive.ietf.org/arch/msg/core/X_4k3i6SMAur5nve-V3N-mkKjKQ), the change we are currently considering is: "New CoAP implementations MUST ..." > ** Section 7. Perhaps also add that a malicious proxy can induce more > subtle > failures than just straight packet drops by manipulating the Hop Limit > value. > [Med] I'm hesitating to add this as this is a variation of the MiTM threat vector (already mentioned in Section 11.2 of RFC7252). > ** Editorial Nits: > > -- Section 1.1. Editorial. s/ The Hop-Limit option has originally been > designed for a/The Hop-Limit option was originally designed for a/ [Med] OK. Thanks. > > -- Section 3. Recommend being clearer on what it means for “Hop-Limit > detection gets broken” when proxies on boundaries re-write the hop limit > value. > Perhaps something on the order of: s/ This modification should be done > with > caution in case proxy-forwarded traffic repeatedly crosses the > administrative > domain boundary in a loop and so Hop-Limit detection gets broken ./ This > modification should be done with caution in case proxy-forwarded traffic > repeatedly crosses the administrative domain boundary in a loop rendering > negating the efficacy of loop detection through the Hop-Limit field. > [Med] Sure. Will consider rewording. > -- Section 4. Per “Only one information per proxy should appear in the > diagnostic payload”, what is “one information” (it seems like a few words > are > missing here)? [Med] This is in reference to the information mentioned in the previous para/sentence: To ease debugging and troubleshooting, the CoAP proxy which detects a loop includes its information in the diagnostic payload under the ^^^^^^^^^^^^^^^^ conditions detailed in Section 5.5.2 of [RFC7252]. That information MUST NOT include any space character. The information inserted by a CoAP proxy can be, for example, a proxy name (e.g., p11.example.net), proxy alias (e.g., myproxyalias), or IP address (e.g., 2001:db8::1). Each intermediate proxy involved in relaying a TBA1 (Hop Limit Reached) error message prepends its own information in the diagnostic ^^^^^^^^^^^^^^^^^^^^ payload with a space character used as separator. Only one information per proxy should appear in the diagnostic payload. > > -- Section 4. Per “Doing so allows to limit the size of the TBA1 …”, this > sentence doesn’t parse for me. > [Med] Can change to: "This approach allows to ....". Better?
- [core] Roman Danyliw's No Objection on draft-ietf… Roman Danyliw via Datatracker
- Re: [core] Roman Danyliw's No Objection on draft-… mohamed.boucadair