[core] Comments on draft-ietf-core-echo-request-tag-02
Jim Schaad <ietf@augustcellars.com> Thu, 11 October 2018 22:17 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96B3212785F; Thu, 11 Oct 2018 15:17:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JPj2aI6kP9Oq; Thu, 11 Oct 2018 15:17:24 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F0471277C8; Thu, 11 Oct 2018 15:17:21 -0700 (PDT)
Received: from Jude (192.168.1.162) by mail2.augustcellars.com (192.168.1.201) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Thu, 11 Oct 2018 15:12:36 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: draft-ietf-core-echo-request-tag@ietf.org
CC: core@ietf.org
Date: Thu, 11 Oct 2018 15:17:12 -0700
Message-ID: <00fa01d461b0$2a314f40$7e93edc0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdRhDB0VTl1oEFpfS0G4KIUfFU0HbA==
Content-Language: en-us
X-Originating-IP: [192.168.1.162]
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/k2n_Au9KbCvc3t3O5AHe8mbUQjY>
Subject: [core] Comments on draft-ietf-core-echo-request-tag-02
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Oct 2018 22:17:26 -0000
I have read this document and I have the following comments: * Introduction - you say several enhancements, but there are only two new options. What are the other enhancements? * Introduction - The sentence "This document specifies ..." this sentence says you are doing two thing and then there are two sentences. I think you can tighten this up with a colon following "Request-Tag option:", delete the rest of this sentence and keep the next two sentences. * Section 1.1 para 1 - I think you should provide a couple of reasons why this is not a suitable solution. I can think of multiple different reasons: a) The amount of traffic and resources required - which may not be a problem with both sides just one. b) Going through proxies where the freshness gets lost as a client renegotiation does not get to the server and a proxy renegotiation says nothing about the client. c) Amount of time involved. * Section 1.3 - I am a bit lost in this section. When doing matches between a request and a response I am matching up the message id and the token if it exists. You need some additional text in here to describe why it is that you are talking about something interesting to me. * Section 2.1 - Something seems to be odd. I don't think the RFC editor note is correct. I think a paragraph must have disappeared. * Section 2.2 - I don't think if you reboot that you have lost time synchronization, rather you have lost time continuity. That said the current term may be state of art and thus correct. To me synchronization implies a minimum of two parties. * Section 2.2 - I think that you need to make some arguments about what happens if an Echo option value is provided to multiple entities either because the server will just re-use it's current value for some period of time after creation (valid for time m and used for time m/3) or because a proxy provides the same answer to two different clients. Note that this seems to be not recommended in item 2 of section 2.3 * Section 2.3 - Item 4 - I don't understand what is going on here. I am not sure what the device is joining as (a responder?) Is the sync done by two unicast messages or a unicast followed by a multicast? * Section 2.3 - Item 5 - I am not sure that this is a reasonable answer for having a proxy sitting there. I could easily be wrong and should probably spend some time thinking about how this does/does not work. * Section 3.1 - The note to the RFC editor has me confused. Firstly, I am not sure why it should be moved rather than just staying here. * Section 3.1 - I think that the value of Request-Tag is potentially going to be different depending on if it is in the inside rather than the outside. You may be doing two different block transfers and each needs its own value. * Section 3.2 - the first paragraph does not scan. I am not sure what it says as it seems to be contradictory. * Section 3.2 - para 2 - The example sentence looks odd. Do you mean it can have a cached response not a free response? * Section 3.2 - para "especially" - I find the first sentence very hard to understand. * Section 3.3 - last para - how do you recycle something that is absent? I think the last clause needs examining. * Section 3.4.1 - Item 2 - how is a client supposed to be able to know this if the proxy in the middle just passes it through w/o changing it? Two different clients could end up with the same Request-Tag. One would hope that they would have different tokens because of the proxy however. * Section 3.4.1 - This seems backwards. I thought that OSCORE was tightly bound to the end point, but this paragraph says it is not. * Section 3.4.3 - You have a "Section TBA" here * Section 3.4.3 - Please keep the section for justification of Request-Tag being repeatable. * Section 5 - I have not seen a justification for this anyplace. * Section 7 - para 1 - What is the problem w/ using an encrypted wall clock time for a timestamp? These text appears to say that this is a bad idea but the issues seem to be with using unencrypted items not with the wall clock. The next sentence makes more sense about why not to use one. * Appendix A - I would think that if you send a 32-bit timestamp in the clear w/ an integrity value that one can start making guesses about some of the same privacy problems as the use of a wall clock. Knowing when a server was last reset could tell you the same things. Jim s/bock-wise/block-wise/ s/incomplte/incomplete/ s/woud/would/
- [core] Comments on draft-ietf-core-echo-request-t… Jim Schaad
- Re: [core] Comments on draft-ietf-core-echo-reque… Christian M. Amsüss
- Re: [core] Comments on draft-ietf-core-echo-reque… Göran Selander
- Re: [core] Comments on draft-ietf-core-echo-reque… Jim Schaad
- Re: [core] Comments on draft-ietf-core-echo-reque… Jim Schaad
- Re: [core] Comments on draft-ietf-core-echo-reque… Göran Selander
- Re: [core] Comments on draft-ietf-core-echo-reque… Jim Schaad
- Re: [core] Comments on draft-ietf-core-echo-reque… Göran Selander
- Re: [core] Comments on draft-ietf-core-echo-reque… Carsten Bormann