IETF Logo Mail Archive

Re: [dhcwg] dhc WG review of draft-ietf-geopriv-lis-discovery-05

"Thomson, Martin" <Martin.Thomson@andrew.com> Thu, 29 January 2009 19:51 UTC

Return-Path: <dhcwg-bounces@ietf.org>
X-Original-To: dhcwg-archive@megatron.ietf.org
Delivered-To: ietfarch-dhcwg-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A252F3A6872; Thu, 29 Jan 2009 11:51:37 -0800 (PST)
X-Original-To: dhcwg@core3.amsl.com
Delivered-To: dhcwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 87A6C3A6990 for <dhcwg@core3.amsl.com>; Tue, 27 Jan 2009 14:06:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.319
X-Spam-Level:
X-Spam-Status: No, score=-2.319 tagged_above=-999 required=5 tests=[AWL=0.280, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zcKhaU+yXyz3 for <dhcwg@core3.amsl.com>; Tue, 27 Jan 2009 14:06:24 -0800 (PST)
Received: from andrew.com (smtp3.andrew.com [198.135.207.235]) by core3.amsl.com (Postfix) with ESMTP id 4ED883A685C for <dhcwg@ietf.org>; Tue, 27 Jan 2009 14:06:24 -0800 (PST)
X-SEF-Processed: 5_0_0_910__2009_01_27_16_25_04
X-SEF-16EBA1E9-99E8-4E1D-A1CA-4971F5510AF: 1
Received: from aopexbh2.andrew.com [10.86.20.25] by smtp3.andrew.com - SurfControl E-mail Filter (5.2.1); Tue, 27 Jan 2009 16:25:04 -0600
Received: from AHQEX1.andrew.com ([10.86.20.21]) by aopexbh2.andrew.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 27 Jan 2009 16:06:04 -0600
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Tue, 27 Jan 2009 16:06:01 -0600
Message-ID: <E51D5B15BFDEFD448F90BDD17D41CFF105581E46@AHQEX1.andrew.com>
In-Reply-To: <F5AAF083-12D4-4D87-AE99-99F9393E3B27@cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [dhcwg] dhc WG review of draft-ietf-geopriv-lis-discovery-05
Thread-Index: AcmAusBcNbI5l/rVRZiU7XFlhWMVKAADb9JA
References: <0B27CAD9-2FEA-4688-B096-8667F35A460B@cisco.com> <3B47C198-A077-4864-858D-AF0061FBC5B4@cisco.com> <20090127193947.GC3215@isc.org> <F5AAF083-12D4-4D87-AE99-99F9393E3B27@cisco.com>
From: "Thomson, Martin" <Martin.Thomson@andrew.com>
To: Ralph Droms <rdroms@cisco.com>, "David W. Hankins" <David_Hankins@isc.org>
X-OriginalArrivalTime: 27 Jan 2009 22:06:04.0368 (UTC) FILETIME=[7273D500:01C980CB]
X-Mailman-Approved-At: Thu, 29 Jan 2009 11:51:37 -0800
Cc: DHC WG <dhcwg@ietf.org>, "Winterbottom, James" <James.Winterbottom@andrew.com>, Richard Barnes <rbarnes@bbn.com>
Subject: Re: [dhcwg] dhc WG review of draft-ietf-geopriv-lis-discovery-05
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dhcwg-bounces@ietf.org
Errors-To: dhcwg-bounces@ietf.org

Hi Ralph, David,

Thanks both for your feedback.

Obviously, I missed a critical piece of text on cardinality.  The intent is to convey one URI with one or more fingerprints.  The URI is the point of the exercise, and the fingerprints describe a property of that URI.  A fingerprint without a URI would be pointless, so I wanted a format that would inherently enforce the restriction.  What Ralph proposes is almost identical to what is in the current draft with the limitation of one (or no) fingerprints.  It would also be possible to overload the meaning of hash-type-len so that a zero length means that there are no more fingerprints, which would allow for multiple fingerprints.

Allowing for multiple fingerprints ensures that new hash functions can be invented and actually used without breaking backward compatibility.  That's the idea at least--I'm sure that our security expert friends would be happy to tell me otherwise if this were a bad or unworkable idea.

For David's benefit, concatenation would only be useful in providing for a longer URI.  I'll take the suggestion on restricting the total option length to 253 and I'll be clearer on the lack of the same restriction in v6.  As an aside, 225 happens to be the length to the URI after a SHA-1 fingerprint is included...I think :)  253 - f-code(1)x2 - hashlen(1) - 'sha-1'(5) -fprint-len(1) - fprint(20) = 224... oh well.

Cheers,
Martin

> -----Original Message-----
> From: Ralph Droms [mailto:rdroms@cisco.com]
> Sent: Wednesday, 28 January 2009 7:06 AM
> To: David W. Hankins
> Cc: Ralph Droms; DHC WG; Richard Barnes; Winterbottom, James; Thomson,
> Martin
> Subject: Re: [dhcwg] dhc WG review of draft-ietf-geopriv-lis-discovery-
> 05
> 
> David - if, indeed, the idea is for one URI, with an optional
> fingerprint, would the following format be sensible and simpler to
> parse?
> 
>      0                   1                   2                   3
>      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |    LIS_URI    |    Length     | Hash-Type-Len | Hash-Type   ...
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |                           Hash-Type (cont.)                 ...
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |  Fprint-Len   |           Fingerprint-Value                 ...
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |                           URI                               ...
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |                           URI (cont.)                       ...
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> 
> where Hash-Type-Len and Fprint-Len are both either zero (no
> fingerprint) or greater than 0 (fingerprint included).
> 
> - Ralph
> 
> On Jan 27, 2009, at 2:39 PM 1/27/09, David W. Hankins wrote:
> 
> > On Tue, Jan 27, 2009 at 06:41:06AM -0500, Ralph Droms wrote:
> >> Can there be more than one fingerprint and more than one URI
> >> carried in the
> >> LIS-URI option?  I don't think the draft explicitly restricts the
> >> option.
> >> Because the URI does not include a length field, it would seem to
> >> limit the
> >> option to one URI, and the fingerprint MUST come before the URI.  I
> >> think
> >> the text should be explicit on this point.
> >>
> >> If I understand this restriction correctly, it may be possible to
> >> simplify
> >> the option syntax by assuming the order and number of fields in the
> >> option.
> >> I'll defer to dhc WG members for opinions on whether there might be
> a
> >> modification to the syntax that would be more in line with existing
> >> options
> >> and implementations.
> >
> > I presumed the intent was to provide only one URI.
> >
> > I think that if you squint and turn your head sideways, the 'f-code,
> > f-length' looks like a suboption (except that the URI's f-code
> implies
> > no length octet, evidently a format size optimization).
> >
> > I want to ask if the idea is to intentionally make a distinction
> > between 'f-code's and suboptions, such as in order to support
> multiple
> > instances of one f-code (and not provoke option concatenation as
> would
> > happen with multiple sub-option codes of the same value).
> >
> > If they can be suboptions, then why not multiple regular options?
> > I think the answer is that the certificate is useless without the
> URI,
> > and vice versa, so if a DHCP server omitted one due to running out of
> > space it is better to omit both.  Containering them together solves
> > this neatly.
> >
> >> The DHCPv6 option doesn't have the 253 byte length restriction.  It
> >> would
> >> be good to mention that difference between the two option versions.
> >
> > I was curious what you meant (253, not 255?), so went back to re-read
> > the draft.  I don't see the number 253 mentioned, nor 255!
> >
> > It /does/ mention '225'.  This appears to be a typo?
> >
> > My only suggestion for the mention of the option size is to refer
> > specifically to the 'length field value', and not to terms like 'URI
> > length' or 'option length', which can be misinterpreted from
> different
> > starting positions.
> >
> > Otherwise I like this approach of referring to the extension of
> option
> > space as a DHCPv4 protocol feature, and not trying to reinvent its
> > specification.
> >
> > --
> > David W. Hankins	"If you don't do it right the first time,
> > Software Engineer		     you'll just have to do it again."
> > Internet Systems Consortium, Inc.		-- Jack T. Hankins
> > _______________________________________________
> > dhcwg mailing list
> > dhcwg@ietf.org
> > https://www.ietf.org/mailman/listinfo/dhcwg
> 

------------------------------------------------------------------------------------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.  
If you have received it in error, please notify the sender
immediately and delete the original.  Any unauthorized use of
this email is prohibited.
------------------------------------------------------------------------------------------------
[mf2]
_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www.ietf.org/mailman/listinfo/dhcwg

v2.23.0 | Report a Bug | By Email