IETF Logo Mail Archive

Re: [DNSOP] Genart telechat review of draft-ietf-dnsop-session-signal-11

Ted Lemon <mellon@fugue.com> Thu, 05 July 2018 22:28 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2CA3130DD9 for <dnsop@ietfa.amsl.com>; Thu, 5 Jul 2018 15:28:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UbY0_iT8M8EK for <dnsop@ietfa.amsl.com>; Thu, 5 Jul 2018 15:28:44 -0700 (PDT)
Received: from mail-it0-x244.google.com (mail-it0-x244.google.com [IPv6:2607:f8b0:4001:c0b::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99E5B130DF6 for <dnsop@ietf.org>; Thu, 5 Jul 2018 15:28:41 -0700 (PDT)
Received: by mail-it0-x244.google.com with SMTP id d191-v6so3578872ite.1 for <dnsop@ietf.org>; Thu, 05 Jul 2018 15:28:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=jJfZJQfbuoDpbuY4M6XfYEzceJkkjBngaYPmXOZPmN8=; b=Y3WhB4rEHGcR4CPLU+jD4lY/aryYm+boh9MfniAW853QkRfbcZT9JeJTi/YqR/qljP nuu0ywF9V7zFr+n6KPYjV2EI5cdkp/Ci0D3rxEvRUEybyvjNncBb4AvkJhkwOxDmn7ni Wt8ou7xKb34U3YWPGI1xaWcfNqQaQY+j9UGCYo2XvVPhnLTbNWqETLnRh9XLcWGGVvpa 333CA6kXEqnNT6wqLvIjwwc8sGcS4s3yIlXD9ROA4KyexVISqVB1CdBk0PgaFfDCZplB BH6GlVC6b5OX+OWeuPKjRME3aJw4xnyMbp2YsYSQIWmCf4T3fPmZJZFgKaAN4U7IIk79 Rjxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=jJfZJQfbuoDpbuY4M6XfYEzceJkkjBngaYPmXOZPmN8=; b=DyHyNvHF6buxkTDRx7fexI3h2kWAUDpUzsrIW0PWTo2g0LxQkpQflbhShjB9j4Bos+ AKPvscsY/ouhgv2zhM35Aa/xbm0V9FONh9VTkmWQ16hJAMfs3BvS4jOVsHU75RSOJWCk 0U+Luo40MwMkihpMEK6F7o4b4QJbuxlIPd7ONS5HJ9zPqz06ejskZMGjq1pBF9TrQw6m Q3uIfgx02zqanMMMsXYXkFfLG9ZWEpAlYeQCtxPobDGFa0DtxTsJOQAVnaMBsOViXwkX V9JTmXHAngr/QIDa0viotojllIg7jgN6IrGq5ihkzXDyg1kxXt6U+CqlAT6XUoU9KM4G 00ZA==
X-Gm-Message-State: APt69E3OsZBbWbxVxoqDjihSG0ZjCLLZyKMsCKE9bUltoSl7fNOfypF3 n76IlSYnb6TemoYL9FWD5bJR3r1H9wB/uAP1PyjJww==
X-Google-Smtp-Source: AAOMgpd0KsFl6rN+fm0gue09xHLKbe5cNRhf8bSzxiVk0+tkSZwgBEds23tWdqqdW2M458nXkEKuc5GvgCpSeE8LJY4=
X-Received: by 2002:a02:b70b:: with SMTP id g11-v6mr6618633jam.34.1530829720810; Thu, 05 Jul 2018 15:28:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:5f86:0:0:0:0:0 with HTTP; Thu, 5 Jul 2018 15:28:00 -0700 (PDT)
In-Reply-To: <99295cd6-d9f0-a60d-381b-8d57658ed701@joelhalpern.com>
References: <153082732415.26353.11898401544902479901@ietfa.amsl.com> <CAPt1N1m32w=74pA736wbbJGj3D-gcW93+DYcNfAp-M0vfov0dA@mail.gmail.com> <99295cd6-d9f0-a60d-381b-8d57658ed701@joelhalpern.com>
From: Ted Lemon <mellon@fugue.com>
Date: Thu, 05 Jul 2018 18:28:00 -0400
Message-ID: <CAPt1N1kONQdS7oO5LGL+te0mBA+sLUGFpPwZZCBJrACzN1S1LA@mail.gmail.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
Cc: General area reviewing team <gen-art@ietf.org>, draft-ietf-dnsop-session-signal.all@ietf.org, dnsop WG <dnsop@ietf.org>, ietf <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b894620570481102"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/8lS-f_JOfsgbpk9xMWH4j4YPnbM>
Subject: Re: [DNSOP] Genart telechat review of draft-ietf-dnsop-session-signal-11
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jul 2018 22:28:47 -0000

The text also says that it's fine to blindly forward DSO messages if the
middlebox isn't modifying the stream, e.g. in a NAT.   It really is quite
clear on that point.   The case where it's bad to blindly forward DSO
messages is when there is no stream that's the same stream on both sides of
the middlebox.   In this case, it really is a MUST NOT.   What reader's
need are you trying to address here?   Who is going to be reading the
document and is going to be confused about this?

As far as I can tell, the text on Nagle is correct, and you haven't pointed
to an error.  You appear to have said that you want it to place a new
requirement on the sender to respond within the 200ms DA window.   This is
unnecessary.   What am I missing?

On Thu, Jul 5, 2018 at 6:19 PM, Joel M. Halpern <jmh@joelhalpern.com> wrote:

> In line.  The general point is that the document should be clear to
> readers who understand the space but do not live it at the detail of those
> who authored it.
>
> Joel
>
> On 7/5/18 6:13 PM, Ted Lemon wrote:
>
>> Joel, it's immaterial whether the DSO engine responds in time or not.
>>  If it responds in time, the ack and the response will be combined; if it
>> does not, then Nagle's algorithm will ensure that the ack goes out, and the
>> response will go out in a later packet.   Either outcome is fine.   There
>> is no need to caution the implementor that they should ensure a quick
>> response—if they don't care to get the response out in 200ms, they
>> obviously don't care about performance, and that's perfectly fine.   It is
>> absolutely /not/ a requirement that they do so.   The point of this text in
>> the document is to inform implementors that /do/ care about performance
>> about the interaction between Nagle and DA.
>>
>
> The text says that combining will happen.  I am well aware that if the
> processing is in time, that is normal processing.  But that is not what the
> text says.  It would take about a sentence to fix the text to match what
> you describe above.
>
>
>> We looked at your comment about middleboxes and couldn't figure out what
>> problem you are trying to solve here.   If a middlebox is not DSO-aware,
>> it's going to prevent DSO from working (which would be correct), or else
>> forward it unchanged (which would also be correct).   The text is an
>> admonishment for implementations that are DSO-aware.   If an implementation
>> is not DSO-aware, then adding text to instruct the implementor, who
>> presumably will not read it, doesn't make sense.
>>
>
> The text says that middleboxes MUST NOT blindly forward DSO messages. Your
> text above says that actually it doesn't matter, and no, existing
> middleboxes will not comply with this MUST NOT.  A MUST NOT in a document
> is generally a statement that things will break if they behave wrong.
> Thus, what the document says, combined with your behavioral description, is
> that existing middleboxes will break DSO.  I doubt that (which is why I
> consider this minor rather than major.)  Please fix the text to either not
> require changes to existing middleboxes or to explain to readers why and
> how existing middlebox will comply with the MUST NOT.
>
>
>
>> Your proposed change to 5.2.2 seems fine to me—I don't remember what
>> happened with that.
>>
>> On Thu, Jul 5, 2018 at 5:48 PM, Joel Halpern <jmh@joelhalpern.com
>> <mailto:jmh@joelhalpern.com>> wrote:
>>
>>     Reviewer: Joel Halpern
>>     Review result: Ready with Nits
>>
>>     I am the assigned Gen-ART reviewer for this draft. The General Area
>>     Review Team (Gen-ART) reviews all IETF documents being processed
>>     by the IESG for the IETF Chair. Please wait for direction from your
>>     document shepherd or AD before posting a new version of the draft.
>>
>>     For more information, please see the FAQ at
>>
>>     <https://trac.ietf.org/trac/gen/wiki/GenArtfaq
>>     <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>>.
>>
>>     Document: draft-ietf-dnsop-session-signal-11
>>     Reviewer: Joel Halpern
>>     Review Date: 2018-07-05
>>     IETF LC End Date: 2018-06-25
>>     IESG Telechat date: 2018-08-02
>>
>>     Summary: This document is ready for publication as a Proposed
>>     Standard RFC
>>
>>     Some of my earlier comments have been addressed.  It appears that an
>>     effort was
>>     made to address more, but I was apparently unclear.  I have copied
>>     the comments
>>     that seem to still apply, with elaboration.  If I am still unclear,
>>     please
>>     contact me.
>>
>>     Major issues: N/A
>>
>>     Minor issues:
>>          Section 5.1.3 places some requirements on application level
>>     middleboxes,
>>          and includes a very clear explanation of why it places these
>>     requirements.
>>          While it may be "obvious" to one who lives and breathes DNS, I
>>     think it
>>          would help to explain why the usual operation of an existing
>>     middlebox will
>>          (typically? always?  inherently?) meet this requirement.  To
>>     rephrase, the
>>          text says things like "the middlebox MUST NOT blindly forward
>>     DSO messages
>>          in either direction." Apparently, somehow, the existing world
>>     middleboxes
>>          will do comply with this.  How?
>>
>>          The third and fourth paragraphs of section 5.2.2 do not talk
>>     about optional
>>          additional TLVs.  It would be helpful if the document stated
>>     that in
>>          addition to those additional TLVs required by the primary TLV,
>>     other TLVs
>>          may be included based on their individual definition,
>>     independent of the
>>          definition of the primary TLV.  (Both the Encryption padding
>>     and the delay
>>          retry TLVs may be included in suitable messages without being
>>     called out in
>>          the definition of the primary TLVs.)
>>          An effort appears to have been made to address this, which
>>     suggests I was
>>          unclear.  The text says:
>>              A DSO response message may contain no TLVs, or it may be
>>     specified to
>>              contain one or more TLVs appropriate to the information being
>>              communicated.
>>          The definition of the specific response messages does not
>>     discuss the
>>          encryption padding or delay response TLVs.  They are clearly
>>     intended to
>>          be allowed.  So can we tune the text to make that clear.  I
>>     think the
>>          intention is that the specification of the response message
>>     indicates which
>>          TVLs are required, and that others are allowed.  So say that.
>>
>>     Nits/editorial comments:
>>          Section 5.4 talks about by default the TCP data ack and the DSO
>>     reply
>>          message being combined.  Doesn't this depend upon the
>>     responsiveness of the
>>          DSO engine?  Is there an implicit assumption about such
>>     timeliness (sub 200
>>          ms)?
>>          I suspect from the lack of comment on this that I am missing
>>     something
>>          obvious?
>>
>>
>>
>>

v2.23.0 | Report a Bug | By Email