Re: [DNSOP] Genart telechat review of draft-ietf-dnsop-session-signal-11

"Joel M. Halpern" <jmh@joelhalpern.com> Thu, 05 July 2018 22:19 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B43A130FE4; Thu, 5 Jul 2018 15:19:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7O_IiYmynUhi; Thu, 5 Jul 2018 15:19:48 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7455D130FA6; Thu, 5 Jul 2018 15:19:48 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 5B3938A08CC; Thu, 5 Jul 2018 15:19:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1530829188; bh=omrw2csw73fYq/kdJpJRULXD3kQYy42YcfwNXrTr7uk=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=kQMDkJIdXMymOcfyMqgRBEVT3K2rAypclmoMIWQVTI/usX+xU4AdMPdPjiU7slhWb cUgZQO/lqhgT5odo0DknT8dwOtyNzT/xB4IXzZ30FBM/w8ljrfS24c+l3XZArHMZnJ oHlHwKEdg2IGW+ViHjO3S4rptG2E/td/G89st4Ec=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 9241A8A08CB; Thu, 5 Jul 2018 15:19:47 -0700 (PDT)
To: Ted Lemon <mellon@fugue.com>
Cc: General area reviewing team <gen-art@ietf.org>, draft-ietf-dnsop-session-signal.all@ietf.org, dnsop WG <dnsop@ietf.org>, ietf <ietf@ietf.org>
References: <153082732415.26353.11898401544902479901@ietfa.amsl.com> <CAPt1N1m32w=74pA736wbbJGj3D-gcW93+DYcNfAp-M0vfov0dA@mail.gmail.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <99295cd6-d9f0-a60d-381b-8d57658ed701@joelhalpern.com>
Date: Thu, 5 Jul 2018 18:19:46 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <CAPt1N1m32w=74pA736wbbJGj3D-gcW93+DYcNfAp-M0vfov0dA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/k8yjAWdwcIKdBYELQXk-VjjEiH4>
Subject: Re: [DNSOP] Genart telechat review of draft-ietf-dnsop-session-signal-11
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jul 2018 22:20:04 -0000

In line.  The general point is that the document should be clear to 
readers who understand the space but do not live it at the detail of 
those who authored it.

Joel

On 7/5/18 6:13 PM, Ted Lemon wrote:
> Joel, it's immaterial whether the DSO engine responds in time or not.   
> If it responds in time, the ack and the response will be combined; if it 
> does not, then Nagle's algorithm will ensure that the ack goes out, and 
> the response will go out in a later packet.   Either outcome is fine.   
> There is no need to caution the implementor that they should ensure a 
> quick response—if they don't care to get the response out in 200ms, they 
> obviously don't care about performance, and that's perfectly fine.   It 
> is absolutely /not/ a requirement that they do so.   The point of this 
> text in the document is to inform implementors that /do/ care about 
> performance about the interaction between Nagle and DA.

The text says that combining will happen.  I am well aware that if the 
processing is in time, that is normal processing.  But that is not what 
the text says.  It would take about a sentence to fix the text to match 
what you describe above.

> 
> We looked at your comment about middleboxes and couldn't figure out what 
> problem you are trying to solve here.   If a middlebox is not DSO-aware, 
> it's going to prevent DSO from working (which would be correct), or else 
> forward it unchanged (which would also be correct).   The text is an 
> admonishment for implementations that are DSO-aware.   If an 
> implementation is not DSO-aware, then adding text to instruct the 
> implementor, who presumably will not read it, doesn't make sense.

The text says that middleboxes MUST NOT blindly forward DSO messages. 
Your text above says that actually it doesn't matter, and no, existing 
middleboxes will not comply with this MUST NOT.  A MUST NOT in a 
document is generally a statement that things will break if they behave 
wrong.  Thus, what the document says, combined with your behavioral 
description, is that existing middleboxes will break DSO.  I doubt that 
(which is why I consider this minor rather than major.)  Please fix the 
text to either not require changes to existing middleboxes or to explain 
to readers why and how existing middlebox will comply with the MUST NOT.


> 
> Your proposed change to 5.2.2 seems fine to me—I don't remember what 
> happened with that.
> 
> On Thu, Jul 5, 2018 at 5:48 PM, Joel Halpern <jmh@joelhalpern.com 
> <mailto:jmh@joelhalpern.com>> wrote:
> 
>     Reviewer: Joel Halpern
>     Review result: Ready with Nits
> 
>     I am the assigned Gen-ART reviewer for this draft. The General Area
>     Review Team (Gen-ART) reviews all IETF documents being processed
>     by the IESG for the IETF Chair. Please wait for direction from your
>     document shepherd or AD before posting a new version of the draft.
> 
>     For more information, please see the FAQ at
> 
>     <https://trac.ietf.org/trac/gen/wiki/GenArtfaq
>     <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>>.
> 
>     Document: draft-ietf-dnsop-session-signal-11
>     Reviewer: Joel Halpern
>     Review Date: 2018-07-05
>     IETF LC End Date: 2018-06-25
>     IESG Telechat date: 2018-08-02
> 
>     Summary: This document is ready for publication as a Proposed
>     Standard RFC
> 
>     Some of my earlier comments have been addressed.  It appears that an
>     effort was
>     made to address more, but I was apparently unclear.  I have copied
>     the comments
>     that seem to still apply, with elaboration.  If I am still unclear,
>     please
>     contact me.
> 
>     Major issues: N/A
> 
>     Minor issues:
>          Section 5.1.3 places some requirements on application level
>     middleboxes,
>          and includes a very clear explanation of why it places these
>     requirements.
>          While it may be "obvious" to one who lives and breathes DNS, I
>     think it
>          would help to explain why the usual operation of an existing
>     middlebox will
>          (typically? always?  inherently?) meet this requirement.  To
>     rephrase, the
>          text says things like "the middlebox MUST NOT blindly forward
>     DSO messages
>          in either direction." Apparently, somehow, the existing world
>     middleboxes
>          will do comply with this.  How?
> 
>          The third and fourth paragraphs of section 5.2.2 do not talk
>     about optional
>          additional TLVs.  It would be helpful if the document stated
>     that in
>          addition to those additional TLVs required by the primary TLV,
>     other TLVs
>          may be included based on their individual definition,
>     independent of the
>          definition of the primary TLV.  (Both the Encryption padding
>     and the delay
>          retry TLVs may be included in suitable messages without being
>     called out in
>          the definition of the primary TLVs.)
>          An effort appears to have been made to address this, which
>     suggests I was
>          unclear.  The text says:
>              A DSO response message may contain no TLVs, or it may be
>     specified to
>              contain one or more TLVs appropriate to the information being
>              communicated.
>          The definition of the specific response messages does not
>     discuss the
>          encryption padding or delay response TLVs.  They are clearly
>     intended to
>          be allowed.  So can we tune the text to make that clear.  I
>     think the
>          intention is that the specification of the response message
>     indicates which
>          TVLs are required, and that others are allowed.  So say that.
> 
>     Nits/editorial comments:
>          Section 5.4 talks about by default the TCP data ack and the DSO
>     reply
>          message being combined.  Doesn't this depend upon the
>     responsiveness of the
>          DSO engine?  Is there an implicit assumption about such
>     timeliness (sub 200
>          ms)?
>          I suspect from the lack of comment on this that I am missing
>     something
>          obvious?
> 
> 
>