Re: [DNSOP] Suresh Krishnan's No Objection on draft-ietf-dnsop-dns-capture-format-08: (with COMMENT)

Jim Hague <jim@sinodun.com> Thu, 22 November 2018 12:53 UTC

Return-Path: <jim@sinodun.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BBF6129AB8; Thu, 22 Nov 2018 04:53:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sinodun.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z38jKE3iylYC; Thu, 22 Nov 2018 04:53:26 -0800 (PST)
Received: from haggis.mythic-beasts.com (haggis.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A88D1271FF; Thu, 22 Nov 2018 04:53:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sinodun.com ; s=haggis-2018; h=Date:From:To:Subject; bh=S85brWxUELO13v0vSbC+VkjM8TWauUHXJUtYJpX2SKQ=; b=tFEcWTXa9+M2tc+qY6Vci27hJ5 suzppud+4CQPjDSmk5TFt6qQ9BpwkirIckoVXHOIRV3Ca6P3uyaBKXDlXSiMt8Ed9kr4kIj7mXNFS UAoWlSseuHqtilqVeSIYRvg5dRHatfmv6SW/Wjtn4RjA/8HsIEeMEH7rb7ChJrUFN1kf4viRlMRc5 R/ROOuM3opzU2F3PEY0bgydL7WPvrsDLwz+WwgxK4mCfpbUnLZRsXvvxDPs2ZDlpHyfK6WtZ4qmz3 PWmUhqBj8BfevHca6JSLX3vGHpkEMdvHOiXxng1PM2nmiFWcGl5iy1nr20J8H/uzzmhO8tJUGLINa MRyAWV/A==;
Received: from [2001:b98:204:102:fff1::11] (port=61778 helo=Jims-iMac.local) by haggis.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <jim@sinodun.com>) id 1gPoU0-0006zS-Gl; Thu, 22 Nov 2018 12:53:24 +0000
To: Suresh Krishnan <suresh@kaloom.com>, The IESG <iesg@ietf.org>
Cc: draft-ietf-dnsop-dns-capture-format@ietf.org, Tim Wicinski <tjw.ietf@gmail.com>, dnsop-chairs@ietf.org, dnsop@ietf.org
References: <154281142792.11466.13031799522956020256.idtracker@ietfa.amsl.com>
From: Jim Hague <jim@sinodun.com>
Openpgp: preference=signencrypt
Autocrypt: addr=jim@sinodun.com; prefer-encrypt=mutual; keydata= xsFNBFjma08BEADHz5x1FKpV7GGMzaXlnC88O+f9iJjkajqdk8YJFS9GBB4X0RnJvew5Ek/Q yTbalhhg8lkMcDkJlW6/l+XPuwTeChLdF83c8yUW49gJ1xN2YP0pew38JzXUpeHC/JLY1FYb canohDqWojY/chE4tscGKehmmHRkneTdtZgreCNMi4cpqu4PsWiJkbBLwRlTTtq0eIUBLCcF 3/Q8Um3SXuKcXhO9XVSNIP/wHUKkZcIBJ2ZWIQYHefuos56BAZOuaV5lPkgaAcb/o72hyU+l yKF87J/srK0PIXK9WcyOYW77N8XDjr9z9W9YIPVrYfX/9DuwibJd9KfdN36T7MbYZW4sensn FsJ9SRhv7cCAcpYCLQtzVYaJ8d8OY4UJSpV3uXH/TZ0lmIH2h0M9m+5LxjyFkoeR1Dbb+OO5 P7X+lx+7kNz34fbwFoXgSWqCPOtJLHR4qejUG3oXGgfi4rBC2336Fv26og27j7TVwRlLeYF1 79/drAcsNS2SiH4v2/Frf44nKh0f6GlufcZVJSnXviMzubDedgTWsqqf8t2pjHDwWTfcGa1s plQ5rClRv43aa/QLC4+lid1MA3bHgtufPDZWz1kFmEMm+lAuFNzoQakcWm8OweN5s/MgkUFj lV/VtvmsrIt9D3BL4F5fxDG9hWwOOIwUXiCRAg57XYdTqTwa6wARAQABzRxKaW0gSGFndWUg PGppbUBsdW5jaC5vcmcudWs+wsF6BBMBCgAkAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheA BQJY5mwQAhkBAAoJEO4RoliWIemRZnEQAJMfSE1ylcKl22uaFKyE2Yg5sH0FyEdTiA8cFr2w 3Xc05Aqpv2MDko39iUfqR9AROPZNyHJtVrWrG4xicEVI/ZVHq5ujtFgllHWeoTD9X3LzvvJr 6Xogh6ZHtuJkRW05sA6dz0J/eD1bGAi7vcE0/hUo7+zpaUxNMXhn9eSjMLcSNPTfCRbeLSZb 1ooe88jNzJ5oDHz8+rCckTe38Qea+jGI0+EeG5fZkRGZiNcOV7xEcjJPRRsANX71oufj+7ZH rYAF0zSst+W29siAxL/rpMcZzqakt8bt25uMvbLlqgusLYeyKKkNRPaGYmqVzekWL2OceaLf yKr05X2LsZqcvgDfnpK0XJqOqztHudQdgutyhuzsla1JEV8TBg0Siqv7i7/osGo36EO5+FTr BQmX8tqQUiGTAOuEowr9UxznBlflGTrwd1Nfln6bNeGaAFs9k9yPQSlbnnY+VAU0fuffGYt/ Yyp3r3R+EyBWsejbXiba0/wBNczDqaJPJAhnswel1qSV1Aw6UyvG673ewLwqPdI+qz67x7yO K0MRTDW/5Vec3MyTBHjcycbkvP9gr1hyNZhHLUiK3/vfzhocMUGzRYpFuF82r/ouPuFgRsC7 KHVh2LKJk7tKvxB3ozpnHv8GAgQ3GvFVrGIzzYxF3ZL3mVJO1JNH+cJU84F9RRgErdcVzsFN BFjma08BEADxnGIWD0IRk/SMBL/nIebJN2i86SNLmjGWBbzM/DAIFylRrxzGL3eewsPd15Va IToMb7OsxK22aAXv/CqoTQFpLvNIV3gKuSvUiUun2Aas9V3yKFWnjyvmJpSzWIfhr+IsBdC5 StlQtgVlk9jcFoIpqaVTgPK8DUZzrWKEHObqeUQde9rbqlbL3wUiYaAsC9R2JQrdoSEG8fhS jdmDGicTFJPJdyoaHQz/YhyqpH5aEs5eLTgtWMeNRkgBH7wgJmH0Gn8oSHEf4JVmSdz+TgWK DaHvoP9KgoLOZEK3Q1pCDT6/EQgo9B07nej1e22ld7JGEbVCWy9IeQrOZ95YHypWiqXyQsi4 vYTp4bYhLqW4aHZJeF2Ic+3sTng53OrV5oqL4ExuIYbNbG/6To7xxvcnVlQme5x7bNbPuiZy rPyj8Cid0xI0FuWiGOh9v0nEC0zVTaAwjX82h5f9f0USYRfdYTIkoQiVE57kCQdNF7aJnJdB lxWIxKlrsfN2WgMVv4NBSgQCbq6uZF3bHPfAhF82j47JeC1sFkRnJf5y7EsKNkvT++1J6bRJ 0qD6WC+1v53iMh3Nx63/F4a7L3iBY6Q/4ITUPzA0OkVqw4oqHHgIsqx18pIzeDgCYMK7d/Vx awWiFsNNExtIpTjsSYJyxB9rOJO3yccVjxO1C1pExwMXTQARAQABwsFfBBgBCgAJBQJY5mtP AhsMAAoJEO4RoliWIemRBRUP/3LMVCCtcvHUAd61nkr2LTSPQW7Y9+he/BU672mUp3OPrtL/ wF3Cg+JQR30bJC6ztY5wAWrKoB8A380GmhhBa4havapzfp+vXvHxU4LW+ie/lE0sGneRDN1t wGkvhLRH6NGhjOEd5zWDm4D/zOzubBB5FZ4E70yadzZmzsQC7XIk28WfGDHysHJTEMmOklWy UEMF6oWvygaEMHC/lgxXYORYDA5LeElOtPbvHeRaazX74yUCTaA7w4810Dxd7aXMS+7yK3/e 2qucM6VVWb5O7bdKckJBrBxAe7BpzH2in+nA2TDoMQRCukGsnOQreQX8ulQVDC3ZEmvHmErd NHVBrcbxb5hBrnykNHy7jkNqxsS5xNJqfdo0Xa0NdD5QIZGydF4Q2J102f1eB3FpzGCugx+z sPdMFv0YKEBfS00GwCZepv/2TS0fMRwgVsjKuxkTFWklIgOWIiDrq8taSS5VXiOzxWmG0/CK XUXRviyrZ7ATwI+CqJvnbKVat1Tzu2AjtsY/jtCOpDsfwNrESQllrh4LIclNi5EojBC+h5H9 6bByZCh2/UszlhlEewHglNXSAXElQJRmC/R8ON0uHU30ZcWTzS1ohTTz1Rzo2Y27A54OxXRM IjMZr6g+IfF9Ya5kMWMIK/+c7y0Q2YWmpCO0cAWQjYN0TPWSQ0H08pfNFG9P
Organization: Sinodun Internet Technologies Ltd.
Message-ID: <17073c5d-667a-6de9-9226-d628c5e559ab@sinodun.com>
Date: Thu, 22 Nov 2018 12:53:15 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <154281142792.11466.13031799522956020256.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-GB
Content-Transfer-Encoding: 8bit
X-BlackCat-Spam-Score: 0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/lLh3KAqwr3DUfGyS9ZWOgJNysDI>
Subject: Re: [DNSOP] Suresh Krishnan's No Objection on draft-ietf-dnsop-dns-capture-format-08: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Nov 2018 12:53:28 -0000

On 21/11/2018 14:43, Suresh Krishnan wrote:
> Suresh Krishnan has entered the following ballot position for
> draft-ietf-dnsop-dns-capture-format-08: No Objection
> 

Thanks for the review.

> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> * Section 7.4.1.1.
> 
> Looks like you can limit the {client,server}-address-prefix-{ipv4,ipv6} fields
> to one byte to restrict the range. e.g.
> 
> client-address-prefix-ipv6 => uint .size 1
> 
> Similar restrictions can be used for port (2) and TTL/hop limit (1) fields.

We already specify IPv4 and IPv6 addresses with a size:

IPv4Address = bstr .size 4
IPv6Address = bstr .size 16

so we think that similarly emphasising the constraints on the address
prefix lengths would be consistent. Rather than .size, we think a range
more appropriate, i.e.:

OLD: "? client-address-prefix-ipv4 => uint,
      ? client-address-prefix-ipv6 => uint,
      ? server-address-prefix-ipv4 => uint,
      ? server-address-prefix-ipv6 => uint,"

NEW: "IPv4PrefixLength = 1..32
      IPv6PrefixLength = 1..128"

     "? client-address-prefix-ipv4 => IPv4PrefixLength,
      ? client-address-prefix-ipv6 => IPv6PrefixLength,
      ? server-address-prefix-ipv4 => IPv4PrefixLength,
      ? server-address-prefix-ipv6 => IPv6PrefixLength,"

As to whether there is value in applying size or range restrictions
throughout the rest of the fields, we're not so sure. As well as port
and hoplimit, many of the DNS items (e.g. opcode, rcode) could also be
allocated a maximum size. Or possibly we should only put a range on
user-specified items such as VLAN IDs or opcodes to capture.

We'll ask the CBOR WG mailing list if there is a preferred CDDL style
for these cases.
-- 
Jim Hague - jim@sinodun.com          Never trust a computer you can't lift.