[dnssd] Barry Leiba's Yes on draft-ietf-dnssd-prireq-05: (with COMMENT)
Barry Leiba via Datatracker <noreply@ietf.org> Wed, 26 February 2020 01:06 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: dnssd@ietf.org
Delivered-To: dnssd@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0059D3A03FA; Tue, 25 Feb 2020 17:06:33 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Barry Leiba via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-dnssd-prireq@ietf.org, dnssd-chairs@ietf.org, dnssd@ietf.org, David Schinazi <dschinazi.ietf@gmail.com>, dschinazi.ietf@gmail.com
X-Test-IDTracker: no
X-IETF-IDTracker: 6.118.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Barry Leiba <barryleiba@computer.org>
Message-ID: <158267919299.11026.3193133978474704307.idtracker@ietfa.amsl.com>
Date: Tue, 25 Feb 2020 17:06:32 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/gX-QhIvAfq29zDsT9okSSPOOvVc>
Subject: [dnssd] Barry Leiba's Yes on draft-ietf-dnssd-prireq-05: (with COMMENT)
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Feb 2020 01:06:33 -0000
Barry Leiba has entered the following ballot position for draft-ietf-dnssd-prireq-05: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dnssd-prireq/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- It’s useful to have this analysis; thanks. Just some editorial comments below. Please consider them; none needs any explicit response. Please take specific note of the last one, about the references. General: “i.e.” and “e.g.” always need a comma after them. — Section 1 — There are cases when nodes connected to a network want to provide or consume services without exposing their identity to the other parties Nit: “their identities” (or “a node… wants… its identity”) Consider for example a traveler Nit: “Consider, for example, a traveler” Disclosing Information In this document "disclosing information" is also focused on disclosure by data conveyed via messages on the service discovery protocol layer. Do you mean “disclosure of data” (not “by”)? — Section 2 — All these attackers can either be passive, i.e. they just listen to network traffic they have access to, or active, i.e. they additionally can craft and send (malicious) packets. Style: You decide, of course, but I find this easier to read with parentheses, rather than “i.e.”s: SUGGEST All these attackers can either be passive (they just listen to network traffic they have access to) or active (they additionally can craft and send malicious packets). END on-link An on-link attacker is on the same network link as victim devices engaging in service discovery; thus, the external attacker is in the same multicast domain. The second line should say “on-link attacker”. MITM A Man in the Middle (MITM) attacker either controls (parts of) a network link or can trick two parties to send traffic via him; Nit: “Man-in-the-Middle” needs hyphens when it modifies “attacker”. Style: I know that “him” matches “Man”, so maybe we should leave it as is. Still, it jarred me. I would say “via the attacker.” — Section 3.1.1 — I love the ASCII-art stick figures. :-) just for tracking people or as a preliminary to targeted attacks. “preliminary” isn’t a noun. Maybe “preliminary step”, or maybe “preamble”? Or you could remove “as a”, and it would work. Yes, I think the last is the best fix here. — Section 3.1.2 — such as for example an airport's lounge. Nit: “for example” needs to be set off with commas before and after it. — Section 3.1.3 — to further attacks, from theft to device specific hacking. Nit: hyphenate “device-specific”. "fingerprint" of the person, allowing identification. Style: I would say “facilitating identification”, or maybe “risking identification”. — Section 3.2 — This is mainly relevant for unicast based discovery Nit: hyphenate “unicast-based”. — Section 3.2.4 — o Some attributes like the paper size available in a printer, Fruit flies like a banana? The attributes are not paticularly fond of anything: “Some attributes, such as the paper size available in a printer,” Combinations of attributes have more information power than specific attributes Style: I would say, “than individual attributes” Information contained in TXT records does not only breach privacy Nit: make it “…records not only breaches privacy” Further, TXT records often contain version information about services allowing potential attackers You need a comma after “services” — otherwise, the meaning isn’t quite as you want it. — Section 3.2.5 — An argument is sometimes made that devices providing services can be identified by observing the local traffic, and that trying to hide the presence of the service is futile. However, Given what you say below this, I think it would help to emphasize the point here, so may I suggest this?: NEW An argument is sometimes made that devices providing services can be identified by observing the local traffic, and that trying to hide the presence of the service is futile. However, there are good reasons for the doscovery service layer to avoid unnecessary exposure: END — Section 3.2.6 — services, such as for example some private messaging services. “such as” already means “for example”, so you don’t need both. I would just remove “for example”. — Section 3.4.1 — can perform, the proxy may have some way to wake the device, as implied in RFC6762 [RFC6762] 6762 is 50 pages-ish; do you mind adding a section to the citation to help the reader find the implication? — Section 3.4.2 — Further it may cause an unnecessary level of power consumption which is particularly problematic Nit: this needs a comma after “further” and another after “consumption”. unauthorized observers, while also managing to do that efficiently. You’re missing an antecedent to “that”. I think you need to say, “to do its job efficiently,” or something like that. — Section 3.4.3 — establishment requires active participation of the user, such as entering a password or PIN. I submit that “clicking OK” is also active participation. Maybe “more significant participation” is better? — Section 4 — lead to a solution that does not transmit privacy violating DNS-SD Nit: hyphenate “privacy-violating”. mechanisms should be used on deeper layer network protocols and on how to actually connect to services in a privacy preserving way, Nit: hyphenate “deeper-layer” and “privacy-preserving”. — Section 4.2 — 4. Avoid disclosure of information about the services they offer to unauthorized clients. This sounds like it’s talking about services that they offer to unauthorized clients. I don’t actually think readers will misunderstand it, but they might trip over it. Maybe move “to unauthorized clients” after “disclosure”? That way, you can make the same change in bullet 3 and keep them parallel and clear. — Section 4.3 — Further, it would increase power consumption which is critical for IoT devices. Increased power consumption isn’t what’s critical; just the opposite. Maybe “which is damaging to IoT devices.” — Section 7 — Do with this comment what you will: I’m one who believes that Informational documents do have Normative References. Those are the references that are critical to the understanding of the document. Clearly, the DNSSD and mDNS documents are in that category, and I think there are others. You needn’t reply on this, and you needn’t do it if you disagree, but I think it would be best to identify the key documents that readers of this need to be familiar with, and move them into Normative References.
- [dnssd] Barry Leiba's Yes on draft-ietf-dnssd-pri… Barry Leiba via Datatracker
- Re: [dnssd] Barry Leiba's Yes on draft-ietf-dnssd… Christian Huitema
- Re: [dnssd] Barry Leiba's Yes on draft-ietf-dnssd… Barry Leiba
- Re: [dnssd] Barry Leiba's Yes on draft-ietf-dnssd… Eric Vyncke (evyncke)
- Re: [dnssd] Barry Leiba's Yes on draft-ietf-dnssd… Christian Huitema