IETF Logo Mail Archive

Re: [dtn] I-D Action: draft-ietf-dtn-tcpclv4-09.txt

Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Thu, 01 November 2018 22:20 UTC

Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1744812D4E9 for <dtn@ietfa.amsl.com>; Thu, 1 Nov 2018 15:20:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SrJjFXg-EHva for <dtn@ietfa.amsl.com>; Thu, 1 Nov 2018 15:20:52 -0700 (PDT)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 021B012896A for <dtn@ietf.org>; Thu, 1 Nov 2018 15:20:52 -0700 (PDT)
Received: by mail-lj1-x231.google.com with SMTP id g26-v6so15410lja.10 for <dtn@ietf.org>; Thu, 01 Nov 2018 15:20:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=SW4pRN79JoJda2NotIFFp4VPsl8GeTmHi+AIOFFkczE=; b=t6HjuTwIjXujI0UbQUdrdEvAkNg7Ne26axeUKkFaxID2KcVs/XIcmAp/wOqmoP537C 9x4gXatJavJeI8I4EW+Tgj3pFBPoi6pU5vgzIZjEKNINhuCSNUuT+RfgncEvMNCjguOG UvTdcZiNTs4ksLJxSw8nma6/Ny4ba7QLE/d6LNwUaSPam/qMVz+Yyl7O1ECwwe1kte5A bm7wT0PHW3DmLr6EImtc/Ckfft5cLr7EQJe92GXXou6Hvb0iCltuf3GYEOjApy84l5w6 rFNhpQEus5V0ulwsdco4daDISw4mm9BVMcOxRmTdC+WbA0ty3f42jAKQrvImnn0K89aW o5Gg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SW4pRN79JoJda2NotIFFp4VPsl8GeTmHi+AIOFFkczE=; b=hmOc3YT6nVhJou+U7S8t5p13Z+xaziJG+ewE3vOXjMnxVoN0DfWCLwfO+YXzzyDBSr C0KAwKffbTgoPSsnXr6G50MNBGKALHVbNvjJ0MiF+6yKH3YhwwQOjM/SYRTDSZy5bpWU L5gTkiCwvZg4eT0haGtyuynJH47taYz0uh0Oq/GhGa/KCYHsN3Fhzp+AUjoBOkr9+FZ1 HAn85/qA9k9kxFa37hXpFndbJxDOg+pvGqdOINN+dwRGe30XiTG4/Z1sps05fqgCunix e9aY/B/3XGvb7aE6cNaJ1/g32yB8iltUm0zdIuWveZTOr2CdZoueQtSwBKvTUWN4eLc/ NfKA==
X-Gm-Message-State: AGRZ1gIqVlVCyUYCrnYqsEV1G1M/a/ftAZf8J9wXA5YO8n4XyYY2EKhX 3mlMPy9S38v3HstzERA1iEKcSjLqpa6hO5JdBzk=
X-Google-Smtp-Source: AJdET5fOtZIQwIybeloFB45E/al4LsjXWZMvnVHlPzF1VnPkYrrNZCFEZ3YdcB20aEcvG+s1XR+jUY9jZIRZ7D19hFA=
X-Received: by 2002:a2e:93ca:: with SMTP id p10-v6mr1151877ljh.158.1541110850094; Thu, 01 Nov 2018 15:20:50 -0700 (PDT)
MIME-Version: 1.0
References: <152987559341.21620.2355609223308009940@ietfa.amsl.com> <21a3a812-a874-245f-18de-b19ba02e28db@netlab.tkk.fi> <ebbbb547eab34778bada52b49f09d3264f289083.camel@rkf-eng.com>
In-Reply-To: <ebbbb547eab34778bada52b49f09d3264f289083.camel@rkf-eng.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Thu, 01 Nov 2018 17:20:39 -0500
Message-ID: <CAKKJt-fxhh0AqtYLipQRadkL2ycrdBrDL-SRohyHWa+m+dRyHg@mail.gmail.com>
To: BSipos@rkf-eng.com
Cc: Simon Perreault <simon.perreault@viagenie.ca>, Joerg Ott <jo@netlab.tkk.fi>, dtn@ietf.org, dtnrg-chairs@tools.ietf.org, Marc Blanchet <marc.blanchet@viagenie.ca>
Content-Type: multipart/alternative; boundary="000000000000c78cda0579a1d47f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/6zDAZOYuKo8q3u5HWplXh3EE7SM>
Subject: Re: [dtn] I-D Action: draft-ietf-dtn-tcpclv4-09.txt
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Nov 2018 22:20:55 -0000

Hi, Brian,

On Sun, Oct 28, 2018 at 2:41 PM Brian Sipos <BSipos@rkf-eng.com> wrote:

> Joerg,
> I'm making edits based on your comments below, and have included
> replies inline below also.
>
> On Mon, 2018-08-13 at 22:36 +0200, Joerg Ott wrote:
> > [Now including the DTN WG list]
> >
> > Hi everybody,
> >
> > I am guilty of having had less than adequate time lately to look at
> > the
> > detailed evolution of this draft.  I did a detailed review that
> > yielded
> > a number of comments.
> >
> > As a meta note up front: I am not super-happy that the document more
> > than doubled in size, while the functionality did not grow that much
> > (luckily).  There seem to be lots of precautions taken for future-
> > proofing, while some of those could be addressed by another rev.
> > I specifically also went back to v3 to compare the changes.
> >
> > I am also puzzled about the generous choice of field sizes given that
> > the bundle protocol itself uses encodings that aim at wire
> > efficiency.
> >
> > I don't wanna bring up everything at once but here are a few bits
> > that
> > I really think need to be fixed.  So let me keep the discussion
> > focused
> > for now (we can look at nits later on):
> >
> > 1. Section 4.3 seems to suggest on p21 (a node may adapt its
> > operation
> >     to an older version of the protocol) the two endpoints might
> > choose
> >     using different protocols versions, which is surely problematic.
> >     The outcome of this negotiation must be unambiguous.
> >
> I've added specific logic based on the two roles (active vs. passive)
> to disambiguate the behavior and make understanding when the session
> transitions state to parameter negotiation.
>
> > 2. Section 4.4 discusses TLS but this isn't enough.  TLS has lots of
> >     parameters, TLS clients may and servers must have certificates.
> >     All this interaction needs to be spelled out.  What about the APN
> >     to be used for TLS connection setup.  And, of course, we should
> > use
> >     TLS 1.3.
> >
> As was mentioned by others in earlier replies, this spec relies on
> RFC7525 for TLS best practices, version support, and default
> ciphersuite support and use.
>

I woke up reading this, and went to check your draft, which has

    The use of TLS is negotated using the Contact Header as described in
   Section 4.3.  After negotiating an Enable TLS parameter of true, and
   before any other TCPCL messages are sent within the session, the
   session entities SHALL begin a TLS handshake in accordance with
   [RFC5246].  The parameters within each TLS negotiation are
   implementation dependent but any TCPCL node SHOULD follow all
   recommended best practices of [RFC7525].  By convention, this
   protocol uses the node which initiated the underlying TCP connection
   as the "client" role of the TLS handshake request.

That's an excellent start. I have two comments (do the right thing).

   - The larger point - pointing to RFC 7525 is a reasonable starting
   place, but RFC 7525 is a BCP (specifically, BCP 195), which can be updated
   or (especially) obsoleted. If you said "all recommended practices of
   [BCP195], or any updates or successors that become part of [BCP195]", that
   would be a lot more future-proof.
   - I understand that this is a SHOULD for a reason, but if you can give
   examples of reasons why an implementation that doesn't do this would still
   be doing the right thing, that would likely make your IETF Last Call
   comment discussions, including interactions with SECDIR reviewers, and with
   ADs during IESG Evaluation, terminate more quickly and more pleasantly.

Thanks,

Spencer

v2.23.0 | Report a Bug | By Email