Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12
Joerg Ott <ott@in.tum.de> Fri, 23 August 2019 10:27 UTC
Return-Path: <ott@in.tum.de>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52E7A120811; Fri, 23 Aug 2019 03:27:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2CXCoxfPTOME; Fri, 23 Aug 2019 03:27:26 -0700 (PDT)
Received: from mail-out2.informatik.tu-muenchen.de (mail-out2.in.tum.de [131.159.0.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4643C120804; Fri, 23 Aug 2019 03:27:26 -0700 (PDT)
Received: by mail.in.tum.de (Postfix, from userid 107) id 463F71C0389; Fri, 23 Aug 2019 12:27:24 +0200 (CEST)
Received: (Authenticated sender: ott) by mail.in.tum.de (Postfix) with ESMTPSA id 364311C037E; Fri, 23 Aug 2019 12:27:21 +0200 (CEST) (Extended-Queue-bit tech_bhejg@fff.in.tum.de)
To: Brian Sipos <BSipos@rkf-eng.com>, Magnus Westerlund <magnus.westerlund@ericsson.com>, "dtn@ietf.org" <dtn@ietf.org>, "draft-ietf-dtn-tcpclv4@ietf.org" <draft-ietf-dtn-tcpclv4@ietf.org>
References: <BN8PR13MB2611A8DA06B3D691028CF62B9FAB0@BN8PR13MB2611.namprd13.prod.outlook.com>
From: Joerg Ott <ott@in.tum.de>
Message-ID: <790e4acd-4a9b-5e91-a26e-7330197aca23@in.tum.de>
Date: Fri, 23 Aug 2019 11:27:15 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <BN8PR13MB2611A8DA06B3D691028CF62B9FAB0@BN8PR13MB2611.namprd13.prod.outlook.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/BBMPuEVRZKK_F-ejwBhzmExqf5g>
Subject: Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Aug 2019 10:27:30 -0000
Hi Brian, thanks much for the update -- I am still traveling on vacation for another two weeks... Cheers, Jörg On 21.08.19 03:18, Brian Sipos wrote: > Magnus, > I've posted an updated I-D (version -13) which is intended to address > all of your comments. I appreciate all of the good editorial review you > have done to make the spec more clear and cover appropriate topics for a > standards track RFC. > > No changes have been made to the protocol encodings; most of the changes > are to the TLS sequencing and authentication processing. I've also added > private/experimental segments to each of the IANA registries and relaxed > most of the registration procedure requirements since there are a fair > number of unused codepoints in each table and I agree that having > reserved extensibility in these areas is good. > > My only in-email responses are to the following items: > > 8. Section 3.1: XFER_REFUSE does that indicate that the bundle has > already been received. How else does one separate other reasons for > refusing a bundle versus that one have received it prior? > BJS: The note in this section indicates one use of XFER_REFUSE, not all > possible uses. I'm not sure how the note should be modified for clarity > here. > > 35. A big question I have after having read this document is how one > discover / determine the IP+port(s) to connect to for a given EID. Is > this currently completely deployment specific? And how bound is this to > Bundle routing? > What may be missing is the section that tells the intended implementor > that in addition to follow this specification you do need a solution to > the following things, like for example authentication framework that > allows one to verify the TLS connects to EID mappings. Or an address > resolution protocol that maps EID to IP address and port pairs for cases > when routing simply give you Forward this bundle to EID using TCPCLv4. > BJS: Added to introduction section "Scope" which includes more explicit > explanation of the aspects of processing not covered by TCPCL and left > to the overlaying BP agent. > > ------------------------------------------------------------------------ > *From:* Magnus Westerlund > *Sent:* Thursday, August 01, 2019 09:31 > *To:* dtn@ietf.org; draft-ietf-dtn-tcpclv4@ietf.org > *Subject:* AD review of draft-ietf-dtn-tcpclv4-12 > > Hi, > > I have now performed my AD review of draft-ietf-dtn-tcpclv4-12. I think > most are minor comments, however the TLS and security related ones may > be more problematic to resolve. I will now be on vacation so you know > you will not receive any quick replies from me before the end of the month. > > 1. Section 1: What are the applicability of TCPCLv4 to BPv6? I wonder > as RFC5050 is referenced. > > 2. Section 1.1: Session State Changed. Some editorial issues. Missing > “:” initially. Then double “..” on Terminated. > > 3. Section 1.1: > Session Idle Changed The TCPCL supports indication when the > live/idle sub-state changes. This occurs only when the top-level > session state is Established. Because TCPCL transmits serially over > a TCP connection, it suffers from "head of queue blocking" this > indication provides information about when a session is available > for immediate transfer start. > > So in which direction are this change indicated/reported, both or > only in one of them, or any as implied by Section 2.1’s definition > of Live Session? > > 4. Section 1.1: Transmission Intermediate Progress: Segment is not > defined prior to this. Maybe a forward pointe? Or should maybe the > whole subsection (1.1) be moved to after definitions? > > 5. Section 2: Is there a point to use the RFC 8174 language that makes > only capital words have special meaning? > > 6. Section 3.1: “One of these parameters is a singleton endpoint > identifier for each node (not the singleton Endpoint Identifier > (EID) of any application running on the node) to denote the > bundle-layer identity of each DTN node.” > > The above quote does imply something that at least BPBis isn’t > making clear that a particular application agent would have its own > EID. It is not clear that there are a one-to-one relationship > between bundle nodes and application agents. Can you please clarify > what the relationship is and lets figure out if that needs to be > clarified back to BPbis. > > 7. Section 3.1: “Bundle interleaving can be accomplished by > fragmentation at the BP layer or by establishing multiple TCPCL > sessions between the same peers.” > > Are there clear rules established for how many TCPCL sessions in > parallel that may be established? By the end of my reading this is > unanswered. > > 8. Section 3.1: XFER_REFUSE does that indicate that the bundle has > already been received. How else does one separate other reasons for > refusing a bundle versus that one have received it prior? > > 9. Section 3:1: Once a session is established established, TCPCL is > a symmetric protocol between the peers. > Double established > > 10. Figure 4: “Close message” is this TCP level message, if that is the > case can that be clarified by prefix with TCP? > > 11. Section 3.2: > Notes on Established Session states: > Session "Live" means transmitting or reeiving over a transfer > stream. > > Session "Idle" means no transmission/reception over a transfer > stream. > > Session "Closing" means no new transfers will be allowed. > > Note that “Closing” is not used in Figure 4, it is called ending. > Note spelling error on “live” receving. > > 12. Section 3.2: Figure 5 and 6 uses PCH without explanation. Figure 5 > could probably also benefit by expanding CH as Contact Header. > > 13. Figure 8 and 10: Uses [SESSTERM] is this the same as using the > SESS_TERM message, or some other procedure. Please clarify. > > 14. Section 3.3: “ Many other policies can be established in a TCPCL > network between these two extremes.” > > The list above includes three items, so the two extremes needs to be > enumerated. > > 15. Section 4.1: Can TCPCLv3 and TCPCLv4 coexist on Port 4556? Based on > 9.1 the answer is yes, please clarify here. > > 16. Section 4.1: “Therefore, the entity MUST retry the connection setup > no earlier than some delay time from the last attempt, and it SHOULD > use a (binary) exponential backoff mechanism to increase this delay > in case of repeated failures.” > > Any recommended upper limit for the backoff? > > 17. Section 4.2: Version: A one-octet field value containing the > value 4 (current version of the protocol). > > I think the use of “the protocol” is unclear, maybe call it “the TCP > convergence layer”. This to avoid confusion with BPv7. > > 18. Section 4.2: Please define how to set and ignore reserved bits in > the Flags field so that it may be extended in the future. > > 19. Section 4.3 and 4.4: Due to how the Contact Header relate to TLS > there is clear risk for a TLS stripping attack where the CAN_TLS > flag is cleared. I think there need to be some thought about > mitigation of this weakness. Depending on the expected mix of > entities and their capabilities one can either have policy for a > deployment where one mandates TLS being used, thus preventing the > bid-down by not being according to policy. It is more difficult to > mitigate in a deployment where one have some entities that doesn’t > support TLS, unless one can some way securely learn which entities > support it or not and thus can detect the manipulation. One can > potentially also first attempt to do a TLS handshake for the best > version one supports. Then run the CH inside the TLS to prevent > TCPCL version and other flags to be manipulated. But that doesn’t > solve the down-bid. I did note the negotiation in Section 4.7 and > the relation to Security Policy. Maybe the solution is to write some > text on the risk of TLS striping in Section 8 and add forward > pointers in 4.7 to that risk. > > 20. Section 4.4: Dealing with new TLS versions. BCP 195 does not appear > to me to define how to deal with newer versions. However, as TLS 1.3 > already exist I think this is from the start a relevant question. > > 21. Section 4.4: So what about entity authentication? Will the TCPCL > entity have a name / identity that can be authenticated so that one > know that one are talking to the right entity. And is the solution > for this a classical PKI, or something else? Also does the passive > entity expect the active (TLS client) to authenticate itself also? > > 22. Section 4.8: Please define how to set and ignore the reserved bits. > > 23. Section 4.5: Based on that many later sections just refer to the > Message Header, shouldn’t the section title for section 4.5 be > Message Header? Now the first mentioning of “Message Header” are in > Figure 16’s title. > > 24. Section 6.1: > After sending a SESS_TERM message, an entity MAY continue a possible > in-progress transfer in either direction. After sending a SESS_TERM > message, an entity SHALL NOT begin any new outgoing transfer (i.e. > send an XFER_SEGMENT message) for the remainder of the session. > After receving a SESS_TERM message, an entity SHALL NOT accept any > new incoming transfer for the remainder of the session. > > To me it seems that the above paragraph contains one contradiction. > The parenthesis in the second sentence (i.e. send an XFER_SEGMENT > message) appears to be false. Because as the beginning of the > sentence implies that it can’t start a new transfer. However > SESS_TERM is allowed to be inserted in between XFER_SEGEMENT > messages for a transfer ID, i.e. XFER_SEGMENT(ID=7), SESS_TERM, > XFER_SEGMENT(ID=7, end) is an allowed sequence. Can you please clarify. > > 25. Section 8. > If this identifier is used outside of a TLS-secured session or > without further verification as a means to determine which bundles > are transmitted over the session, then the node that has falsified > its identity would be able to obtain bundles that it otherwise would > not have. > > I don’t see how a entity could trust the in SESS_INIT provided EID > more just because it is in TLS unless there are some mechanism for > binding the EID to the TLS session endpoint (client or server). Some > type of authentication is needed to prove the identity. > > 26. Section 8. > Therefore, an entity SHALL NOT use the EID value of an > unsecured contact header to derive a peer node's identity unless it > can corroborate it via other means. > > The EID value is not part of the CH, only SESS_INIT. Is this a left > over from TCPCLv3 or earlier versions? > > 27. Section 8. Needs text on TLS stripping attack due to the optional > TLS usage. > > 28. Section 9: “In this section, registration procedures are as defined > in [RFC8126].” … defined as in … > > 29. Section 9: “Some of the registries below are created new for TCPCLv4 > but share code values with TCPCLv3.” > > I don’t think “share” is the right word here. Maybe “Some of the > registries have been defined as version specific to TCPCLv4, and > imports some or all codepoints from TCPCLv3.” > > 30. Section 9.3: Is RFC Required unnecessary strict? Considering the > quite large name space, I would think that specification required > would be a suitable policy? Just trying to understand what you think > is gained by having someone publish the extension as an RFC, in any > stream including the independent. > > 31. Section 9.4: Same question as for 30) > > 32. Section 9.5: Here RFC required may be suitable. However, does it > make sense to allocate 2 or 4 points also here for Private/Experiments? > > 33. Section 9.6: Here I would consider Expert Review with a > specification requirement. I also do not understand why so much is > reserved, a reason for that? > > 34. I would expect that the policy for 9.6-9.8 to be aligned so may > require change if change is decided on 33. > > 35. A big question I have after having read this document is how one > discover / determine the IP+port(s) to connect to for a given EID. > Is this currently completely deployment specific? And how bound is > this to Bundle routing? > > What may be missing is the section that tells the intended > implementor that in addition to follow this specification you do > need a solution to the following things, like for example > authentication framework that allows one to verify the TLS connects > to EID mappings. Or an address resolution protocol that maps EID to > IP address and port pairs for cases when routing simply give you > Forward this bundle to EID using TCPCLv4. > > Cheers > > Magnus Westerlund >
- [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Magnus Westerlund
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Brian Sipos
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Burleigh, Scott C (US 312B)
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Brian Sipos
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Burleigh, Scott C (US 312B)
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Brian Sipos
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Burleigh, Scott C (US 312B)
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Brian Sipos
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Marc Blanchet
- Re: [dtn] [EXTERNAL] Re: AD review of draft-ietf-… Burleigh, Scott C (US 312B)
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Brian Sipos
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Joerg Ott
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Magnus Westerlund
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Magnus Westerlund
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Stephen Farrell
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Brian Sipos
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Taylor, Rick
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Stephen Farrell
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Brian Sipos
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Magnus Westerlund
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Magnus Westerlund
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Taylor, Rick
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Magnus Westerlund
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Brian Sipos
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Magnus Westerlund
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Brian Sipos
- Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12 Magnus Westerlund