Re: [dtn] [EXTERNAL] Genart telechat review of draft-ietf-dtn-bpbis-21

"Burleigh, Scott C (US 312B)" <scott.c.burleigh@jpl.nasa.gov> Wed, 05 February 2020 22:54 UTC

Return-Path: <scott.c.burleigh@jpl.nasa.gov>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B32712083D; Wed, 5 Feb 2020 14:54:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jpl.nasa.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F3cbklA1kO7B; Wed, 5 Feb 2020 14:54:04 -0800 (PST)
Received: from ppa02.jpl.nasa.gov (ppa02.jpl.nasa.gov [128.149.137.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75232120131; Wed, 5 Feb 2020 14:54:04 -0800 (PST)
Received: from pps.filterd (ppa02.jpl.nasa.gov [127.0.0.1]) by ppa02.jpl.nasa.gov (8.16.0.27/8.16.0.27) with SMTP id 015MjEtY047790; Wed, 5 Feb 2020 14:54:03 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jpl.nasa.gov; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=InSight1906; bh=YfIFpsBTBhk0xCpjlnjxscCUd/JCRJ3Yvs3jTH2UDhI=; b=w42D2Hxi7hoPYMM2NfeJlYVUF3BtbnEeihsl6/AWL3J1Tamm9GXdM5cAF/0aZsg9L0rL VvGbGBYS16wzHZsAUdvi+mlkeBIMsxIqSHcMq6J5wqOKV/2KuuJb0C4XVKiODuvG70Q8 YvT0QJuR1U4pKtatkRCNmpz17YtOcX5JyWAuW+/TWMrIMaHY9khdVjR1VAbmn2WUWvE9 +ug0KC+/ZmUaiK6yDIvK3eWQDP0UmHsQaK6XYBOU1h2KMTOE/YSmQFB063aAXdxqhxcQ NIhs++fWQyRg7PaqyVOe/CYTpEyNGbwsRPg011w0gPlpY/MTI1it0KbX7aa2qJ0yZcaa oA==
Received: from mail.jpl.nasa.gov (altphysenclup02.jpl.nasa.gov [128.149.137.53]) by ppa02.jpl.nasa.gov with ESMTP id 2xykcbkn84-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 05 Feb 2020 14:54:03 -0800
Received: from ap-embx16-sp40.RES.AD.JPL (ap-embx16-sp40.jpl.nasa.gov [128.149.137.86]) by smtp.jpl.nasa.gov (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id 015Ms2RU008187 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128 bits) verified FAIL); Wed, 5 Feb 2020 14:54:02 -0800
Received: from ap-embx16-sp10.RES.AD.JPL (2002:8095:8953::8095:8953) by ap-embx16-sp40.RES.AD.JPL (2002:8095:8956::8095:8956) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10; Wed, 5 Feb 2020 14:54:02 -0800
Received: from ap-embx16-sp10.RES.AD.JPL ([fe80::4:f430:47b5:767b]) by ap-embx16-sp10.RES.AD.JPL ([fe80::4:f430:47b5:767b%17]) with mapi id 15.01.1591.008; Wed, 5 Feb 2020 14:54:02 -0800
From: "Burleigh, Scott C (US 312B)" <scott.c.burleigh@jpl.nasa.gov>
To: Stewart Bryant <stewart.bryant@gmail.com>, "gen-art@ietf.org" <gen-art@ietf.org>
CC: "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-dtn-bpbis.all@ietf.org" <draft-ietf-dtn-bpbis.all@ietf.org>, "dtn@ietf.org" <dtn@ietf.org>
Thread-Topic: [EXTERNAL] [dtn] Genart telechat review of draft-ietf-dtn-bpbis-21
Thread-Index: AQHV2GwJBj9yZdu/NUyxykIOKPdOT6gNN/xQ
Date: Wed, 5 Feb 2020 22:54:02 +0000
Message-ID: <c472db72a3ab42c28eec516738c2dfc8@jpl.nasa.gov>
References: <158049865249.21219.7770941261141759152@ietfa.amsl.com>
In-Reply-To: <158049865249.21219.7770941261141759152@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [207.151.104.72]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Source-IP: ap-embx16-sp40.jpl.nasa.gov [128.149.137.86]
X-Source-Sender: scott.c.burleigh@jpl.nasa.gov
X-AUTH: Authorized
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2020-02-05_06:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1911140001 definitions=main-2002050175
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/hzffWEd3WanjNuWNke8XS5nY_4U>
Subject: Re: [dtn] [EXTERNAL] Genart telechat review of draft-ietf-dtn-bpbis-21
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2020 22:54:06 -0000

Hello, Stewart.  The DTN WG chair has advised me to go ahead and post the next version of the bpbis draft, so version 22 is now available for your review.  On the specific issues you bring up:
-	The [BPSEC] reference has been updated as you propose.
-	The allocation policy for the Block Processing Control Flags registry (10.4) and the Bundle Protocol URI Scheme Types registry (10.6) has been changed to Standards action, as the number of possible values is limited in both cases.  For the other registries I didn't think we needed to be so exacting, as these values are integers of essentially unlimited length.
-	I think "as needed" is actually better, as it indicates that this more robust protection may be needed in some cases but not in others.
-	All occurrences of "bpsec" have been changed to "BPsec".
-	"namespace" has been changed to "registry in the Bundle Protocol Namespace" in sections 10.1 through 10.5, though on re-reading the updated text I notice that I missed this change in a few places; I'll make those corrections on the next iteration of the draft.

Scott

-----Original Message-----
From: dtn <dtn-bounces@ietf.org> On Behalf Of Stewart Bryant via Datatracker
Sent: Friday, January 31, 2020 11:24 AM
To: gen-art@ietf.org
Cc: last-call@ietf.org; draft-ietf-dtn-bpbis.all@ietf.org; dtn@ietf.org
Subject: [EXTERNAL] [dtn] Genart telechat review of draft-ietf-dtn-bpbis-21

Reviewer: Stewart Bryant
Review result: Ready with Issues

I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please wait for direction from your document shepherd or AD before posting a new version of the draft.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-dtn-bpbis-21
Reviewer: Stewart Bryant
Review Date: 2020-01-31
IETF LC End Date: None
IESG Telechat date: 2020-02-06

Summary:

This version is a major improvement on the version that I reviewed earlier. I thank the authors for addressing my earlier review comments. There are a number of minor issues that the authors ought to look at, particularly around IANA allocation policy. Major issues: None

Minor issues:

[BPSEC] Birrane, E., "Bundle Security Protocol Specification", Work
        In Progress, October 2015.

SB> I think that this should be a reference to draft-ietf-dtn-bpsec

=======

In Section 10.3 the allocation policy has been changed to Standards Action which seems wise given the size of the registry. However all the registries  called up in 10.1..10.5 are all small and the authors ought to consider upgrading them of at least a portion of them to a higher bar than at present (they are specification required). Specification required can be met by a specification that is not even publicly accessible which can grab multiple entries. This is a dangerous position to leave small the registries of a Standards Track  protocol.

I have only checked the registries specifically addressed by this specification and the authors ought to check the other registries in the Bundle Protocol Namespace to see if any of them are also vulnerable.

========
Nits/editorial comments:

Note that more robust protection of BP data integrity, as needed,

SB> I that should be ….,if needed,

=====

SB> Bpsec appears as BPsec and bpsec also the noun bpsec is not defined
I assume you mean the BPsec protocol or mechanism or similar.

=======
 The current Bundle Block Types namespace is augmented

SB> I think that strictly you should say:
SB> The current Bundle Block Types registry in the Bundle Protocol 
SB> Namespace is
augmented.

This problem applies to the registries 10.2, 10.3, 10.4, and 10.5

_______________________________________________
dtn mailing list
dtn@ietf.org
https://www.ietf.org/mailman/listinfo/dtn