IETF Logo Mail Archive

Re: [dtn] AD evaluation of draft-ietf-dtn-bpbis-13

"Templin (US), Fred L" <Fred.L.Templin@boeing.com> Sat, 13 July 2019 00:29 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADFCA12000E; Fri, 12 Jul 2019 17:29:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OCo6PvuSvJjy; Fri, 12 Jul 2019 17:29:29 -0700 (PDT)
Received: from clt-mbsout-01.mbs.boeing.net (clt-mbsout-01.mbs.boeing.net [130.76.144.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 095C712006F; Fri, 12 Jul 2019 17:29:28 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by clt-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id x6D0TQeY021872; Fri, 12 Jul 2019 20:29:26 -0400
Received: from XCH16-07-09.nos.boeing.com (xch16-07-09.nos.boeing.com [144.115.66.111]) by clt-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id x6D0TLZu020761 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Fri, 12 Jul 2019 20:29:21 -0400
Received: from XCH16-07-10.nos.boeing.com (144.115.66.112) by XCH16-07-09.nos.boeing.com (144.115.66.111) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1713.5; Fri, 12 Jul 2019 17:29:20 -0700
Received: from XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5]) by XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5%2]) with mapi id 15.01.1713.004; Fri, 12 Jul 2019 17:29:20 -0700
From: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>, "draft-ietf-dtn-bpbis@ietf.org" <draft-ietf-dtn-bpbis@ietf.org>, "dtn@ietf.org" <dtn@ietf.org>
Thread-Topic: [dtn] AD evaluation of draft-ietf-dtn-bpbis-13
Thread-Index: AdUzOQfkywWzmEnHT4iyH8+qUympAQCInwaAAO2H+qA=
Date: Sat, 13 Jul 2019 00:29:20 +0000
Message-ID: <2d1e5bee3eba4267bbb00d84ded7a4b2@boeing.com>
References: <HE1PR0701MB25224DF64B2B60A0C655E1CE95F50@HE1PR0701MB2522.eurprd07.prod.outlook.com> <681cd7e961d3ff58d97bf25c68ada5327131b49e.camel@ericsson.com>
In-Reply-To: <681cd7e961d3ff58d97bf25c68ada5327131b49e.camel@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [137.137.12.6]
x-tm-snts-smtp: A7AF44208AE6FF4542AA1A7CA969E92068A325C76A0802215CFDECF9A138B6C92000:8
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-TM-AS-GCONF: 00
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/yNcbx-27C6QtGGqM_6CONcWT22M>
Subject: Re: [dtn] AD evaluation of draft-ietf-dtn-bpbis-13
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Jul 2019 00:29:32 -0000

HI Magnus,

> -----Original Message-----
> From: dtn [mailto:dtn-bounces@ietf.org] On Behalf Of Magnus Westerlund
> Sent: Monday, July 08, 2019 12:05 AM
> To: draft-ietf-dtn-bpbis@ietf.org; dtn@ietf.org
> Subject: Re: [dtn] AD evaluation of draft-ietf-dtn-bpbis-13
> 
> WG,
> 
> 
> To clarify, I will not progress this document until the WG has
> established a consensus on what to do, if any, about the IPR.

Thank you for your review efforts. Regarding IPR, as part of my document
shepherd's writeup I polled the authors and no relevant IPRs were reported.
Can you say more about your concern?

Regards - Fred

> Cheers
> 
> Magnus
> 
> 
> 
> On Fri, 2019-07-05 at 14:06 +0000, Magnus Westerlund wrote:
> > Hi,
> >
> > I have now reviewed this document. Consider that there are a number
> > of issues that likely need WG discussion I thought I should send out
> > this, despite that I have not yet reviewed the BPSEC document that
> > appears to be highly relevant and may result in additional changes
> > needed in this document. But BPSEC is next in a my review pile.
> >
> > Also as this area is new, I read the architecture a long time ago so
> > don’t hesitate to clarify if it appears that I am missing things.
> >
> >
> > 1. Section 4.1.5.1 and 10 :
> >
> > As this document uses the "dtn" URI scheme and the "dtn" scheme was
> > only provisional registered by RFC 5050 I think this document should
> > formally register the DTN URI scheme and thus a new subsection in
> > Section 10 is needed.
> >
> > Also, maybe similar effort to move "ipn" to permeant is needed?
> >
> > 2.       Section 4.1.6:
> >
> > I think the format and definition of this field are insufficient. It
> > is lacking a reference or a normative description of what "Unix Epoch
> > Time" in an unsigned int format actually is. Is the intention here to
> > simply measure the number of seconds since the start of year 2000?
> > Which Unix epoch time is not due to leap seconds. And I become
> > uncertain as UTC time scale is something else than Unix Epoch time at
> > least when it comes to leap seconds handling. Due to that Unix Time
> > have discontinuities in the time scale at leap seconds I would
> > recommend strongly against using it. Select UTC or TAI depending on
> > where you want the leap second handling pain to exist.
> >
> > Also, you specified only CBOR unsinged integer which is a
> > representation that can use 64-bit and thus not have the issues with
> > 32-bit signed integer seconds epochs that regular unix time has, but
> > that should probably be made explicit that it is expected to handle
> > that. Even if the first wrap of this unsigned 32-bit format will not
> > occur until 2136.
> >
> > And please provide necessary normative references, not informative
> > ones.
> >
> >
> > 3.       Section 4.2.2:
> >
> > The Lifetime field appears problematic if the creating node doesn't
> > have a reliable clock and uses timestamp 0 for all bundles. I think
> > that special case needs to be discussed. Which it is later done, but
> > there is missing reference to that.
> >
> > 4.       Section 4.2.2: Report-to EID
> >
> > Is this field set by bundle creator and never changed? It is not
> > clear and appear to have implications on how this field should be
> > treated. Primarily considering integrity options over these fields.
> >
> > 5.       Section 4.3.3.
> > Maximum Hop count upper limit? Can I insert a max UiNT64 here and
> > expect that to be acceptable?
> >
> > 6.       Section  5.1:
> >    Under some circumstances, the requesting of status reports could
> >    result in an unacceptable increase in the bundle traffic in the
> >    network. For this reason, the generation of status reports MUST be
> >    disabled by default and enabled only when the risk of excessive
> >    network traffic is deemed acceptable.
> >
> > I find the above paragraph rather unclear. First of all what are the
> > circumstances. Secondly, shouldn't the type of status report
> > requested be discussed. What I can see the different types results in
> > at most 1, N-1 or N times the number of sent bundles with the status
> > report set depending on type, where N is the number of nodes on the
> > path including receiving endpoint.
> >
> > So are there any recommendations to when it might be acceptable to
> > request status delivery. To me it appears the trace route like
> > options, like forwarding status report should only be used on a small
> > number of bundles sent for debuging or monitoring purposes.
> >
> > Use of the bundle deletion status report appear to have other
> > motivations for its use. I assume that this is fine for cases when it
> > occurs for a small fraction of the bundles for some reasons, but when
> > you have real failures on next hop links it appears that this may
> > cause high volumes of deletion. Thus a rate limitation makes sense. I
> > assume that this is one of the not specified reasons  the below
> > paragraph indicates:
> >
> >    When the generation of status reports is enabled, the decision on
> >    whether or not to generate a requested status report is left to
> > the
> >    discretion of the bundle protocol agent. Mechanisms that could
> >    assist in making such decisions, such as pre-placed agreements
> >    authorizing the generation of status reports under specified
> >    circumstances, are beyond the scope of this specification.
> >
> > 7.       Section 5.3:
> >
> >    Step 1: If the bundle's destination endpoint is an endpoint of
> > which
> >    the node is a member, the bundle delivery procedure defined in
> >    Section 5.7 MUST be followed and for the purposes of all
> > subsequent
> >    processing of this bundle at this node the node's membership in
> > the
> >    bundle's destination endpoint SHALL be disavowed.
> >
> > I don't understand why and what implications the disavowing has for a
> > local bundle being dispatched from a member node part of the
> > destination.
> >
> > 8.       Section 5.4
> >
> >    Step 3: If forwarding of the bundle is determined to be
> >    contraindicated for any of the reasons listed in Figure 4, then
> > the
> >    Forwarding Contraindicated procedure defined in Section 5.4.1 MUST
> >    be followed; the remaining steps of Section 5 are skipped at this
> >    time.
> >
> > Should that last Section 5 be Section 5.4?
> >
> > 9.       Section 6.1.1
> > What does Destination endpoint ID unintelligible actually mean?
> > Same with Block unintelligible.
> >
> > Are these the combination for corrupted blocks or EIDs? Are there a
> > point of separating out the case where the CRC indicate a corruption?
> >
> > 10.   Section 7.2
> >
> > So the service description appears very high level. How is the actual
> > interface working when it comes to dealing with that there is either
> > possibility to send, as well as rate control in the API. When can
> > more data be accepted and when is the convergence layer not ready.
> > Also don't the Bundle Agent need a signal when this side thinks it
> > has delivered as a signal of when the forwarding has completed?
> >
> > I was expecting this section to actually be explicit about what
> > functionalities the Bundle Agent really need from the convergence
> > layer.
> >
> > 11.   Section 9
> >
> > I think this section needs to be more explicit about mandating
> > implementation support for BPSEC. The IETF do not publish a protocol
> > today that doesn't have a mandatory to implement security solutions
> > for the protocol's major properties. In this case communication
> > security, i.e. confidentiality, integrity and authentication of the
> > data communicated is very relevant. I have not yet read BPSEC so I
> > may have additional concerns about that issues are not handled in the
> > combined protocol. I hope the BPSEC has some discussion of the
> > privacy properties of the protocol.
> >
> > 12.   Section 9:
> >    Additionally, convergence-layer protocols that ensure authenticity
> >    of communication between adjacent nodes in BP network topology
> >    SHOULD be used where available, to minimize the ability of
> >    unauthenticated nodes to introduce inauthentic traffic into the
> >    network.
> >
> > In this context wouldn't it be reasonable to also recommend using
> > encryption on the convergence layer to avoid eavsedropping on the
> > part that is in clear and prevent traffic analysis by third parties?
> >
> > 13.   Section 9.
> >
> >    Note that the generation of bundle status reports is disabled by
> >    default because malicious initiation of bundle status reporting
> >    could result in the transmission of extremely large numbers of
> >    bundle, effecting a denial of service attack.
> >
> > I think there is a clear lack of mitigations proposed for this issue.
> > As I mentioned in Issue 6 I think one both needs to consider amount
> > of generated traffic versus utility for the sender. Also I will have
> > to read BPSec to understand what integrity and source authentication
> > there is of the request for status reports. Next is the issue of rate
> > limiting and prioritization of status reports versus other bundles.
> > Also due to the multi-hop store and forward nature of this protocol
> > the actual bottle neck may only occur several hops towards the
> > receiver. What can be said about dropping status reports versus other
> > bundles when there is a resource contention, either in storage or in
> > convergence layers capability of forwarding messages within time.
> >
> > 14.   Section 6
> > I fail to see any discussion of how the sender of a status report
> > should set the lifetime and max hop. Can it actually take that
> > information from the Bundle it is reporting on?
> >
> > 15.   Section 10.
> >
> > I think this section needs to be clearer. Several improvements that
> > can be made.
> >
> > ·         I recommend individual sub-sections per registry operation
> > ·         Can you be clearer in references to point to specific
> > sections of definitions that makes it simpler to find the relevant
> > from the IANA registry?
> >
> > More specific parts.
> >
> >    This document defines the following additional Bundle Protocol
> > block
> >    types, for which values are to be assigned from the Bundle
> >    Administrative Record Types namespace [RFC6255]:
> >
> > First of all according to the registry, this registry is actually
> > created by RFC 7116.
> >
> > This and the observation that the things you attempt to register in
> > this registry you are actual called Bundle Block Types in your
> > document. Thus, I have to ask are you actually addressing the right
> > registry, or is the issue that you actually need per version specific
> > registries for example Bundle Block Types? If it is the later, then
> > lets define new registries. Possibly there should be a new major page
> > for BPv7. Not having read all the old documents, you likely have to
> > consider which registries are version specific and which are not.
> >
> > 16. Section 10:
> >
> > For the new registry, do you have any requirements for registrations
> > that should be written out. And in addition any criteria you want the
> > expert to consider when approving or rejecting registries? And is
> > this registry version 7 specific or not?
> >
> > 17.   Section 4.1.1:
> >
> > The CRCs are lacking proper normative references. Needed for both 1
> > and 2. Note that you have [CRC] that is currently unused.
> >
> > 18.   Section 11.2:
> > [BPSEC] is a normative reference.
> > [RFC6255] is normatively referenced for their registration
> > procedures.
> >
> > 19.   Section 13, Section 4.2.2
> >
> > This Section 13 item was something I wondered over:
> >
> >      . Restructure primary block, making it immutable.  Add optional
> >         CRC.
> >
> > Did I simply miss where that is said in the context of Section 4.2.2?
> >
> > 20.   Optional CRCs
> >
> > Why are the primary block CRC optional? I assume the intention with
> > it is to do a verification that the primarily block with the
> > addressing information hasn't become corrupted in the transmission
> > between nodes, similar to the checksums we have in other protocols.
> > Under which conditions will not using it be a reasonable idea? Are
> > you expecting other mechanisms to cover for it, or are you reasoning
> > that having corrupted bundles being delivered to the wrong places is
> > not an issue? As the primarily block is the main addressing part, I
> > would think the considerations that went into discussion of the
> > (almost) always usage of the UDP checksum for IPv6 applies here. Also
> > the implications for corruptions and cost in some DTNs for stray data
> > appears quite high.
> >
> >
> > Cheers
> >
> > Magnus Westerlund
> >
> > _______________________________________________
> > dtn mailing list
> > dtn@ietf.org
> > https://www.ietf.org/mailman/listinfo/dtn
> --
> Cheers
> 
> Magnus Westerlund
> 
> 
> ----------------------------------------------------------------------
> Network Architecture & Protocols, Ericsson Research
> ----------------------------------------------------------------------
> Ericsson AB                 | Phone  +46 10 7148287
> Torshamnsgatan 23           | Mobile +46 73 0949079
> SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
> ----------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email