Re: [dtn] AD evaluation of draft-ietf-dtn-bpbis-13
"Templin (US), Fred L" <Fred.L.Templin@boeing.com> Sat, 13 July 2019 00:29 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADFCA12000E; Fri, 12 Jul 2019 17:29:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OCo6PvuSvJjy; Fri, 12 Jul 2019 17:29:29 -0700 (PDT)
Received: from clt-mbsout-01.mbs.boeing.net (clt-mbsout-01.mbs.boeing.net [130.76.144.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 095C712006F; Fri, 12 Jul 2019 17:29:28 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by clt-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id x6D0TQeY021872; Fri, 12 Jul 2019 20:29:26 -0400
Received: from XCH16-07-09.nos.boeing.com (xch16-07-09.nos.boeing.com [144.115.66.111]) by clt-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id x6D0TLZu020761 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Fri, 12 Jul 2019 20:29:21 -0400
Received: from XCH16-07-10.nos.boeing.com (144.115.66.112) by XCH16-07-09.nos.boeing.com (144.115.66.111) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1713.5; Fri, 12 Jul 2019 17:29:20 -0700
Received: from XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5]) by XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5%2]) with mapi id 15.01.1713.004; Fri, 12 Jul 2019 17:29:20 -0700
From: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>, "draft-ietf-dtn-bpbis@ietf.org" <draft-ietf-dtn-bpbis@ietf.org>, "dtn@ietf.org" <dtn@ietf.org>
Thread-Topic: [dtn] AD evaluation of draft-ietf-dtn-bpbis-13
Thread-Index: AdUzOQfkywWzmEnHT4iyH8+qUympAQCInwaAAO2H+qA=
Date: Sat, 13 Jul 2019 00:29:20 +0000
Message-ID: <2d1e5bee3eba4267bbb00d84ded7a4b2@boeing.com>
References: <HE1PR0701MB25224DF64B2B60A0C655E1CE95F50@HE1PR0701MB2522.eurprd07.prod.outlook.com> <681cd7e961d3ff58d97bf25c68ada5327131b49e.camel@ericsson.com>
In-Reply-To: <681cd7e961d3ff58d97bf25c68ada5327131b49e.camel@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [137.137.12.6]
x-tm-snts-smtp: A7AF44208AE6FF4542AA1A7CA969E92068A325C76A0802215CFDECF9A138B6C92000:8
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-TM-AS-GCONF: 00
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/yNcbx-27C6QtGGqM_6CONcWT22M>
Subject: Re: [dtn] AD evaluation of draft-ietf-dtn-bpbis-13
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Jul 2019 00:29:32 -0000
HI Magnus, > -----Original Message----- > From: dtn [mailto:dtn-bounces@ietf.org] On Behalf Of Magnus Westerlund > Sent: Monday, July 08, 2019 12:05 AM > To: draft-ietf-dtn-bpbis@ietf.org; dtn@ietf.org > Subject: Re: [dtn] AD evaluation of draft-ietf-dtn-bpbis-13 > > WG, > > > To clarify, I will not progress this document until the WG has > established a consensus on what to do, if any, about the IPR. Thank you for your review efforts. Regarding IPR, as part of my document shepherd's writeup I polled the authors and no relevant IPRs were reported. Can you say more about your concern? Regards - Fred > Cheers > > Magnus > > > > On Fri, 2019-07-05 at 14:06 +0000, Magnus Westerlund wrote: > > Hi, > > > > I have now reviewed this document. Consider that there are a number > > of issues that likely need WG discussion I thought I should send out > > this, despite that I have not yet reviewed the BPSEC document that > > appears to be highly relevant and may result in additional changes > > needed in this document. But BPSEC is next in a my review pile. > > > > Also as this area is new, I read the architecture a long time ago so > > don’t hesitate to clarify if it appears that I am missing things. > > > > > > 1. Section 4.1.5.1 and 10 : > > > > As this document uses the "dtn" URI scheme and the "dtn" scheme was > > only provisional registered by RFC 5050 I think this document should > > formally register the DTN URI scheme and thus a new subsection in > > Section 10 is needed. > > > > Also, maybe similar effort to move "ipn" to permeant is needed? > > > > 2. Section 4.1.6: > > > > I think the format and definition of this field are insufficient. It > > is lacking a reference or a normative description of what "Unix Epoch > > Time" in an unsigned int format actually is. Is the intention here to > > simply measure the number of seconds since the start of year 2000? > > Which Unix epoch time is not due to leap seconds. And I become > > uncertain as UTC time scale is something else than Unix Epoch time at > > least when it comes to leap seconds handling. Due to that Unix Time > > have discontinuities in the time scale at leap seconds I would > > recommend strongly against using it. Select UTC or TAI depending on > > where you want the leap second handling pain to exist. > > > > Also, you specified only CBOR unsinged integer which is a > > representation that can use 64-bit and thus not have the issues with > > 32-bit signed integer seconds epochs that regular unix time has, but > > that should probably be made explicit that it is expected to handle > > that. Even if the first wrap of this unsigned 32-bit format will not > > occur until 2136. > > > > And please provide necessary normative references, not informative > > ones. > > > > > > 3. Section 4.2.2: > > > > The Lifetime field appears problematic if the creating node doesn't > > have a reliable clock and uses timestamp 0 for all bundles. I think > > that special case needs to be discussed. Which it is later done, but > > there is missing reference to that. > > > > 4. Section 4.2.2: Report-to EID > > > > Is this field set by bundle creator and never changed? It is not > > clear and appear to have implications on how this field should be > > treated. Primarily considering integrity options over these fields. > > > > 5. Section 4.3.3. > > Maximum Hop count upper limit? Can I insert a max UiNT64 here and > > expect that to be acceptable? > > > > 6. Section 5.1: > > Under some circumstances, the requesting of status reports could > > result in an unacceptable increase in the bundle traffic in the > > network. For this reason, the generation of status reports MUST be > > disabled by default and enabled only when the risk of excessive > > network traffic is deemed acceptable. > > > > I find the above paragraph rather unclear. First of all what are the > > circumstances. Secondly, shouldn't the type of status report > > requested be discussed. What I can see the different types results in > > at most 1, N-1 or N times the number of sent bundles with the status > > report set depending on type, where N is the number of nodes on the > > path including receiving endpoint. > > > > So are there any recommendations to when it might be acceptable to > > request status delivery. To me it appears the trace route like > > options, like forwarding status report should only be used on a small > > number of bundles sent for debuging or monitoring purposes. > > > > Use of the bundle deletion status report appear to have other > > motivations for its use. I assume that this is fine for cases when it > > occurs for a small fraction of the bundles for some reasons, but when > > you have real failures on next hop links it appears that this may > > cause high volumes of deletion. Thus a rate limitation makes sense. I > > assume that this is one of the not specified reasons the below > > paragraph indicates: > > > > When the generation of status reports is enabled, the decision on > > whether or not to generate a requested status report is left to > > the > > discretion of the bundle protocol agent. Mechanisms that could > > assist in making such decisions, such as pre-placed agreements > > authorizing the generation of status reports under specified > > circumstances, are beyond the scope of this specification. > > > > 7. Section 5.3: > > > > Step 1: If the bundle's destination endpoint is an endpoint of > > which > > the node is a member, the bundle delivery procedure defined in > > Section 5.7 MUST be followed and for the purposes of all > > subsequent > > processing of this bundle at this node the node's membership in > > the > > bundle's destination endpoint SHALL be disavowed. > > > > I don't understand why and what implications the disavowing has for a > > local bundle being dispatched from a member node part of the > > destination. > > > > 8. Section 5.4 > > > > Step 3: If forwarding of the bundle is determined to be > > contraindicated for any of the reasons listed in Figure 4, then > > the > > Forwarding Contraindicated procedure defined in Section 5.4.1 MUST > > be followed; the remaining steps of Section 5 are skipped at this > > time. > > > > Should that last Section 5 be Section 5.4? > > > > 9. Section 6.1.1 > > What does Destination endpoint ID unintelligible actually mean? > > Same with Block unintelligible. > > > > Are these the combination for corrupted blocks or EIDs? Are there a > > point of separating out the case where the CRC indicate a corruption? > > > > 10. Section 7.2 > > > > So the service description appears very high level. How is the actual > > interface working when it comes to dealing with that there is either > > possibility to send, as well as rate control in the API. When can > > more data be accepted and when is the convergence layer not ready. > > Also don't the Bundle Agent need a signal when this side thinks it > > has delivered as a signal of when the forwarding has completed? > > > > I was expecting this section to actually be explicit about what > > functionalities the Bundle Agent really need from the convergence > > layer. > > > > 11. Section 9 > > > > I think this section needs to be more explicit about mandating > > implementation support for BPSEC. The IETF do not publish a protocol > > today that doesn't have a mandatory to implement security solutions > > for the protocol's major properties. In this case communication > > security, i.e. confidentiality, integrity and authentication of the > > data communicated is very relevant. I have not yet read BPSEC so I > > may have additional concerns about that issues are not handled in the > > combined protocol. I hope the BPSEC has some discussion of the > > privacy properties of the protocol. > > > > 12. Section 9: > > Additionally, convergence-layer protocols that ensure authenticity > > of communication between adjacent nodes in BP network topology > > SHOULD be used where available, to minimize the ability of > > unauthenticated nodes to introduce inauthentic traffic into the > > network. > > > > In this context wouldn't it be reasonable to also recommend using > > encryption on the convergence layer to avoid eavsedropping on the > > part that is in clear and prevent traffic analysis by third parties? > > > > 13. Section 9. > > > > Note that the generation of bundle status reports is disabled by > > default because malicious initiation of bundle status reporting > > could result in the transmission of extremely large numbers of > > bundle, effecting a denial of service attack. > > > > I think there is a clear lack of mitigations proposed for this issue. > > As I mentioned in Issue 6 I think one both needs to consider amount > > of generated traffic versus utility for the sender. Also I will have > > to read BPSec to understand what integrity and source authentication > > there is of the request for status reports. Next is the issue of rate > > limiting and prioritization of status reports versus other bundles. > > Also due to the multi-hop store and forward nature of this protocol > > the actual bottle neck may only occur several hops towards the > > receiver. What can be said about dropping status reports versus other > > bundles when there is a resource contention, either in storage or in > > convergence layers capability of forwarding messages within time. > > > > 14. Section 6 > > I fail to see any discussion of how the sender of a status report > > should set the lifetime and max hop. Can it actually take that > > information from the Bundle it is reporting on? > > > > 15. Section 10. > > > > I think this section needs to be clearer. Several improvements that > > can be made. > > > > · I recommend individual sub-sections per registry operation > > · Can you be clearer in references to point to specific > > sections of definitions that makes it simpler to find the relevant > > from the IANA registry? > > > > More specific parts. > > > > This document defines the following additional Bundle Protocol > > block > > types, for which values are to be assigned from the Bundle > > Administrative Record Types namespace [RFC6255]: > > > > First of all according to the registry, this registry is actually > > created by RFC 7116. > > > > This and the observation that the things you attempt to register in > > this registry you are actual called Bundle Block Types in your > > document. Thus, I have to ask are you actually addressing the right > > registry, or is the issue that you actually need per version specific > > registries for example Bundle Block Types? If it is the later, then > > lets define new registries. Possibly there should be a new major page > > for BPv7. Not having read all the old documents, you likely have to > > consider which registries are version specific and which are not. > > > > 16. Section 10: > > > > For the new registry, do you have any requirements for registrations > > that should be written out. And in addition any criteria you want the > > expert to consider when approving or rejecting registries? And is > > this registry version 7 specific or not? > > > > 17. Section 4.1.1: > > > > The CRCs are lacking proper normative references. Needed for both 1 > > and 2. Note that you have [CRC] that is currently unused. > > > > 18. Section 11.2: > > [BPSEC] is a normative reference. > > [RFC6255] is normatively referenced for their registration > > procedures. > > > > 19. Section 13, Section 4.2.2 > > > > This Section 13 item was something I wondered over: > > > > . Restructure primary block, making it immutable. Add optional > > CRC. > > > > Did I simply miss where that is said in the context of Section 4.2.2? > > > > 20. Optional CRCs > > > > Why are the primary block CRC optional? I assume the intention with > > it is to do a verification that the primarily block with the > > addressing information hasn't become corrupted in the transmission > > between nodes, similar to the checksums we have in other protocols. > > Under which conditions will not using it be a reasonable idea? Are > > you expecting other mechanisms to cover for it, or are you reasoning > > that having corrupted bundles being delivered to the wrong places is > > not an issue? As the primarily block is the main addressing part, I > > would think the considerations that went into discussion of the > > (almost) always usage of the UDP checksum for IPv6 applies here. Also > > the implications for corruptions and cost in some DTNs for stray data > > appears quite high. > > > > > > Cheers > > > > Magnus Westerlund > > > > _______________________________________________ > > dtn mailing list > > dtn@ietf.org > > https://www.ietf.org/mailman/listinfo/dtn > -- > Cheers > > Magnus Westerlund > > > ---------------------------------------------------------------------- > Network Architecture & Protocols, Ericsson Research > ---------------------------------------------------------------------- > Ericsson AB | Phone +46 10 7148287 > Torshamnsgatan 23 | Mobile +46 73 0949079 > SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com > ---------------------------------------------------------------------- >
- [dtn] AD evaluation of draft-ietf-dtn-bpbis-13 Magnus Westerlund
- Re: [dtn] AD evaluation of draft-ietf-dtn-bpbis-13 R. Atkinson
- Re: [dtn] AD evaluation of draft-ietf-dtn-bpbis-13 Magnus Westerlund
- Re: [dtn] AD evaluation of draft-ietf-dtn-bpbis-13 Magnus Westerlund
- Re: [dtn] AD evaluation of draft-ietf-dtn-bpbis-13 Templin (US), Fred L
- Re: [dtn] AD evaluation of draft-ietf-dtn-bpbis-13 Magnus Westerlund
- Re: [dtn] AD evaluation of draft-ietf-dtn-bpbis-13 R. Atkinson
- Re: [dtn] [EXTERNAL] Re: AD evaluation of draft-i… Burleigh, Scott C (312B)
- Re: [dtn] AD evaluation of draft-ietf-dtn-bpbis-13 Burleigh, Scott C (US 312B)
- Re: [dtn] AD evaluation of draft-ietf-dtn-bpbis-13 Magnus Westerlund
- Re: [dtn] AD evaluation of draft-ietf-dtn-bpbis-13 Magnus Westerlund
- Re: [dtn] AD evaluation of draft-ietf-dtn-bpbis-13 Burleigh, Scott C (US 312B)