Re: [Gen-art] genART review of draft-ietf-cdni-logging-15
Jari Arkko <jari.arkko@piuha.net> Thu, 05 March 2015 11:15 UTC
Return-Path: <jari.arkko@piuha.net>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7110B1A86F8 for <gen-art@ietfa.amsl.com>; Thu, 5 Mar 2015 03:15:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HdyvwG5CZnAq for <gen-art@ietfa.amsl.com>; Thu, 5 Mar 2015 03:15:04 -0800 (PST)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by ietfa.amsl.com (Postfix) with ESMTP id 241021A8775 for <gen-art@ietf.org>; Thu, 5 Mar 2015 03:14:59 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id DF0892CC5D; Thu, 5 Mar 2015 13:14:57 +0200 (EET) (envelope-from jari.arkko@piuha.net)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AoxPnmfCeMx8; Thu, 5 Mar 2015 13:14:56 +0200 (EET)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2a00:1d50:2::130]) by p130.piuha.net (Postfix) with ESMTP id E41AF2CD0E; Thu, 5 Mar 2015 13:14:56 +0200 (EET) (envelope-from jari.arkko@piuha.net)
Content-Type: multipart/signed; boundary="Apple-Mail=_26943002-4A8D-4893-9273-5533E7C584C1"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <598E015C-8A02-46A6-B065-F676FE81A331@cisco.com>
Date: Thu, 05 Mar 2015 13:14:56 +0200
Message-Id: <E19918FF-AD65-4BC7-9E12-EDC182EB2FD5@piuha.net>
References: <CABkgnnU95w0SzS+PVZL0Lh0bCjfKr7DwYp0xajJ8-WBKnmao6w@mail.gmail.com> <CABkgnnXB73bvJ5KauMwveCNxcVof=r+ydEPZpDLCviob788exw@mail.gmail.com> <598E015C-8A02-46A6-B065-F676FE81A331@cisco.com>
To: "Francois Le Faucheur (flefauch)" <flefauch@cisco.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/WsQJfunPk09_LVD-Cm5QcbbP1Mw>
Cc: "gen-art@ietf.org" <gen-art@ietf.org>, "draft-ietf-cdni-logging.all@tools.ietf.org" <draft-ietf-cdni-logging.all@tools.ietf.org>
Subject: Re: [Gen-art] genART review of draft-ietf-cdni-logging-15
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2015 11:15:06 -0000
Thanks for your detailed review, Martin, and for your work on this important document, Francois. Where are we with the updates? I chose to hold a Discuss on the IESG telechat to ensure that a couple of things are resolved. But if you already have changed text, I could clear. Jari On 16 Feb 2015, at 17:16, Francois Le Faucheur (flefauch) <flefauch@cisco.com> wrote: > Hi, > > Thank you Martin. > We are working on this. > > Francois > >> On 12 Feb 2015, at 02:24, Martin Thomson <martin.thomson@gmail.com> wrote: >> >> And because I hit send too soon, here's more... >> >> I think that this is ready. I have a couple of major concerns: >> >> Major General 1. >> >> However, I would like to see more consideration given to forward >> compatibility. There are a lot of normative statements regarding what >> MUST be included in the file, but no actions described for a receiver. >> That means that it is hard to establish expectations regarding file >> format evolution. If the file is rejected when the version isn't >> "CDNI/1.0", then that makes changes to that field impossible (and the >> specification of ABNF for it somewhat pointless). >> >> Major Specific 2. >> >> An implementation of the CDNI Logging interface MUST support the >> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 cipher suite ( [RFC5288]). >> >> Please don't do that. There are mandatory to implement cipher suites >> in all the specs you cite and you don't need anything special here. I >> have no problem with recommending PFS suites, but you might be better >> served there by citing the uta TLS usage draft: >> https://tools.ietf.org/html/draft-ietf-uta-tls-bcp >> >> S 3.4.1 >> o cs(<HTTP-header-name>): >> HTTP header fields, esp. in HTTP/2 can contain HTAB, even if that >> isn't permitted by the grammar. You probably want to describe how >> that is handled. >> >> Bottom of P33 (won't adding the established-origin directive >> invalidate the MD5? What do you expect to happen there? (I see two >> choices, it would help if you could even *hint* at what you would >> prefer implementations to do). >> >> Nit: HTTP/2 not HTTP/2.0 >> >> Question: There is no mention made of range requests, for which this >> might be well suited, particularly if files get large. >> >> I note the privacy considerations are pretty reasonable. I'd be much >> happier if IP anonymization were not optional though. >> >> >> >> On 12 February 2015 at 12:02, Martin Thomson <martin.thomson@gmail.com> wrote: >>> I am the assigned Gen-ART reviewer for this draft. For background on >>> Gen-ART, please see the FAQ at >>> >>> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. >>> >>> Please resolve these comments along with any other Last Call comments >>> you may receive. >>> >>> Document: draft-ietf-cdni-logging-15 >>> Reviewer: Martin Thomson >>> Review Date: 2015-02-12 >>> IETF LC End Date: 2015-02-18 >>> IESG Telechat date: (if known) >>> >>> Summary: >>> >>> Major issues: >>> >>> Minor issues: >>> >>> S3.1 needs to define the basic atom that is used for the logging file. >>> It appears as though the atom is an octet. >>> >>> S3.2 uses the wildcard ABNF rule (i.e., <text....>) too aggressively. >>> RECLINE (a potentially confusing name) could be more strictly defined. >>> >>> <CDNI Logging File> = 1*<DIRGROUP RECGROUP> >>> >>> ... is not valid and could be: >>> >>> CDNI-LOG-FILE = 1*(DIRGROUP / RECGROUP) >>> >>> That implies that an empty file is not valid. I'd have thought that * >>> rather than 1* would be better. >>> >>> S3.3 again uses wildcard rules too aggressively. DIRNAME (not the >>> unix command) should be defined more explicitly, even if it is just to >>> specify what characters are allowed. Use text to further constrain >>> it. As it stands, a generic processor cannot know that the name >>> doesn't permit the inclusion of (for instance) ":" or CRLF. A common >>> method is to define something like this as: >>> >>> DIRNAME = Version-directive / UUID-directive / ... / extension-directive >>> >>> More commonly, go up a level and define directive using the choice. >>> That way, each directive can define a name and value together using >>> ABNF. e.g. >>> >>> Version-directive = "Version" ":" HTAB "CDNI" "/" 1*DIGIT "." 1*DIGIT >>> >>> I wouldn't be so prescriptive about the version format. Unless there >>> are specific semantics you want to extract from each digit. >>> >>> What is a receiver expected to do if the version *isn't* CDNI/1.0 ? >>> Discard the entire file? That doesn't seem like a good way to ensure >>> forward compatibility. >>> >>> UUID: this a Universally Unique IDentifier (UUID) >>> from the UUID Uniform Resource Name (URN) namespace specified >>> in [RFC4122]) for the CDNI Logging File. >>> >>> I don't know how to apply this. Is it the UUID portion of the URN or a URN? >>> >>> Please don't use MUST here: If the >>> two values are equal, then the received CDNI Logging File MUST >>> be considered non-corrupted. >>> >>> MD5 collisions are easy to manufacture. I'd also drop the MUST from >>> the following sentence. >>> >>> S3.4: more wildcards >>> >>> S3.4.1: I wouldn't worry about HTTP/2 being special here. All that >>> speculation is painful, especially since HTTP/2 will likely be >>> published before this document. Better to just cite it and avoid >>> getting caught up in the details. >>> >>> >>> >>> >>> Nits/editorial comments: >>> >>> There are lots of uses of lowercase "may". >>> >>> Page 6 has a few instances of missing hyphens in dCDN3/dCDN2 etc... >>> S6.2.1: chunck >>> >>> S3.1 the DATE/TIME rules can/should reference RFC 3339 >>> >>> S3.3 using ":" HTAB as a separator makes it hard to construct these >>> files manually. >>> >>> S3.4 use of "c:" in combination with the unordered list is confusing >>> when the prefix is actually "c-". Maybe use the string "c-" quotes >>> and all to denote the prefix. >>> >>> S3.4.1 citing RFC 7230 is sufficient for HTTP/1.1; and probably for >>> HTTP in general at this moment. > > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art
- [Gen-art] genART review of draft-ietf-cdni-loggin… Martin Thomson
- Re: [Gen-art] genART review of draft-ietf-cdni-lo… Martin Thomson
- Re: [Gen-art] genART review of draft-ietf-cdni-lo… Francois Le Faucheur (flefauch)
- Re: [Gen-art] genART review of draft-ietf-cdni-lo… Jari Arkko
- Re: [Gen-art] genART review of draft-ietf-cdni-lo… Francois Le Faucheur (flefauch)
- Re: [Gen-art] genART review of draft-ietf-cdni-lo… Francois Le Faucheur (flefauch)
- Re: [Gen-art] genART review of draft-ietf-cdni-lo… Francois Le Faucheur (flefauch)
- Re: [Gen-art] genART review of draft-ietf-cdni-lo… Jari Arkko
- Re: [Gen-art] genART review of draft-ietf-cdni-lo… Martin Thomson
- Re: [Gen-art] genART review of draft-ietf-cdni-lo… Francois Le Faucheur (flefauch)
- Re: [Gen-art] genART review of draft-ietf-cdni-lo… Francois Le Faucheur (flefauch)
- Re: [Gen-art] genART review of draft-ietf-cdni-lo… Martin Thomson
- Re: [Gen-art] genART review of draft-ietf-cdni-lo… Martin Thomson
- Re: [Gen-art] genART review of draft-ietf-cdni-lo… Francois Le Faucheur (flefauch)
- Re: [Gen-art] genART review of draft-ietf-cdni-lo… Martin Thomson