IETF Logo Mail Archive

Re: [Gen-art] Gen-ART review of draft-ietf-mpls-gach-adv-06

Stewart Bryant <stbryant@cisco.com> Mon, 29 April 2013 09:19 UTC

Return-Path: <stbryant@cisco.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B39C21F9D17; Mon, 29 Apr 2013 02:19:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.765
X-Spam-Level:
X-Spam-Status: No, score=-109.765 tagged_above=-999 required=5 tests=[AWL=0.833, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id al+ScWb2QxU6; Mon, 29 Apr 2013 02:19:28 -0700 (PDT)
Received: from ams-iport-3.cisco.com (ams-iport-3.cisco.com [144.254.224.146]) by ietfa.amsl.com (Postfix) with ESMTP id F354021F9D12; Mon, 29 Apr 2013 02:19:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=20795; q=dns/txt; s=iport; t=1367227167; x=1368436767; h=message-id:date:from:reply-to:mime-version:to:cc:subject: references:in-reply-to; bh=1yMBsnFM3SnZFpZDjHuOLhUnaeimQv/VQZ5zMYipzzk=; b=csLZqwzD+FGwkaj1Q94Evk4r8JEZpp308aEsESbQrTRICop89nWJ940Q t08Fquu4uXeLhhDLVsZyRkNnzt4F7keBh2puSsyVaKHXQTcwy16Km4DnP Q0utuVDqgFDECXDug1pDUAQYdhK7vESQgP/dmq3g/HXR1XewKSS6vYY4z Q=;
X-IronPort-AV: E=Sophos; i="4.87,572,1363132800"; d="scan'208,217"; a="13159643"
Received: from ams-core-4.cisco.com ([144.254.72.77]) by ams-iport-3.cisco.com with ESMTP; 29 Apr 2013 09:19:26 +0000
Received: from cisco.com (mrwint.cisco.com [64.103.70.36]) by ams-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id r3T9JO3t015207 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 29 Apr 2013 09:19:24 GMT
Received: from [IPv6:::1] (localhost [127.0.0.1]) by cisco.com (8.14.4+Sun/8.8.8) with ESMTP id r3T9JMwj018269; Mon, 29 Apr 2013 10:19:23 +0100 (BST)
Message-ID: <517E3B1A.4060403@cisco.com>
Date: Mon, 29 Apr 2013 10:19:22 +0100
From: Stewart Bryant <stbryant@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: stbryant@cisco.com
References: <CABkgnnW-53MVHZaW4QweqBjrPGCrP=fCNQ+LJdaG__ePh2tn1A@mail.gmail.com> <CABkgnnXOcDRkp=6e8aDdhTbk+s=hkR2wCkXoJcWGn8sjrRi2cg@mail.gmail.com> <517ABCF0.2080701@cisco.com>
In-Reply-To: <517ABCF0.2080701@cisco.com>
Content-Type: multipart/alternative; boundary="------------090704020608090509060806"
Cc: "Bocci, Matthew (Matthew)" <matthew.bocci@alcatel-lucent.com>, "gen-art@ietf.org" <gen-art@ietf.org>, sec-ads@tools.ietf.org, danfrost@cisco.com, "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-mpls-gach-adv.all@tools.ietf.org
Subject: Re: [Gen-art] Gen-ART review of draft-ietf-mpls-gach-adv-06
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: stbryant@cisco.com
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2013 09:19:29 -0000

Now I understand Adrian's comment.

GenArt review did not go to the IESG.

Stewart

On 26/04/2013 18:44, Stewart Bryant wrote:
> Including Sec ADs as this involves a change to the Authentication section.
>
> Section 6.3 now says
>
> The HMAC proceedure described in [RFC2104] is used to compute the hash.
> The hash is computed over the entire GAP message as shown in Fig1.
> The length of the Authentication Data field is always less than or equal
> to the message digest size of the specific hash function that is being
> used, however the implementer needs to consider that although this
> decreases the size of the message, it results in a corresponding
> reduction in the strength of the assurance provided.
> Hash truncation is not RECOMMENDED.
>
> I will address any other security issues in another editing pass and
> respond to their Discuss email.
>
>
> On 10/03/2013 17:52, Martin Thomson wrote:
>> I sent the following review a few weeks back.  I just wanted to make 
>> sure that it didn't get accidentally stored in /dev/null.
>>
>>
>> On 15 February 2013 14:33, Martin Thomson <martin.thomson@gmail.com 
>> <mailto:martin.thomson@gmail.com>> wrote:
>>
>>     I am the assigned Gen-ART reviewer for this draft. For background on
>>     Gen-ART, please see the FAQ at
>>
>>     <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
>>
>>     Please resolve these comments along with any other Last Call comments
>>     you may receive.
>>
>>     Document: draft-ietf-mpls-gach-adv-06
>>     Reviewer: Martin Thomson
>>     Review Date: 2013-02-15
>>     IETF LC End Date: 2013-02-27
>>     IESG Telechat date: (if known)
>>
>>     Summary: The document is almost ready for publication as proposed
>>     standard.  There is a major issue that should be easy to resolve.
>>
>>     Major issues:
>>
>>     Section 6.3 duplicates the description of HMAC provided in RFC 2104.
>>     That is likely to cause a bug.
>>
>>     If you reference RFC 2104, then the only requirement is a clear
>>     specification for what message is input to the HMAC.  Currently, this
>>     is buried.  It is unclear if the input includes the G-ACh header
>>     defined in RFC 5586 (it doesn't need to, but this needs to be made
>>     explicit).
>>
>>     Filling the authentication part with 0x878FE1F3 seems unnecessary
>>     busy
>>     work, but it's harmless as long as the hash function produces a
>>     multiple of 32 bits of output.
>>
>
> All done please see above.
>>
>>
>>     Minor issues:
>>
>>     To avoid forward compatibility issues, reserved fields should come
>>     with guidance that says: "Implementations of this protocol version
>>     MUST set reserved fields to all zero bits when sending and ignore any
>>     value when receiving messages."
>>
> The following was added just before Fig 1
>
> Implementations of this protocol version MUST set reserved fields in the
> message formats that follow, to all zero bits when sending and ignore
> any value when receiving messages.
>
> I feel that we should just write an update to RFC2119 to automatically
> include this or add it to the standard boiler plate.
>
>
>
>>     In Section 4.4, how does the duration interact with the lifetime?
>>     What happens when the duration is longer than lifetime such that the
>>     TLV is expunged before the duration is up?
>>
> The TLV would be deleted (per procedure) at its death date, and
> would not be sent again until at least duration has expired. This would
> be silly if the receiver wanted that TLV, but entirely reasonable
> if it dis not care about the TLV.
>
>>
>>     Section 5.2 states:
>>        [...] If one
>>        of the received TLV objects has the same Type as a previously
>>        received TLV then the data from the new object SHALL replace
>>     the data
>>        associated with that Type unless the X specification dictates a
>>        different behavior.
>>
>>     This leads to different retention characteristics depending on some
>>     arbitrary application-specific requirements.  It also complicates
>>     implementations.  Is there a strong motivation for the "unless the X
>>     specification dictates a different behavior" part of this statement?
>>
> One can imagine alternative behaviors such as maintaining a list of
> received values. Our goal was not to prejudge the application.
>
>>
>>     If this behaviour is desirable, a note regarding what happens to the
>>     composed TLV when some of the values that contribute to it might
>>     expire might be necessary.
>>
> The behaviour described is the action of the data and not of the TLV that
> it arrived in, so I don't think the problem you refer to can occur.
>
>>
>>     Regarding the last paragraph of Section 6.3:
>>               This also means that the use of hash functions with larger
>>               output sizes will increase the size of the GAP message as
>>               transmitted on the wire.
>>
>>     If you want to prevent hash truncation, then use 'MUST'.  Personally,
>>     I see no reason to do so.  It's a good way to get smaller messages,
>>     with a corresponding reduction in the strength of the assurance
>>     provided.
>>
> Please see new text above.
>
>>
>>     Nits:
>>
>>     Section 3 could use some subheadings to aid navigation (and
>>     referencing).
>>
> Done
>>
>>     Section 3 describes the size of fields only through ASCII-art.
>>      It's a
>>     fairly simple thing to add a bit count to the description of each
>>     field.  That includes the reserved fields, which have no
>>     descriptions.
>>
> Done
>>
>>
>>     I like the text in the editors note on page 8.  Why is it not the
>>     actual text already?
>>
> That was a hang over from AD review that was already addressed in the
> text. The note has been removed.
>>
>>
>>     Sections 4.2 and 4.3 could probably use a note that notes that
>>     retention of these TLVs doesn't make any sense.  These could be sent
>>     with zero lifetime, except that if these are sent along with the
>>     Source Address TLV, that's not possible... unless you send multiple
>>     application data blocks for the same application.  Is that possible?
>>
>>
> I have added the following text in each case:
>
> It is not necessary to retain this TLV.
>
> Thanks for the review
>
> Stewart


-- 
For corporate legal information go to:

http://www.cisco.com/web/about/doing_business/legal/cri/index.html

v2.23.0 | Report a Bug | By Email