Re: [Gen-art] Gen-ART review of draft-ietf-mpls-gach-adv-06
Stewart Bryant <stbryant@cisco.com> Mon, 29 April 2013 09:19 UTC
Return-Path: <stbryant@cisco.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B39C21F9D17; Mon, 29 Apr 2013 02:19:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.765
X-Spam-Level:
X-Spam-Status: No, score=-109.765 tagged_above=-999 required=5 tests=[AWL=0.833, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id al+ScWb2QxU6; Mon, 29 Apr 2013 02:19:28 -0700 (PDT)
Received: from ams-iport-3.cisco.com (ams-iport-3.cisco.com [144.254.224.146]) by ietfa.amsl.com (Postfix) with ESMTP id F354021F9D12; Mon, 29 Apr 2013 02:19:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=20795; q=dns/txt; s=iport; t=1367227167; x=1368436767; h=message-id:date:from:reply-to:mime-version:to:cc:subject: references:in-reply-to; bh=1yMBsnFM3SnZFpZDjHuOLhUnaeimQv/VQZ5zMYipzzk=; b=csLZqwzD+FGwkaj1Q94Evk4r8JEZpp308aEsESbQrTRICop89nWJ940Q t08Fquu4uXeLhhDLVsZyRkNnzt4F7keBh2puSsyVaKHXQTcwy16Km4DnP Q0utuVDqgFDECXDug1pDUAQYdhK7vESQgP/dmq3g/HXR1XewKSS6vYY4z Q=;
X-IronPort-AV: E=Sophos; i="4.87,572,1363132800"; d="scan'208,217"; a="13159643"
Received: from ams-core-4.cisco.com ([144.254.72.77]) by ams-iport-3.cisco.com with ESMTP; 29 Apr 2013 09:19:26 +0000
Received: from cisco.com (mrwint.cisco.com [64.103.70.36]) by ams-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id r3T9JO3t015207 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 29 Apr 2013 09:19:24 GMT
Received: from [IPv6:::1] (localhost [127.0.0.1]) by cisco.com (8.14.4+Sun/8.8.8) with ESMTP id r3T9JMwj018269; Mon, 29 Apr 2013 10:19:23 +0100 (BST)
Message-ID: <517E3B1A.4060403@cisco.com>
Date: Mon, 29 Apr 2013 10:19:22 +0100
From: Stewart Bryant <stbryant@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: stbryant@cisco.com
References: <CABkgnnW-53MVHZaW4QweqBjrPGCrP=fCNQ+LJdaG__ePh2tn1A@mail.gmail.com> <CABkgnnXOcDRkp=6e8aDdhTbk+s=hkR2wCkXoJcWGn8sjrRi2cg@mail.gmail.com> <517ABCF0.2080701@cisco.com>
In-Reply-To: <517ABCF0.2080701@cisco.com>
Content-Type: multipart/alternative; boundary="------------090704020608090509060806"
Cc: "Bocci, Matthew (Matthew)" <matthew.bocci@alcatel-lucent.com>, "gen-art@ietf.org" <gen-art@ietf.org>, sec-ads@tools.ietf.org, danfrost@cisco.com, "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-mpls-gach-adv.all@tools.ietf.org
Subject: Re: [Gen-art] Gen-ART review of draft-ietf-mpls-gach-adv-06
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: stbryant@cisco.com
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2013 09:19:29 -0000
Now I understand Adrian's comment. GenArt review did not go to the IESG. Stewart On 26/04/2013 18:44, Stewart Bryant wrote: > Including Sec ADs as this involves a change to the Authentication section. > > Section 6.3 now says > > The HMAC proceedure described in [RFC2104] is used to compute the hash. > The hash is computed over the entire GAP message as shown in Fig1. > The length of the Authentication Data field is always less than or equal > to the message digest size of the specific hash function that is being > used, however the implementer needs to consider that although this > decreases the size of the message, it results in a corresponding > reduction in the strength of the assurance provided. > Hash truncation is not RECOMMENDED. > > I will address any other security issues in another editing pass and > respond to their Discuss email. > > > On 10/03/2013 17:52, Martin Thomson wrote: >> I sent the following review a few weeks back. I just wanted to make >> sure that it didn't get accidentally stored in /dev/null. >> >> >> On 15 February 2013 14:33, Martin Thomson <martin.thomson@gmail.com >> <mailto:martin.thomson@gmail.com>> wrote: >> >> I am the assigned Gen-ART reviewer for this draft. For background on >> Gen-ART, please see the FAQ at >> >> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. >> >> Please resolve these comments along with any other Last Call comments >> you may receive. >> >> Document: draft-ietf-mpls-gach-adv-06 >> Reviewer: Martin Thomson >> Review Date: 2013-02-15 >> IETF LC End Date: 2013-02-27 >> IESG Telechat date: (if known) >> >> Summary: The document is almost ready for publication as proposed >> standard. There is a major issue that should be easy to resolve. >> >> Major issues: >> >> Section 6.3 duplicates the description of HMAC provided in RFC 2104. >> That is likely to cause a bug. >> >> If you reference RFC 2104, then the only requirement is a clear >> specification for what message is input to the HMAC. Currently, this >> is buried. It is unclear if the input includes the G-ACh header >> defined in RFC 5586 (it doesn't need to, but this needs to be made >> explicit). >> >> Filling the authentication part with 0x878FE1F3 seems unnecessary >> busy >> work, but it's harmless as long as the hash function produces a >> multiple of 32 bits of output. >> > > All done please see above. >> >> >> Minor issues: >> >> To avoid forward compatibility issues, reserved fields should come >> with guidance that says: "Implementations of this protocol version >> MUST set reserved fields to all zero bits when sending and ignore any >> value when receiving messages." >> > The following was added just before Fig 1 > > Implementations of this protocol version MUST set reserved fields in the > message formats that follow, to all zero bits when sending and ignore > any value when receiving messages. > > I feel that we should just write an update to RFC2119 to automatically > include this or add it to the standard boiler plate. > > > >> In Section 4.4, how does the duration interact with the lifetime? >> What happens when the duration is longer than lifetime such that the >> TLV is expunged before the duration is up? >> > The TLV would be deleted (per procedure) at its death date, and > would not be sent again until at least duration has expired. This would > be silly if the receiver wanted that TLV, but entirely reasonable > if it dis not care about the TLV. > >> >> Section 5.2 states: >> [...] If one >> of the received TLV objects has the same Type as a previously >> received TLV then the data from the new object SHALL replace >> the data >> associated with that Type unless the X specification dictates a >> different behavior. >> >> This leads to different retention characteristics depending on some >> arbitrary application-specific requirements. It also complicates >> implementations. Is there a strong motivation for the "unless the X >> specification dictates a different behavior" part of this statement? >> > One can imagine alternative behaviors such as maintaining a list of > received values. Our goal was not to prejudge the application. > >> >> If this behaviour is desirable, a note regarding what happens to the >> composed TLV when some of the values that contribute to it might >> expire might be necessary. >> > The behaviour described is the action of the data and not of the TLV that > it arrived in, so I don't think the problem you refer to can occur. > >> >> Regarding the last paragraph of Section 6.3: >> This also means that the use of hash functions with larger >> output sizes will increase the size of the GAP message as >> transmitted on the wire. >> >> If you want to prevent hash truncation, then use 'MUST'. Personally, >> I see no reason to do so. It's a good way to get smaller messages, >> with a corresponding reduction in the strength of the assurance >> provided. >> > Please see new text above. > >> >> Nits: >> >> Section 3 could use some subheadings to aid navigation (and >> referencing). >> > Done >> >> Section 3 describes the size of fields only through ASCII-art. >> It's a >> fairly simple thing to add a bit count to the description of each >> field. That includes the reserved fields, which have no >> descriptions. >> > Done >> >> >> I like the text in the editors note on page 8. Why is it not the >> actual text already? >> > That was a hang over from AD review that was already addressed in the > text. The note has been removed. >> >> >> Sections 4.2 and 4.3 could probably use a note that notes that >> retention of these TLVs doesn't make any sense. These could be sent >> with zero lifetime, except that if these are sent along with the >> Source Address TLV, that's not possible... unless you send multiple >> application data blocks for the same application. Is that possible? >> >> > I have added the following text in each case: > > It is not necessary to retain this TLV. > > Thanks for the review > > Stewart -- For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html
- [Gen-art] Gen-ART review of draft-ietf-mpls-gach-… Martin Thomson
- Re: [Gen-art] Gen-ART review of draft-ietf-mpls-g… Martin Thomson
- Re: [Gen-art] Gen-ART review of draft-ietf-mpls-g… Jari Arkko
- Re: [Gen-art] Gen-ART review of draft-ietf-mpls-g… Stewart Bryant
- Re: [Gen-art] Gen-ART review of draft-ietf-mpls-g… Martin Thomson
- Re: [Gen-art] Gen-ART review of draft-ietf-mpls-g… Stewart Bryant
- Re: [Gen-art] Gen-ART review of draft-ietf-mpls-g… Stewart Bryant
- Re: [Gen-art] Gen-ART review of draft-ietf-mpls-g… Martin Thomson
- Re: [Gen-art] Gen-ART review of draft-ietf-mpls-g… Stewart Bryant
- Re: [Gen-art] Gen-ART review of draft-ietf-mpls-g… Stewart Bryant
- Re: [Gen-art] Gen-ART review of draft-ietf-mpls-g… Stewart Bryant