IETF Logo Mail Archive

Re: [homenet] Stephen Farrell's No Objection on draft-ietf-homenet-prefix-assignment-07: (with COMMENT)

Pierre Pfister <pierre.pfister@darou.fr> Wed, 08 July 2015 21:52 UTC

Return-Path: <SRS0=EACP=HQ=darou.fr=pierre.pfister@bounces.m4x.org>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9137A1A8883; Wed, 8 Jul 2015 14:52:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tLF_f97EbUHC; Wed, 8 Jul 2015 14:52:45 -0700 (PDT)
Received: from mx1.polytechnique.org (mx1.polytechnique.org [129.104.30.34]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F0151A8880; Wed, 8 Jul 2015 14:52:45 -0700 (PDT)
Received: from [192.168.42.11] (ip-61.net-82-216-124.rev.numericable.fr [82.216.124.61]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 99E531408EEFF; Wed, 8 Jul 2015 23:52:42 +0200 (CEST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_350F77B1-ADCD-4728-97B0-2AB1B069E722"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\))
From: Pierre Pfister <pierre.pfister@darou.fr>
In-Reply-To: <20150708153717.19199.21891.idtracker@ietfa.amsl.com>
Date: Wed, 08 Jul 2015 23:52:42 +0200
Message-Id: <D572F2F6-57EF-4E71-AA99-1CB0E297826D@darou.fr>
References: <20150708153717.19199.21891.idtracker@ietfa.amsl.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.2102)
X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Wed Jul 8 23:52:42 2015 +0200 (CEST))
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/gDBSWtDRO5m0u-DksXxPsesDluE>
Cc: homenet@ietf.org, Mark Townsley <mark@townsley.net>, The IESG <iesg@ietf.org>, ray@bellis.me.uk
Subject: Re: [homenet] Stephen Farrell's No Objection on draft-ietf-homenet-prefix-assignment-07: (with COMMENT)
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jul 2015 21:52:47 -0000

Hello Stephen

Thanks for the comments,

See inline for my proposals.


> Le 8 juil. 2015 à 17:37, Stephen Farrell <stephen.farrell@cs.tcd.ie> a écrit :
> 
> Stephen Farrell has entered the following ballot position for
> draft-ietf-homenet-prefix-assignment-07: No Objection
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-homenet-prefix-assignment/
> 
> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> 
> - section 3: I expected some security text here, not to say that
> this all needs to be encrypted but rather to say that because
> this is flooding, you can't really encrypt it and that hence
> this scheme is only suited for smaller deployments and/or those
> with lower layer security already in place. (And hence also
> probably small.) 
> 
> - section 3: Similarly, you could also add some privacy text to
> the effect that this scheme only applies where the privacy
> characteristics of the various prefixes involved are all
> roughtly similar, that is, where there's no real privacy
> difference in which prefixes end up with which nodes. (Mind you,
> I need to ponder that a bit myself to see if it's really the
> case;-)

What about this addition to the applicability statement section:

NEW:
   Finally, leaving the Flooding Mechanism or Node ID assignment process
   unsecured makes the network vulnerable to deny of service attacks, as
   detailed in Section 8.  Additionally, as this algorithm requires all
   Nodes to know which Node has made which assignment, it may be
   unsuitable depending on privacy requirements among participating
   Nodes.

> 
> - sections 4 & 5: I found this impossible to understand in a
> (quick) linear reading. I'd find actual code easier tbh. It's
> interesting that Barry found this clear though (I did not,
> clearly:-) so this isn't a discuss. But why didn't you first
> provide an overview of the algorithm? 

It is, indeed, not straightforward, but I personally believe the text has the merit
of being unambiguous. 
I would recommend multiple pass anyway. And I believe it gets clearer when you
try to implement it.

> 
> - Where is the evidence that the algorithm converges? I'd have
> thought there would be a reference to an academic publication
> that also described the algorithm and a proof for convergence.
> 

I wrote a proof, but could not find the time to publish it in a scientific paper.
I am not sure describing the algorithm in a paper would be interesting, but the proof as well as best and worst case behaviors
might be nice to have.


Thanks,

- Pierre

v2.23.0 | Report a Bug | By Email