Re: [homenet] Alia Atlas' No Objection on draft-ietf-homenet-hncp-09: (with COMMENT)

Markus Stenberg <markus.stenberg@iki.fi> Mon, 23 November 2015 17:17 UTC

Return-Path: <markus.stenberg@iki.fi>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5422F1A9150; Mon, 23 Nov 2015 09:17:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.078
X-Spam-Level:
X-Spam-Status: No, score=0.078 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_NEUTRAL=0.779] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PSxdSCgupAQs; Mon, 23 Nov 2015 09:17:01 -0800 (PST)
Received: from julia1.inet.fi (mta-out1.inet.fi [62.71.2.193]) by ietfa.amsl.com (Postfix) with ESMTP id 9669A1A914B; Mon, 23 Nov 2015 09:17:00 -0800 (PST)
Received: from poro.lan (80.220.86.47) by julia1.inet.fi (9.0.002.03-2-gbe5d057) (authenticated as stenma-47) id 5613C7B10155A3E7; Mon, 23 Nov 2015 19:15:10 +0200
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 9.1 \(3096.5\))
From: Markus Stenberg <markus.stenberg@iki.fi>
In-Reply-To: <20151120170938.3181.9355.idtracker@ietfa.amsl.com>
Date: Mon, 23 Nov 2015 19:16:57 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <A618CB70-9957-48AB-B49D-2C1C65F12D0D@iki.fi>
References: <20151120170938.3181.9355.idtracker@ietfa.amsl.com>
To: Alia Atlas <akatlas@gmail.com>
X-Mailer: Apple Mail (2.3096.5)
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/jsip4Zp94vfNFd-1lMwDGBkYPPA>
Cc: homenet-chairs@ietf.org, homenet@ietf.org, Mark Townsley <mark@townsley.net>, The IESG <iesg@ietf.org>, draft-ietf-homenet-hncp@ietf.org
Subject: Re: [homenet] Alia Atlas' No Objection on draft-ietf-homenet-hncp-09: (with COMMENT)
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Nov 2015 17:17:05 -0000

Heya,

thanks for the review :)

> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> I support Brian's Discuss.
> 
> 1)  In Sec 1.1, it states "...in homenet environments where multiple IPv6
> 
>   source-prefixes can be present, routing based on source and
> destination 
>   address is necessary [RFC7368]."
> 
>   Looking at RFC7368, I don't see anything that matches the strength of
> this
>   assertion which says in Sec 3.2.4 merely  "Another avenue is to
> introduce support
>   throughout the homenet for routing that is based on the source as
>   well as the destination address of each packet."
> 
>   While src-dest routing is certainly a solution - and an interesting
> one - it doesn't
>   seem at all appropriate for an HNCP spec to assert that it is
> necessary.

True. However, we were asked to describe the applicability, and I consider e.g. tunneling solution inferior so I would rather not propose that here. (And you either need tunneling or src-dst routing for this to work, and defining new tunneling scheme just for this to work is much harder than saying src-dst). Without one of them, the solution will break BCP-38 and not work.

What would be the other realistic option to change here? The whole applicability mess showed up somewhere in the review process, and I would rather not have it, but dropping it is not an option either.

> 2) For the DNCP profile,  draft-ietf-homenet-dncp-12 says  "Anything
> received over multicast, except Node Endpoint TLV (Section 7.2.1) and
> Network State TLV (Section 7.2.2)." and this draft says "HNCP nodes MUST
> ignore all Node State TLVs received via multicast
> on a link which has DNCP security enabled in order to prevent spoofing
> of node state changes."
> Could you please align and clarify the desired behavior for HNCP?

The part you are quoting from DNCP profile notes only what _can_ be defined to be ignored by profiles. HNCP as written is correct.

I welcome deltas which make it more correct, but you did not quote the preceding paragraph which says this in DNCP:

   o  When receiving TLVs, what sort of TLVs are ignored in addition -
      as specified in Section 4.4 - e.g., for security reasons.  While
      the security of the node data published within the Node State TLVs
      is already ensured by the base specification (if secure unicast
      transport is enabled, Node State TLVs are sent only via unicast as
      multicast ones are ignored on receipt), if a profile adds TLVs
      that are sent outside the node data, a profile should indicate
      whether or not those TLVs should be ignored if they are received
      via multicast or non-secured unicast.  A DNCP profile may define
      the following DNCP TLVs to be safely ignored:

Cheers,

-Markus