Re: [icnrg] [irsg] Review of "Architectural Considerations of ICN using Name Resolution Service"

Jungha Hong <> Sat, 13 February 2021 08:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9A58A3A09EF for <>; Sat, 13 Feb 2021 00:05:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id D-_f7HKAmY6u for <>; Sat, 13 Feb 2021 00:05:27 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 030183A0BBA for <>; Sat, 13 Feb 2021 00:05:20 -0800 (PST)
Received: from unknown (HELO ( by with ESMTP; 13 Feb 2021 16:58:31 +0900
Received: from [] (HELO ([]) by with SMTP id 6a6c6ff1602786ad; Sat, 13 Feb 2021 16:58:37 +0900
DKIM-Signature: a=rsa-sha256; b=TwVnb6XYLRUwbHw4HIUGAtcyHjjYML1bKeeisBO6gUmlgHIX6fX7/p7ZwdD1XYwTi+0enTz2Z3 e5PPBFw/CGQ+GqZQPTiN5MPvwoxNyXQqowPj4PWu0B2sTXQ8k9RbJFxb7yry57go0dyXCAEQQY9G Ujqqt8qn0zbOLCUqZHgRqQm632KkJShGs55GqrvGSgKLFST7HIe2taenxFC4NHhkYqkVcggaWsux 7knBbZcT93QRH84e62ZN3/8+xNkUrzxmo8kmTMAav6l/Jzt2Z7pXg4+rie8r2peCCoYxKtpexXYF rFF+op2McOKevjDFKbdPQ6eplNpAAwSr3gvch8/w==; c=relaxed/relaxed; s=selector;; v=1; bh=Od75uPadmnYYDcRI17+lE/CzhVulv3vV8l28u6bu/yk=; h=From:To:Subject:Message-ID;
Dooray-Meta-Signature: 3BynwI4Z+zO2X3VU6qRAcmuCZ0QTc/ysuGh+7AhFwg4xTyIb+2h9q IJM/0Mqytsc6s915o7W1VucUCd+W2Cmmzb1Yz6hTpO6WkJGj6mVBaiigzlMafiLUfPLuVCEGghQN +5cTstoN1WoRuXFWogBccBT1l4Wg9FkzJXEZcHLl5cWZGY8UoqFBAVTx1tnfMaAUEU2g8O61UBAk LPy2v77/BW4QqI3fK829ycRlF8vQ8Kg+kjelb3zJouvP7C4v1j5Wx73500OmDQrF4WLnesyviUlm bTqLaDKkPJQCY3i7S1eGL2hmjgQvce7yOPhMfUsLlCnJvAPBXmepCR/VVWs1g==
Received: from [] (HELO ([]) by with SMTP id 833befb4602786ad; Sat, 13 Feb 2021 16:58:37 +0900
From: Jungha Hong <>
To:,,, Christopher Wood <>
Message-ID: <>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64
X-Dsn-Request: true
X-Dooray-Agent: mail-api
X-Dooray-Mail-Id: 2943543250863188682
Importance: Normal
X-Priority: Normal
X-MSMail-Priority: Normal
Date: Sat, 13 Feb 2021 16:58:36 +0900 (KST)
Archived-At: <>
Subject: Re: [icnrg] [irsg] Review of "Architectural Considerations of ICN using Name Resolution Service"
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Information-Centric Networking research group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 13 Feb 2021 08:05:36 -0000

Dear Chris,

Thanks a lot for the review.

The revised document, draft-irtf-icnrg-nrsarch-considerations-06 has been just submitted. 
We tried to address your comments as much as possible. 

Please take a look at our responses explained in-line below and let us know again if anything is unclear.

Jungha Hong 

-----Original Message-----
From:  "Christopher Wood" <>
To:      <>rg>;   <>rg>;   <>rg>; 
Sent:  2021-01-11 (월) 23:55:08 (UTC+09:00)
Subject: Review of "Architectural Considerations of ICN using Name Resolution Service"

Document: draft-irtf-icnrg-nrsarch-considerations-05

The summary of the review is: Ready with issues


Given that this is a considerations document for ICNRG, I think the level of detail is probably fine here. My biggest concern is the lack of discussion around NRS mapping management. The document states:

   When an NRS is utilized in an ICN architecture, security threats may
   increase in various aspects...

And then briefly describes "Name Space Management." It states that producer authentication is required, but I would like to see some more discussion there. In particular, is authentication required for only insertion into the NRS? What about updates or removal? (Something like BEAD [1] might help deal with deletion.)

[Editor’s response and revision]
Authentication is required for all insertion and update of mapping records. We have added text to clarify this point in Section 8 (mainly in NRS protocol and message security.) The update includes the substitution and deletion. 

On a related topic, how do clients (resolvers) know if they received the most up-to-date version of an NRS mapping? Should these be stored in cacheable content objects, or in new protocol messages that are not cached? This relates to the discussion around mobility, and I'm not sure how much detail you want to add here. Maybe just mentioning the possibility of stale content as a consideration will suffice.

[Editor’s response and revision]
As the approaches used in mobility management, we may consider assigning validity time or a lifetime of each mapping record. The lifetime can be renewed only by the authoritative producer or node while the cached mapping records get erased after the lifetime expires unless a lifetime extension indication is obtained from the authoritative producer. This description has been added to the first and last bullets in Section 5.1.  

Lastly, how a NRS impacts client behavior seems a bit unclear at the moment. This document seems to suggest that names can only map to other NDOs, and not, for example, prefixes. Should it be possible to query the NRS with a name prefix, and the NRS performs LPM to return the mapped value? What are the implications for clients if they can query by prefix? Should they always query the NRS before sending an interest for a name?

[Editor’s response and revision]
In this document, we have assumed that name (in general) can be mapped to routable prefixes, locators, alias names, or off-path-cache pointers (in various Sections, e.g. 2, 5). We have not assumed any specific key for searching mapping records. Moreover, we have not mentioned the search key matching procedure. Clients can query by a prefix if the NRS system supports it. Clients are not required to always query the NRS before sending an interest for a named content if the ICN architecture allows ICN routers to perform name resolution. This statement has been written in Section 2 (NRS resolver, NRS client) and Section 5.1 (Name resolution).

I hope this helps.