Re: [icnrg] [irsg] Review of "Architectural Considerations of ICN using Name Resolution Service"

Colin Perkins <csp@csperkins.org> Mon, 05 April 2021 17:04 UTC

Return-Path: <csp@csperkins.org>
X-Original-To: icnrg@ietfa.amsl.com
Delivered-To: icnrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2C893A1FE9; Mon, 5 Apr 2021 10:04:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=csperkins.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5egoVrDQoa3q; Mon, 5 Apr 2021 10:04:26 -0700 (PDT)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 211DF3A1FF3; Mon, 5 Apr 2021 10:04:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=csperkins.org; s=mythic-beasts-k1; h=To:Date:From:Subject; bh=DxzTsPg4LxhzTUrgQiB2Hk+BMk/JMDRdBfJtRymQDEc=; b=bKFV413XxMz0NMWp/S1J0KLE8f 5VeGqzOGlJV9NVVf1mgYVtFD9Ukyabyeuou89RLOScDZQN/mTzE6psGfwAxBGvhgGGZcctemGBzHN ftk0L4VpOEpxkL3zTmhlTjfxYne3aa7XDenPQS3jUz7IlVvjWsPc9R7sKfSLHN8rH2JsM55t5z1cI 5twxj56r20Yd8nwu7/Aj6+rzYXdC5VS+S0X6AHmnWRUYocc/rZZtxzKY7Ycj2FUc05BWUrl86Gv0F MsIc9eWAoAmsM8P8JJ7dJlZXMlQHVlPl1j7HDFZvtuKlasnz1ad9RCUvyJKTliLCD2MqoCDtLb8ci lQa5bzYg==;
Received: from [81.187.2.149] (port=34703 helo=[192.168.0.69]) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from <csp@csperkins.org>) id 1lTSdy-0002sT-HL; Mon, 05 Apr 2021 18:04:10 +0100
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
From: Colin Perkins <csp@csperkins.org>
X-Priority: Normal
In-Reply-To: <md3azxhle216.md3azxhmjom3.g1@dooray.com>
Date: Mon, 5 Apr 2021 18:03:57 +0100
Cc: The IRSG <irsg@irtf.org>, draft-irtf-icnrg-nrsarch-considerations@ietf.org, ICNRG <icnrg@irtf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1CEF11D4-C525-4496-AEE4-55A65DD596E6@csperkins.org>
References: <md3azxhle216.md3azxhmjom3.g1@dooray.com>
To: Jungha Hong <jhong@etri.re.kr>, Christopher Wood <caw@heapingbits.net>
X-Mailer: Apple Mail (2.3445.104.17)
X-BlackCat-Spam-Score: 4
Archived-At: <https://mailarchive.ietf.org/arch/msg/icnrg/_3ROxnYIcWAzxTlfyXlWPKaeRTg>
Subject: Re: [icnrg] [irsg] Review of "Architectural Considerations of ICN using Name Resolution Service"
X-BeenThere: icnrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Information-Centric Networking research group discussion list <icnrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/icnrg>, <mailto:icnrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/icnrg/>
List-Post: <mailto:icnrg@irtf.org>
List-Help: <mailto:icnrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/icnrg>, <mailto:icnrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Apr 2021 17:04:33 -0000

Thank you for updating the draft.

Chris – can you confirm if these changes address your concerns?

Thanks,
Colin



> On 13 Feb 2021, at 07:58, Jungha Hong <jhong@etri.re.kr> wrote:
> 
> Dear Chris,
> 
> Thanks a lot for the review.
> 
> The revised document, draft-irtf-icnrg-nrsarch-considerations-06 has been just submitted. 
> We tried to address your comments as much as possible. 
> (https://www.ietf.org/rfcdiff?url2=draft-irtf-icnrg-nrsarch-considerations-06)
> 
> Please take a look at our responses explained in-line below and let us know again if anything is unclear.
> 
> Thanks,
> Jungha Hong 
> 
> 
> -----Original Message-----
> From:  "Christopher Wood" <caw@heapingbits.net>
> To:      <irsg@irtf.org>rg>;   <draft-irtf-icnrg-nrsarch-considerations@ietf.org>rg>;   <icnrg@irtf.org>rg>; 
> Cc:    
> Sent:  2021-01-11 (월) 23:55:08 (UTC+09:00)
> Subject: Review of "Architectural Considerations of ICN using Name Resolution Service"
> 
> Document: draft-irtf-icnrg-nrsarch-considerations-05
> 
> The summary of the review is: Ready with issues
> 
> Comments: 
> 
> Given that this is a considerations document for ICNRG, I think the level of detail is probably fine here. My biggest concern is the lack of discussion around NRS mapping management. The document states:
> 
>   When an NRS is utilized in an ICN architecture, security threats may
>   increase in various aspects...
> 
> And then briefly describes "Name Space Management." It states that producer authentication is required, but I would like to see some more discussion there. In particular, is authentication required for only insertion into the NRS? What about updates or removal? (Something like BEAD [1] might help deal with deletion.)
> 
> [Editor’s response and revision]
> Authentication is required for all insertion and update of mapping records. We have added text to clarify this point in Section 8 (mainly in NRS protocol and message security.) The update includes the substitution and deletion. 
> 
> On a related topic, how do clients (resolvers) know if they received the most up-to-date version of an NRS mapping? Should these be stored in cacheable content objects, or in new protocol messages that are not cached? This relates to the discussion around mobility, and I'm not sure how much detail you want to add here. Maybe just mentioning the possibility of stale content as a consideration will suffice.
> 
> [Editor’s response and revision]
> As the approaches used in mobility management, we may consider assigning validity time or a lifetime of each mapping record. The lifetime can be renewed only by the authoritative producer or node while the cached mapping records get erased after the lifetime expires unless a lifetime extension indication is obtained from the authoritative producer. This description has been added to the first and last bullets in Section 5.1.  
> 
> Lastly, how a NRS impacts client behavior seems a bit unclear at the moment. This document seems to suggest that names can only map to other NDOs, and not, for example, prefixes. Should it be possible to query the NRS with a name prefix, and the NRS performs LPM to return the mapped value? What are the implications for clients if they can query by prefix? Should they always query the NRS before sending an interest for a name?
> 
> [Editor’s response and revision]
> In this document, we have assumed that name (in general) can be mapped to routable prefixes, locators, alias names, or off-path-cache pointers (in various Sections, e.g. 2, 5). We have not assumed any specific key for searching mapping records. Moreover, we have not mentioned the search key matching procedure. Clients can query by a prefix if the NRS system supports it. Clients are not required to always query the NRS before sending an interest for a named content if the ICN architecture allows ICN routers to perform name resolution. This statement has been written in Section 2 (NRS resolver, NRS client) and Section 5.1 (Name resolution).
> 
> I hope this helps.
> 
> Best,
> Chris
> 
> [1] https://arxiv.org/pdf/1512.07311.pdf
> 
> _______________________________________________
> icnrg mailing list
> icnrg@irtf.org
> https://www.irtf.org/mailman/listinfo/icnrg