[icnrg] Updates to the ICNRG Terminology Document: draft-irtf-icnrg-terminology

"David R. Oran" <daveoran@orandom.net> Fri, 17 January 2020 16:20 UTC

Return-Path: <daveoran@orandom.net>
X-Original-To: icnrg@ietfa.amsl.com
Delivered-To: icnrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0C13120024; Fri, 17 Jan 2020 08:20:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kbe8wpjwCSJh; Fri, 17 Jan 2020 08:20:02 -0800 (PST)
Received: from spark.crystalorb.net (spark.crystalorb.net [IPv6:2607:fca8:1530::c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 693AB120018; Fri, 17 Jan 2020 08:19:59 -0800 (PST)
Received: from [192.168.15.102] ([IPv6:2601:184:407f:80ce:9574:8edf:6314:7529]) (authenticated bits=0) by spark.crystalorb.net (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id 00HGJoKg019295 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Fri, 17 Jan 2020 08:19:52 -0800
From: "David R. Oran" <daveoran@orandom.net>
To: "Colin Perkins" <csp@csperkins.org>, "Mirja Kuehlewind" <ietf@kuehlewind.net>, "Benjamin Kaduk" <kaduk@mit.edu>
Cc: ICNRG <icnrg@irtf.org>, draft-irtf-icnrg-terminology@ietf.org
Date: Fri, 17 Jan 2020 11:19:45 -0500
X-Mailer: MailMate (1.13.1r5676)
Message-ID: <5DA61530-586A-4BE3-9ECA-6F02AE9899CE@orandom.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_164F7870-7018-4914-AA7E-10A91357C0BF_="
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/icnrg/hR3JFU8uUHdbem7pIXnbs5EnV9s>
Subject: [icnrg] Updates to the ICNRG Terminology Document: draft-irtf-icnrg-terminology
X-BeenThere: icnrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Information-Centric Networking research group discussion list <icnrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/icnrg>, <mailto:icnrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/icnrg/>
List-Post: <mailto:icnrg@irtf.org>
List-Help: <mailto:icnrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/icnrg>, <mailto:icnrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jan 2020 16:20:10 -0000

Many thanks to Benjamin and Mirja for their comments on the -07 draft 
that went through IESG conflict Review. I have produced a -08 version 
that hopefully addresses the comments adequately. Below please find my 
responses with notation of the consequent changes.

These are also captured in the Issue Tracker section of the document’s 
Github repository: 
https://github.com/icnrg/draft-irtf-icnrg-terminology/issues

The -08 version is available through the data tracker at 
https://datatracker.ietf.org/doc/draft-irtf-icnrg-terminology/.

Note: I did not copy either the whole IESG nor the IRSG on this message 
to reduce noise. If any of you think they should see it, please redirect 
or forward.

Thanks!!!


###Comments from Mirja###

- Sec 3.3. defines *Interest aggregation* and says "Not the same as 
Interest suppression.”, however, Interest suppression is not 
defined…?

Ah: good catch. This is a bit of a historical hangover from when the 
architecture talked about suppression and aggregation as different in 
some ways. It turns out that aggregation is the more general and more 
accurate way to describe the designs. So, I’m getting rid of that 
sentence.

- Nit in sec 4.4: s/can be turned into into a database/can be turned 
into a database/ -> 2x into

Fixed.

###Comments from Benjamin###

####Section 2####

- Trust: “Data authenticity is distinct from data trustworthiness, 
though the two concepts are related.  A packet is authentic if it has a 
valid name-to-content binding.  A packet is trustworthy, i.e., it  comes 
from a reputable or trusted origin, if this binding is valid in the 
context of a trust model.  Section 6 discusses this further.” I think 
I see what is intended here, but distinguishing between "valid" and 
"valid in the context of a trust model" is a pretty subtle 
differentiation. Some more discussion about a given named entity being 
expected to produce certain content might help (but then again, might 
not).

I was inclined to leave this as is, but perhaps adding something like 
what you suggest is actually helpful. So, I added the sentence before 
the reference section 6: “The trust model provides assurance that the 
name used for a given piece of content is appropriate for the value of 
the content”. We can remove or further change this during RFC editor 
processing if you think this doesn’t help (or further obfuscates).


- Forwarding Plane: The canonical way of implementing packet forwarding 
in an ICN network relies on three data structures that capture a node's 
state: a Forwarding Interest Table (FIB), a Pending Interest  Table 
(PIT), and a Content Store (CS).  It also utilizes Interest forwarding 
strategies which takes input from both FIB and measurements to make 
Interest forwarding decisions.  When a node”
nit: "take input" to match "strategies" plural.

Fixed.

####Section 3.1####

Data packet Immutability: “After a data packet is created, the 
cryptographic hash binding the name to the content ensures that if 
either the content or the name changes, that change will be detected and 
the packet discarded.
nit: previous discussion referred to the name-to-content binding as a 
"signature", not as a "hash".

Right, changed to “signature”

####Section 3.5####

Nonce:”A field of an Interest packet that transiently names an 
Interest instance (instance of Interest for a given name).  Note: the 
use "nonce" as defined here for NDN does not imply semantics that 
satisfy all the properties of a cryptographic nonce as defined in, e.g.  
[RFC4949].” RFC 4949 does not have a definition for "cryptographic 
nonce", so I assume just the regular definition for "nonce" is the 
intended reference. The only required attribute there is "random or 
non-repeating", with liveness
guarantee and replay protection being only the "usual usage" (i.e., not 
required). While I assume I don't fully understand the nuance of ICNRG 
nonce usage, my understanding is that they are intended to be 
non-repeating, at least within some time window, and serve to tie 
specific expressions of interest to data responses. That is not exactly 
the "replay protection" of RFC 4949, though it is closely related, and I 
would argue that even the "non-repeating within a time window" property 
suffices to keep the ICN usage within the RFC 4949 definition. Which is 
a long way of saying that I don't think this much disclaimer is needed.

The concern was that NDN is very loose in their nonce requirements. For 
example with guessable nonces an attacker could cause some PIT state to 
be created by one incoming interest which might inappropriately cause 
aggregation of interests from a victim that should have been forwarded. 
The point about RFC4949 not defining cryptographic nonces is well taken 
however. I toned down the disclaimed to “Note: the specification 
defining nonces in NDN do not necessarily satisfy all the properties of 
nonces as discussed in RFC4949”.

Is that better?


####Section 6####

- “While the terms defined in this specification do not in and of
themselves present new security considerations, the architectures
which utilize the terms most certainly do. Readers should look at
those specifications (e.g. [RFC8569], [NDN]) where various security
considerations are addressed in detail.” This is a great formulation; 
thank you!

We appreciate the vote of confidence!