IETF Logo Mail Archive

Re: Last Call: <draft-housley-implementer-obligations-01.txt> (Expectations of Implementers of IETF Protocols) to Informational RFC

Eliot Lear <lear@cisco.com> Mon, 12 May 2014 08:00 UTC

Return-Path: <lear@cisco.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5A9D1A041E for <ietf@ietfa.amsl.com>; Mon, 12 May 2014 01:00:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.152
X-Spam-Level:
X-Spam-Status: No, score=-10.152 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RMlzleKMFNyU for <ietf@ietfa.amsl.com>; Mon, 12 May 2014 01:00:27 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) by ietfa.amsl.com (Postfix) with ESMTP id 1DA191A042B for <ietf@ietf.org>; Mon, 12 May 2014 01:00:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8848; q=dns/txt; s=iport; t=1399881621; x=1401091221; h=message-id:date:from:mime-version:to:subject:references: in-reply-to:content-transfer-encoding; bh=3rpwBoPHnOAmS3NWExHLEVokqd4GTsHkC12pH1n/C8g=; b=I/a18jLAT/a1RCPHCU1rHesoUi4w2romcFqM0WLwx5w8PTmXylREsz4G OgYREF1CX3Z/0t69uZDj669VhDCZo4WuOG7fvIRT/a1il3RYRnDCcfo/Q cW+sxY3BHyNxXfuCsHPUBa2pf/3/Y9I/i2GJQWxascIGpw0Tr9RfKM0SD A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AlEFAKZ+cFOtJA2B/2dsb2JhbABZgwZPgz/CfAGBFxZ0giUBAQEEDhUPATIKCRELGAICBRYEBwICCQMCAQIBRQcMCAEBiD0NqjijXheBKogHhSiCdYFLAQONQYwHh2OLJIF3gUE7
X-IronPort-AV: E=Sophos;i="4.97,1033,1389744000"; d="scan'208";a="42995345"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-7.cisco.com with ESMTP; 12 May 2014 08:00:20 +0000
Received: from ELEAR-M-C3ZS.CISCO.COM ([10.61.198.124]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id s4C80JVK015556; Mon, 12 May 2014 08:00:20 GMT
Message-ID: <53707F93.6000906@cisco.com>
Date: Mon, 12 May 2014 10:00:19 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: adrian@olddog.co.uk, ietf@ietf.org
Subject: Re: Last Call: <draft-housley-implementer-obligations-01.txt> (Expectations of Implementers of IETF Protocols) to Informational RFC
References: <20140509191841.18372.97889.idtracker@ietfa.amsl.com> <06a301cf6c7e$770e51e0$652af5a0$@olddog.co.uk>
In-Reply-To: <06a301cf6c7e$770e51e0$652af5a0$@olddog.co.uk>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/RPUvFKloVqstzican65e_PJLeqU
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 May 2014 08:00:30 -0000

While I am neutral on the need for such a document – perhaps Brian or
Adrian is correct – I have some concerns about its content.

When implementers vary from specification, it falls into two cases: a
bug or a feature.  I have varied from the spec when I thought it was
necessary to protect my customer base or to improve their experience in
some other way.

I consider it a more nuanced question as to when Postel's Law should be
applied, because it is often difficult to distinguish a "technical
error" from an attack.  It may be better to fast fail in these sorts of
circumstances, and I believe working groups have been taking this
attitude for some time in their guidance, starting with DRUMS way back when.

To address the above concerns, I would suggest that the author provide
more nuanced guidance.  One must balance being liberal in what one
accepts against the likeliehood of an attack or misinterpretation of
what the sender is trying to say.  Furthermore, for any protocol that
involves some sort of store and forward or proxy component, in as much
as intermediaries are able to interpret a malformed protocol element, if
the end point cannot, one must see that the error gets back to the right
place.

In addition, I concur with Elwyn about the tone of the document, in that
it borders on legalistic.  Fundamentally we argue that IETF standards
are voluntary, and I agree with Adrian on that point.

I have different concerns about the need to maintain implementations. 
This is a very important concern in the Internet of Many Tiny Little
Things that deserves attention.  Considerable research has been
undertaken as to how long it takes to get zero day exploits fixed in
browsers and phones.  But the world is changing and browsers and phones
are now joined by refrigerators[1] and toilets[2] (to name a few
examples).  I agree with Russ that this is a problem, and it may even be
the IETF's problem (see above about NOT being liberal, for instance),
but perhaps this area needs its own document.

Finally, it seems to me that much of this (revised) text could be
incorporated into the Tao.

Eliot
[1]
http://www.businessinsider.com/hackers-use-a-refridgerator-to-attack-businesses-2014-1
[2]
http://www.theverge.com/2013/8/3/4584980/inax-satis-bluetooth-toilet-android-app-vulnerability

On 5/10/14, 8:34 PM, Adrian Farrel wrote:
> While I appreciate the effort the author put in to resolve previous
> discussions, I do not support the publication of this document.
>
> The thrust of my previous comments were to say "It is all platitude, 
> but probably harmless" and "at whom is this document aimed". This 
> review is in a little more detail. I still find the whole document to
> be one big platitude that does not need to be published, but I have also
> found a number of things that I think need to be fixed.
>
> ---
>
> This document significantly conflates advice to implementers wishing to
> ensure interoperability, best practice for people claiming to have
> implemented (i.e., claiming conformance to) a specification, and 
> constraints to the freedom for implementers of IETF specifications.
>
> As the text notes, IETF specifications (please don't call them standards
> unless that is what you really mean) are not mandatory to implement. So
> the text really must not tell people what they must or must not do. For
> example, the Abstract says "By choosing to implement..." This is
> nonsense! I can choose to do what I like. If I choose to implement stuff
> and tweak it and make it better, that is entirely my choice. 
> Maybe you could have said "By claiming to have implemented..." But even
> that is marginal. We are not the Internet Police and we have no 
> influence in the world of advertising or marketing. Nor do we run 
> conformance labs. This attempt at constraining implementations is bogus
> and needs to be removed from the document.
>
> As far as interoperability is concerned, it is great to give concrete
> advice. When the Introduction says
>    This document provides advice to implementers of IETF protocols to
>    improve interoperability of their implementations.
> it would be wonderful if the document lived up to the claim. But this
> claim seems to be at odds with the document Title and Abstract and all
> I find in the document is effectively "If you want two implementations
> to interoperate, they need to implement the same thing." Well, if that
> comes as a surprise to anyone perhaps they are in the wrong business.
>
> So what is the document actually trying to do and say, and to whom?
>
> ---
>
> The document also contains a lot of passive voice that hides the
> motivation for the text. For example, the Abstract says "...one is
> expected..." Expected by whom? Why? Perhaps you can attribute the 
> expectation to make this meaningful.
>
> ---
>
> Introduction
> "IETF protocols foster interoperability."
> I don't believe this is true. A protocol cannot of itself achieve this.
> Possibly the clear specification of a consensus-based protocol can do
> that. Possibly.
>
> ---
>
> Introduction
>    Yet, IETF standards are
>    voluntary standards.  No one is required to implement them.
>    Implementation is a choice.  By making this choice, an implementer is
>    expected to:
>
>       (1) Follow the protocol specification;
>
> Please clarify "IETF standards" since you almost certainly don't mean 
> what you have written.
>
> But note that this text is circular. Implementation of a specification 
> is, by definition, following the specification. So this text doesn't
> say anything! It is the *claim* of implementation that has an 
> expectation attached to it. What I do in the darkness of my own room is
> not a matter for anyone's expectations.
>
> ---
>
> Introduction
>
>    When implementers meet these expectations, protocols interoperate as
>    intended by the IETF.
>
> This is a mixed message. Are you trying to set out the expectations on
> people who implement (or claim implementation), or are you giving advice
> on how to achieve interoperability?
>
> ---
>
> Section 2
>
>    An implementer needs to maintain their implementation
>    into the future.  It is not sufficient to do an initial
>    implementation of the protocol.  One needs to apply changes as they
>    come out.
>
> While the example given is highly desirable, it does not go as far as 
> "needs to". An implementation is a snapshot, a moment in specification
> history, and is correctly described as such. There is no moral or other
> binding on the implementer to make a change, just as there was no 
> requirement that the implementer select a particular specification to
> implement.
>
> When I implement a protocol as specified in an RFC I am not making a 
> commitment to update my implementation to fix bugs in the specification
> or to add features.
>
> Furthermore, not all protocol extensions are desirable in all 
> environments. There is no requirement for an implementer to add a widget
> as there is no requirement for an implementer to implement version 2 of
> a protocol or to pick up fixes to version 1.
>
> ---
>
> Section 3
>
> I am not comfortable with this attempt to define the purpose and meaning
> of BCPs over and above RFC 2026. The statements in this section might 
> reflect how BCPs have been used in the past, but this text is too strong
> in the way it looks to the future. It might be appropriate to put this 
> into the past tense...
>
>    Best Current Practices (BCPs) about IETF protocols (not the BCPs that
>    define IETF processes and procedures) have often been used to 
>    document IETF consensus about operational or implementation practices
>    pertaining to IETF protocols.
>
> By *your* definition of BCP, why is this document not a BCP?
>
> ---
>
> Section 3
>
>    By following the BCPs,
>    implementers, operators, and administrators are able to provide a
>    common experience when using the protocol, regardless of their point
>    of attachment to the Internet.
>
> Do you mean "provide" or "obtain". If "provide" then provide to whom?
>
> ---
>
> Section 3
>
>    Sometimes BCPs are referenced in the protocol specification.  Often
>    the implementer needs to look through the BCP index to find related
>    BCPs.
>
> The implication here might be that by checking the list of BCPs an
> implementer will find all of the relevant advice and guidance outside the
> specification itself. This is not true. There are plenty of 
> Informational RFCs describing ways to build and deploy protocols. And 
> there is this (under-used) thing called an Applicability Statement
> [RFC 2026 - section 3.2].
>
> Adrian
>
>
>

v2.23.0 | Report a Bug | By Email