IETF Logo Mail Archive

Re: Gen-ART Review of draft-ietf-dnsop-edns-client-subnet-04

Warren Kumari <warren@kumari.net> Mon, 14 December 2015 22:01 UTC

Return-Path: <warren@kumari.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 165C71B2FC5 for <ietf@ietfa.amsl.com>; Mon, 14 Dec 2015 14:01:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SM4hDY4aCcmG for <ietf@ietfa.amsl.com>; Mon, 14 Dec 2015 14:01:13 -0800 (PST)
Received: from mail-qk0-x22d.google.com (mail-qk0-x22d.google.com [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8F501B2FC4 for <ietf@ietf.org>; Mon, 14 Dec 2015 14:01:12 -0800 (PST)
Received: by qkfb125 with SMTP id b125so158550012qkf.2 for <ietf@ietf.org>; Mon, 14 Dec 2015 14:01:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=q0m6d/fXK+SlLQF0UF7zsNXLEJxafHKqjqn9ijIiD4c=; b=zdzWtYvYij1lpPW1pXLl9/oN8dXPvDf2oij9k04S+MNiyclIR4MCb9rJFjmwoTTmJn GdfkuiUUsSvAFSxuYbXfLsBM5746MmrD0xwbQ/k3gfW5HzyNk6cL12ajaQQleplt9PHc tNyjklap+m2+IYHrR1rJLJc5chGhSB4pnpFZQQeJuI1qUDfbgvwXtLvAwbaSfvaQXZPQ sdiv6Malg6UPBCj6WocHzRzy0E/YmqUGI664LGNOcAd7+trXT6eatEVwECgUqKPRPSE7 I/YMM3VK1WVFqecB29TR5dHvGHh0dZNYnix048GK4GVUF7D9UtoTTvTGNqFM+6zNEPNC goFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=q0m6d/fXK+SlLQF0UF7zsNXLEJxafHKqjqn9ijIiD4c=; b=EWyjw3yvf/O1YU5Se2jlTszGOkaNbRiFyz6qlM1FqNLBopcDLdBGEjYL+MRrIHxmu+ cDvPyg0Q+2XBae9zJLUQ1gz9xTF6BWwVuiE6HlUkZsrjVJb5DQLFtDb+Q0noOeXmZOxW cREfHygE5nCLO5l6+aeb1EqrPM1TGeRyp2ro0kdfFzwo37QvmQWdxLki4LGYMYImNnlB tbozFn3D3W8lLFGnL9lAnk7A10VrY0Ld5HnQ10W6FstvkKo5y1ErfCbHqXvk5eEcNVfT JLGt+f9ti7AgQOLhTFeyHWjISkSJmVXuFM35x8YjYzC87EbXokpNO0N9WDzkY9/ZV958 ocNA==
X-Gm-Message-State: ALoCoQnkblPFEIAP8FtPwQTaAo87q2JrnBDlefjL4yq/VdaW9wINPQq8GHLuVbaZ1oNE4dWHcgDVAEaT0zDpBdE0SbgjMkc1IHH/gDJtPrca2kqV5zpRBUQ=
MIME-Version: 1.0
X-Received: by 10.129.137.66 with SMTP id z63mr20543630ywf.249.1450130471881; Mon, 14 Dec 2015 14:01:11 -0800 (PST)
Received: by 10.37.109.134 with HTTP; Mon, 14 Dec 2015 14:01:11 -0800 (PST)
In-Reply-To: <A886238F-FC46-47BD-AD86-B48D8BC42C47@vigilsec.com>
References: <46A1A261-E9F4-414D-AAD8-9C85A8B53283@vigilsec.com> <A886238F-FC46-47BD-AD86-B48D8BC42C47@vigilsec.com>
Date: Mon, 14 Dec 2015 17:01:11 -0500
Message-ID: <CAHw9_iJYtAC1mB2YixiYsYHXe+ioa94yk9Tru8TB0GduO-P2eQ@mail.gmail.com>
Subject: Re: Gen-ART Review of draft-ietf-dnsop-edns-client-subnet-04
From: Warren Kumari <warren@kumari.net>
To: Russ Housley <housley@vigilsec.com>, draft-ietf-dnsop-edns-client-subnet.all@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c064e08a7d13e0526e2cfb4"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/nvJP8AG28GV3mfsYCCY6vdcYeno>
Cc: IETF Gen-ART <gen-art@ietf.org>, IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Dec 2015 22:01:16 -0000

>
> NOTES TO AUTHORS: I went to try integrate these changes and discovered
that the most recently published version of the document is -04, but the
version in github  (
https://github.com/wkumari/draft-vandergaast-edns-client-subnet ) is
version -06.
I have rolled this back to -05 and published as that. There are 2 places
below when I need some help with text.

On Fri, Dec 11, 2015 at 6:26 PM Russ Housley <housley@vigilsec.com> wrote:

> I am the assigned Gen-ART reviewer for this draft. The General Area
>
> Review Team (Gen-ART) reviews all IETF documents being processed
>
> by the IESG for the IETF Chair. Please wait for direction from your
>
> document shepherd or AD before posting a new version of the draft.
>
>
> For more information, please see the FAQ at
>
> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
>
>
> Document: draft-ietf-dnsop-edns-client-subnet-04
>
> Reviewer: Russ Housley
>
> Review Date: 2015-12-11
>
> IETF LC End Date: 2015-12-21
>
> IESG Telechat date: unknown
>
>
> Summary:  Almost Ready
>
>
>
>
Thank you for taking the time to review this document.


> Major Concerns:
>
>
> In Section 6, the figure includes a line that begins with "7:".  This
>
> is incorrect.  It should begin with "8:".
>
>
Doh! Thanks.



> Section 7.2.1 ends with: "Implementations SHOULD document their chosen
>
> behavior."  I have no objection to such documentation, but some advice
>
> about where someone might find it would be useful.  I do not think you
>
> are asking each implementation to write an Informational RFC.  Further,
>
> the use of "SHOULD" in this sentence has nothing to do with the normal
> RFC 2119 usage, which applies to the action taken by an implementation.
>

Good point. I've updated this to be:
"This choice should be documented for the operator, for example in the user
manual. "
Does this work for you?



> Section 7.5 says:
>
>
>    Intermediate Nameservers supporting ECS MUST forward options with
>
>    SOURCE PREFIX-LENGTH set to 0 (that is, completely anonymized).  Such
>
>    options MUST NOT be replaced with more accurate address information.
>
>
>    An Intermediate Nameserver MAY also forward ECS options with actual
>
>    address information.  This information MAY match the source IP
>
>    address of the incoming query, and MAY have more or fewer address
>
>    bits than the Nameserver would normally include in a locally
>
>    originated ECS option.
>
>
> These two paragraphs appear to contradict each other.  I cannot figure
>
> out what an Intermediate Nameservers that supports forwarding of ECS
> options ought to do with regard to source address information.
>

Yup, that was confusing. How is: "An Intermediate Nameserver MAY forward
ECS options with address information. This information MAY match the source
IP address of the incoming query, and MAY have more or fewer address bits
than the Nameserver would normally include in a locally originated ECS
option. If an Intermediate Nameservers receives a query with SOURCE
PREFIX-LENGTH set to 0 it MUST forward the query as-is and MUST NOT replace
it with more accurate address information." ?


>
> Please divide the references into normative and informative.  The URIs
>
> should be informative references.  URIs must be stable references, and
> I do not think that [4] qualifies.
>

Thank you.
These have been fixed.
[4] Has now been published as an ID, and so is now stable(r) -
 I-D.hardie-privsec-metadata-insertion


>
>
> Minor Concerns:
>
>
> The last paragraph of the Introduction provides information that is
>
> useful to someone doing a review.  However, it is not clear to me that
>
> this information belongs in the Informational RFC.  I think that it
>
> would be sufficient to say:
>
>
>    At least a dozen different client and server implementations have been
>
>    written based on earlier versions of this specification.  The protocol
>
>    is in active production use today.  While the implementations
>
>    interoperate, there is varying behaviour around edge cases that were
>
>    poorly specified.  Known incompatibilities are described in this
>
>    document, and the authors believe that it is better to describe the
>
>    system as it is working today, even if not everyone agrees with the
>
>    details of the original specification [1].  The alternative is an
>
>    undocumented and proprietary system.
>
>
Thank you.
The current text was arrived at after many iterations - I *think* that your
text will still keep everyone happy and so have incorporated it.


If you accept this approach, then you might also look for "original
> draft" elsewhere in the document ans make a compatible change.
>

Thank you.


>
> In Section 6, I think it would be useful to say that the SCOPE
>
> PREFIX-LENGTH in a response MUST be less than or equal to the SOURCE
>
> PREFIX-LENGTH.
>
>
> In Section 7.1.1, can you add a sentence or reference to explain "lame
>
> delegation"?  I recognize that this type of error results when a name
>
> server is designated as the authoritative server for a domain name and
>
> that server does not have authoritative data.
>
>

[ AUTHORS: This was a term that was left out of the terminology draft. Do
you have any suggestions for how we can reword this to remove the need for
the term? ]




> Section 7.4 says: "Several other implementations, however, do not
>
> support being able to mix positive and negative answers, and thus
>
> interoperability is a problem."  Then, the next paragraph says that
>
> this topic will be revisited in a future specification.  Is there any
>
> advice that the authors can share as a step toward interoperability
>
> that would be useful for implementers until the future specification
> comes about?
>


[ AUTHORS: Any text for here? ]

>
>
> Other Editorial Comments:
>
>
> There are many places in the document where is says: "This draft ...".
>
> These should be changed to "This document" or "This specification" in
>
> preparation for publication as an Informational RFC.
>
>
Thank you, done.



> In Section 4, some of the terms being defined are followed by a colon,
>
> and others are not.  Please be consistent.  I prefer the inclusion of
> the colon.
>

Thank you. Done.



>
> In Section 7.5, it says:
>
>
>    It is important that any Intermediate Nameserver that forwards ECS
>
>    options received from their clients MUST fully implement the caching
>
>    behaviour described in Section 7.3.
>
>
> To me, "It is important that" and "MUST" are redundant.
>

Fair 'nuff.
Fixed.


>
> In Section 11.3, it says:
>
>
>    o  Recursive Resolvers MUST never send an ECS option with a SOURCE
>
>       PREFIX-LENGTH providing more bits in the ADDRESS than they are
>
>       willing to cache responses for.
>
>
> I think it would be netter to reword this as a MUST NOT statement.
>

Yup. thank you. Done.

>
>

v2.23.0 | Report a Bug | By Email