[Int-area] Proposed updates for draft-ietf-intarea-provisioning-domains
Tommy Pauly <tpauly@apple.com> Wed, 24 July 2019 14:01 UTC
Return-Path: <tpauly@apple.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1389812006D; Wed, 24 Jul 2019 07:01:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xflehr1sm4yJ; Wed, 24 Jul 2019 07:01:31 -0700 (PDT)
Received: from nwk-aaemail-lapp01.apple.com (nwk-aaemail-lapp01.apple.com [17.151.62.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CECFD1200E3; Wed, 24 Jul 2019 07:01:31 -0700 (PDT)
Received: from pps.filterd (nwk-aaemail-lapp01.apple.com [127.0.0.1]) by nwk-aaemail-lapp01.apple.com (8.16.0.27/8.16.0.27) with SMTP id x6ODv565048339; Wed, 24 Jul 2019 07:01:22 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=sender : from : content-type : content-transfer-encoding : mime-version : subject : message-id : date : cc : to; s=20180706; bh=/xk/9HooxnR6j9vHwBAGf+1eagcfkB/tuhbfLXXeGdw=; b=iX9PXEhzKPgmc25AoHicHFtqlV5IFwUOwChW1wlIJEOPK5zXvvkVQ7H3Z7W1QydKFoyY KTKKlqp7yZeHLY3I+sjcjt5o3cjm/ouAc38qqvM/qGvldaHID9FsN/BbAefxrr1gJvWa NdwPXGp+3ZQiwR8TnulmYIPkfy+nHIZ3lCKsLhBPndsA8QPNNBzabQlksTLW/C+cwNt2 jZIrr9ng5hymHnVDyTCjtdMvDyF3ZGbnbTAWkk+2AN5ckc2SvH+LWyPqZd04pTjUFQU1 Q137xaErUI/HJkRnEvupNEa6cnpZ0ypxh3S/A9PEaugqHI9KwtfcIXGwREvQnNbPKrqD tg==
Received: from ma1-mtap-s01.corp.apple.com (ma1-mtap-s01.corp.apple.com [17.40.76.5]) by nwk-aaemail-lapp01.apple.com with ESMTP id 2tx60uhej6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 24 Jul 2019 07:01:22 -0700
Received: from nwk-mmpp-sz12.apple.com (nwk-mmpp-sz12.apple.com [17.128.115.204]) by ma1-mtap-s01.corp.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) with ESMTPS id <0PV500LZ8GA1KZ80@ma1-mtap-s01.corp.apple.com>; Wed, 24 Jul 2019 07:01:22 -0700 (PDT)
Received: from process_milters-daemon.nwk-mmpp-sz12.apple.com by nwk-mmpp-sz12.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) id <0PV500500G2IMR00@nwk-mmpp-sz12.apple.com>; Wed, 24 Jul 2019 07:01:19 -0700 (PDT)
X-Va-A:
X-Va-T-CD: 2f07af249271aafd350b4181436c320b
X-Va-E-CD: d04c044b1d8fdaedaccb1a9cf53f4d7d
X-Va-R-CD: 08e5239684effe651acd43c60ec4740a
X-Va-CD: 0
X-Va-ID: ae01e9c4-7b62-4b2d-9792-76c268c04a0f
X-V-A:
X-V-T-CD: 2f07af249271aafd350b4181436c320b
X-V-E-CD: d04c044b1d8fdaedaccb1a9cf53f4d7d
X-V-R-CD: 08e5239684effe651acd43c60ec4740a
X-V-CD: 0
X-V-ID: 6b11fb79-c8cf-40fb-9cde-2c02738bf85b
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-07-24_05:,, signatures=0
Received: from [17.235.53.227] by nwk-mmpp-sz12.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) with ESMTPSA id <0PV5006W9G9QJ7B0@nwk-mmpp-sz12.apple.com>; Wed, 24 Jul 2019 07:01:05 -0700 (PDT)
Sender: tpauly@apple.com
From: Tommy Pauly <tpauly@apple.com>
Content-type: text/plain; charset="us-ascii"
Content-transfer-encoding: quoted-printable
MIME-version: 1.0 (Mac OS X Mail 12.4 \(3445.104.2\))
Message-id: <680CFF9C-704A-4429-9C1A-6EFF04CCAFBE@apple.com>
Date: Wed, 24 Jul 2019 10:00:59 -0400
Cc: intarea-chairs <intarea-chairs@ietf.org>, "draft-ietf-intarea-provisioning-domains.authors@ietf.org" <draft-ietf-intarea-provisioning-domains.authors@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>, Erik Kline <ek@loon.co>, Lorenzo Colitti <lorenzo@google.com>, Ted Lemon <mellon@fugue.com>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>
To: int-area <int-area@ietf.org>
X-Mailer: Apple Mail (2.3445.104.2)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-24_05:, , signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/cqSTbXsgG38KHEHNXEYw_VhK5ok>
Subject: [Int-area] Proposed updates for draft-ietf-intarea-provisioning-domains
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 14:01:35 -0000
Hello INTAREA, Thanks to everyone for their feedback yesterday on the various proposals for the -06 version of draft-ietf-intarea-provisioning-domains. I've made several updates to the Pull Request (https://github.com/IPv6-mPvD/mpvd-ietf-drafts/pull/11) based on the feedback we received. Please take a look at the changes, detailed here, and let us know if this works for you! Best, Tommy Here is a summary of the changes made since yesterday: Clarify DNS Resolution (Paul Hoffman's comments) ======================================= Added the following paragraph: PvD-aware applications will be able to select which PvD(s) to use for DNS resolution and connections, which allows them to effectively use multiple Explicit PvDs. In order to support non-PvD-aware applications, however, PvD-aware hosts SHOULD ensure that non-PvD- aware name resolution APIs like "getaddrinfo" only use resolvers from a single PvD for each query. More discussion is provided in Section 5.2.1 of [RFC7556]. Normative language around backoff timers (Gorry's comments) ================================================ Changed text to say: o When a host performs a JSON object update after it detected a change in the PvD Option Sequence Number, it MUST add a delay before sending the query. The target time for the delay is calculated as a random time between zero and 2**(Delay * 2) milliseconds, where 'Delay' corresponds to the 4-bit unsigned integer in the last received PvD Option. o When a host last retrieved a JSON object at time A that includes a expiry time B using the "expires" key, and the host is configured to keep the PvD information up to date, it MUST add some randomness into its calculation of the time to fetch the update. The target time for fetching the updated object is calculated as a uniformly random time in the interval [(B-A)/2,B]. JSON, I-JSON, CBOR (Dave Thaler, Erik Kline, Erik Nygren's comments) ======================================================== Specified that we expect the reduced profile of JSON (I-JSON): This JSON object is restricted to the restricted profile of I-JSON, as defined in [RFC7493]. Explained the intended use of the JSON in the scope of this document, And why we're not doing CBOR here: The additional information related to a PvD is specifically intended to be optional, and is targeted at optimizing or informing the behavior of user-facing hosts. This information can be extended to provide hints for host system behavior (such as captive portal or walled-garden PvD detection) or application behavior (describing application-specific services offered on a given PvD). This content may not be appropriate for light-weight Internet of Things (IoT) devices. IoT devices might need only a subset of the information, and would in some cases prefer a smaller representation like CBOR ([RFC7049]). Delivering a reduced version of the PvD Additional Information designed for such devices is not defined in this document. DHCPv6 Association (Discussion from Suresh, Lorenzo, Ted, Erik Kline) ======================================================= After the meeting, we had a hallway conversation, and brought up the possibility of limiting the scope of associating DHCPv6 information to the set of RA information that is currently presented to legacy (non-PvD-aware) hosts. This provides the greatest amount of backwards-compatibility, without introducing unnecessary logic for comparing prefixes and addresses between the two sources, etc. This change involves adding a clarifying definition for a concept that was already present, but not defined: Legacy-Visible Explicit PvD: An Explicit PvD that contains information that non-PvD-aware hosts detect and use. These PvDs are usable by both legacy and PvD-aware hosts, although PvD-aware hosts can be aware of the identifier and additional information associated with the PvD. Any RA that contains a PvD Option defines an Explicit PvD, which will be visible and usable by PvD-aware hosts. If an RA contains only a PvD Option at its top-level, with all other RA options contained within the PvD Option (with the R-flag set), the Explicit PvD will be visible only to PvD-aware hosts. If, on the other hand, an RA contains other options at the top-level, and the PvD Option does not have the R-flag set, the Explicit PvD will be visible to both PvD- aware and legacy hosts. Such PvDs are referred to as Legacy-Visible Explicit PvDs. The text for DHCPv6 association can then be reduced to the following: 3.4.1. DHCPv6 configuration association When a PvD-aware host receives DHCPv6 [RFC8415] configuration elements, it SHOULD associate the received information with all Implicit PvDs and Legacy-Visible Explicit PvDs. This is intended to maintain behavior of how data is associated for non-PvD-aware hosts.