IETF Logo Mail Archive

[Int-dir] Intdir early review of draft-ietf-ntp-bcp-06

神明達哉 <jinmei@wide.ad.jp> Fri, 15 June 2018 20:13 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: int-dir@ietfa.amsl.com
Delivered-To: int-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46575130E44; Fri, 15 Jun 2018 13:13:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.443
X-Spam-Level:
X-Spam-Status: No, score=-0.443 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, FROM_EXCESS_BASE64=0.979, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wc-tFh6QineQ; Fri, 15 Jun 2018 13:13:14 -0700 (PDT)
Received: from mail-lf0-f65.google.com (mail-lf0-f65.google.com [209.85.215.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1BEC130DBE; Fri, 15 Jun 2018 13:13:10 -0700 (PDT)
Received: by mail-lf0-f65.google.com with SMTP id o9-v6so16347449lfk.1; Fri, 15 Jun 2018 13:13:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=e8c9WFGXcHB7QC3CFMHLlhovXlptITJ+MKgA4UkiBlQ=; b=LksLpGMZDsogcApGSfVO1oP3t1VGHsX/Lki+/pSJ9qXKXWwnHrctrtLjE9lTiDsffJ Db3eXlaD0Hh4ealLrSvngzONWJZ1+17hbZdRXnL3BIK1QXENsMEGOf2tXgknNYNtwsfw KWUARct2fOTHSP53Ko8mD1TfPDONMKIU4KTt8W9fYzKg7QqAopwJxF7+OJ/38w4vfFmX dd9/POJJzOE0Vxg7tEX8aL60AiqwsPQgBdd6smhZlre3gTqB7AuS19mcN22oI6N4I72l nIomzV11el6/c7FghZUZe0cwR1x6wyLtkinVXR6mc0XlDwFUJ0rP4cc0bwDb7YiFeXIf W3ng==
X-Gm-Message-State: APt69E0HnUO0GEjIBg4V8Xl94HKKgVWfwDf39Zs8KBhrGrTNZ9BpvFmF 5ZurQAJacQ0ekwILoUwIh/aTrdAfo7IfmCsglKX5dXS0
X-Google-Smtp-Source: ADUXVKLYD2COmeVuZgwfy3OkN87OgtCbfYlQVdY41dAsldHAdHq9CqbV041Hq6Cvd3qzf5ajiUzaRdRiKUPUT8vc1BE=
X-Received: by 2002:a2e:5f8f:: with SMTP id x15-v6mr2160555lje.70.1529093588766; Fri, 15 Jun 2018 13:13:08 -0700 (PDT)
MIME-Version: 1.0
From: 神明達哉 <jinmei@wide.ad.jp>
Date: Fri, 15 Jun 2018 13:12:57 -0700
Message-ID: <CAJE_bqdt5jd81r8kVMCe=7LMA_2vP+q0UOyTjAed0-h61NVjgQ@mail.gmail.com>
To: "<int-dir@ietf.org>" <int-dir@ietf.org>, nt-ads@ietf.org
Cc: draft-ietf-ntp-bcp@ietf.org, ntp-chairs@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-dir/3j42NQjdQAJtK8CAp6GCw3w9PQg>
Subject: [Int-dir] Intdir early review of draft-ietf-ntp-bcp-06
X-BeenThere: int-dir@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This list is for discussion between the members of the Internet Area directorate." <int-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-dir>, <mailto:int-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-dir/>
List-Post: <mailto:int-dir@ietf.org>
List-Help: <mailto:int-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-dir>, <mailto:int-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jun 2018 20:13:17 -0000

I am an assigned INT directorate reviewer for <draft-ietf-ntp-bcp-06>. These
comments were written primarily for the benefit of the Internet Area
Directors. Document editors and shepherd(s) should treat these
comments just like they would treat comments from any other IETF
contributors and resolve them along with any other Last Call comments
that have been received. For more details on the INT Directorate, see
https://datatracker.ietf.org/group/intdir/about/ .

Based on my review, the document IS NOT ready to go to IETF Last Call
and therefore CANNOT be forwarded to the IESG.  See the next paragraph
for my rationale.  That said, I don't know the history or past
discussions on this document, so my points may simply be a rehash of
previous discussions in the WG for which the WG reached a different
consensus.  If so, I wouldn't challenge that consensus and my
recommendation can be "it IS ready and CAN be forwarded to the IESG".
As a technical document I found it generally well-written and useful
(although I have to note that I'm not an NTP expert and it's quite
possible that I overlook something very primitive).

I have the following DISCUSS/ABSTAIN level issue:

  This draft heavily relies on the behavior and features of a
  particular implementation developed by ntp.org.  It seemed to me to
  be quite awkward for an IETF document, especially for a BCP RFC.
  Personally, I would generally expect a BCP to provide generic,
  implementation-independent information.  Some
  implementation-specific information such as how to configure ntpd to
  meet particular recommendations would be a nice addition, but I
  would like it to be clearly separated from the main content, either
  as a different section or as an appendix.

The following are other issues I found with this document that SHOULD
be corrected before publication:

- On a related point to the above DISCUSS level issue, it's
  confusing to me that this draft is sometimes ambiguous about whether
  it talks about an implementation-dependent feature or about a
  general protocol/operational topic.  For example, Section 4.2 refers
  to NTP 'mode 6' and 'mode 7'.  It was not clear to me whether these
  modes mean the same as described in RFC 5905.  According to Figure 1
  of the RFC mode 6 means 'broadcast client' and mode 7 isn't defined;
  Figure 10 says mode 6 means 'NTP control message' and mode 7 means
  'reserved'.  So this may be 'mode 6' in this draft refers to Figure
  10 of the RFC while 'mode 7' refers to a implementation-specific
  feature of ntpd.  These may be too obvious for readers already
  familiar with NTP, but it was quite confusing for someone without
  much background of the protocol and implementation, like me.
  Although a technical document could require some level of
  prerequisites, I think this draft could be more reader friendly and
  be clearer about the general and implementation-specific discussions
  (this comment would still apply regardless of how we resolve the
  'DISCUSS-level' issue).

- Section 3.1 seems a bit awkward to me.  It doesn't talk about how
  it's relevant to NTP, while talking about quite a lot of details of
  BCP 38.  It would fit in the entire draft context better if it
  discusses the implication of BCP 38 for NTP (such as UDP-based
  protocols are more susceptible to address spoofing attacks).  I
  would also consider making the section more concise, just referring
  to BCP 38 instead of discussing many details of it.

The following are minor issues (typos, misspelling, minor text
improvements) with the document:

- Section 5.3: s/in in/in/
   this effort was at draft #10, and in in the 'final call' process.

- Section 6.1:

   [...] To minimize
   information leakage, leaf-node hosts should drop all incoming NTP
   packets except mode 4 response packets that come from unknown
   sources.

  On a first read this sentence didn't make sense to me.  I guess the
  intent was:

   To minimize information leakage, leaf-node hosts should drop:
   - all incoming NTP packets that come from unknown sources
   - unless they are mode 4 response packets

  But the original sentence could also read:

   To minimize information leakage, leaf-node hosts should drop:
   - all incoming NTP packets
   - unless they are mode 4 response packets that come from unknown
     sources

  Perhaps this one is clearer and less ambiguous?

   [...] To minimize
   information leakage, leaf-node hosts should drop all incoming NTP
   packets that come from unknown sources except mode 4 response
   packets.

--
JINMEI, Tatuya

v2.23.0 | Report a Bug | By Email