IETF Logo Mail Archive

Re: [ippm] John Scudder's Discuss on draft-ietf-ippm-ioam-conf-state-07: (with DISCUSS and COMMENT)

John Scudder <jgs@juniper.net> Thu, 27 October 2022 13:55 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F6B6C1524A9; Thu, 27 Oct 2022 06:55:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.677
X-Spam-Level:
X-Spam-Status: No, score=-7.677 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=WRsrme20; dkim=pass (1024-bit key) header.d=juniper.net header.b=SFyiResX
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OxLhqxoTtV-5; Thu, 27 Oct 2022 06:55:13 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05E7FC1524A8; Thu, 27 Oct 2022 06:55:12 -0700 (PDT)
Received: from pps.filterd (m0108159.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 29RDnrbP005414; Thu, 27 Oct 2022 06:55:09 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=uDnyZ72uWauVsStvya9skCsjllCYCUPkbQRAdc6La94=; b=WRsrme2005kji4E0erBgSLMvc4KMOq88mrHUjylCVyUBpS4B4UNgtp9HOv4Et59KuI8V 8kZzT6BvgBg4eTAVXoddASpXNm2XnYuCltEdl5O0UY2+vhvrxySX4wH7+n5UqD3PotyO L4bB4/pZXkD9QrUe6+9TnDi+eyr6n24mAqfoWgq4KyrumtKL8v05E/upULy1Hs1QQRDv zOxF3p5dRHKHc4mjXzZfATyG28r/VRo69f3z3RkmHD61sTHHHpd6vaWEufdjz6aqjruQ e6fjJU3jzXDioJ6pIFbAbnPkBiHQSpr3PufNd0bQi1BAfJOAzxmHaebFD5kYsaqgacF7 Nw==
Received: from na01-obe.outbound.protection.outlook.com (mail-eastusazlp17010001.outbound.protection.outlook.com [40.93.11.1]) by mx0a-00273201.pphosted.com (PPS) with ESMTPS id 3kfu7e0083-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 27 Oct 2022 06:55:08 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KL5Gfj7OePenz1gX52ccUW00x1LZXPSkR/kugD4qQ6ie8UDNecqO/Pb4/OZlnUqf3kqgS2H94lu4JR3wYrGZubW8SJAsCnAPfUq7e4KO6dhkR/fh7VSJYIY8ws7W/xFfrz/Fmudry+xuZj1YDKJKk5hkQKkleciekzDGWAvqrydXRcqOixq4frydqyioPGFBiLijYgOAk0/w70X6SYA2EsgUwDAD9wK/eIBsh8vqyT8Cbub6wI60LjxjN+/rqxujWcoBWsXVcYceOFHQmnuEfkTAu5PvxtO1oqfLHTajf1R1vwZ52mBpt/GOBzaZw5ATzoWxjvXwO6wVTZMuOniDgQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uDnyZ72uWauVsStvya9skCsjllCYCUPkbQRAdc6La94=; b=bBVKUaFNwttodcmniypzp4X3iEIXVgls6sP9AYeB6nfAM+C5MP/grBsSB9zSFuXCpk/SgCBgUapBXsde+YKnXj+/AwbVKJzZxUXB2djExlG1Oag7Cwob/xs+DlWC5z9DuVIRzVF0oVb7IS7Hr75JYevuDOLB82EfU/UrgnPWhTsS82xoVSwDFOpXNk3PzfFw1D90O92WQnXArNJfja6Tl6U0htRQzH2lirU/OdMH9WVJy25lEpo8laPYLigvuVO3lxLVwfsc6JR2CxIu0J4lxHq2om+WPIWxJg8V0IrhCBAUOKBqime6V5a6tJsr+gA95tsyqJp8b1GWMAI7Os/71g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uDnyZ72uWauVsStvya9skCsjllCYCUPkbQRAdc6La94=; b=SFyiResXgRZ6jq84ZdSwnOa4hQNK7icvMNbAScn/YVoakwkza/EaMRR13tBSDduli9VdZ0YXzKf7gVye9tzeB5JBbWAYeVTjDG3V+F+WO1AyNHfzN1WEObWblpLeICr7C48IL2QLnV6LGsw+p36zJit3XRLf84Cn+bgMkXSGOe8=
Received: from MN2PR05MB6109.namprd05.prod.outlook.com (2603:10b6:208:c4::20) by BYAPR05MB5943.namprd05.prod.outlook.com (2603:10b6:a03:cd::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.20; Thu, 27 Oct 2022 13:55:05 +0000
Received: from MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::5ff3:5ab3:9b32:4719]) by MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::5ff3:5ab3:9b32:4719%4]) with mapi id 15.20.5746.018; Thu, 27 Oct 2022 13:55:05 +0000
From: John Scudder <jgs@juniper.net>
To: "xiao.min2@zte.com.cn" <xiao.min2@zte.com.cn>
CC: The IESG <iesg@ietf.org>, "draft-ietf-ippm-ioam-conf-state@ietf.org" <draft-ietf-ippm-ioam-conf-state@ietf.org>, "ippm-chairs@ietf.org" <ippm-chairs@ietf.org>, "ippm@ietf.org" <ippm@ietf.org>, "marcus.ihlar@ericsson.com" <marcus.ihlar@ericsson.com>
Thread-Topic: John Scudder's Discuss on draft-ietf-ippm-ioam-conf-state-07: (with DISCUSS and COMMENT)
Thread-Index: AQHY6XpiBiSjdPRcwk6CppHx/eitBq4iAHwAgABD+4A=
Date: Thu, 27 Oct 2022 13:55:05 +0000
Message-ID: <BCA27C5F-529B-43FA-BDFA-0F308510DDEE@juniper.net>
References: <166681647836.46740.1588555524214771641@ietfa.amsl.com> <202210271751442400444@zte.com.cn>
In-Reply-To: <202210271751442400444@zte.com.cn>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3696.120.41.1.1)
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR05MB6109:EE_|BYAPR05MB5943:EE_
x-ms-office365-filtering-correlation-id: 451f1b5e-0d93-4bb8-4f6d-08dab822da09
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: l6rdGzvDYHR+riO8C8hKPEnDBdzlVFCwFsRp6/hbgb3nVNP0jxdijD78Hgf3uZ05Ug/CQo03v3b2hYyLHVHrOUv/RyxJPx4xl6LIcmq4qrGuLW7pTjrBozNqrDPU6VUPWaa94Fg+i0vVgRhU+Swce3wMwifbMQT2v9cDc1VmRb+YznWHxAM5d5M9IXvitp5RBm1LpSyXM6TF/Az1TAXipwlhpnSsDbn54gpwB1mMyaVoeAjkDlG9G2YHAIRg8H2qEl7obOYtJ3vgrfubvbfH19FCdkKWp82dJZ9LOiEuP2twMeinOU943RJqHUSTMLJDj0ga8fheCPaBaZ5EvOwdiNH5/srigiExfcWbPCKj/dQzReTcUZHEmotntMLEEJSfOdhAGaZrP1natorTgbiCr0NVW9kLTEMUo21HyXVY6M1CFuIZqZuczxAxv6v9qxsPOsjcmO47avuLdk64OEfV7scsKVgH6F+P9/lsrlK84Ar2xTjr9B39W5Ki4NuxfN4qJf64mWDGmubTTJT9DAM2E1gazs/s16VYui46wLUOjUyuKNCVmTazQNKoHHOdx+nxaI2yiVQ646iFf11U7fx739GZ5IykkO1BsK/cKdheKNLu4sgnmmUltvceMk3Hp7deDu1J1i6cFdlPhDISkcUxbYhYzE5MlozJ1B7poXEKzfNC66YObnJIN2/waLHgfhsQnG2uSEClckAw2LmsWBZpad5vMKaZvN/eyjtcMYYq/qq/6iYk8kii/i1h2Sn65F8Ai+jLw9GJ0qMcVHMZLTeqKJudoOunyI8LLxUcgrDMr1U=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR05MB6109.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(136003)(346002)(39860400002)(376002)(396003)(366004)(451199015)(6506007)(53546011)(41300700001)(91956017)(36756003)(6916009)(86362001)(4326008)(5660300002)(66946007)(8936002)(54906003)(316002)(66556008)(6486002)(8676002)(478600001)(66476007)(66446008)(76116006)(33656002)(38070700005)(71200400001)(64756008)(38100700002)(122000001)(83380400001)(2616005)(6512007)(2906002)(26005)(186003)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 8rc7jwli45VR4G0y93+7JpO5+hplpmW65BXjjGbibWUnKN4mTtRKGPQBEHqzi6hM0Md5VdDD8eyUC2Qscbx2yFrcaZTZAwT27lTzOCYsrSw2yYfDD80xhNYNPr7LPaSCQw4YFBR5tC61dSuyzlcnhQlOQqErSopXayWdMvDfEYbCn/BmKSSI2h6ugsD1Qn0opJiHz/3YaS+GguDKFpOFn9P+pD9KlI1dtkN3QzwLFONwh5y7icAlmv/TMu2mKNC9dpnXgZ+sEt32BLnqvlOBnDus0/WrqqA88eJWvTO1iqWVnQ/DSZLl9NsGUtr1MWYa05BZ7qg2DJ6+1ZBZh9Ax3TakhLSTkAQ71BBKIi5iU4L+lutBLcuTJNMjbIqgPSEDatktBem7QWeY9T8TlXjsQYngK6M3BeIpDHe6FFr/MuUd3pEBIEMBv/usolHmOXuY15u/OSxmd58s4s7yavwkAnUp/uydaaH592c4zHD287n+29v3sPHdig+FPQjcTI4qaRcXhSPB3tDqkghaJEx9NKJjqbF5ciCRGeW6/tVTg2Ex0ryoV9siT9tmMI+aJJi5u/kHUb9apEBv3EghS7Tg3vdbAxpxJ2D4yObi6teovAxLYGpTrd7a9CQoewzY8UE2BIAGK8N2r3o4gzvUg13RDL8m/vlBtE13THgGRixuS8Q/ost/4NQoDQflioqfVL9VSAxfnKeMixCBJq3Puo7bVqa9NHWy4f/Qm8dH4kMx7YmZqvrQ70j3jr+vG1UumcUb27pwkiBeW59G87D24R559gMLOB7jeGSuVztsrXcNXnjNHQTrrrf7hwqI8gFtCn/WWb3Z8wgyvaUEz4ACZd+O83wT7AqC9FHirDGX0+EXj87xokHqs54Ckg7WP0kRJsVGhRxpdalejswnqsaYiJnJbtBe5qihVZzBh2JJPP2Kk5X35d9VGFGo/5xkmSKyq0pgkA0FN5BqwbjXlpLSCWeLx7kp+95dTEnzd5/5s4K+eKc0uA8XwQ2igs/RJR59tQhTsyec9UTiHKzIVyde+cNk0uL4s1+QzbKyARa323IJiR+imoKUcwwLktDi/HAK7CongOzwaocEwSITZJ3MNB+bG3HQpuQ/M7kUEIp6VoLlxBjALD/sE+HXy3bXjIjx8O2Mea5N+LEmheSn2hUixRcTA3mcVzB7CvwvcF2T3+WxdguMmA7GWXGbzhkDM7BmByN9hnASDkMwC8VKP74sQP7G+tAfFyHcctRAfOr+3mMtFhQtlOheGSS6Wlyf84P9Ta+sSlTk4kpZ+o7dIkYK4jzF4404L7V/kIfFUd8orRZtTJ5Q7lQ75KycCusNCLeyXz2i7HP4NK1PdQD/DIvrhfDxbRdpfOOruAJCO8jgEcAlrKhdiLCenKNXeSYGjs+qyk+ms94AY0AUiRu4042xXwSysMTSOhNi1gvW8m/+dngAAGjGbA+5fiY41bbFUOM6wschixfDUEmL+oTtwuKeOuJdgFuoUG4KS2sqq4e50ovD70borEAfQ72Loja+ZNzEPI++LP7uCeoCBoFm/5KVNjW/7r9f8O/HYhelKwb1poCpKZYA4vAqeti7Y19/lZfX+w/w
Content-Type: text/plain; charset="utf-8"
Content-ID: <7369AC35141A6C47A08264AD21E7D59B@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR05MB6109.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 451f1b5e-0d93-4bb8-4f6d-08dab822da09
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Oct 2022 13:55:05.2476 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 352JIdKVQR8Hu70mzCpdeC19RvnG0N1G8TnX8Jl0LBOaNkLJwlFcH1xWk+OP/2LK
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB5943
X-Proofpoint-GUID: D2Wz7hx96_wWng_dWwWK9uW1un9HZZmK
X-Proofpoint-ORIG-GUID: D2Wz7hx96_wWng_dWwWK9uW1un9HZZmK
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-10-27_07,2022-10-27_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 spamscore=0 suspectscore=0 mlxlogscore=999 impostorscore=0 clxscore=1011 malwarescore=0 bulkscore=0 lowpriorityscore=0 mlxscore=0 phishscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2210170000 definitions=main-2210270075
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/j0dl65q3zZq87ZRe0ElqtkoNVNM>
Subject: Re: [ippm] John Scudder's Discuss on draft-ietf-ippm-ioam-conf-state-07: (with DISCUSS and COMMENT)
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2022 13:55:17 -0000

Hi Xiao Min,

Some replies in-line below; I’ve snipped out agreed points that don’t need further discussion.

> On Oct 27, 2022, at 5:51 AM, xiao.min2@zte.com.cn wrote:
[…snip…]
> NEW:
>    There is a need to extend echo request/reply mechanisms used in IPv6
>    (including Segment Routing with IPv6 data plane (SRv6)), MPLS
>    (including Segment Routing with MPLS data plane (SR-MPLS)), Service
>    Function Chain (SFC) and Bit Index Explicit Replication (BIER)
>    environments, for use within the In situ Operations, Administration,
>    and Maintenance (IOAM) domain, allowing the IOAM encapsulating node
>    to discover the enabled IOAM capabilities of each IOAM transit and
>    IOAM decapsulating node.
> 
>    Although this document does not itself specify the necessary
>    extensions, it specifies formats and objects that can be used in such
>    specifications, and provides guidelines and requirements for their
>    development.
> 
> [XM]>>> It seems this comment is similar to that one made by Alvaro Retana. Does the abstract proposed by Alvaro work for you?
> 
> NEW Abstract:
> 
>    This document describes a generic format for use in echo
> request/reply mechanisms, which can be used within an In situ
> Operations, Administration, and Maintenance (IOAM) domain, allowing
> the IOAM encapsulating node to discover the enabled IOAM capabilities
> of each IOAM transit and IOAM decapsulating node.  The generic format
> is intended to be used with a variety of data planes such as IPv6,
> MPLS, Service Function Chain (SFC)
>    and Bit Index Explicit Replication (BIER).

Yes, that’s OK, although on the balance I do prefer an abstract that plainly states that follow-on documents are needed. But that’s relatively minor, Alvaro’s text works too.

[…snip…]
> - It wasn't clear to me from a quick perusal of RFC 9197 §4.3 whether a request
> carrying 0x0000 would elicit replies for all Namespace-IDs (since 0x0000
> matches everything) or if it would elicit replies only for capabilities that
> have no configured non-default namespace, or are explicitly configured with
> namespace 0x0000. Can you either clarify this in the text, or if you think it's
> clear from the reference, help me understand what makes it clear?
> 
> [XM]>>> As I understand it, a request carrying 0x0000 would elicit replies only for capabilities that are explicitly configured with namespace 0x0000. Also note that namespace 0x0000 is the default one, so if there is no any other namespace configured, then all capabilities configured are for namespace 0x0000 by default. Propose to add some text as below.
> 
> NEW
> 
>    An IOAM Capabilities Query carrying only the Default-Namespace-ID 0x0000 would elicit replies only for capabilities that are explicitly configured with the Default-Namespace-ID 0x0000.

That helps my understanding, thanks. I wonder if the new text above is exactly what you want or if it would benefit from a little more tuning. Two questions to consider —

- As written the statement doesn’t apply to a query carrying 0x0000 and some other value, say 0x0001. Probably you don’t want to restrict it to only singleton 0x0000 lists? Probably you could fix this by dropping the first instance of “only”, so “… carrying the Default-Namespace-ID”. (Keep the second “only” though.)
- Do you really want to restrict it to “explicitly configured”? That might create some ambiguity with regard to capabilities that are implicitly configured with 0x0000, for example, due to a system default. Perhaps drop “explicitly”?

So the possible revision is:

   An IOAM Capabilities Query carrying the Default-Namespace-ID 0x0000 would elicit replies only for capabilities that are configured with the Default-Namespace-ID 0x0000.

[…snip…]
> - The specification that the payload is zero-padded to 4-octet alignment
> carries some implications. Let's explore these with an example. Suppose we want
> to signal a single Namespace-ID, 0x0001. Then presumably the payload has to be
> 0x0001 0x0000, once the mandated pad bytes are added. Is the receiver supposed
> to know that it ignores the 0x0000 value (which is otherwise the
> Default-Namespace-ID) because it comes at the end of the list, not the
> beginning as the previous paragraph required? If so, this seems worth calling
> out. If not, how is the receiver supposed to know where payload ends and
> padding begins?
> 
> [XM]>>> In your example, I believe the last 0x0000 should be treated as padding by the receiver. Do you see a need for some new text?

Yes I do, I think that case is too subtle to leave it to the implementor to figure out and indeed someone might misapply Postel’s principle and consume the 0x0000 anyway, absent clear direction to the contrary. Perhaps something like,

OLD:
   The IOAM Capabilities Query Container has a container header that is
   used to identify the type and optionally length of the container
   payload, and the container payload (List of IOAM Namespace-IDs) is
   zero-padded to align to a 4-octet boundary.

NEW:
   The IOAM Capabilities Query Container has a container header that is
   used to identify the type and optionally length of the container
   payload, and the container payload (List of IOAM Namespace-IDs) is
   zero-padded to align to a 4-octet boundary. Note that since the
   Default-Namespace-ID of 0x0000 is mandated to appear first in the
   list, if it appears any trailing 0x0000 octets must therefore be padding
   and MUST be disregarded.

> ### Section 3.2, container format, padding
> 
> Similar questions to those above apply to:
> 
> ```
>    The IOAM Capabilities Response Container has a container header that
>    is used to identify the type and optionally length of the container
>    payload, and the container payload (List of IOAM Capabilities
>    Objects) is zero-padded to align to a 4-octet boundary.
> ```
> 
> That is, considering you've disclaimed defining specifics about the semantics
> of the header, how is the recipient of one of these things supposed to know how
> to ignore the zero-padding?
> 
> 
> 
> I do see that all the objects you've defined in this document are a multiple of
> four bytes long (if we assume their unspecified headers are a multiple of four
> byte long, that is!) so no padding would ever be required for a payload
> consisting only of these objects, and thus my question wouldn't apply. But if
> that's the answer to my question, then the final clause I quote above (about
> zero-padding) should just be removed.
> 
> [XM]>>> Will remove the final clause you quoted above (about zero-padding).

OK. 

How problematic would it be if the header turned out not to be word-aligned? Do you need to say something about this in the spec? (This applies to everywhere you have an abstract header in the spec.)

> ### Section 3.2, object format, padding
> 
> ```
>    Similar to the container, each object has an object header that is
>    used to identify the type and length of the object payload, and the
>    object payload is zero-padded to align to a 4-octet boundary.
> ```
> 
> Similar to the above, in some cases there will be a need to know how to
> separate payload from padding. In all the objects you defined in Sections 3.2.x
> this is unnecessary (*if* you assume the unspecified header is 4-octet aligned
> itself) since you've carefully specified them so that they don't require
> padding.
> 
> It might be more straightforward to just mandate that future object
> specifications have a length that is a multiple of four octets, as all of your
> current ones do. That defers the question of what to do about variable payloads
> to the specification of the -- notional? -- object that has such a payload.
> 
> [XM]>>> Will remove the final clause you quoted above (about zero-padding). Do you see a need for some new text?

It comes back to the question above — how problematic is it, if something ends up not being word-aligned in the future? I suppose you wouldn’t have mandated word-alignment if you didn’t think it was important, so that implies you should say something. For example,

OLD:
   Similar to the container, each object has an object header that is
   used to identify the type and length of the object payload, and the
   object payload is zero-padded to align to a 4-octet boundary.

NEW:
   Similar to the container, each object has an object header that is
   used to identify the type and length of the object payload. The 
   object payload MUST be defined such that it falls on a four-octet
   boundary.

[…snip…]
> ### Section 6, integrity protection
> 
> You talk about integrity protection in passing. Let's assume a deployment
> hasn't enabled any kind of integrity protection. Have you done any analysis of
> what kind of mischief an attacker could cause by inserting incorrect
> capabilities in a forged response?
> 
> [XM]>>> Before I read your question, no :-) I think one possible mischief is that the IOAM encapsulated data packet could be dropped due to its size exceeds the path MTU, another one is that the added IOAM header could not be processed by the nodes along the path.

Those don’t sound too serious. Up to you whether to include that in the section, but I don’t think it would hurt.

Thanks,

—John

v2.23.0 | Report a Bug | By Email