IETF Logo Mail Archive

Re: 6MAN Working group last call: draft-ietf-6man-rdnss-rfc6106bis

神明達哉 <jinmei@wide.ad.jp> Mon, 07 March 2016 18:21 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: ipv6@ietfc.amsl.com
Delivered-To: ipv6@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 89FEA1CD7B3 for <ipv6@ietfc.amsl.com>; Mon, 7 Mar 2016 10:21:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.45
X-Spam-Level:
X-Spam-Status: No, score=-0.45 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfc.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.41]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l_5nVk32oBp7 for <ipv6@ietfc.amsl.com>; Mon, 7 Mar 2016 10:21:40 -0800 (PST)
Received: from mail-ig0-x22f.google.com (mail-ig0-x22f.google.com [IPv6:2607:f8b0:4001:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfc.amsl.com (Postfix) with ESMTPS id 399471CD7B6 for <ipv6@ietf.org>; Mon, 7 Mar 2016 10:21:40 -0800 (PST)
Received: by mail-ig0-x22f.google.com with SMTP id vs8so30433620igb.1 for <ipv6@ietf.org>; Mon, 07 Mar 2016 10:21:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=+b+xgKcqrRBOFD6CbNauYdLK7xDZYVVkLWgyV3oxUTk=; b=Cf1qo0Z+1l1zgbYbz36priDrxPyA8mAyMk3NoLVlvNHHUveaqch/If/UVFHroFEh1U cGKzC/ON5bH2bhBx2H1S7Kl6hxUJBA1H3BzXUE3KMK5i2G8CJ5tbTdC1Du/zReqh234+ eASiIPBWT+wrkt0gbdF7AL3wifBXYzp2+t14XIAec70/dbDCJPt4U842py3uH0CWys+X 7xWHkwy5Uw85l8V9X0q/F64mL8IuklnkBOpGY4tHwE5wNbtE2xIuEHJA4qaRPq5GQYJ4 tFgEZoipwKm6yzZiJnK9E+o/Dd6dtlTwXu4lagd2VxqGjQd8GB1y7FyGfQsdg1KF8e8w km0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=+b+xgKcqrRBOFD6CbNauYdLK7xDZYVVkLWgyV3oxUTk=; b=e5m4EHtsGGSfkzy8MvQdXOq3P/U9U6EWjc6pSvLB0kVMzpHDn9xGMVeKoshxl/XmEr A3+IM7TMlW0pHvB6WnAGZ18Pq0RmnG5h9YTTbtM454aVOTVN1QDeUFXPfmbBptN+8tj/ /0hl1Kb1OR8ZenbErDplVxH8ss3MNGjFO8EP6J1hV8IJ1/461s4iQfQQ+QEqqXgXv1eR Kc6e+C17G4Zz6MNb1tlUNE7z1xigCVdtIlLRr8C3BCWyQGYh/5sqo1ki0J1r73fUamJi hFzcOM3jJS7NVtG2M6bfNH00lbjS6k5Wh3ea5BBoFnxMQVYa5wQqFmtvd/HnKHLyWXxp SASw==
X-Gm-Message-State: AD7BkJJLzAZA5A4zTpWAeTkU0UY87xjN9oNT9wE6wTEbdTZ/ZNPkGpWOL5LtnyZeMur7nHY+mWYn2t2Ra9pYvA==
MIME-Version: 1.0
X-Received: by 10.50.118.67 with SMTP id kk3mr12680827igb.64.1457374899530; Mon, 07 Mar 2016 10:21:39 -0800 (PST)
Sender: jinmei.tatuya@gmail.com
Received: by 10.107.56.136 with HTTP; Mon, 7 Mar 2016 10:21:39 -0800 (PST)
In-Reply-To: <CAPK2DewJ0uF9i_uaKLCn5gM_KGm2uv5B0a2VFm7cmNNn5acQPQ@mail.gmail.com>
References: <6AC58C26-01B6-4C16-851F-0C1228CDD2AF@employees.org> <CAJE_bqfvE0jGoRi2X=ohpqsXmGx9AVKnjeGH-P8zWp6=3_kbVA@mail.gmail.com> <CAPK2DewJ0uF9i_uaKLCn5gM_KGm2uv5B0a2VFm7cmNNn5acQPQ@mail.gmail.com>
Date: Mon, 07 Mar 2016 10:21:39 -0800
X-Google-Sender-Auth: 1tIBf12Od41ORMK3v358tzP7-XM
Message-ID: <CAJE_bqcetbtgsje4TqCpUF+zoUL19RHjWj2-xg+N39i8XodDVQ@mail.gmail.com>
Subject: Re: 6MAN Working group last call: draft-ietf-6man-rdnss-rfc6106bis
From: 神明達哉 <jinmei@wide.ad.jp>
To: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/3I-8qZHrtrUHRTozGSPcihiSGXA>
Cc: Bob Hinden <bob.hinden@gmail.com>, 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Mar 2016 18:21:41 -0000

At Mon, 7 Mar 2016 04:21:59 +0900,
"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> wrote:

> > - Section 6

> >   This seems to assume that "ND runs in the kernel" means that all
> >   information in RAs is managed in the kernel.  I don't know if
> >   there's such an implementation (does Linux work that way?), but it
> >   doesn't necessarily have to be so, and is actually different from
> >   the BSD implementation: [...]  So, I'd at least
> >   suggest clarifying that this kind of approach is only necessary for
> >   some deviant protocol stack implementation that doesn't even support
> >   RFC3542.  And, I'd also mention the FreeBSD-style approach as it
> >   should be more generic and portable.
> >
> >  => I tried the current text as follows:

I don't think the revised text really addresses my point (or I was not
clear enough).  According to a follow-up message from the chairs they
don't seem to be willing to change text that hasn't been changed from
RFC6106, but just in case we can still make it the document more
sense, I'd like to propose alternate text.  It replaces the entire
Section 6, although the first paragraph is intact:

   For the configuration and management of DNS information, the
   advertised DNS configuration information can be stored and managed in
   both the DNS Repository and the Resolver Repository.

   Since there is nothing special in an RA message as a link-local
   ICMPv6 message, a user space application should be readily able to
   get access to its content including the RDNSS or DNSSL option by
   the standard socket API [RFC3542].  Environments where the DNS
   information (i.e., RDNSS addresses and DNS search domain names) is
   stored in the user space can take this approach.  Note that this is
   the case even if some other parts of the ND protocol such as router
   discovery or link-layer address resolution are performed within the
   kernel.

   For some peculiar environments that do not provide such an API and
   still need to store the DNS information in the user space, it is
   necessary to synchronize the DNS information in the kernel space
   and the Resolver Repository in user space.  For the
   synchronization, the implementation should provide a write
   operation for updating DNS information from the kernel to the
   Resolver Repository.  One approach is to have a daemon (or a
   program that is called at defined intervals) that keeps monitoring
   the Lifetimes of RDNSS addresses and DNS search domain names all
   the time.  Whenever there is an expired entry in the DNS
   Repository, the daemon can delete the corresponding entry from the
   Resolver Repository.

BTW, out of curiosity is there any such "peculiar" environment?  As I
said BSDs shouldn't need such an ugly hack.  I don't know much detail
of Linux, but a quick look at the man page of its rdnssd(8) it also
seems to work on the received RA content directly (though not using
the standard API - Linux is notorious about its lack of support of the
API).  If this "environment" is only an imaginary thing, I'd even
consider removing the third paragraph (or the second paragraph of the
original draft).

> > - Section 6.3: this section largely repeats the text of Section 6.2
> >   and looks redundant to me.  I'd consider unifying these two sections
> >   and eliminate unnecessary duplicates.
> >
> >  => Done.

I'd also remove the duplicate 'e.g.' from the first sentence of
Section 6.3:

   When an IPv6 host receives the information of multiple DNSSL domain
   names within a network (e.g., campus network and company network)

> >   I don't think this "RECOMMENDED" is realistic.  As a matter of fact,
> >   SEND isn't even widely implemented, and, IMO, its deployability
> >   issues are not easily resolved.  I don't have a specific suggestion
> >   on how to make the whole text realistic, but I'd at least suggest
> >   stopping to make such an unrealistic requirement, especially with an
> >   RFC2119 keyword.
> >
> >  => I replaced "RECOMMENDED" with "MAY" as follows:
>       The Secure Neighbor Discovery (SEND) protocol [RFC3971] MAY be used
>       as a security mechanism for ND.  In this case, ND can use SEND to
>       allow all the ND options including the RDNSS and DNSSL options to be
>       automatically included in the signatures.  Other approaches specified
>       in [RFC4861] can be used for securing the RA options for DNS
>       configuration.

Personally, I don't even see the need for using an RFC2119 keyword
here, but if non one else bothers I wouldn't object.  But in any case
I think this change has to be noted in Appendix A.

--
JINMEI, Tatuya

v2.23.0 | Report a Bug | By Email