IETF Logo Mail Archive

Re: 6MAN Working group last call: draft-ietf-6man-rdnss-rfc6106bis

otroan@employees.org Fri, 11 March 2016 12:12 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 421B112D698 for <ipv6@ietfa.amsl.com>; Fri, 11 Mar 2016 04:12:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=employees.org; domainkeys=pass (1024-bit key) header.from=otroan@employees.org header.d=employees.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kebvy2NgVrTT for <ipv6@ietfa.amsl.com>; Fri, 11 Mar 2016 04:12:04 -0800 (PST)
Received: from cowbell.employees.org (cowbell.employees.org [65.50.211.142]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C87FE12D566 for <ipv6@ietf.org>; Fri, 11 Mar 2016 04:12:04 -0800 (PST)
Received: from cowbell.employees.org (localhost [127.0.0.1]) by cowbell.employees.org (Postfix) with ESMTP id 1B4D8D7881; Fri, 11 Mar 2016 04:12:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=employees.org; h=subject :mime-version:content-type:from:in-reply-to:date:cc:message-id :references:to; s=selector1; bh=kBGZYpFNBqC/qNOQ/S0wnPUpddI=; b= Ou5eaON+4RtMUgalCWP+p/mMeTAmgOEiVdNdb0tBPQoKArlgy8VlYTAwo3rBHHnH +PIkyINQC1dLCbzxF7NORx9g40fcOjy6COwX1W3gEYNfuBS1eR0Ps7OfDru9G2UJ mGOwj9dbdasCZ0j08RuzXLCOw7t3ND6anCJXSkb9l5E=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=employees.org; h=subject :mime-version:content-type:from:in-reply-to:date:cc:message-id :references:to; q=dns; s=selector1; b=Fp/U3YE5fBNc6gnO3hCwMb3DdG THCnvPJ30Du8xgy5nNsVo1vIQS8qw5ZSz64pzfZ9Lm5f/GNe8CGU9PQ5D4jz4Ud0 35y9U6rZqcta+eqNhRa43t+7i+dQVKmMeYnmjJeaWm9YXg8y2YFj98GXaVfVZaPf 0duYhTbBZFtwM66pg=
Received: from h.hanazo.no (unknown [173.38.220.40]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: otroan) by cowbell.employees.org (Postfix) with ESMTPSA id A5CF2D7884; Fri, 11 Mar 2016 04:12:02 -0800 (PST)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by h.hanazo.no (Postfix) with ESMTP id BBEBE1282BDA; Fri, 11 Mar 2016 13:11:59 +0100 (CET)
Subject: Re: 6MAN Working group last call: draft-ietf-6man-rdnss-rfc6106bis
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
Content-Type: multipart/signed; boundary="Apple-Mail=_840FCCEF-277A-4540-B583-B0AA83E1ECA4"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.6b2
From: otroan@employees.org
In-Reply-To: <CAJE_bqcetbtgsje4TqCpUF+zoUL19RHjWj2-xg+N39i8XodDVQ@mail.gmail.com>
Date: Fri, 11 Mar 2016 13:11:58 +0100
Message-Id: <517ACBE4-46C3-40C7-86E5-5906309E6BA9@employees.org>
References: <6AC58C26-01B6-4C16-851F-0C1228CDD2AF@employees.org> <CAJE_bqfvE0jGoRi2X=ohpqsXmGx9AVKnjeGH-P8zWp6=3_kbVA@mail.gmail.com> <CAPK2DewJ0uF9i_uaKLCn5gM_KGm2uv5B0a2VFm7cmNNn5acQPQ@mail.gmail.com> <CAJE_bqcetbtgsje4TqCpUF+zoUL19RHjWj2-xg+N39i8XodDVQ@mail.gmail.com>
To: 神明達哉 <jinmei@wide.ad.jp>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/43O8x_UuBqMGU1toIxAHkv9i4ko>
Cc: 6man WG <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2016 12:12:07 -0000

I would in general prefer not to see implementation specific text or text on specific implementation issues in a protocol specification.
I don't think any discussion on kernel vs user space belongs.

Best regards,
Ole


> On 07 Mar 2016, at 19:21, 神明達哉 <jinmei@wide.ad.jp> wrote:
> 
> At Mon, 7 Mar 2016 04:21:59 +0900,
> "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> wrote:
> 
>>> - Section 6
> 
>>>  This seems to assume that "ND runs in the kernel" means that all
>>>  information in RAs is managed in the kernel.  I don't know if
>>>  there's such an implementation (does Linux work that way?), but it
>>>  doesn't necessarily have to be so, and is actually different from
>>>  the BSD implementation: [...]  So, I'd at least
>>>  suggest clarifying that this kind of approach is only necessary for
>>>  some deviant protocol stack implementation that doesn't even support
>>>  RFC3542.  And, I'd also mention the FreeBSD-style approach as it
>>>  should be more generic and portable.
>>> 
>>> => I tried the current text as follows:
> 
> I don't think the revised text really addresses my point (or I was not
> clear enough).  According to a follow-up message from the chairs they
> don't seem to be willing to change text that hasn't been changed from
> RFC6106, but just in case we can still make it the document more
> sense, I'd like to propose alternate text.  It replaces the entire
> Section 6, although the first paragraph is intact:
> 
>   For the configuration and management of DNS information, the
>   advertised DNS configuration information can be stored and managed in
>   both the DNS Repository and the Resolver Repository.
> 
>   Since there is nothing special in an RA message as a link-local
>   ICMPv6 message, a user space application should be readily able to
>   get access to its content including the RDNSS or DNSSL option by
>   the standard socket API [RFC3542].  Environments where the DNS
>   information (i.e., RDNSS addresses and DNS search domain names) is
>   stored in the user space can take this approach.  Note that this is
>   the case even if some other parts of the ND protocol such as router
>   discovery or link-layer address resolution are performed within the
>   kernel.
> 
>   For some peculiar environments that do not provide such an API and
>   still need to store the DNS information in the user space, it is
>   necessary to synchronize the DNS information in the kernel space
>   and the Resolver Repository in user space.  For the
>   synchronization, the implementation should provide a write
>   operation for updating DNS information from the kernel to the
>   Resolver Repository.  One approach is to have a daemon (or a
>   program that is called at defined intervals) that keeps monitoring
>   the Lifetimes of RDNSS addresses and DNS search domain names all
>   the time.  Whenever there is an expired entry in the DNS
>   Repository, the daemon can delete the corresponding entry from the
>   Resolver Repository.
> 
> BTW, out of curiosity is there any such "peculiar" environment?  As I
> said BSDs shouldn't need such an ugly hack.  I don't know much detail
> of Linux, but a quick look at the man page of its rdnssd(8) it also
> seems to work on the received RA content directly (though not using
> the standard API - Linux is notorious about its lack of support of the
> API).  If this "environment" is only an imaginary thing, I'd even
> consider removing the third paragraph (or the second paragraph of the
> original draft).
> 
>>> - Section 6.3: this section largely repeats the text of Section 6.2
>>>  and looks redundant to me.  I'd consider unifying these two sections
>>>  and eliminate unnecessary duplicates.
>>> 
>>> => Done.
> 
> I'd also remove the duplicate 'e.g.' from the first sentence of
> Section 6.3:
> 
>   When an IPv6 host receives the information of multiple DNSSL domain
>   names within a network (e.g., campus network and company network)
> 
>>>  I don't think this "RECOMMENDED" is realistic.  As a matter of fact,
>>>  SEND isn't even widely implemented, and, IMO, its deployability
>>>  issues are not easily resolved.  I don't have a specific suggestion
>>>  on how to make the whole text realistic, but I'd at least suggest
>>>  stopping to make such an unrealistic requirement, especially with an
>>>  RFC2119 keyword.
>>> 
>>> => I replaced "RECOMMENDED" with "MAY" as follows:
>>      The Secure Neighbor Discovery (SEND) protocol [RFC3971] MAY be used
>>      as a security mechanism for ND.  In this case, ND can use SEND to
>>      allow all the ND options including the RDNSS and DNSSL options to be
>>      automatically included in the signatures.  Other approaches specified
>>      in [RFC4861] can be used for securing the RA options for DNS
>>      configuration.
> 
> Personally, I don't even see the need for using an RFC2119 keyword
> here, but if non one else bothers I wouldn't object.  But in any case
> I think this change has to be noted in Appendix A.
> 
> --
> JINMEI, Tatuya
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email