Re: comments on draft-ietf-6man-enhanced-dad-04
Jouni Korhonen <jouni.nospam@gmail.com> Mon, 24 February 2014 10:04 UTC
Return-Path: <jouni.nospam@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2AC31A043E for <ipv6@ietfa.amsl.com>; Mon, 24 Feb 2014 02:04:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NljKZbRlXsb6 for <ipv6@ietfa.amsl.com>; Mon, 24 Feb 2014 02:04:51 -0800 (PST)
Received: from mail-la0-x22e.google.com (mail-la0-x22e.google.com [IPv6:2a00:1450:4010:c03::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 845521A0428 for <ipv6@ietf.org>; Mon, 24 Feb 2014 02:04:51 -0800 (PST)
Received: by mail-la0-f46.google.com with SMTP id b8so5380830lan.19 for <ipv6@ietf.org>; Mon, 24 Feb 2014 02:04:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=XVUnlb/WvatHaTCctx9Y0ZpPPxONCVf3KmxsST1RQxY=; b=XDmR/R8jFLCu6nF8FFRczl6zf/m7bUztjM2xlysvKSde49OA+2KxC5J2+Wq5rLpFzD jDE3LesWY/9fvVo04y9sRI1kazRwD5cv2H/dIqB+kxFXxvQlNfTzkK3cUuhHBCDAfKHe 3+aJ9ofHvX6Vl1n8DsF2n+kgrx1HRRsw3UiqLr3AMhWx1ZKAn/+F1ChtpmncCp56VHD0 e/zZmufLWCHpUHhqfKi32qgBebGCAjPUQLj9asl9XqlAgyN17phm8zXnyIUksAQuX5oq 2XIgoifyWDfUdry+IZG1sJOpx6mF/UKS1LGRmwPwfSh60nPReRG0lYrXgSMVu2bWW1PH ab/w==
X-Received: by 10.152.203.193 with SMTP id ks1mr11779736lac.0.1393236290140; Mon, 24 Feb 2014 02:04:50 -0800 (PST)
Received: from [188.117.15.108] ([188.117.15.108]) by mx.google.com with ESMTPSA id gb8sm18065387lbc.13.2014.02.24.02.04.49 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 24 Feb 2014 02:04:49 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
Subject: Re: comments on draft-ietf-6man-enhanced-dad-04
From: Jouni Korhonen <jouni.nospam@gmail.com>
In-Reply-To: <75B6FA9F576969419E42BECB86CB1B89115F5DD1@xmb-rcd-x06.cisco.com>
Date: Mon, 24 Feb 2014 12:04:55 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <796E1FAC-8B6F-42F4-9D6B-27D37B86F805@gmail.com>
References: <78AE6729-1A26-48EA-BD31-FBBDE85C829E@gmail.com> <75B6FA9F576969419E42BECB86CB1B89115F5DD1@xmb-rcd-x06.cisco.com>
To: Hemant Singh <shemant@cisco.com>
X-Mailer: Apple Mail (2.1510)
Archived-At: http://mailarchive.ietf.org/arch/msg/ipv6/GTU0xV1wdXMFCDGwTW6KfF4bssw
Cc: "draft-ietf-6man-enhanced-dad@tools.ietf.org" <draft-ietf-6man-enhanced-dad@tools.ietf.org>, IPv6 IPv6 List <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2014 10:04:53 -0000
Hi Hemant, Sorry for a slow reply.. been reading other lists lately ;-) Comments inline. On Feb 19, 2014, at 3:11 AM, Hemant Singh (shemant) <shemant@cisco.com> wrote: > Jouni, > > Good to hear from you - thanks much for the review. Humble apologies for the delay - both WesB and I were busy. We discussed your comments. Please see in line below between <hs> and </hs>. > > -----Original Message----- > From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Jouni Korhonen > Sent: Monday, February 10, 2014 11:05 AM > To: draft-ietf-6man-enhanced-dad@tools.ietf.org; IPv6 IPv6 List > Subject: comments on draft-ietf-6man-enhanced-dad-04 > > Authors, > > I have a read on this document. I find it good and informative. Few comments and questions inline. > > ** Abstract > > o There is no mention that this document updates RFC4861 and RFC4862. > > <hs> The reason is because the top-left of the document says "Update: 4862, 4861". Would you like the Abstract to also mention the same fact? WE will also add that this document also updates the SEND RFC. > </hs> It is just the IDnits complains if the abstract does not state that "updates RFC xyz etc". That's why I prefer those being there. Listing update to SeND RFC is good as well! > > ** Section 1 > > specified in [RFC4862]. Failure also includes if the Target > Address is optimistic. Optimistic DAD is specified in [RFC4429]. > > o I do not understand the sentence "Failure also includes if the Target > Address is optimistic." Some word missing there? > > <hs> I meant to say, the failure covers both a tentative and an optimistic address where the tentative address is defined in RFC 4862 and the optimistic address is defined in RFC 4429. Either address type can be the TargetAddress of the DAD probe . Either address type can also fail DAD due to a looped back DAD and both protocols use the same failure mechanism defined in RFC 4861. > > New text: > > [Duplication Address Detection failure as specified in [RFC4862]. Note even Optimistic DAD as specified in [RFC4429] can fail due to a looped back DAD probe. This document covers looped back detection for Optimistic DAD as well. ] > > </hs> Looks good to me now. > > ** Section 3.2 > > This solution requires no protocol changes. This solution SHOULD be > enabled by default, and MUST be a configurable option. > > o I would clarify here, just to be clear on the context, that the above > MUST applies only if the layer 2 has an ability to detect looped back > messages. Proposed text: > > This solution requires no protocol changes. This solution SHOULD be > enabled by default, and MUST be a configurable option if the layer 2 > technology provides means for detecting loopback messages on an > interface circuit. > > <hs> Perfect suggestion and thanks for the text. We will take the text. </hs> Ack. > > ** Section 4 > > SEND. See more details in the Impact on SEND section. Since a nonce > ^^^^^^^^^^^^^^^^^^^^^^^ > > o I would point explicitly to the section number as well. > <hs> ok. </hs> Thanks. > > o The algorithm description in the second paragraph is somewhat hard to > follow. I had to read it quite many times.. On the other hand, the > algorithm description in Section 4.2 is far more readable. Consider > having the algorithm description only in one place. > > <hs> Agreed. Most of the second paragraph will be deleted and we will reference section 4.2 in the second paragraph. </hs> Good. Thanks. > > ** Section 4.2 > > The MAX_MULTICAST_SOLICIT number of > NS(DAD) messages sequence continues until the stop condition is > reached. > > o Or manual administrative actions are taken, right? > > <hs> Yes. New text below: > > The MAX_MULTICAST_SOLICIT number of NS(DAD) messages sequence continues until the stop condition is > Reached or manual intervention is undertaken. > > </hs> Ack. > > > o The stop condition and ending the probing means the interface moves > the Target Address to assigned state, right? I would say that > explicitly. > > <hs>OK - will do. Note one reviewer (in private email) wanted the address to move to assigned state whether a looped back DAD was received within the RetransTimer milliseconds interval or not. But I replied, what good is an assigned address until I the interface detects the loopback has stopped because unless the loopback stops, the assigned address can be used to only to send traffic that is looped right back. > </hs> Ok. Thanks. > > ** Section 4.4 > > detecting looped back ND messages. If this document updates > [RFC4862], SEND should be updated to integrate with the Enhanced DAD > algorithm. A minor update to SEND would be to explicitly mention > > o "If this document updates.." well it does. Propose changing the text to > something like "Since this document.." > o Why there is no proposal for those "minor" SEND updates? > > <hs>Will take your suggestion and propose text in our next revision. </hs> Ok. Thanks. > > ** Section 4.5 > > The following text is added to [RFC4862]. > > o Added where in RFC4862? Propose an explicit place. > o The added text should probably have a reference to this document. > > <hs>Ok, will do. </hs> Ack. > > ** Section 4.6 > > o Changes where exactly in RFC4861? Propose an explicit place. > o The added text should probably have a reference to this document. > > <hs>Ok, will do. </hs> Ack. > > ** Section 6 > > algorithm. SEND is recommended for this exploit. For any mitigation > > o I would say SEND is not recommend for this exploit rather SEND is recommended > to circumvent this exploit. > > <hs>Agreed. Will take your suggestion. </hs> Ack. > > ** Section 9 > > o Obsolete normative reference to RFC1247 (obsoleted by RFC1583) o No reference to RFC2119 (also there is no typical RFC2119 boilerplate text) o draft-ietf-6man-impatient-nud -> RFC7048 > > <hs> will do </hs> Ack. > > Thanks much, You are welcome! - Jouni > > Hemant >
- comments on draft-ietf-6man-enhanced-dad-04 Jouni Korhonen
- RE: comments on draft-ietf-6man-enhanced-dad-04 Hemant Singh (shemant)
- Re: comments on draft-ietf-6man-enhanced-dad-04 Jouni Korhonen