RE: comments on draft-ietf-6man-enhanced-dad-04

"Hemant Singh (shemant)" <shemant@cisco.com> Wed, 19 February 2014 01:11 UTC

Return-Path: <shemant@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04B961A00F5 for <ipv6@ietfa.amsl.com>; Tue, 18 Feb 2014 17:11:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.049
X-Spam-Level:
X-Spam-Status: No, score=-15.049 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M_MXp3ihZhli for <ipv6@ietfa.amsl.com>; Tue, 18 Feb 2014 17:11:47 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id 9629A1A0168 for <ipv6@ietf.org>; Tue, 18 Feb 2014 17:11:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5556; q=dns/txt; s=iport; t=1392772305; x=1393981905; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=SxdUq6rq16beVgfLTjA70bqekBVYivdvcCH8NnG3G1c=; b=Fhxoj7/etJ47yu2oKxnNUauWRt2J9cK9+9pgiiIS14Fpla0o1s/5J64S WKidGLcJ7drxikabphCOUuhwCHjCCgLdYkSm5+3qxKjBqN5hIuqjZwLme OYQYHE1K0Z8n/fNszuaMpJE+65DaFG3CToTjURFeLOZsKdi+e2pgIsnfH c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgsFACUEBFOtJXG//2dsb2JhbABZgwaBD8BBgSIWdIIlAQEBBCcTSwQCAQgRBAEBCxQJBzIUCQgCBAESCBOGAoFozFYXjgIRAR84BoMegRQEqlSDLYFoBwIXIg
X-IronPort-AV: E=Sophos;i="4.97,503,1389744000"; d="scan'208";a="304965989"
Received: from rcdn-core2-4.cisco.com ([173.37.113.191]) by rcdn-iport-5.cisco.com with ESMTP; 19 Feb 2014 01:11:44 +0000
Received: from xhc-aln-x01.cisco.com (xhc-aln-x01.cisco.com [173.36.12.75]) by rcdn-core2-4.cisco.com (8.14.5/8.14.5) with ESMTP id s1J1Bi8u018748 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 19 Feb 2014 01:11:44 GMT
Received: from xmb-rcd-x06.cisco.com ([169.254.6.236]) by xhc-aln-x01.cisco.com ([173.36.12.75]) with mapi id 14.03.0123.003; Tue, 18 Feb 2014 19:11:44 -0600
From: "Hemant Singh (shemant)" <shemant@cisco.com>
To: Jouni Korhonen <jouni.nospam@gmail.com>, "draft-ietf-6man-enhanced-dad@tools.ietf.org" <draft-ietf-6man-enhanced-dad@tools.ietf.org>, IPv6 IPv6 List <ipv6@ietf.org>
Subject: RE: comments on draft-ietf-6man-enhanced-dad-04
Thread-Topic: comments on draft-ietf-6man-enhanced-dad-04
Thread-Index: AQHPJnnvIN69lWyYR0GTaz9EzyMcQ5q7yQGA
Date: Wed, 19 Feb 2014 01:11:43 +0000
Message-ID: <75B6FA9F576969419E42BECB86CB1B89115F5DD1@xmb-rcd-x06.cisco.com>
References: <78AE6729-1A26-48EA-BD31-FBBDE85C829E@gmail.com>
In-Reply-To: <78AE6729-1A26-48EA-BD31-FBBDE85C829E@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.86.246.49]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/ipv6/Q4zduJwdhqukJc_xOXZHp5Lhi5w
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Feb 2014 01:11:50 -0000

Jouni,

Good to hear from you - thanks much for the review.  Humble apologies for the delay - both WesB and I were busy.  We discussed your comments.    Please see in line below between <hs> and </hs>.

-----Original Message-----
From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Jouni Korhonen
Sent: Monday, February 10, 2014 11:05 AM
To: draft-ietf-6man-enhanced-dad@tools.ietf.org; IPv6 IPv6 List
Subject: comments on draft-ietf-6man-enhanced-dad-04

Authors,

I have a read on this document. I find it good and informative. Few comments and questions inline.

** Abstract

o There is no mention that this document updates RFC4861 and RFC4862.

<hs> The reason is because the top-left of the document says "Update: 4862, 4861".   Would you like the Abstract to also mention the same fact?  WE will also add that this document also updates the SEND RFC.
</hs>

** Section 1

      specified in [RFC4862].  Failure also includes if the Target
      Address is optimistic.  Optimistic DAD is specified in [RFC4429].

o I do not understand the sentence "Failure also includes if the Target
  Address is optimistic." Some word missing there?

<hs> I meant to say, the failure covers both a tentative and an optimistic address where the tentative address is defined in RFC 4862 and the optimistic address is defined in RFC 4429.   Either address type can be the TargetAddress of the DAD probe .  Either address type can also fail DAD due to a looped back DAD and both protocols use the same failure mechanism defined in RFC 4861. 

 New text:

[Duplication Address Detection failure as specified in [RFC4862].    Note even  Optimistic DAD as specified in [RFC4429] can fail due to a looped back DAD probe.   This document covers looped back detection for Optimistic DAD as well. ]

</hs>
      
** Section 3.2

   This solution requires no protocol changes.  This solution SHOULD be
   enabled by default, and MUST be a configurable option.

o I would clarify here, just to be clear on the context, that the above
  MUST applies only if the layer 2 has an ability to detect looped back
  messages. Proposed text:

   This solution requires no protocol changes.  This solution SHOULD be
   enabled by default, and MUST be a configurable option if the layer 2
   technology provides means for detecting loopback messages on an
   interface circuit.

<hs> Perfect suggestion and thanks for the text.  We will take the text.  </hs>

** Section 4

   SEND.  See more details in the Impact on SEND section.  Since a nonce
                                  ^^^^^^^^^^^^^^^^^^^^^^^

o I would point explicitly to the section number as well.
<hs> ok. </hs>

o The algorithm description in the second paragraph is somewhat hard to
  follow. I had to read it quite many times.. On the other hand, the
  algorithm description in Section 4.2 is far more readable. Consider
  having the algorithm description only in one place.

<hs> Agreed.  Most of the second paragraph will be deleted and we will reference section 4.2 in the second paragraph.  </hs>

** Section 4.2

   The MAX_MULTICAST_SOLICIT number of
   NS(DAD) messages sequence continues until the stop condition is
   reached.

o Or manual administrative actions are taken, right?

<hs> Yes.  New text below:

   The MAX_MULTICAST_SOLICIT number of NS(DAD) messages sequence continues until the stop condition is
   Reached or manual intervention is undertaken.

</hs>


o The stop condition and ending the probing means the interface moves
  the Target Address to assigned state, right? I would say that
  explicitly.

<hs>OK - will do.  Note one reviewer (in private email)  wanted the address to move to assigned state whether a looped back DAD was received within the RetransTimer milliseconds interval or not.  But I replied, what good is an assigned address until I the interface detects the loopback has stopped because unless the loopback stops, the assigned address can be used to only to send traffic that is looped right back.   
</hs>

** Section 4.4

   detecting looped back ND messages.  If this document updates
   [RFC4862], SEND should be updated to integrate with the Enhanced DAD
   algorithm.  A minor update to SEND would be to explicitly mention

o "If this document updates.." well it does. Propose changing the text to
  something like "Since this document.."
o Why there is no proposal for those "minor" SEND updates?

<hs>Will take your suggestion and propose text in our next revision.  </hs>

** Section 4.5

   The following text is added to [RFC4862].

o Added where in RFC4862? Propose an explicit place.
o The added text should probably have a reference to this document.

<hs>Ok, will do. </hs>

** Section 4.6

o Changes where exactly in RFC4861? Propose an explicit place.
o The added text should probably have a reference to this document.

<hs>Ok, will do. </hs>

** Section 6

   algorithm.  SEND is recommended for this exploit.  For any mitigation

o I would say SEND is not recommend for this exploit rather SEND is recommended
  to circumvent this exploit.

<hs>Agreed.  Will take your suggestion.  </hs>

** Section 9

o Obsolete normative reference to RFC1247 (obsoleted by RFC1583) o No reference to RFC2119 (also there is no typical RFC2119 boilerplate text) o draft-ietf-6man-impatient-nud -> RFC7048

<hs> will do </hs>

Thanks much,

Hemant