[karp] Comments on draft-ietf-karp-crypto-key-table

William Atwood <william.atwood@concordia.ca> Tue, 03 December 2013 05:04 UTC

Return-Path: <william.atwood@concordia.ca>
X-Original-To: karp@ietfa.amsl.com
Delivered-To: karp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B5EB1AE033 for <karp@ietfa.amsl.com>; Mon, 2 Dec 2013 21:04:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.164
X-Spam-Level:
X-Spam-Status: No, score=0.164 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RP_MATCHES_RCVD=-0.001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oJprRy_bsYRi for <karp@ietfa.amsl.com>; Mon, 2 Dec 2013 21:04:52 -0800 (PST)
Received: from oldperseverance.encs.concordia.ca (oldperseverance.encs.concordia.ca [132.205.96.92]) by ietfa.amsl.com (Postfix) with ESMTP id 0A4A51ADFA1 for <karp@ietf.org>; Mon, 2 Dec 2013 21:04:51 -0800 (PST)
Received: from [IPv6:::1] (bill@poise.encs.concordia.ca [132.205.2.209]) by oldperseverance.encs.concordia.ca (envelope-from william.atwood@concordia.ca) (8.13.7/8.13.7) with ESMTP id rB354mm6006589 for <karp@ietf.org>; Tue, 3 Dec 2013 00:04:48 -0500
Message-ID: <529D667E.6040507@concordia.ca>
Date: Tue, 03 Dec 2013 00:05:02 -0500
From: William Atwood <william.atwood@concordia.ca>
Organization: Concordia University, Montreal
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: KARP Working Group <karp@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.58 on oldperseverance.encs.concordia.ca at 2013/12/03 00:04:48 EST
Subject: [karp] Comments on draft-ietf-karp-crypto-key-table
X-BeenThere: karp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion list for key management for routing and transport protocols <karp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/karp>, <mailto:karp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/karp/>
List-Post: <mailto:karp@ietf.org>
List-Help: <mailto:karp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/karp>, <mailto:karp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Dec 2013 05:04:54 -0000

In the spirit of the chairs' plea to read and comment on the WG
documents, I have read the crypto-key-table document carefully.
Herewith some comments, which hopefully will be useful to the authors,
even this late in the cycle.

I have also made a number of comments on formatting and grammatical
issues directly to the authors.

Note that I will use the abbreviation CKT to stand for the phrase
"crypto key table".

Technical comments

I am perfectly at ease with the restriction of this document to the case
of routing protocols, rather than general security protocols.  KARP's
mandate is restricted to routing protocols, so a solution specific to
routing protocols is appropriate.

Section 1, para 1, line 14.  "should be used" -> "MUST be used"  (Since
this document is on the standards track, and since this uniformity of
presentation is a key requirement for the CKT, I believe that we have to
require MUST here.)

Section 2, bullet "Interfaces", line 6.  "is specified by the
implementation"  It is unclear what implementation is under discussion
here.  The protocol implementation, the operating system implementation,
???  Interface definitions are a characteristic that is (as is stated)
independent of the specific protocol, but it is unclear what we should
say that they _do_ depend on.  See also the comment on Section 4, last
paragraph.

Section 2, bullet "Protocol", line 1.  Upon reading the phrase "single
security protocol" in this line, I first felt that this phrase should
have been changed when the document scope was reduced from "security
protocols" to "routing protocols".  However, in some cases, it seems
that the protocol named in this field might be "TCP-AO".  In other
cases, it is reasonable to assume that the protocol where the key will
be used is some mode of IPsec.  In still further cases, the protocol
where the key is used is the Routing Protocol itself (for example,
OSPFv2 with Authentication Trailer based security).  Therefore, I raise
the issue of should this phrase be "single security protocol" or "single
Routing Protocol" or something entirely different?

Section 2, various bullets.  I have a concern about the use of phrases
such as "the protocol defines" in Section 2.  I believe that the correct
phrasing is "the protocol specification defines".  If the community
agrees, a number of sentences in various bullets will have to be corrected.

Section 4, para under the bullets, line 2.  "shared among all protocols
on an implementation"  Should this be "shared among all protocols on a
device"?  See also the comment on Section 2, bullet "Interfaces".

  Bill


-- 
Dr. J.W. Atwood, Eng.             tel:   +1 (514) 848-2424 x3046
Distinguished Professor Emeritus  fax:   +1 (514) 848-2830
Department of Computer Science
   and Software Engineering
Concordia University EV 3.185     email:william.atwood@concordia.ca
1455 de Maisonneuve Blvd. West    http://users.encs.concordia.ca/~bill
Montreal, Quebec Canada H3G 1M8