Re: [L2tpext] Mirja Kühlewind's No Objection on draft-ietf-l2tpext-keyed-ipv6-tunnel-07: (with COMMENT)

"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Tue, 01 November 2016 13:43 UTC

Return-Path: <cpignata@cisco.com>
X-Original-To: l2tpext@ietfa.amsl.com
Delivered-To: l2tpext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25B4C1296E8; Tue, 1 Nov 2016 06:43:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.017
X-Spam-Level:
X-Spam-Status: No, score=-16.017 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z814aNuZVe_0; Tue, 1 Nov 2016 06:43:07 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83E4712955D; Tue, 1 Nov 2016 06:43:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7842; q=dns/txt; s=iport; t=1478007787; x=1479217387; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Ym1VGrfod3UCC8Gn+l5M8e0Q24EtgtouSKwinVl32PY=; b=lGjIPItD0ljOnTL0G3a5+f+6D5EppmnmTAhHkAr4VTyOZwRy1EcvWrPE b2nHNPaHM9yWpcUkGrasAoa1Jo/JicewJMbau6SHMGrOO+mKLerBucoo0 86/5f2UjMvSfg8JQkVtGpIZ5x1qXEbvCLOxJUdpBbvX3o+kEY7En2ruiq w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C1AgClmhhY/5RdJa1cGgEBAQECAQEBA?= =?us-ascii?q?QgBAQEBgyoBAQEBAR9YfAeNL6YvTYI7gg+CByiFegIagg4/FAECAQEBAQEBAWI?= =?us-ascii?q?ohGIBAQQjVhACAQgOMQMCAgIwFAYLAgQOBYhUDqk/jHcBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEXBYY9gX2CWIQZEQGDIC2CLwWIOQ2LdoVeAYYwigSBboRuiSqHO4V?= =?us-ascii?q?YhAMBHjZgg1iBO3IBhS+BIIEMAQEB?=
X-IronPort-AV: E=Sophos;i="5.31,579,1473120000"; d="scan'208,217";a="340950811"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 01 Nov 2016 13:43:06 +0000
Received: from XCH-RTP-020.cisco.com (xch-rtp-020.cisco.com [64.101.220.160]) by rcdn-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id uA1Dh62O010035 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 1 Nov 2016 13:43:06 GMT
Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-020.cisco.com (64.101.220.160) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 1 Nov 2016 09:43:05 -0400
Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1210.000; Tue, 1 Nov 2016 09:43:05 -0400
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: Mirja Kuehlewind <ietf@kuehlewind.net>
Thread-Topic: =?utf-8?B?TWlyamEgS8O8aGxld2luZCdzIE5vIE9iamVjdGlvbiBvbiBkcmFmdC1pZXRm?= =?utf-8?Q?-l2tpext-keyed-ipv6-tunnel-07:_(with_COMMENT)?=
Thread-Index: AQHSMp1s1neZKyG+4EeQyhR1pIPk46DEaZGA
Date: Tue, 1 Nov 2016 13:43:05 +0000
Message-ID: <84DBFFEC-3FAA-4AE2-94B9-C80ABBA73B14@cisco.com>
References: <147782548147.20732.6496851240146212616.idtracker@ietfa.amsl.com>
In-Reply-To: <147782548147.20732.6496851240146212616.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.150.48.131]
Content-Type: multipart/alternative; boundary="_000_84DBFFEC3FAA4AE294B9C80ABBA73B14ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/l2tpext/quK9RDWTNZgFiyT8FF3HPEzl_uI>
Cc: "draft-ietf-l2tpext-keyed-ipv6-tunnel@ietf.org" <draft-ietf-l2tpext-keyed-ipv6-tunnel@ietf.org>, "l2tpext@ietf.org" <l2tpext@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-l2tpext-keyed-ipv6-tunnel.all@ietf.org" <draft-ietf-l2tpext-keyed-ipv6-tunnel.all@ietf.org>, "l2tpext-chairs@ietf.org" <l2tpext-chairs@ietf.org>
Subject: Re: [L2tpext] =?utf-8?q?Mirja_K=C3=BChlewind=27s_No_Objection_on_draf?= =?utf-8?q?t-ietf-l2tpext-keyed-ipv6-tunnel-07=3A_=28with_COMMENT=29?=
X-BeenThere: l2tpext@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Layer Two Tunneling Protocol Extensions <l2tpext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/l2tpext/>
List-Post: <mailto:l2tpext@ietf.org>
List-Help: <mailto:l2tpext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 13:43:09 -0000

Thanks Mirja.

Authors, some follow-ups inline as shepherd.

On Oct 30, 2016, at 7:04 AM, Mirja Kuehlewind <ietf@kuehlewind.net<mailto:ietf@kuehlewind.net>> wrote:

Mirja Kühlewind has entered the following ballot position for
draft-ietf-l2tpext-keyed-ipv6-tunnel-07: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-l2tpext-keyed-ipv6-tunnel/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Two questions:

1) I assume this was in depth discussed in the wg but the given reasoning
for the following MUST does still not justify a MUST for me:
"All packets MUST carry the 64-bit L2TPv3 cookie field."
I would assume that there are possible deployment scenarios e.g. within a
single domain where other existing protection mechanisms might be
sufficient already that you don't really need the cookie…?

The 3rd and 4th paragraphs of https://tools.ietf.org/html/rfc3931#section-8.2 are relevant for this comment.


2) Further this is not normative language and i wonder if it should be:
"However, for compatibility with existing RFC3931 implementations, the
packets need to be sent with Session ID."
Again I assume that this could be a SHOULD because if you know that you
don't have devices that (only) implement RFC3931, you could probably even
neglect the session id...?



I think normative language is preferred here, as this is for Interop.

Thanks,

— Carlos.