Re: [lisp] Request for WG document - draft-farinacci-lisp-name-encoding

Luigi Iannone <ggx@gigix.net> Fri, 02 October 2020 11:39 UTC

Return-Path: <ggx@gigix.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC59B3A0F34 for <lisp@ietfa.amsl.com>; Fri, 2 Oct 2020 04:39:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gigix-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2qzrDQvDeyea for <lisp@ietfa.amsl.com>; Fri, 2 Oct 2020 04:39:00 -0700 (PDT)
Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A724D3A0F2E for <lisp@ietf.org>; Fri, 2 Oct 2020 04:38:59 -0700 (PDT)
Received: by mail-wr1-x42b.google.com with SMTP id o5so1430680wrn.13 for <lisp@ietf.org>; Fri, 02 Oct 2020 04:38:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gigix-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=SHOBr0zSubfB1MmXe5McQPtTJR7DnUaVOsDSC0iR+Pw=; b=z2JmuGWv7YoJY9uXc9nlXOxFLtXMkm+U+4EMY3ZbBOdK2Tz7oCJsDoQosSG/738xAe FwwINtSpukMbRKa1MHCZaPPy0T7mORzI1eHVdflvpNexoa6hhEkOSjrhHdwd03ygTQfw wBRGgO+/2h9GauaGEO2k6ft67CgsOVcfEK8atWmpZO8sV6O24uTZpNCmbyk+VDUMZ9aU EnWftm4jWuqwBD98zv031DbcCNFjzYMpAc8vskHfqMy5d0k8YddvSGnDVHliu7xY51G/ LRkxPuqX1e+RlJcIKCHjg+e5PraoIVqr8VBEhFYa+f3XJB/8ugmZGHaRAPiwqGeYwG7R 4VJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=SHOBr0zSubfB1MmXe5McQPtTJR7DnUaVOsDSC0iR+Pw=; b=WPHr5Y4nGISP+S9fBWs49nha353mIk2rY2gSrUeen4a26EMSV3x4Xne+SC240YX12a eftfgG4HTUvITgRJZw9OIlKvQ9U3h1T0OHsf8EUQ/w3pWXoOxKyy9cN5W3B0KVLYMV8o GUONsYfqFnfmqOZc69WtGAx6sMO5hCycXlQ2opHC7mLcgyEj9PeWCKEhVYFZm6vaWfsx 7w3VL7Ea5eM9J7xWtX+iHCnzu/eXZI5cm/TbEW+C2uJuQNoZ9/dH7APPBUNQilkg8mi4 5hpLt5Fbv2sbQ7G+FlMMDBsVb6ECGBHwBIvf4P+TEztOLvjj8BLM9pDhPhElTEOYb2oW s46g==
X-Gm-Message-State: AOAM5315RhCCH3B8DekOM/5j+DaxiI6PH3o56R5TWNVZn3QN9aBYKG2A d+3iP9fhcsIMri9tvTe4HeaEdA==
X-Google-Smtp-Source: ABdhPJwkZd/VPcHa+g8OnhPNaPiwJ+2Zq/nSkOR81mVccizOlPE4ICiAOURA02NvzjeLxfP1DJqTeQ==
X-Received: by 2002:a5d:61c2:: with SMTP id q2mr2752773wrv.25.1601638737568; Fri, 02 Oct 2020 04:38:57 -0700 (PDT)
Received: from ?IPv6:2a01:e0a:1ec:470:b825:e063:3650:2011? ([2a01:e0a:1ec:470:b825:e063:3650:2011]) by smtp.gmail.com with ESMTPSA id f1sm1437208wrx.75.2020.10.02.04.38.56 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 02 Oct 2020 04:38:56 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Luigi Iannone <ggx@gigix.net>
In-Reply-To: <88FFF16F-1E5F-4B41-B4A1-D3E02750F9BA@gmail.com>
Date: Fri, 02 Oct 2020 13:38:55 +0200
Cc: "Joel M. Halpern" <jmh@joelhalpern.com>, "lisp@ietf.org list" <lisp@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <18C66CDF-7714-4258-9D0C-EF4E5CEBC438@gigix.net>
References: <921b82e9-ea40-bab9-eb3e-809375528741@joelhalpern.com> <88FFF16F-1E5F-4B41-B4A1-D3E02750F9BA@gmail.com>
To: Dino Farinacci <farinacci@gmail.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/qwfJLDzC9dv62gWp6nrOraDBLUM>
Subject: Re: [lisp] Request for WG document - draft-farinacci-lisp-name-encoding
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Oct 2020 11:39:02 -0000

Dino,

Speaking as an individual (not as a chair) I have few technical comments on the document.

 

The document looks to me underspecified.
There is no formal definition of “Distinguished Name”, for what is worth the document can be renamed "LISP LCAF String encoding”
The slides you presented during IETF 96 suggest that there some longest characters match (like longest prefix match but on strings) and this part is not documented in the draft.
As an implementer, the fact that there is no explicit length field is worrisome, performance wise.
Because if I need to skip through a LCAF AFI=17 record I have anyway to parse the string since I do not know where it ends.
This can slow down operations.
I think the draft should include some specific use cases that prove that LCAF strings are really useful.
The ECDSA use case is not a compelling example since you can use LCAF AFI=XX that identifies public keys encoded in a specific way (the WG should think about proposing such encoding….)


Ciao

L.



> On 29 Sep 2020, at 22:58, Dino Farinacci <farinacci@gmail.com> wrote:
> 
> So since there seems to be support and little or no objections, can we make this draft a working group document and continue the discussion. I can add more text to reflect Joel’s comments. 
> 
> Thanks for the comments and discussion Joel. 
> 
> Dino
> 
>> On Sep 29, 2020, at 1:23 PM, Joel M. Halpern <jmh@joelhalpern.com> wrote:
>> 
>> Another way of looking at my issue here is the many problems the DNS folks have had with tXT records.  They are free-form text.  Making them useful has proven to be a major challenge.  hence, even as RLOCs rather than EIDs (where the collision problem is not an issue), I am concerned that adding this is opening a can of worms.
>> 
>> Yours,
>> Joel
>> 
>> PS: Dino, youa re correct that the hash probably won't collide with anything else.  But for anything that is not cryptographically random, collision seems a major risk.
>> 
>> PPS: Even for you hash case, you concluded that you needed a type discriminator (hash:).  Presumably so taht you would know which one you needed for the ECDSA operation.  Sensible.  But if we need that, probably eveyrone needs that.  At which point it should be part of the definition.  At which point we get into defining the structure of these naems with sufficient uniqueness.  Or sub-typing,  Or something.
>> 
>> On 9/29/2020 3:58 PM, Dino Farinacci wrote:
>>>> I think it really needs more structure.  One does not say "here is a shared database; use any key you like and hope not to collide with other users."
>>> I can add that to the draft.
>>>> 
>>>>>> If there is to be standard usage of this, and if there is to be more than one such usage, how are collisions avoided?  It is not sufficient to say "just don't" as different problems may end up needing overlapping name spaces.  The hash usage (below) assumes that the solution is to prepend the string "hash:' on the front.  But that is not formally defined, and as such is not actually a reliable mechanism.
>>>>>> (Frankly, for the hashes I would prefer to use a different EID LCAF that carries the binary hash.)
>>>>> The ecdsa-auth use-case assumes that the hash length is largest where collisions won’t happen. There are applications that use UUIDs and encodes them in distinguished-name EIDs. UUIDs do not have an allocation authority. And:
>>>> 
>>>> the ECDSA draft assumes that no other uses will begin with hash:.  This has nothing to do with length.  My concern is not collision amon hashes.  It is collision between hashes and other uses of the "distinguished name" LCAF.
>>> If the hash avoids collisions, then anything you put before it, in totality makes the name unique.
>>>> I suspect that the people supporting this have expectations on how this will work.  But it seems sufficiently basic that the semantics, rather than the encoding, is where I would expect the WG to start.  Encodings are easy.
>>>>> So lets have a look at each Internet Draft that references draft-farinacci-lisp-name-encoding and lets review those semantic encodings.
>>>> 
>>>> Looking at the couple of places you have chosen to use this, and have therefore been careful not to collide with yourself really does not tell us much.
>>> If you connect two IPv4 islands behind NATs and register their addresses to the same instance-ID to the same mapping system, those addresses will collide. The same goes for these names. That is what VPNs are used for and hence instance-IDs allows the registering entities to agree to not collide names.
>>> This is a general principle for the LISP mapping system for all EIDs being used. And note for RLOC-names, they do not have to be unique. They are free-form documentation based names.
>>>> If you want a sub-type under LCAF, then let's do that.  trying to pretend arbitrary strings have distinguishable semantics is asking for trouble.
>>> The AFI encoding is tigher and save less space in the packet and hence why it was chosen. Plus if you use it in LCAFs, there is less LCAF nesting. I'm sure many coders appreceiate this.
>>> Dino
> 
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp