IETF Logo Mail Archive

[lmap] AD evaluation: draft-ietf-lmap-information-model-16

Alissa Cooper <alissa@cooperw.in> Mon, 23 January 2017 19:22 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: lmap@ietfa.amsl.com
Delivered-To: lmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13AC51294F7 for <lmap@ietfa.amsl.com>; Mon, 23 Jan 2017 11:22:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cooperw.in header.b=oZ/QPPCH; dkim=pass (1024-bit key) header.d=messagingengine.com header.b=so558xe0
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6oKWunAzdKiH for <lmap@ietfa.amsl.com>; Mon, 23 Jan 2017 11:22:27 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA17C129496 for <lmap@ietf.org>; Mon, 23 Jan 2017 11:22:26 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 5408520744 for <lmap@ietf.org>; Mon, 23 Jan 2017 14:22:26 -0500 (EST)
Received: from frontend2 ([10.202.2.161]) by compute7.internal (MEProxy); Mon, 23 Jan 2017 14:22:26 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h= content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=ULrxNhECrY2g0pOJx6S7ewsO+Os=; b=oZ/QPP CHW17wsvcCXCbauiAKjXkIjMvK4EVgdIULq2Si/n1wZ2f2BNOF2xdT25DPvoGPsD p4PLaQlReU4GNhIheNJQGCQ2Af0FbSjF5aggDpI/gWIc6koDKFV3XuxegMu2kLYt C7+isJyhVf+1Zhmc+q0jYQPYcns/HD9dhPG1o=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=smtpout; bh=ULrxNhECrY2g0p OJx6S7ewsO+Os=; b=so558xe0a3+dkSP6LbDfzcUWQOjCGaYNONA8zLvgFQ1cns YY7X+l1pTOokvHEX4RUE5dCWMtlGhdySdagy+QaWHZ7THJZzlTTrxJxzCDouuVOC XtXEeCz1jvkmUk6XHxub1GXWrdc4p2cqKaainaQ+2wJVgCIRRRlJGecriu/PQ=
X-ME-Sender: <xms:8leGWJZL--ljNPuQH6V5otg9t8m9dNm3XDYZCNo5oe2taGhs2OGokw>
X-Sasl-enc: 6ic9g+jB1q96jU9B43iwQU6T8b7nxjOluivmNHdvJJK0 1485199346
Received: from dhcp-10-150-9-148.cisco.com (unknown [173.38.117.92]) by mail.messagingengine.com (Postfix) with ESMTPA id 0A03124066 for <lmap@ietf.org>; Mon, 23 Jan 2017 14:22:26 -0500 (EST)
From: Alissa Cooper <alissa@cooperw.in>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <2CB94EA6-A5F9-4770-9E76-0C7E8676E9CF@cooperw.in>
Date: Mon, 23 Jan 2017 14:22:25 -0500
To: lmap@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lmap/fNAZaFLFbt3l20cpHV_ajpfpHnQ>
Subject: [lmap] AD evaluation: draft-ietf-lmap-information-model-16
X-BeenThere: lmap@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Large Scale Measurement of Access network Performance <lmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lmap>, <mailto:lmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lmap/>
List-Post: <mailto:lmap@ietf.org>
List-Help: <mailto:lmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lmap>, <mailto:lmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jan 2017 19:22:29 -0000

I have reviewed this document in preparation for IETF last call. I have a few substantive comments and questions that I’d like to discuss before issuing the LC. I’ve also included some nits and minor comments that should be resolved together with any IETF LC comments.

Substantive comments and questions:

For a number of my comments below, it might be the case that you think the detail I'm asking for does not belong in the information model, but would be more appropriate in a specification of a specific data model or protocol. I'm not particularly wedded to any of these details appearing here, but I do think they need to appear somewhere, so if they're not going to be specified here I think this document needs to explain that data models and/or protocols need to specify them.

= String type definition =

Is it expected that data models and/or protocols will define what character encoding is expected for the string data type? If so, it would be good to say that somewhere.

= Credentials: Section 3.1, 3.2, 3.8, 6 =

I have a couple of questions about how credentials are defined and used in this document:

(1) Is it expected that data models and/or protocols will define the 'credential' type and format? If so, it would help to make that clear up front.

(2) Are ma-preconfig-credentials and ma-config-credentials meant to be credentials only for the MA to be authenticated by a Controller or Collector? I assume that the credentials that allow the MA to authenticate other endpoints, and to protect communications to those endpoints, are stored in ma-channel-credentials, but it would help to clarify which set of credentials each of these fields is referring to.

(3) I'm a little concerned that both ma-config-control-channels and ma-config-credentials are mandatory fields in ma-config-obj, and that the point of having them specified there is to override the pre-configuration information. If I'm understanding correctly, this means that an MA could be preconfigured with certificates it uses to authenticate and encrypt its initial request to a Controller, and the Controller could then respond by saying, "don't use those credentials for yourself or for me, but use these other ones instead." How can an MA then distinguish between a Controller it should trust and one that has been compromised? I know the bootstrapping process is generally out of scope for LMAP, but that scenario seems to imply a security threat that was not specifically contemplated in the framework. Since the fields are being defined here, I think this document needs to discuss these implications, or explain whether there is some (two-way) exchange expected between the MA and the Controller using all the pre-configured credentials that needs to happen before the MA agrees to use different sets of credentials provisioned by the Controller.  

= Section 3.1.1, 3.4.1, 3.5.3 =

I think you need to specify the scope within which uuids are expected to be unique, and whether the same uuids are expected to be re-used for config, logging, and status.

= Section 3.2 =

I think it would be good to provide some guidance about how NOT to construct a group ID. E.g., I would assume putting sensitive information like "low-income neighborhood" or similar in the group ID would be ill-advised, because even within the single administrative domain where MAs are communicating with Controllers and Collectors, there may be people who are authorized to process the measurement data but not know that level of detail about which kind of group a device/connection belongs to. In that kind of case a mapping between an opaque identifier in the group ID and more contextual information on the Controller/Collector back-end would be wise. I think the draft would benefit from some explanation of that here or in Section 6 with a cross-reference back to here.

= Section 3.5.2 =

What would be the cause for defining different versions of the same task? Also, since the two different versions would have the same name (presumably), I think you need to state of the expected scope of uniqueness of the task name.

= Section 3.5.3 =

Why does this object need both an agent ID and a device ID? Is the device ID here expected to be the same as the one that gets pre-configured on the device? What is an MA supposed to put in the device-id field defined here if there was no device ID pre-configured (since in pre-configuration it's an optional field)?

= Section 3.5.4 =

Are ma-status-schedule-invocations, ma-status-schedule-suppressions, and ma-status-schedule-overlaps meant to report counters over all of time, or only since ma-status-last-started? I think this needs to be clarified.

= Section 3.5.5 =

Same question as 3.5.4 for the counters in this section.

= Section 3.9 and 3.9.1 =

"Both measurement and non-measurement
   Tasks have registry entries to enable the MA to uniquely identify the
   Task it should execute and retrieve the schema for any parameters
   that may be passed to the Task.
   ...
A configured task can be referenced by its name and it
   contains a set of URIs to link to registry entries or a local
   specification of the task.
   ...
ma-task-functions:        A possibly empty unordered set of registry
                             entries identifying the functions of the
                             configured task."

I have a couple of questions about this:

(1) Are there any registries being defined for non-measurement tasks, or is this just indicating that such registries could be created? I think it would help to clarify since there is obviously the metrics registry for measurement tasks.

(2) I don't understand "or a local specification of the task." Is that local specification supposed to be represented with a local URI, the same as other registry objects? Or if not, is ma-task-functions not properly defined, since it's possible to reference something other than a registry entry there?

= Section 3.10.1 =

I don't understand why ma-registry-role is defined here. In draft-ietf-ippm-metric-registry, the role is part of the registry entry, so by specifying the URI, one should know which role is the appropriate one for that entry. 


Nits and minor comments:

= Section 1 =

s/Large Measurement platform/Large-Scale Measurement platform/

= Section 3 =

(1) s/(from a measurement to reporting or communicating with the Controller)/(including measurements or reporting or communicating with the Controller)/

(2) It seems a bit odd that Action first appears in Figure 1 but is not included in the enumerated list of objects above it.

(3) "Every Action contained in a Schedule is defined as a Task. ... Tasks can implement a variety of different types of Actions." I think this will be confusing to readers because it's circular. It sounds like all Actions are Tasks but Tasks are comprised of Actions; I think the abstraction needs to be explained better, and made consistent. See also sections 3.3 and 3.7: "An Action is a Task with additional specific parameters." I think it would be better to define what an Action is once at its earliest use.

= Section 3.1.1 =

s/set of tasks objects/set of task objects/

= Section 3.2 =

OLD
The reporting of a
   Group ID without the MA ID allows the MA to remain anonymous

NEW
The reporting of a
   Group ID without the MA ID may allow the MA to remain anonymous

(Rationale: Given all of the other data and potential identifiers the MA may report, it may still be possible for a Collector or other entity to identify the MA -- not providing an agent ID helps, but does not guarantee anonymity.)

= Secion 3.3 =

s/This enabled fine/This enables fine/

= Section 3.3.2 =

Please add a citation for POSIX.2 fnmatch().

= Section 3.5.4, 3.5.5, and 3.5.6 =

To reduce redundancy I would suggest defining the values 'enabled,' 'suppressed,' 'disabled,' and 'running' outside of all of these sections one time and then within the field definitions just saying which values are valid for each field that uses them.

= Section 3.6 =

s/Where the Configuration/Whereas the Configuration/

(Right? I couldn't quite parse the sentence.)

= Section 3.6.2 =

I think it would be good to provide a short explanation in the text as to why RFC 3339 format is not being used for ma-report-result-cycle-number.

= Section 3.8 =

s/it's own/its own/

= Section 6 =

OLD
This would, for example, allow the MA to remain
   anonymous

NEW
This may, for example, allow the MA to remain
   anonymous

(Same rationale as 3.2.)

v2.23.0 | Report a Bug | By Email