[manet] Re: Opsdir last call review of draft-ietf-manet-dlep-ether-credit-extension-06

Donald Eastlake <d3e3e3@gmail.com> Sun, 03 November 2024 22:10 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD9F3C15106B; Sun, 3 Nov 2024 14:10:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.853
X-Spam-Level:
X-Spam-Status: No, score=-1.853 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BTwubZ8nVN5K; Sun, 3 Nov 2024 14:10:10 -0800 (PST)
Received: from mail-qt1-x82e.google.com (mail-qt1-x82e.google.com [IPv6:2607:f8b0:4864:20::82e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6A47C14CEFC; Sun, 3 Nov 2024 14:10:10 -0800 (PST)
Received: by mail-qt1-x82e.google.com with SMTP id d75a77b69052e-460a23ad00eso39674891cf.0; Sun, 03 Nov 2024 14:10:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730671809; x=1731276609; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=IU0/Wtb+aqUUshbK3Sf9hQ+mHCYlvkqn8+SFpIXpUas=; b=FMOiHCfRT8hm255AK6FOCfo09yWkp/pMa9Da+idDHty+UKn9ZLUHB3HUzfHhuubT3O uPYh5lOTw+HzKSPFE9/GyKjwz6mcyVdDnv4qu0SglrySoh3uYMApJW2V4kdWNOXIJU9y 7edScC/XY5Y0rgTTrllJ3uyno9Rakr4zCC/7hpKcFASTxltbM40CxnZhhVFwIhIg+GrW mY9dU0yDGdBPrjhnqdCoPtlsMumccnb+pev3YBRnHKNkzR9xi2GsQnFPriOoqGlNIzC3 PIKJjefE8O8gUU7CmrnwHsW/3qaoCa1n/Fb+pZp6gwX95rTueH5x2Dmas0SMiKE2uTrP OJWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730671809; x=1731276609; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=IU0/Wtb+aqUUshbK3Sf9hQ+mHCYlvkqn8+SFpIXpUas=; b=qMwg15xRe5LzoXOkMgz5ZL57FdVgE/BrDfqXX5TQjffUKRYUXi5KWiY4VvVYRKgJbt i1dftuu5r5wsA35y37kgV4zcO0xyyiny56K1TGhPzumKbGiJ8w3uxDO8TJ+VK12CExaE XR7sVc2avFhCG5MZCIkeZdi7FXOKfhMwWOG4B0jCyChPI2GzvcfDVRJdtBdmk0jXysOA mHuxT/G9C9B6/9sWndSyFWHyGD3/V2QmgNe6h9rQvGY0bnNNqGw5vlgpYjRLUmcCucTV LqdjnDrE+fCosCQXV92Um6TvI9VipiqGydsgIdImji0apj02YRtJDQI6dyVupTCzEPVt Vxag==
X-Forwarded-Encrypted: i=1; AJvYcCV2Mpw3OhC9kTmCCPiQELFEdK2WF9Uqn6EqG0HYzJ0ABdW44vhOtJYVFobb1XkP8zH2rzVCC4s2CIXh@ietf.org, AJvYcCVPoMI7FVrkLNqdFhAfipSaHk5ZRKX7dwp8RiDPcq3Ek5VhZz/A+iP3+ryyoJ0iTYFLo5cm60c=@ietf.org, AJvYcCXmwczI6Fq3lr5YlD8MllhscSEUcK9/cGlkgwdzR6pWw3C05qoAkj0tr7xC6oLVfbY59OL8h1SW7a6Fhwn5DHTJbsyHcO5G1DNrZ+gO8zgJhnVOWqzByk3ah15X+I3kLvM=@ietf.org
X-Gm-Message-State: AOJu0Yxpn9mfli3zXdk96opSudgJI7n9wGjhKv3VAvaM9R2nDB7IYanl i7pM/GZJB3i52JZgRgN7vhwBxqo3ldac2OIVjQggCYfIis88sAZnBq5B7GNF4qQgzDMslainJSu ff0zhtAI/S5P7UlkN8ZB+jwVq1Sco50v6
X-Google-Smtp-Source: AGHT+IE+aiIFIFqXm9pmhzccg5PeMxMjFHihMYsBEYlzymETzmuK02y67h/7L41BTa+bez7NE9aQoD6e4kfTO1tmn10=
X-Received: by 2002:a05:622a:1a28:b0:461:5c05:db96 with SMTP id d75a77b69052e-462ad33300bmr193866891cf.25.1730671809593; Sun, 03 Nov 2024 14:10:09 -0800 (PST)
MIME-Version: 1.0
References: <172348705933.763186.14482188484583695634@dt-datatracker-6df4c9dcf5-t2x2k>
In-Reply-To: <172348705933.763186.14482188484583695634@dt-datatracker-6df4c9dcf5-t2x2k>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Sun, 03 Nov 2024 17:09:58 -0500
Message-ID: <CAF4+nEFHABbz4Dw_rdjk8U7kAa+J_Mi8RWFddGHjKUKyqTy24w@mail.gmail.com>
To: Susan Hares <shares@ndzh.com>
Content-Type: multipart/alternative; boundary="0000000000006f0f2f0626096ea4"
Message-ID-Hash: WSJNZF25YCEQ2Q7BAHCC7EMWOCEGJEZ2
X-Message-ID-Hash: WSJNZF25YCEQ2Q7BAHCC7EMWOCEGJEZ2
X-MailFrom: d3e3e3@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-manet.ietf.org-0; header-match-manet.ietf.org-1; header-match-manet.ietf.org-2; header-match-manet.ietf.org-3; header-match-manet.ietf.org-4; header-match-manet.ietf.org-5; header-match-manet.ietf.org-6; header-match-manet.ietf.org-7; header-match-manet.ietf.org-8; header-match-manet.ietf.org-9; header-match-manet.ietf.org-10; header-match-manet.ietf.org-11; header-match-manet.ietf.org-12; header-match-manet.ietf.org-13; header-match-manet.ietf.org-14; header-match-manet.ietf.org-15; header-match-manet.ietf.org-16; header-match-manet.ietf.org-17; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: ops-dir@ietf.org, draft-ietf-manet-dlep-ether-credit-extension.all@ietf.org, last-call@ietf.org, manet@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [manet] Re: Opsdir last call review of draft-ietf-manet-dlep-ether-credit-extension-06
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/manet/mTkjcvrWBVIV6v4YCx6Ln434XKo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Owner: <mailto:manet-owner@ietf.org>
List-Post: <mailto:manet@ietf.org>
List-Subscribe: <mailto:manet-join@ietf.org>
List-Unsubscribe: <mailto:manet-leave@ietf.org>

Hi Sue,

Thanks for the review. Sorry for the tardy reply.

On Mon, Aug 12, 2024 at 2:24 PM Susan Hares via Datatracker <
noreply@ietf.org> wrote:
> Reviewer: Susan Hares
> Review result: Has Issues
>
> ...
>
> Document: draft-ietf-manet-dlep-ether-credit-extension-06
> Reviewer: Susan Hares
> Result: Ready with issues
> Review Date: 2024-08-12
>
> Summary: This document refers to draft-ietf-manet-dlep-credit-flow-15.txt
> and RFC8175.  My technical issue with this specification is
> draft-ietf-manet-dlep-credit-flow-15, and the lack of comments on
> wildcards in the security section.  This document also has editorial nits.
>
> Benefit of this draft: Credit window schemes can enable effective data
flow
> processing for 802.1Q.
>
> Issue 1: Issue with draft-ietf-manet-dlep-credit-flow-15:
> draft-ietf-manet-credit-window as a specification of the credit-window
scenario.
> draft-ietf-manet-credit-window is a document declared "DEAD" by the IESG
> with flaws noted in the TSV-ART and OPS-DIR review.
>
> In my gen-art review for draft-ietf-manet-dlep-credit-flow-15, I've noted
issues in that document.
>
https://datatracker.ietf.org/doc/review-ietf-manet-dlep-credit-flow-control-15-genart-lc-hares-2024-08-12/
>
> Since that document is a key reference in this document, those issues
impact this document.

We are working on resolving comments, updating, and getting these four
drafts through:

   - draft-ietf-manet-dlep-credit-flow-control-15
   - draft-ietf-manet-dlep-da-credit-extension-18
   - draft-ietf-manet-dlep-ether-credit-extension-06
   - draft-ietf-manet-dlep-traffic-classification-12

This draft (draft-ietf-manet-dlep-ether-credit-extension-06) normatively
references draft-ietf-manet-dlep-credit-flow and the comments on
dlep-credit-flow should be answered separately, However,
draft-ietf-manet-credit-window is only an informational reference from
draft-ietf-manet-dlep-credit-flow,

> Issue 2: "wildcard" matching of any PCP or VID needs
security/manageability comment
>
> Wildcards ease the manageability of matching PCP or VID fields.  However,
the
> security section should make some comment about the risks of wildcard
matching for these fields.

Something like:
     Care must be exercised in the use of wildcards for matching PCP and
VID fields. Wildcards may be convenient to match a number of packet flows
but could inadvertently match new flows that appear after the wildcard
matching has been set up or more flows than intended.

> Comments on Editorial NITs:
> 1. Unclear use of ".e.g.," format in 3 places
>
> Place 1: Section 4, paragraph 7.
>
> Old text:/
>    Routers may have limits on the number of queues that they can support
>    and, perhaps, even limits in supported credit window combinations,
>    e.g., if per destination queues can even be supported at all. /
>
> Translating the "e.g.," to "For example, if per destination queues can
even be supported at all"
> gives an unclear sentence.  Best to rewrite this sentence.

How about
     Routers may have limits on the number of queues that they can support
     and limits on supported credit window combinations. Per destination
     queues might not be supported at all.

> Place 2:  Section 4, paragraph 7, last sentence
>
> Old text:/
>    In either case, the mismatch of
>    capabilities SHOULD be reported to the user via normal network
>    management mechanisms, e.g., user interface or error logging./
>
> The "e.g.," format is used correctly in the singular form ("a--" or
"b--").
> However, the "e.g.," format does not create a clear sentence.
>
> Two alternative:
>
> New text-1:/
>    In either case, the mismatch of
>    capabilities SHOULD be reported to the user via normal network
>    management mechanisms (e.g. user interface or error logging)./
>
> New text-2:/
>    In either case, the mismatch of
>    capabilities SHOULD be reported to the user via normal network
>    management mechanisms suchg as user interface or error logging./

How about a tweak on text 2:
     In either case, the mismatch of
     capabilities SHOULD be reported to the user via normal network
     management mechanisms such as user interface messages or error logging.

> Place 3: Section 4: Security considerations, paragraph 1, sentence 2
>
> Old text:/The defined extension
>    exposes vulnerabilities similar to existing DLEP messages, e.g., an
>    injected message resizes a credit window to a value that results in a
>    denial of service./
>
> The "e.g.," format does not provide a clear indication that this
vulnerability is one
> of several potential vulnerabilities.

How about
     The defined extension is exposed to vulnerabilities similar to existing
     DLEP messages and discussed in the Security Considerations section
     of [RFC8175] such as an injected message resizing a credit window
     to a value that results in a denial of service.

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e3e3@gmail.com