IETF Logo Mail Archive

Re: [MBONED] Kathleen Moriarty's Discuss on draft-ietf-mboned-interdomain-peering-bcp-11: (with DISCUSS and COMMENT)

Toerless Eckert <tte+ietf@cs.fau.de> Sat, 28 October 2017 00:06 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: mboned@ietfa.amsl.com
Delivered-To: mboned@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B4C713F629; Fri, 27 Oct 2017 17:06:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.712
X-Spam-Level:
X-Spam-Status: No, score=-2.712 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FAKE_REPLY_C=1.486, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rVHQjuQzwFiH; Fri, 27 Oct 2017 17:06:28 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D728C13F614; Fri, 27 Oct 2017 17:05:54 -0700 (PDT)
Received: from faui40p.informatik.uni-erlangen.de (faui40p.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:77]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 9333F58C4AE; Sat, 28 Oct 2017 02:05:50 +0200 (CEST)
Received: by faui40p.informatik.uni-erlangen.de (Postfix, from userid 10463) id 82368B0CFDD; Sat, 28 Oct 2017 02:05:50 +0200 (CEST)
Date: Sat, 28 Oct 2017 02:05:50 +0200
From: Toerless Eckert <tte+ietf@cs.fau.de>
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-mboned-interdomain-peering-bcp@ietf.org, mboned-chairs@ietf.org, tim.chown@jisc.ac.uk, mboned@ietf.org
Message-ID: <20171028000550.GC22613@faui40p.informatik.uni-erlangen.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <150766493762.13535.9148103792161037817.idtracker@ietfa.amsl.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/mboned/jbR-ViwYezmaTBsJkrsJPFyYQiM>
Subject: Re: [MBONED] Kathleen Moriarty's Discuss on draft-ietf-mboned-interdomain-peering-bcp-11: (with DISCUSS and COMMENT)
X-BeenThere: mboned@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Mail List for the Mboned Working Group <mboned.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mboned>, <mailto:mboned-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mboned/>
List-Post: <mailto:mboned@ietf.org>
List-Help: <mailto:mboned-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mboned>, <mailto:mboned-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Oct 2017 00:06:42 -0000

[The following text up to the individual reply comments is identical for 
 the replies to all ballot comments. I originally wanted to coalesce the reply to
 all positions into one email but the auto-generated header from datatracker
 makes it sound as if per-submitter replied are required. So, here we go with some
 repeated text followed by more individualized text:]

Dear Reviewer,

This is in response of your reviews of
    https://www.ietf.org/id/draft-ietf-mboned-interdomain-peering-bcp-11.txt
as entered in the ballot:
    https://datatracker.ietf.org/doc/draft-ietf-mboned-interdomain-peering-bcp/ballot/

A version of this email containing replies to all IESG feedback for -11 is also in: 
    https://raw.githubusercontent.com/toerless/peering-bcp/master/11-iesg-review-reply.txt

Thank you so much for your thorough review. In response to the IESG
feedback, version -12 and -13 of the draft where posted which we hope 
will resolve the open issues.
make 2

Version -12 of the draft was just a conversion from docx generated txt to XML (previous generations
where not built from XML), this introduced formatting changes (line wraps etc.) that rfcdiff can not ignore
and that would have obfuscated actual content changes. 

Version -13 of the draft contains the text changes done in response to your
comments and discusses. The following RFC diff shows the content diffs
vs. -11 without any formatting introduced changes:

http://tools.ietf.org/tools/rfcdiff/rfcdiff.pyht?url1=https://tools.ietf.org/id/draft-ietf-mboned-interdomain-peering-bcp-12.txt&url2=https://tools.ietf.org/id/draft-ietf-mboned-interdomain-peering-bcp-13.txt

In summary:
   Beside the various smaller fixups from comments, the mayor rewritten/new blocks are:

   4.1.1 - bandwidth management (aka: congestion control section). 
           I didn't just want to put the magic CC sentence in but wanted to let
           readers understand what it means in the context of specifically
   6. Security considerations
      6.1.  DoS attacks (against state and bandwidth)	
      6.2.  Content security	
      6.3.  Peering encryption
      6.4.  Operational Aspects
            This is where the securing of log exchange is discussed.
   7. Privacy Considerations
      Got somewhat longer to explain because the specifics of multicast content and privacy
      are likely not that obious to non-multicast  experienced readers, and given how this
      is a BCP and i don't even think we did describe this anywhere else, it had to be
      explanatory.
   
   4.2.4.  Public Peering Routing Aspects
      text did mention non-private peerings, but i was afraid that readers would not
      understand the problematic implications, so i detailled them given how those
      peering L2 domains are still common for unicast.


Cheers
    Toerless for the Authors

====================================================================================
Kathleen Moriarty:
> 
> Thanks for your work on this draft.  I'd like to see some text clarifications on security recommendations that should not be difficult to resolve.
> 
> Section 4.4 - the exchange of supporting information could be sensitive, are there security requirements on the exchange?  I don’t see them in this section.

I thought about this a lot, and i hope the fixed up text in various sections is now better.

In the end i tried to focus the description on the model that makes this closest to
unicast, eg.: where the end-to-end application is in control and just gets network
transport information from the other parties involved, eg.: AD-2 -> AD-1. So all the
information collected via logs etc. to the extend that it is per-user is really only about the transport service
and not the payload. Something which in unicast the content source would already have.

The only privacy sensitive information directly related to multicast is really "who is watching
what content" and i created a privacy consideration section for that aspect, pls. review.

[ Side note:

  Personally i think there is a real bad amount of personal info collected by
  end-to-end applications, especially what i've seen in the past in content delivery for
  monetization strategies such as targeted advertisements and the like, but seemingly there is no
  place in the IETF where this is discussed (would have to be somehwere in ART).
  IETF only seems to obsess about protecting the sensitive information against third parties
  which is good but totally not sufficient.

  I did add the last paragraph in the privacy section to hint at this and that
  multicast could help to solve this, but alas i fear that there is no interest
  in the paycheck generating part of the IETF community to explore those options
  because that invasion on privacy is at the core of the business model of most application
  service providers.  *sigh*
  ]

> Section 6 - For the following text, it would be helpful to see some recommendations:
>    “DRM and Application Accounting, Authorization and Authentication
>    should be the responsibility of the multicast application source
>    provider and/or AD-1. AD-1 needs to work out the appropriate
>    agreements with the source provider.”
> 
> I agree with and support Alissa's Discuss and comments.  Since she already holds a discuss on this point, here are my comments:
> Section 4.3.3 clearly refers to different types of logs, some have well known methods of delivery (syslog) and authentication, but setting a minimum requirement for secure exchange including encryption and authentication should be included in this section. The protocols and options may vary between the log types.

Right.

Alas, I am not aware of any established security standards to protect equivalent operational data
exchanged for unicast between SPs. I fear i would not like the answers if i asked what
is actually done. That makes it somewhat hard to be very specific. besides, with the
advent of SDN and the slow sunset of lots of insecure NNI protocols (IPfix anybody),
the option are endless.

I've tried to describe what i hope are sufficient recommendations into te first
paragraphs of section 7.4, "operational aspects" of security considerations. Please check it out.

v2.23.0 | Report a Bug | By Email