Re: [MBONED] Alissa Cooper's Discuss on draft-ietf-mboned-interdomain-peering-bcp-11: (with DISCUSS and COMMENT)
Toerless Eckert <tte+ietf@cs.fau.de> Sat, 28 October 2017 00:06 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: mboned@ietfa.amsl.com
Delivered-To: mboned@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DB1213F574; Fri, 27 Oct 2017 17:06:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.712
X-Spam-Level:
X-Spam-Status: No, score=-2.712 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FAKE_REPLY_C=1.486, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K5VUiYcTvCZK; Fri, 27 Oct 2017 17:06:04 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90B2D13F629; Fri, 27 Oct 2017 17:05:33 -0700 (PDT)
Received: from faui40p.informatik.uni-erlangen.de (faui40p.informatik.uni-erlangen.de [131.188.34.77]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 99DC658C4AE; Sat, 28 Oct 2017 02:05:29 +0200 (CEST)
Received: by faui40p.informatik.uni-erlangen.de (Postfix, from userid 10463) id 8A227B0CFDD; Sat, 28 Oct 2017 02:05:29 +0200 (CEST)
Date: Sat, 28 Oct 2017 02:05:29 +0200
From: Toerless Eckert <tte+ietf@cs.fau.de>
To: Alissa Cooper <alissa@cooperw.in>
Cc: The IESG <iesg@ietf.org>, draft-ietf-mboned-interdomain-peering-bcp@ietf.org, mboned-chairs@ietf.org, tim.chown@jisc.ac.uk, mboned@ietf.org
Message-ID: <20171028000529.GB22613@faui40p.informatik.uni-erlangen.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <150764927891.13436.4480686201231484122.idtracker@ietfa.amsl.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/mboned/mVc6MaXZrzN5kq6g-_mbVwH8qM8>
Subject: Re: [MBONED] Alissa Cooper's Discuss on draft-ietf-mboned-interdomain-peering-bcp-11: (with DISCUSS and COMMENT)
X-BeenThere: mboned@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Mail List for the Mboned Working Group <mboned.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mboned>, <mailto:mboned-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mboned/>
List-Post: <mailto:mboned@ietf.org>
List-Help: <mailto:mboned-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mboned>, <mailto:mboned-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Oct 2017 00:06:07 -0000
[The following text up to the individual reply comments is identical for the replies to all ballot comments. I originally wanted to coalesce the reply to all positions into one email but the auto-generated header from datatracker makes it sound as if per-submitter replied are required. So, here we go with some repeated text followed by more individualized text:] Dear Reviewer, This is in response of your reviews of https://www.ietf.org/id/draft-ietf-mboned-interdomain-peering-bcp-11.txt as entered in the ballot: https://datatracker.ietf.org/doc/draft-ietf-mboned-interdomain-peering-bcp/ballot/ A version of this email containing replies to all IESG feedback for -11 is also in: https://raw.githubusercontent.com/toerless/peering-bcp/master/11-iesg-review-reply.txt Thank you so much for your thorough review. In response to the IESG feedback, version -12 and -13 of the draft where posted which we hope will resolve the open issues. make 2 Version -12 of the draft was just a conversion from docx generated txt to XML (previous generations where not built from XML), this introduced formatting changes (line wraps etc.) that rfcdiff can not ignore and that would have obfuscated actual content changes. Version -13 of the draft contains the text changes done in response to your comments and discusses. The following RFC diff shows the content diffs vs. -11 without any formatting introduced changes: http://tools.ietf.org/tools/rfcdiff/rfcdiff.pyht?url1=https://tools.ietf.org/id/draft-ietf-mboned-interdomain-peering-bcp-12.txt&url2=https://tools.ietf.org/id/draft-ietf-mboned-interdomain-peering-bcp-13.txt In summary: Beside the various smaller fixups from comments, the mayor rewritten/new blocks are: 4.1.1 - bandwidth management (aka: congestion control section). I didn't just want to put the magic CC sentence in but wanted to let readers understand what it means in the context of specifically 6. Security considerations 6.1. DoS attacks (against state and bandwidth) 6.2. Content security 6.3. Peering encryption 6.4. Operational Aspects This is where the securing of log exchange is discussed. 7. Privacy Considerations Got somewhat longer to explain because the specifics of multicast content and privacy are likely not that obious to non-multicast experienced readers, and given how this is a BCP and i don't even think we did describe this anywhere else, it had to be explanatory. 4.2.4. Public Peering Routing Aspects text did mention non-private peerings, but i was afraid that readers would not understand the problematic implications, so i detailled them given how those peering L2 domains are still common for unicast. Cheers Toerless for the Authors ======================================================================================== Alissa Cooper: > Section 4.3.3 recommends that ADs generate and exchange extensive logging information, but the document says nothing about securing these logs or limiting the exchange of private or confidential information between the peers. This seems like it needs to be addressed in the BCP. Sure. Pls. re-read the first four paragraphs of the Log Management section, i tried to make it clearer. Also the new section on privacy. > (1) Why does this document contain the copyright disclaimer for pre-RFC5378 work? It has been there since -00, and i can not think of any reason why it should be there, so i removed it. Will also send email to working group mailing list to re-check. > (2) Section 4.4 says: > > "In the event of performance degradation (SLA violation), AD-1 > may have to compensate the multicast application source per SLA > agreement. As appropriate, AD-1 may seek compensation from AD-2 > if the cause of the degradation is in AD-2's network." > > and > > "Faults in service could lead to SLA violation for which the > multicast application source provider may have to be > compensated by AD-1. Subsequently, AD-1 may have to be > compensated by AD-2 based on the contract." > > These bullets seem out of scope for this BCP. I would recommend deleting them. Removed. I welcome a chat in Singapore why everybody seems to think the word "money" must not be mentioned, not even in an operational document. > (3) Section 6 says: > > "DRM and Application Accounting, Authorization and Authentication > should be the responsibility of the multicast application source > provider and/or AD-1. AD-1 needs to work out the appropriate > agreements with the source provider. > > Network has no DRM responsibilities, but might have authentication > and authorization obligations. These though are consistent with > normal operations of a CDN to insure end user reliability, security > and network security." > > I find these two paragraphs somewhat contradictory and vague. The first paragraph makes it sound like DRM could be the responsibility of AD-1. The second paragraph makes it sound like AD-1 (assuming it counts as "network") would never be responsible for DRM. Then later on the text says: > > "Authentication and authorization of EU to receive multicast content > is done at the application layer between the client application and > the source. This may involve some kind of token authentication and > is done at the application layer independently of the two AD's." > > Is this differentiating authentication and authorization of the application source from that of the end user? It's not clear. I would suggest revising this whole section to be clear about which security functions are the responsibility of which parties. Pls. re-read the security section, i have tried to rewrite it with a clearer description of these aspect. As someone like me who is deep int the subject matter it is always easy to overlook explaining what we may think are well understood fundamentals, so please keep complaining until its understandable!
- [MBONED] Alissa Cooper's Discuss on draft-ietf-mb… Alissa Cooper
- Re: [MBONED] Alissa Cooper's Discuss on draft-iet… Toerless Eckert