Re: [mile] Feedback on draft-ietf-mile-xmpp-grid-09

"Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com> Mon, 04 March 2019 18:01 UTC

Return-Path: <ncamwing@cisco.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45CF4128B14 for <mile@ietfa.amsl.com>; Mon, 4 Mar 2019 10:01:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=asgZZ2X8; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=mQDIXHKR
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W5SmBziCHfTl for <mile@ietfa.amsl.com>; Mon, 4 Mar 2019 10:00:58 -0800 (PST)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88DFB130E3F for <mile@ietf.org>; Mon, 4 Mar 2019 10:00:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=18467; q=dns/txt; s=iport; t=1551722458; x=1552932058; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=zei53UnfXCAFGJkxZDkUqJ37IwD1HnrtVMOhouqbY2M=; b=asgZZ2X8qarKM8gNFzDHwlJFnzri5dhWLNN4C956nHDx+FOA9gFbb6zu IU5kgFNtOvz+PJKjqY2yJo6UoRitHXShCUbjZ3kehsHTJzMkkj6To4h5h pTAz01KhrJzimsNLJ03TQQ/ObwLbGT71WWvoAtNapYD4pW1ca/YRQZxAl 8=;
IronPort-PHdr: =?us-ascii?q?9a23=3AvDvi4hX/ULwEs3f1lnW6hJcKbFDV8LGuZFwc94?= =?us-ascii?q?YnhrRSc6+q45XlOgnF6O5wiEPSA9yJ8OpK3uzRta2oGXcN55qMqjgjSNRNTF?= =?us-ascii?q?dE7KdehAk8GIiAAEz/IuTtank8F81HS15j8FmwMFNeH4D1YFiB6nA=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ArAADaZn1c/5JdJa1kHAEBAQQBAQc?= =?us-ascii?q?EAQGBUQcBAQsBgQ0vUANodAQLJ4QIg0cDhFCLAUqDCZEyhXOBJANUCwEBLIR?= =?us-ascii?q?AAheEDiI0CQ0BAQMBAQMBAwJtHAyFSwYjHQEBOA8CAQgOFx0CAgIwJQIEARI?= =?us-ascii?q?UB4MHAYERTAMVAZ4eAooUcYEvgngBAQWCRYI5GIILCIEvAYsnF4F/gREnH4I?= =?us-ascii?q?XNYRaAYMwMYImjESEBR2HB4wZCQKSchmBdIVii0yKZJIjAgQCBAUCDQEBBYF?= =?us-ascii?q?HOIFWcBU7KgGCQYIKDBeDS4pTcoEojSABJYInAQE?=
X-IronPort-AV: E=Sophos;i="5.58,440,1544486400"; d="scan'208,217";a="531845556"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Mar 2019 18:00:56 +0000
Received: from XCH-ALN-008.cisco.com (xch-aln-008.cisco.com [173.36.7.18]) by rcdn-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id x24I0uKO020224 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 4 Mar 2019 18:00:56 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-008.cisco.com (173.36.7.18) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 4 Mar 2019 12:00:55 -0600
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 4 Mar 2019 12:00:54 -0600
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 4 Mar 2019 12:00:54 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zei53UnfXCAFGJkxZDkUqJ37IwD1HnrtVMOhouqbY2M=; b=mQDIXHKRHLXx8c59KkLHB17IPijNdfqG1UtQBXh44z8HUcHnXKpKalT8njKTzu0XvJUMQD+CJFxrZu6Bd/4aTY2VcdxWH173snv9z29fWv/GKLV1Ll5+bGlpjQABFUX915xwq0CxinqkmP+ivIPKvsAKUU1ol8tVCdtfWuZusjI=
Received: from BN6PR11MB1732.namprd11.prod.outlook.com (10.175.99.7) by BN6PR11MB1825.namprd11.prod.outlook.com (10.175.100.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.20; Mon, 4 Mar 2019 18:00:53 +0000
Received: from BN6PR11MB1732.namprd11.prod.outlook.com ([fe80::3df6:de14:447c:4146]) by BN6PR11MB1732.namprd11.prod.outlook.com ([fe80::3df6:de14:447c:4146%3]) with mapi id 15.20.1665.019; Mon, 4 Mar 2019 18:00:53 +0000
From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
To: Florian Schmaus <flo@geekplace.eu>, "mile@ietf.org" <mile@ietf.org>
Thread-Topic: Feedback on draft-ietf-mile-xmpp-grid-09
Thread-Index: AQHUtAQv75DLWNIzZUCZwXJ+oxSDLKXzCT4AgADqs4CAAggxgP//yiaAgAF4AYCABDv+AA==
Date: Mon, 4 Mar 2019 18:00:53 +0000
Message-ID: <1E5E79FD-3C46-43D3-ACAA-46D0F4E2D433@cisco.com>
References: <89992d68-4ea9-2c95-5127-b2bb9531a503@geekplace.eu> <DCF89BDF-2255-4FC7-8CF1-DCFF2F734729@cisco.com> <ABF87933-25E7-413F-8A23-8D577EB3EAC4@cisco.com> <34B446AB-89BF-4A72-80F9-EA966BC56A3F@cisco.com> <263D7E92-DA87-4E35-BFE6-FCA9DA83DBB6@cisco.com> <1CA59696-B356-4357-B5BC-2C8227601FBC@cisco.com>
In-Reply-To: <1CA59696-B356-4357-B5BC-2C8227601FBC@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.7.190210
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ncamwing@cisco.com;
x-originating-ip: [2001:420:292:1260:1dfe:3a6c:3efe:7107]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 08337663-4022-41e1-dfa2-08d6a0cb5846
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:BN6PR11MB1825;
x-ms-traffictypediagnostic: BN6PR11MB1825:
x-microsoft-exchange-diagnostics: =?utf-8?B?MTtCTjZQUjExTUIxODI1OzIzOlU4bHg3dDFEdHBsVEdRMW5PNnFmOFQ4bGhK?= =?utf-8?B?Q24rZXVWWVZGdXpxczFmUlZnMWhFeUxuRUU0Um9lZ0ordVNUdmxxbTNWUFJJ?= =?utf-8?B?WTdTZ3FzQWdSRHJOT3F2OGYwQi9EdVVEa3BYVjNUWVZaVnBILzZRZkduNW9S?= =?utf-8?B?RGNDTFFVc0V4NGZ5Z3ljQVdmYVFZS1Y5TE9ISkxzbVBRaDhzbU00MVYxTTha?= =?utf-8?B?UFJncUpXMzMwbXprWENjUzcwRmVDdXgxTGJIM1kyWFZjL1pQRm9KbHNkcDcx?= =?utf-8?B?L2toM0F0OGpDcWZrbHU1azJXU1V3cUVmZmd6RDQzS2ZCNWV0TmlZcWtPU1I1?= =?utf-8?B?WHlOZ0lLT1haU3lNZ3VWTXlydDVTdVhOcTVFYVVQS1ZFeExwelgwT1RsYzQr?= =?utf-8?B?UWFaaUI1dTZxWmZjY0VyMW4yYmNkbXdxb08vNXpQTjVRTm5WL205SFhXMlhW?= =?utf-8?B?SWpFNWpRZUZtL3dlVzFHNHpuYi9MT0lDTVdXM0FqRVVtL3g5WHBiMnF4TXZx?= =?utf-8?B?NGIxc3JMVXJUNm1JcHlWbWRIbXpvSG9TNWxkUDc3RmNTTGRDWmZmR1JUM0x2?= =?utf-8?B?bStyQ1RTMk9JWktrWjdYb01lcnQ1VjNtbVBVcXNKOVJrUHRSU3FidEY0L3VW?= =?utf-8?B?c0w0NVpZWUxWTkhzMjN1Q0hPVCtLMkU5NHNhYnhBeGhsWHFBYlZZRTNFR3Mw?= =?utf-8?B?cXUvK3Z2dHVwWXNaaFJOc09vNHRQd1Vza3NSa0VZSitCSVlTcHgrL3ZIOFBO?= =?utf-8?B?NkxCTVpVbWVIenREclZVTDJ4R3VhZC9UaG9UcFZnOEYvdWlFREJiVmtHVUR0?= =?utf-8?B?RU1aenUzTDdQNnZSTkZnbjNEb3NOemNNT040WnJpOFNqWE9LVkQ5K2UwWm5W?= =?utf-8?B?Sll4Q1hXc0N4T1Z5d1VMVUVIZTNxVHFZeUgzT2ZXcThqTzE5Q1hwNXRCMU1F?= =?utf-8?B?R29qVE1JTmc0dytLN1RNUS9TaUdQa2hodG9jNHQzalVKc21zbEpnamNxR3pq?= =?utf-8?B?VFRWOVlEUmtWSXRESVcxQzlpL0tCN1Vkejh2ZVB5OENwdFQ0RWM0dzQ5RjVv?= =?utf-8?B?Y3ozOUdnKzZoZE1UaVhhWnkxV3h1clIvL3E2cDFNTVBtVWc3SjdSclFCNjh3?= =?utf-8?B?N3dVdXlodXhTL0hZRTIzc3VzOTBHT0o3UStlUStOdzh5Z1A0NDQ5VlBhMC9F?= =?utf-8?B?UUJuK2llSzNzUG0wa3M0ZGp2T3oyQWgwd3EzZi85dmJGc3ZhaEdDMlE2T3ZB?= =?utf-8?B?L2UwTXZnTVpLTy9LNVpnRkJkTSs5eGgxMm43VjJhK1VTeEE4RU5XL0E4ZTBw?= =?utf-8?B?NXlXZFA3eEdScDc2TzlBR1U3eklHenBsVm5ONjREQWcwQ2EyN3JMSmpvYUVS?= =?utf-8?B?K0o1Tjl6a0YvbnFIOEN2V0lBQlkvdTFuMXdPOEpPZGU2d0NYM2czdG92SVJO?= =?utf-8?B?UXhWOFZaUmRxdEhEV2k1aVYycDVUd29IVHlIZnBQVHE5VnBVcWQ4STZZSGVz?= =?utf-8?B?T2luNmxYV2drR2JORTJkNlo5clFzUFJsSDJLTDgxaklGbW5ZTndkbmIyWWZh?= =?utf-8?B?Zkc1SDFXT0FBVmc0cE1LQjA0WjdsRjN2dXQvTHVLVTBWWjM3bHZ5SGpTQmNO?= =?utf-8?B?c3YrOHZUQlpwcmNpK3ZLTm44M1ZvVVdJTW9lYVJmTm9UR2R1ekI1OVRrKzVw?= =?utf-8?Q?nSqr63plvvWJCA71hpE35nGTNqhl+PaAufkplUe?=
x-microsoft-antispam-prvs: <BN6PR11MB182577D082860AFEC55820B7D6710@BN6PR11MB1825.namprd11.prod.outlook.com>
x-forefront-prvs: 09669DB681
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(396003)(136003)(376002)(366004)(346002)(199004)(189003)(97736004)(81156014)(81166006)(316002)(478600001)(8676002)(6512007)(6116002)(33656002)(54896002)(25786009)(93886005)(2501003)(82746002)(6306002)(14454004)(6246003)(106356001)(110136005)(58126008)(53936002)(99286004)(105586002)(6436002)(86362001)(14444005)(256004)(186003)(83716004)(71190400001)(71200400001)(229853002)(76176011)(8936002)(486006)(2616005)(476003)(2906002)(6506007)(53546011)(11346002)(5660300002)(446003)(6486002)(36756003)(102836004)(68736007)(46003)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR11MB1825; H:BN6PR11MB1732.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: FjxKUSTiVaKJZ2lWM3PtUPwNvrVbQ7ZmK/ZjUCFuGYeJnBGKDMso8YauGjnxK4S0b/14E5nUVwFUdR8hd1wJAQFL9xB3lir+QCKRUOOli8VkREVcgKe15wEozwcGaARwEUWA/7jOry7u0zwGekk6hHfTuSemFTqG2nqXxW9S62L/IMPNnPmEm4txZLTU5G3aE2/2m+BLBagnBU+upShXM10fHfj+dYruB5VSUDnbrrbzYmVb78ucJlqlTZVj9HfFRXUvPWkEvGLjeL7VwE+UrNravg8ia+XIcW2oQ36rb8p/kmuhpC+PTwxQiQSklZ/l3IAyAswbP5O4X2RkEs/8julLolYxkUCzLacWw/gnqaIJHGgW/bN5keuDGSiNyK5G2JtW8KpH7YyZZVouizWkA5YH9gRaqjONQwbwyFFkyns=
Content-Type: multipart/alternative; boundary="_000_1E5E79FD3C4643D3ACAA46D0F4E2D433ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 08337663-4022-41e1-dfa2-08d6a0cb5846
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Mar 2019 18:00:53.8258 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB1825
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.18, xch-aln-008.cisco.com
X-Outbound-Node: rcdn-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/8L8rzgf_KrBXrWww11uKGR4IMp8>
Subject: Re: [mile] Feedback on draft-ietf-mile-xmpp-grid-09
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 18:01:01 -0000

 Hi Florian,

As we (the authors) are still addressing IESG comments, we are welcoming yours as well.

Thank you for the review!  Please see further comments below:



On 1/24/19, 8:45 AM, "Florian Schmaus" <flo@geekplace.eu>; wrote:



    I know I am late to the party, probably too late, but I had the chance

    to take at least a short look at the I-D (which has been on my TODO list

    for months). Here are my remarks with my XMPP goggles on, I hope they

    are still helpful.



    Section 6: The first reference should point to XEP-0060 not XEP-0030.

[NCW] Thanks for catching that. We will fix this in the next revision of the document.





    XMPP-Grid uses XEP-0060 (and XEP-0030) at its core. There are two size

    limitations you may want to consider:

    1. XEP-0060, unfortunately, does not specify a maximum PubSub node name

    length. If your XMPP-Grid use case allows it, then you may want to

    specify a maximum node name size. If you do so, then implementations

    claiming compatibility with XMPP-Grid are required to support this

    maximum node name size. I believe this would improve interoperability.

[NCW] XMPP-Grid uses the XMPP XEPs and IODEF  as they are defined. Neither one imposes a maximum node name; as the topics shared may vary in size (which IODEF also does not limit), I am not sure we can impose one here as that would limit IODEF as well.  Perhaps it is something we can raise to the IODEF community as well.



    2. Requesting all topics using XEP-0030 could potentially return a huge

    result set. It could become so large, that it exceeds the maximum stanza

    size limit of an involved party. In XMPP we have XEP-0059 "Result Set

    Management" to split (large) result sets into smaller ones.

    Unfortunately using XEP-0030 with XEP-0059 is underspecified (AFAIKT).

    Nevertheless, if you anticipate a large number of topics, then you may

    want to hint towards the problematic and XEP-0059 as a potential solution.

[NCW] In general, consumers that we run across have a small limited number of

topics of interest (especially in the threat/security sharing domain). But you raise a good point.

We will add the  following sentence in the document -

Implementations should take caution if their deployments allow for a large number of topics.

The Result Set Management as defined in XEP-0059, SHOULD be used to

allow the requesting entity to explicitly request Service Discovery result sets to be returned

in pages or limited size if the discovery results are larger in size.



    XEP-0059 is also the XMPP-ish mitigation against the type of resource

    exhaustion attacks mentioned in ยง 8.3.5. Referencing XEP-0059 in this

    section appears sensible.

  [NCW] Good suggestion. We will add the following sentence in the document -

Platforms could use <xref target='XEP-0059'/> to restrict the size of the result sets the

Controller returns in search or subscription results or topics' service discovery.



    As others already pointed out, I also wondered why the I-D requires

    exclusive usage of SASL EXTERNAL and SASL SCRAM, as opposed to making

    those two only MTI. Changing one "MUST" into a weaker keyword probably

    fixes that.



    If SCRAM-SHA1 is MTI (+1), then shouldn't RFC 5802 be a normative

    reference and not an informative one?

[NCW] That is a fair point.  The intent is to achieve interoperability, so it should be MTI; we will change it to implementations MUST support at least one of the two.



    Best wishes

     Florian