[mile] Feedback on draft-ietf-mile-xmpp-grid-09

Florian Schmaus <flo@geekplace.eu> Thu, 24 January 2019 16:45 UTC

Return-Path: <fschmaus@gmail.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A50C413122C; Thu, 24 Jan 2019 08:45:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8vY8Xirbk8MB; Thu, 24 Jan 2019 08:45:02 -0800 (PST)
Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05CAB131214; Thu, 24 Jan 2019 08:44:59 -0800 (PST)
Received: by mail-wr1-f51.google.com with SMTP id z5so7196484wrt.11; Thu, 24 Jan 2019 08:44:58 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:cc:from:subject:openpgp:autocrypt:message-id :date:user-agent:mime-version; bh=8z/0o+Kjwh+rhfruA824k3FdOHoUe8Y+x6Sv2QPsv3I=; b=UoanYHtFOthOZbKKlm23KOF+6EL6UQO5wB9GzhPWojxCU/l7QvmWGyYp2ItyImCqAX q/9Ayo7QEFI9MDa+pGygAvE+YC/7DjG3z5v3TbVDpbVdPb9MEdhnUvaMdtwJj2XRAmfA GzyRAevsLketgDmGYCvAe9lX5WoqREBrOkIGlB9B/ktk2yBScZBj+7eLanjEWlXsgX7b qClCgLHmU1xznoWN/PbUm1+9VzX1vh27fTK7AZ0z2VpZ9Ut+IxVnbWje0ymqNdeUqoQJ FHJgBUjCL7T2TfNQqkXTRAQbjdf4X2cMmYpTLhHye/nBHD2JUWITckwBaXJIhCtSYOi+ SlsA==
X-Gm-Message-State: AJcUukeQItqvtm+Lx17pkPAqQTEBPlRvioZIZVxnkBcHv+1R04AtukXv 8D3ZcFb89XWKUfUatM/a9VnPMPbI
X-Google-Smtp-Source: ALg8bN54wJT6hxKU8D+AY1wbdWOjmcWll0v/OknNLawFukUEI+lX3RL7nXzWSx5mEshDGehb135/vw==
X-Received: by 2002:a5d:6a42:: with SMTP id t2mr8545616wrw.50.1548348296364; Thu, 24 Jan 2019 08:44:56 -0800 (PST)
Received: from [192.168.188.20] (55d485fb.access.ecotel.net. [85.212.133.251]) by smtp.googlemail.com with ESMTPSA id t66sm26604075wme.15.2019.01.24.08.44.55 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Thu, 24 Jan 2019 08:44:55 -0800 (PST)
To: mile@ietf.org
Cc: draft-ietf-mile-xmpp-grid.authors@ietf.org
From: Florian Schmaus <flo@geekplace.eu>
Openpgp: preference=signencrypt
Autocrypt: addr=flo@geekplace.eu; prefer-encrypt=mutual; keydata= mQENBEw8UF4BCAC4H+pf0bJjP8iUvOXtyfM052WptOwK+YCVWx5y8TExQ6u2WuKnsLC5AhdQ qChyLU08zIkno2dvfhyRxxMqhUPmo60ckn6AjLrif28vZiHJRWCfJTipxL2mZO0xNW68d23k 9G4f7+hzNyjWV5SpFG2qg4DWKmwIonZHZMZAK3NtWK7h+3uIVXk32Veuseh/qACZRI63EuQH e+BhnHDFLbb7gYhm78tuzVobU1mEqiNSA783BpxoVUSCEine1/qB5kObmq9Nno0cwnPui8GS sAUmNItKC270UdwLimFdCnV8qEbVEVj+Nh+nE+LVMdNZJa95x/4HHz9oIj8TGc1/RNiXABEB AAG0IkZsb3JpYW4gU2NobWF1cyA8ZmxvQGdlZWtwbGFjZS5ldT6JAVcEEwEIAEECGwMFCwkI BwMFFQoJCAsFFgMCAQACHgECF4ACGQEWIQQTV7AYZbJQPBhFPSCMrCqWeFSONQUCWzoxDQUJ EsBHrwAKCRCMrCqWeFSONWwyB/9GdtTjAryks1OR5kbhSKiw132im4/Z0eDs681qHJlG/lyC uPORV+ru0fxxSNY4QxydG7+pJtJfaTtEn2562ziqr/peqtLdWw+F5RctJbiJD+TPEdAUdxA0 FlTdQoaGz3sC9NxVfYXDGTGGTvC2GUjI2PWgM6RCH1UA3/eWtDogypl4eXHJpjMwDclUxi/X rQjd65gCEAAt5YK+lF3cnvrVzc4AWHoVShVfPePyKAhJOdvFZn9f+3uRcNv5OsZUVZ8ZwAWv dqDp2MO1pjOTyO7aFc2sISjoXc5DQ+74F6e41/KyDImH6ims3mE5taD0RpgDfDxOMxaNvIGU MrzrmFbiuQENBEw8UF4BCADoJRRtsvwu0qPbYKZGxa+sJ44zDX8oLBr/UD8aESTPi7nXtc5V FRQ7v66JEKkKTYq9T/J29P5HsdxMomiR5pbaRUaAjeENscxzXY8BZTZVzSotqQ6ZHyOeGqkK XhNNVUx7pFZF1AO46bk8Ob++6jEFNCSIUNgiDsFggGwd3ngPLrpDblQQujC5pAT9JB6X+OnE 41cYSS5rCbDPaBKHtIyTftcCPwjsgic0qKMhXgthR86Qmna4ZUeHN9+8cEszk/LSEJysDv4Q +j9HiezRQxFXgKjsMyTdD8TAo3uVpZXc7vOrGagi7agK4QAMuozmbwVbOohYvR0w6mZmYEsE uh9fABEBAAGJATwEGAEIACYCGwwWIQQTV7AYZbJQPBhFPSCMrCqWeFSONQUCWzoxIwUJEsBH xQAKCRCMrCqWeFSONQdGB/9qe949moyhflZf/Gj8B4D7RQ+8z4taoo3LBbxl9Kp0gz2C0wgh kkeHDVt2Kf8yiRLkH9DdFnqowYb19qWHJ3+1dmUU2S8VWk24NYDE7svgw2lQOE8/pItXTG/C m9s7Rp8DHcTE1dqPwIGR7LhLtt/+U/NMZi8+cr/AiYlUCD88NcHEScqnO6srTzEWFye2BYRp m3ayR/DN2gJTIdWSqODT/yN07cFphYozg5aIgGzzy4nGGQnm5sLNmsvmu1oY2aAaK5LafqzA 60zEcnRKmX/MsGK7SiOHPIQrot33gjvhnhrtDcVfna26fTvdjkpZoczmpsQhjZdj0kU3VDyP yNkluQENBFdWjtMBCAC9XPyeOKXvBPiwMMqAZIXiqTpy7uKmElD1RpXYl/0ZC+oEvXhlYZE5 sAm3uRN3hulH86wNAP1lvV5nSRa/r4pPr1I8zqzfl1EN0CmVdeIR77UZOhfgLtEKRmUUf3YK 2ZIjVJ9zhYfBZpuuRd6ckoUzZsp2MgdID2ezxcpuBNL8EVkr15p5sEkEU+pqY/QUuXY1MCtf Cs0q4RWUO9UOiAX2tCbMVvDAxtItBEVIwJ5p94glK3tfaBfHE6787KbN5a5AV3vgKVGjlKHA FPr8yY+F5lj9fKjxCjgkga3nwz0vF+FX/8BbErBHU/gUgnFzbwZxq/+XtQxK297k5hc6kEVH ABEBAAGJArsEGAEIACYCGwIWIQQTV7AYZbJQPBhFPSCMrCqWeFSONQUCWzoxOAUJB6YJZQGJ wL0gBBkBCABmBQJXVo7TXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9wZW5wZ3Au ZmlmdGhob3JzZW1hbi5uZXQ5Nzc1MDU5RjNBMjFEQ0UxNkJFNEZCQUUyMjM5QTdFOEY1ODUy MDUyAAoJECI5p+j1hSBS7FsIAJVU3gkZdex8Tj+vwHeLdtupi5iGtcnkijnFyhC7Fbkzn83y Jj2QsYVpPGVC1X2zDFoqoV15GTqBnYoL3QayMZM4zglTP81nBSNbrOai2RYFnTMNv2ivgWPN j38y07+T0Z+boJ+0xrsTT5QYkk75cv8X694YhyaHTcljDwK56dhY+9i/h9cfPZON/cwWoymA PUxNsVqovUfFF+eX9gmZHjzqjEdsdcS5eXb1kr8sdXIhwYRfPeZutTzuKHEYzw1bIidxZeX8 +Q+qbZxC/IOTpE/JC++IAdABExtuZaaABirXXqXNTZPPROcF8Rfo9IoBuJ5s/2zR2j664fB/ p5JQyRwJEIysKpZ4VI41iYkIALMQ/+GvcUhdr0H8iYb1HeijZ2eTQRAv3j7cEAK+8dbBslYr b8eG7pO6swnuhXzEwuxSqoq1UA50sa7L++cN0oJk7S0FDkhVb7vDU1BNQ1DXTeiNbQpvLqXB Y7/drAwHGMo6PS4IkEhzBZfs7FP/Tewpr8LC9i4FdlzDcCxj5rHUVS/+aerd8KZtRKmXmes7 gBxZ+Klwj8eizPmLp4lRxwVjOLQxOSEielhWiuzSzlZGvz5RmBqumVc0sUSB/GTBKYpcIhP/ mBKGNutYkMzCK/JJ5LID/MCpsRsjH8Syd5aRg4shE0aeh1KV9WF/YiQPC/V03LO5Fx2JULpg wmAlqFE=
Message-ID: <89992d68-4ea9-2c95-5127-b2bb9531a503@geekplace.eu>
Date: Thu, 24 Jan 2019 17:44:54 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="o6YPkSDojU3FELphocZgHKPbqCJiWlKKp"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/vfCGwGEskeuD732lr0aOSfaANEY>
Subject: [mile] Feedback on draft-ietf-mile-xmpp-grid-09
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jan 2019 16:45:10 -0000

I know I am late to the party, probably too late, but I had the chance
to take at least a short look at the I-D (which has been on my TODO list
for months). Here are my remarks with my XMPP goggles on, I hope they
are still helpful.

Section 6: The first reference should point to XEP-0060 not XEP-0030.

XMPP-Grid uses XEP-0060 (and XEP-0030) at its core. There are two size
limitations you may want to consider:
1. XEP-0060, unfortunately, does not specify a maximum PubSub node name
length. If your XMPP-Grid use case allows it, then you may want to
specify a maximum node name size. If you do so, then implementations
claiming compatibility with XMPP-Grid are required to support this
maximum node name size. I believe this would improve interoperability.
2. Requesting all topics using XEP-0030 could potentially return a huge
result set. It could become so large, that it exceeds the maximum stanza
size limit of an involved party. In XMPP we have XEP-0059 "Result Set
Management" to split (large) result sets into smaller ones.
Unfortunately using XEP-0030 with XEP-0059 is underspecified (AFAIKT).
Nevertheless, if you anticipate a large number of topics, then you may
want to hint towards the problematic and XEP-0059 as a potential solution.

XEP-0059 is also the XMPP-ish mitigation against the type of resource
exhaustion attacks mentioned in ยง 8.3.5. Referencing XEP-0059 in this
section appears sensible.

As others already pointed out, I also wondered why the I-D requires
exclusive usage of SASL EXTERNAL and SASL SCRAM, as opposed to making
those two only MTI. Changing one "MUST" into a weaker keyword probably
fixes that.

If SCRAM-SHA1 is MTI (+1), then shouldn't RFC 5802 be a normative
reference and not an informative one?


Best wishes
 Florian