Re: [Mipshop] AD review of draft-ietf-mipshop-mstp-solution

"Telemaco Melia (tmelia)" <tmelia@cisco.com> Mon, 19 May 2008 13:08 UTC

Return-Path: <mipshop-bounces@ietf.org>
X-Original-To: mipshop-archive@megatron.ietf.org
Delivered-To: ietfarch-mipshop-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8185428C1A4; Mon, 19 May 2008 06:08:48 -0700 (PDT)
X-Original-To: mipshop@core3.amsl.com
Delivered-To: mipshop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C051C3A6E2A for <mipshop@core3.amsl.com>; Mon, 19 May 2008 06:08:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XWrunpLJwl0F for <mipshop@core3.amsl.com>; Mon, 19 May 2008 06:08:41 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by core3.amsl.com (Postfix) with ESMTP id 46E203A6E35 for <mipshop@ietf.org>; Mon, 19 May 2008 06:08:39 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.27,509,1204498800"; d="scan'208";a="9276815"
Received: from ams-dkim-2.cisco.com ([144.254.224.139]) by ams-iport-1.cisco.com with ESMTP; 19 May 2008 15:08:37 +0200
Received: from ams-core-1.cisco.com (ams-core-1.cisco.com [144.254.224.150]) by ams-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id m4JD8bq2024704; Mon, 19 May 2008 15:08:37 +0200
Received: from xbh-ams-332.emea.cisco.com (xbh-ams-332.cisco.com [144.254.231.87]) by ams-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id m4JD8bHe024916; Mon, 19 May 2008 13:08:37 GMT
Received: from xmb-ams-335.cisco.com ([144.254.231.80]) by xbh-ams-332.emea.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 19 May 2008 15:08:37 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Mon, 19 May 2008 15:09:47 +0200
Message-ID: <DD0238A0AAE9B74A8F70A91BDF497C2F03AD050F@xmb-ams-335.emea.cisco.com>
In-Reply-To: <483170AA.2000403@piuha.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Mipshop] AD review of draft-ietf-mipshop-mstp-solution
Thread-Index: Aci5quHMKpJESTwRTC+bJuqxC7hUcgABXCDg
References: <483170AA.2000403@piuha.net>
From: "Telemaco Melia (tmelia)" <tmelia@cisco.com>
To: Jari Arkko <jari.arkko@piuha.net>, draft-ietf-mipshop-mstp-solution@tools.ietf.org, Mipshop <mipshop@ietf.org>
X-OriginalArrivalTime: 19 May 2008 13:08:37.0153 (UTC) FILETIME=[731A9110:01C8B9B1]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=19156; t=1211202517; x=1212066517; c=relaxed/simple; s=amsdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=tmelia@cisco.com; z=From:=20=22Telemaco=20Melia=20(tmelia)=22=20<tmelia@cisco. com> |Subject:=20RE=3A=20[Mipshop]=20AD=20review=20of=20draft-ie tf-mipshop-mstp-solution |Sender:=20; bh=Fkj5Hv7JmQmXmKUfUNBJ6Nxeax+eghrCm0dD5wJTTq4=; b=ZIIvdC7vCyjtzt5TZG0nSbFV53z92miTAx7B3DxI3RcNt9h2hs0C/dWoXN D/L/1hIucfB41dxc2j7nz/5XgEoMV23gG5ugwToEAdqRnVYszgLl/j7ew4Vt G5wjt9AUoi;
Authentication-Results: ams-dkim-2; header.From=tmelia@cisco.com; dkim=pass ( sig from cisco.com/amsdkim2001 verified; );
Cc: gorry@erg.abdn.ac.uk
Subject: Re: [Mipshop] AD review of draft-ietf-mipshop-mstp-solution
X-BeenThere: mipshop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <mipshop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/mipshop>
List-Post: <mailto:mipshop@ietf.org>
List-Help: <mailto:mipshop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: mipshop-bounces@ietf.org
Errors-To: mipshop-bounces@ietf.org

Hi Jari,

Thanks for the review. We will post a revised version as soon as
possible.

A couple of comments about the process.
The DHC WG so far was not involved upon suggestion of the Mipshop
chairs.
As for the transport review, Gorry has been added to the MIH DT mailer
since Chicago.
In Vancouver last winter, together with Nada, we answered the open
questions/issues Gorry had.

Regards,
Telemaco 

-----Original Message-----
From: mipshop-bounces@ietf.org [mailto:mipshop-bounces@ietf.org] On
Behalf Of Jari Arkko
Sent: Monday, May 19, 2008 2:21 PM
To: draft-ietf-mipshop-mstp-solution@tools.ietf.org; Mipshop
Subject: [Mipshop] AD review of draft-ietf-mipshop-mstp-solution

Hi all,

I have made my AD review of this document. Please find details below.
Overall, there were a few important missing or underspecified parts
relating to parameters and algorithms for using UDP, discovery via
another MoS, NAT-traversal retransmissions, and authorization. These
should be specified. The security mechanisms should be narrowed down to
a more reasonable set.

But the big question for me was whether it is appropriate to employ
DHCP-AAA binding so that per-MN information can be provided. I realize
that we have done it once in the context of the Mobile IP bootstrapping
work. But frankly, that sets a very high bar for deployment in a given
access network and introduces dependencies and complexity that is
undesirable. In general, if every application that wants to avoid
configuration needs to have special support in DHCP relays, it becomes
very hard to deploy anything new. My read of RFC 5164 does not say that
the AAA binding is required. My question is whether (a) local MIH
services, (b) configured home network name and DNS, (c) local MIH IS +
redirection to home MIH, (d) other Internet service discovery mechanisms
would be sufficient or preferable. At the very least, we should consider
publishing the simple solution first, and only if there's actual
evidence of deployments with more complex requirements, consider
extending it.

Process:

Given the extensive use of DHCP in this document, we need to engage the
DHC WG in a discussion of this draft. I would also like to see a
transport directorate review. Both to be done after a revision
addressing my own comments has been submitted, however.

Technical:

>    DHCP  Dynamic Host Configuration Protocol: a protocol described in
>       [RFC2131 <http://tools.ietf.org/html/rfc2131>] that allows
Internet devices to obtain IP addresses,
>       subnet masks, default gateway addresses, and other IP
>       configuration information from DHCP servers.
>   

IPv6 needs to be covered as well. Please add the appropriate reference.

>    Different types of MoS can be provided independently of other types
>    and there is no strict relationship between ES, CS and IS, nor is
>    there a requirement that the entities that provide these services
>    should be co-located.  However, while IS tends to involve a large
>    amounts of static information, ES and CS are dynamic services and
>    some relationships between them can be expected, e.g., a handover
>    command (CS) could be issued upon reception of a link event (ES).
>    Hence, while in theory MoS can be implemented in different
locations,
>    it is expected that ES and CS will be co-located, whereas IS can be
>    co-located with ES/CS or located elsewhere.  Therefore, having the
>    flexibility at the MSTP to discover different services in different
>    locations is an important feature that can be used to optimize
>    handover performance.  MoS discovery is discussed in more detail in
>    Section 5
<http://tools.ietf.org/html/draft-ietf-mipshop-mstp-solution-04#section-
5>.
>   
Is there a need to state that ES/CS is more likely to be associated with
a visited network than home?

>    The configuration of the MoS could be executed either upon network
>    attachment or after successful IP configuration.  The methodology
to
>    be used depends on the considered deployment scenario.
>   
First, there's a problem here with what kind of network attachment we
are talking about. I believe mobility services need to be provided from
the access network in many situations. IP layer configuration is
somewhat independent of the link layer attachments, given things like
bridging, access concentrators, tunneling, proxy MIP and so on. Given
this, I think the above needs to say that discovery happens upon initial
or changed link layer attachment.

Secondly, the part about IP configuration needs to talk about changed IP
configuration as well.  If your DHCP lease expires, and you get a new
address, will you redo discovery? What if you generate a new 3041
address? If the prefixes in the RAs change without the routers
themselves being changed? What if you do DNAv4 or v6 and detect a
network change?

Thirdly, I do not think it is appropriate to leave this entirely to
deployments. At least for the mobile node side, code needs to be written
and every host needs to be able to behave in the correct manner.

In conclusion, this text needs to be written in a much more detailed and
specification-like manner. It may be that subsequent sections contain at
least some of these details. If so, forward references would be needed.

>    In the case where MoS is provided locally (scenarios S1 and S2) ,
the
>    discovery techniques described in
[I-D.ietf-mipshop-mos-dhcp-options
<http://tools.ietf.org/html/draft-ietf-mipshop-mstp-solution-04#ref-I-D.
ietf-mipshop-mos-dhcp-options>]
>    and [I-D.ietf-mipshop-mos-dns-discovery
<http://tools.ietf.org/html/draft-ietf-mipshop-mstp-solution-04#ref-I-D.
ietf-mipshop-mos-dns-discovery>] are both applicable and
>    either one MAY be used to discover the MoS.
>   

Dns-discovery requires starting from a known domain name, which seems to
exclude using it for local networks. Other than as a follow-up to other
methods, like DHCP.

>    In the case where MoS is provided in the home network while the MN
is
>    in the visited network (scenario S3), the DNS based discovery
>    described in [I-D.ietf-mipshop-mos-dns-discovery
<http://tools.ietf.org/html/draft-ietf-mipshop-mstp-solution-04#ref-I-D.
ietf-mipshop-mos-dns-discovery>] is applicable,
>    while the DHCP based discovery method would require an interaction
>    between the DHCP and the AAA infrastructure, similarly to what is
>    specified in [I-D.ietf-mip6-bootstrapping-integrated-dhc
<http://tools.ietf.org/html/draft-ietf-mipshop-mstp-solution-04#ref-I-D.
ietf-mip6-bootstrapping-integrated-dhc>] .  This
>    latter case assumes that MoS assignment is performed during access
>    authentication and authorization.
>   
I would like to see this simply state that DHCP based discovery in such
a scenario is inappropriate for the given reasons. I do not believe it
is beneficial to start bundling DHCP with other parts of the network,
except where absolutely required.
>    It should be noted that authorization of a MN to use a specific MoS
>    server is not in scope of this document and is specified in
>    [IEEE80221
<http://tools.ietf.org/html/draft-ietf-mipshop-mstp-solution-04#ref-IEEE
80221>] . 
This needs expansion. How does the IEEE scheme affect the transport
protocol? Can we end up in a situation where DHCP discovery delivers a
server address which refuses to talk to us, for instance?

> In order to use that
> mechanism, the MN MUST first find out the domain name of its home 
> network.  Home domains are usually pre-configured in the MNs (i.e.
> subscription is tied to a network), thus the MN can simply read its 
> configuration data to find out the home domain name (scenario S1).
This is formulated in a peculiar way. Wouldn't it be simpler to just say
that MNs must be configured with the domain name of their home network?

> Alternatively, the MN
> MAY use the DHCP options for MoS
> discovery[I-D.ietf-mipshop-mos-dhcp-options] as shown inFigure 6b.
Again, binding the DHCP process with AAA, knowledge of particular node's
home network etc is undesirable. Can we remove this from the draft?

>    DHCP --  In order to find out the domain name of the local network,
>       the MN SHOULD use the dhcpv4 option 15 for learning the domain
>       name [RFC2132 <http://tools.ietf.org/html/rfc2132>].  A similar
solution is available for dhcpv6
>       [I-D.ietf-dhc-dhcpv6-opt-dnsdomain
<http://tools.ietf.org/html/draft-ietf-mipshop-mstp-solution-04#ref-I-D.
ietf-dhc-dhcpv6-opt-dnsdomain>] .
>   
The draft is expired. I would suggest re-considering whether this
approach (dchp + dns) is necessary.

>    Reverse dns query --  When DHCP does not provide the required
domain
>       name, the MN MAY use reverse DNS (DNS PTR record) to find the
>       domain name associated with the IP address it is using in the
>       visited network.  Note, that when a NAT device exists between
the
>       MN and the visited network, the MN will first need to find out
the
>       external IP address of the NAT device.  Some possible methods
for
>       determining the NAT's external IP address are STUN [RFC3849
<http://tools.ietf.org/html/rfc3849>] or
>       UPnP [UPnP_IDG_DCP
<http://tools.ietf.org/html/draft-ietf-mipshop-mstp-solution-04#ref-UPnP
_IDG_DCP>].  Once the MN has determined the external IP
>       address of the NAT device, it MUST use that address in the
reverse
>       DNS query.
A lot of complexity. I wonder if this is really needed. Anyone who is
willing to deploy a relatively costly service such as the MIS on their
network, why would they not be willing to add a few DHCP options to
their network as well? Note that you do not need to use DHCP in IPv6 to
acquire such options; stateless DHCP would also do fine, and can be
combined with autoconfig addresses.

>    When the discovery of an MoS at the visited network, using the FQDN
>    returned in the reverse DNS query, is not successful, the MN MAY
>    attempt to remove portions from the left side of the FQDN and
attempt
>    discovery again.  The process MAY be repeated iteratively until a
>    successful discovery.
As in eventually asking for mobility services from .com, for instance? I
think you need text to avoid this from happening.

>    This section assumes the use of IPv6 and DHCPv6 based mechanisms to
>    discover MoS services in home while the MN is in visited network.
If
>    similar functionalities are desired for IPv4 additional DHCPv4
>    extensions would be required.  Since use cases requiring these
>    extensions were not identified at the time of writing this
document,
>    they were excluded from the scope of the document.

I am surprised by this. Generally speaking, I would expect to see
feature parity for IPv4 and IPv6 in specifications like this.

>    To discover an MoS in a remote network other than home network, the
>    MN MUST use the DNS based MoS discovery method described in
>    [I-D.ietf-mipshop-mos-dns-discovery
<http://tools.ietf.org/html/draft-ietf-mipshop-mstp-solution-04#ref-I-D.
ietf-mipshop-mos-dns-discovery>].  The MN MUST first learn the
>    domain name of the network containing the MoS it is searching for.
>    If the MN does not yet know the domain name of the network,
learning
>    it may require more than one operation, as DHCP based discovery can
>    not be used and pre-configuration is not a feasible solution in
case
>    of an arbitrary remote network.  The MN MAY attempt to first
discover
>    an MoS in either the local or home network (as in Figure 9 part
(a))
>    and query that MoS to find out the domain name of a specific
network
>    or the domain name of a network at a specific location (as in
>    Figure 9 part (b)).  Alternatively, the MN MAY query an MoS
>    previously known to learn the domain name of the desired network
>    (e.g., via an IS Query).  Finally, the MN MUST use DNS queries to
>    find MoS in the remote network as inFigure 9 part(c).  It should be
>    noted that step c can only be performed upon obtaining the domain
>    name of the remote network.
The part about finding more information from MoS to redirect the mobile
node to a third party is vague. Can this document point to specific
attributes defined in IEEE that would carry such information? Otherwise
this cannot be implemented.

Also, its not clear why "pre-configuration is not a feasible solution in
case of an arbitrary remote network". Surely its no harder to configure
a given 3rd party network than a given home network. I agree that
pre-configuration should be avoided if possible, though.

> while it is preferred to avoid using MIH ACKs with TCP
>    since TCP includes acknowledgement and retransmission
functionality.
Is there no need for application level confirmation? TCP ACKs will only
tell you that the message got through, not, for instance, that it can be
obeyed.

> On the other hand, if UDP
> is used, a rate-limiting effect similar to the one obtained with TCP 
> may be obtained by adequately adjusting the parameters of a token 
> bucket regulator as defined in the MIH specifications [IEEE80221
<http://tools.ietf.org/html/draft-ietf-mipshop-mstp-solution-04#ref-IEEE
80221>].
> Recommendations for tocken bucket parameter settings are specific to 
> the scenario considered.
The parameters and algorithms governing the use and timing of UDP need
to be specified. Its fine to point to an IEEE spec, but it needs to be
clear that they are mandatory. From the above I cannot determine what an
implementation needs to do.
> As [RFC4787 <http://tools.ietf.org/html/rfc4787>] requires a minimum 
> state timeout of two minutes or more, MIH messages using UDP as 
> transport SHOULD be sent once every two minutes.

This is too vague. Sent when? If you have an implementation capable of
using MIH? When you have something to send, you keep sending it over and
over again? When you have something to receive you keep sending
something else? How do you know when you have something to receive, or
when you want to receive something?

Note that it would be very unfortunate if every host in every network
that had turned MIH on would be sending a packet every 2 mins.

> MIH messages sent over UDP, TCP or other supported
>    transport MUST use the default port number defined for that
>    particular transport.
Where are these specified?

> MIH Transport Options
The document is very silent on how MIH messages are carried on a given
transport protocol. At the very least the draft should indicate that no
extra framing is needed because IEEE specs already contain a length
field.

> MIH Transport Options

The document does not talk about how servers know the capabilities of
clients that send event/command services to. Is this a part of the IEEE
definitions, and you subscribe to a particular event stream? In any
case, the document should talk about this and point to the relevant
other specifications where needed.

>    In the case where DHCP is used for node discovery and
authentication
>    of the source and content of DHCP messages is required, network
>    administrators SHOULD use DHCP authentication option described in
>    [RFC3118 <http://tools.ietf.org/html/rfc3118>], where available or
rely upon link layer security.  This
>    will also protect the DHCP server against denial of service attacks
>    to.  [RFC3118 <http://tools.ietf.org/html/rfc3118>] provides
mechanisms for both entity authentication and
>    message authentication.

I think the overall recommendation is good, but practically no one is
going to deploy RFC 3118. With this in mind, I would like to see the
above paragraph explain in more detail the security implications of
relying on link layer security.

>    In the case where reliable transport protocol such as TCP is used
for
>    transport connection between two MIHF peers, TLS [RFC4346
<http://tools.ietf.org/html/rfc4346>] SHOULD be
>    used for message confidentiality and data integrity.  In
particular,
>    TLS is designed for client/server applications and to prevent
>    eavesdropping, tampering, or message forgery.  Readers should also
>    follow the recommendations in [RFC4366
<http://tools.ietf.org/html/rfc4366>] that provides generic
>    extension mechanisms for the TLS protocol suitable for wireless
>    environments.
>
>    In the case where unreliable transport protocol such as UDP is used
>    for transport connection between two MIHF peers, DTLS [RFC4347
<http://tools.ietf.org/html/rfc4347>]
>    SHOULD be used for message confidentiality and data integrity.  The
>    DTLS protocol is based on the Transport Layer Security (TLS)
protocol
>    and provides equivalent security guarantees.
>
>    Alternatively, generic IP layer security, such as IPSec [RFC4301
<http://tools.ietf.org/html/rfc4301>] MAY
>    be used where neither transport layer security for a specific
>    transport is available nor server only authentication is required.
>   
Too many options. I do not see a particular requirement for IPsec here,
why do we need to include it?

Also, are TLS and DTLS mandatory to implement?

The explanation on how to use TLS and DTLS seems thin. Is there
something to be said about what type of certificates or infrastructure
is needed, what modes of operation are allowed, etc?

Editorial:

Acronyms used before defined. At least for MSTP (!) and MIHF, maybe
others. Expand them on first use, if this happens prior to the terms
section.

Most entries in Section 2 need to point to the relevant RFC or other
specification that defines them. E.g., NAI or ES.

Fix these idnits issues:

  == Unused Reference: 'I-D.ietf-dime-mip6-integrated' is defined on
line
     1066, but no explicit reference was found in the text

  -- Unexpected draft version: The latest known version of 
     draft-ietf-mip6-bootstrapping-integrated-dhc is -hc, but you're
referring
     to -06.


> Since transporting long MIH messages may require
>    fragmentation that is not available in UDP, ...
This needs to be reformulated. UDP itself has no fragmentation support,
but IP does. But the issue is that IP layer fragmentation may not work
well, particularly for large packets, may cause several other issues,
etc.

> TCP client
I believe it would be more appropriate to talk about the "MSTP client"
or "MIH client" or "MSTP TCP client"; TCP does not operate on its own.
Or, maybe you can merge "TCP client" and "MIHF" in Figure 10.

(Appears in multiple places in the document, as does the corresponding
UDP term)
>    and responses may cause DoS and the inability of the MN to perform 
> a
Acronym "DoS" not introduced earlier.

Jari

_______________________________________________
Mipshop mailing list
Mipshop@ietf.org
https://www.ietf.org/mailman/listinfo/mipshop
_______________________________________________
Mipshop mailing list
Mipshop@ietf.org
https://www.ietf.org/mailman/listinfo/mipshop