Re: [Mobopts] IESG 3932 review of draft-irtf-mobopts-mmcastv6-ps
"Thomas C. Schmidt" <schmidt@informatik.haw-hamburg.de> Mon, 19 October 2009 23:06 UTC
Return-Path: <schmidt@informatik.haw-hamburg.de>
X-Original-To: mobopts@core3.amsl.com
Delivered-To: mobopts@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EE9AB3A635F; Mon, 19 Oct 2009 16:06:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.45
X-Spam-Level:
X-Spam-Status: No, score=-1.45 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tas-hUeg-h-4; Mon, 19 Oct 2009 16:06:57 -0700 (PDT)
Received: from mail2.rz.htw-berlin.de (mail2.rz.fhtw-berlin.de [141.45.10.102]) by core3.amsl.com (Postfix) with ESMTP id 566FD28C0E5; Mon, 19 Oct 2009 16:06:57 -0700 (PDT)
Envelope-to: iesg@ietf.org, mobopts@irtf.org, multimob@ietf.org
Received: from 80-254-68-155.dynamic.monzoon.net ([80.254.68.155]) by mail2.rz.htw-berlin.de with esmtpsa (SSLv3:AES256-SHA:256) (Exim 4.68 (FreeBSD)) (envelope-from <schmidt@informatik.haw-hamburg.de>) id 1N01Jf-0005jY-6s; Tue, 20 Oct 2009 01:07:03 +0200
Message-ID: <4ADCF111.5060705@informatik.haw-hamburg.de>
Date: Tue, 20 Oct 2009 01:06:57 +0200
From: "Thomas C. Schmidt" <schmidt@informatik.haw-hamburg.de>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Jari Arkko <jari.arkko@piuha.net>
References: <4ABB39DF.10609@piuha.net>
In-Reply-To: <4ABB39DF.10609@piuha.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: draft-irtf-mobopts-mmcastv6-ps@tools.ietf.org, multimob@ietf.org, IESG <iesg@ietf.org>, ml-mobopts <mobopts@irtf.org>
Subject: Re: [Mobopts] IESG 3932 review of draft-irtf-mobopts-mmcastv6-ps
X-BeenThere: mobopts@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobility Optimizations <mobopts.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/mobopts>, <mailto:mobopts-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/mobopts>
List-Post: <mailto:mobopts@irtf.org>
List-Help: <mailto:mobopts-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/mobopts>, <mailto:mobopts-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Oct 2009 23:06:59 -0000
Hi Jari, many thanks again for your careful review - we are now back with addressing your points in detail (please see inline). A new version of the document addresses the issues, and does not modify the recommendations. The updated document is accessible at http://www.ietf.org/id/draft-irtf-mobopts-mmcastv6-ps-09.txt Thomas Jari Arkko wrote: > >> obility management may issue >> traffic directives that lead to suboptimal routing, i.e., erroneous >> subscriptions following predictive handover operations, or slow >> effective leaves caused by MLD querying, or by departure of the MN >> from a previous network without leaving the subscribed groups. >> > > I had a hard time parsing this. Maybe say instead: "Mobility management > may impact routing by, e.g., erroneous ... or by MNs leaving networks > without unsubscribing form the groups they were receiving.". What's a > "slow effective leave"? > We replaced the first part as suggested. 2nd part changed to: "slow traffic termination at leaf nodes resulting from MLD query timeouts" Hope this is clearer, now. >> IP multicast deployment in general has been hesitant over the past 15 >> years > > s/hesitant/slow/? > Changed. >> a strong business case for IP >> portables > ... portable IP-based devices. > Changed. >> Current packet filtering practice causes inter-working problems >> between Mobile IPv6 nodes connected via GPRS [46 >> <http://tools.ietf.org/html/draft-irtf-mobopts-mmcastv6-ps-08#ref-46>]. >> > This is incorrect AFAIK. There are filtering procedures in IMS that > cause problems for Mobile IPv6 and other things. However, those > filtering mechanisms are not a part of the link layer nor are they > applied for regular Internet access. I would suggest this statement be > deleted from the draft, along with the reference. D'accord: this isn't really important text. We removed as suggested. > >> PTM uses an >> unidirectional common channel, operating in unacknowledged without >> adjustment of power levels and no reporting on lost packets. >> > > ... unacknowledged mode? > Yes, of course: thanks! >> Mobility services transport for MIH naturally reside >> on the network layer and are currently in the process of >> specification [55 >> <http://tools.ietf.org/html/draft-irtf-mobopts-mmcastv6-ps-08#ref-55>]. >> >> > draft-ietf-mipshop-mstp-solution is an approved specification (though > not yet out of the RFC Ed queue). > O.K.: we changed to "have been specified" and refer to the draft --- RFC-Ed can replace with this an RFC No when published. > Also, I believe 802.21 specifies both network and link layer transport, > so its not clear why you say "naturally" above. > Yes, but the point here was a bit different: Given link layer heterogeneity (beyond IEEE protocols) and the need to transfer states of multicast context, an abstraction above layer 2 is needed. We changed the sentence to "Mobility services transport for MIH are required as an abstraction for layer 2 multicast service transfer in an Internet context [54] and are specified in [55]." > In general Section 4 wanders off a little bit to topics outside > multicast. I understand that some amount of explanation is needed about > what each L2 technology does, but I'd consider tightening the text in > AUTH48 in some places. > We agree that wireless link layer issues and mobile multicast routing are distinct topics and should be designed independently. However, mapping group communication well to distribution techniques on a shared link (s.a. in wireless) is an important challenge (the efficiency of group communication increases with lowering the layers). And - as Rajeev & Charlie nicely state in their book - "It's hard to imagine being mobile without assuming wireless" ;) So we tried to summarize the clues of l2 multicast capabilities - even if being a bit verbose. Following your hint, we tightened the text at many occasions, which is difficult to enumerate but easy to see from the diff. >> MLD >> router querying will allow the multicast forwarding state to be >> restored in case of an erroneous prediction (i.e., an anticipated >> move to a network that is not fulfilled). > fulfilled? > Reworded: "has not taken place". >> Mobility protocols need to consider the implications and requirements >> for AAA. AAA binding records may change between attachments, or may >> be individually chosen prior to network (re-)association. The most >> appropriate network path may be one that satisfies user preferences, >> e.g., to use/avoid a specific network, minimize monetary cost, etc, >> rather than one that only minimizes the routing cost. Consequently, >> AAA bindings cannot be treated at a pure level of context transfer. >> > It was not clear to me why AAA is relevant. And what's an "AAA binding > record"? I must say that I don't understand the rest of the paragraph > either. > > The term AAA was not defined or expanded. Please check the other terms too. > The issue pointed at here is that multicast (as a special per group service) may not be part of the standard connectivity offer of an operator (example: IPTV - realized as a multicast service - is offered as an additional, charged service by a number of European providers today). Re-routing may involve provider changes and thus be incompatible with "seamless/unnoticed network management operations". This paragraph is an outcome of a discussion with Dave Thaler and Bill Atwood. We reworded as follows: "Mobility protocols need to consider the implications and requirements for Authentication, Authorization and Accounting (AAA). A MN may have been authorized to receive a specific multicast group when using one mobile network, but this may not be valid when attaching to a different network. In general, the AAA association for an MN may change between attachments, or may be individually chosen prior to network (re-)association. The most appropriate network path may be one that satisfies user preferences, e.g., to use/avoid a specific network, minimize monetary cost, etc, rather than one that only minimizes the routing cost. Consequently, AAA bindings may need to be considered when performing context transfer." Better now? >> Due to lack of feedback, the admission [83 >> <http://tools.ietf.org/html/draft-irtf-mobopts-mmcastv6-ps-08#ref-83>] >> and binding >> updates [84 >> <http://tools.ietf.org/html/draft-irtf-mobopts-mmcastv6-ps-08#ref-84>] >> of mobile multicast sources require autonomously >> verifiable authentication as can be achieved by Cryptographically >> Generated Addresses (CGAs). >> > And presumably with other means as well. I would suggest saying "... be > achieved by, for instance, ...". O.K. - changed. > > It would have been interesting if Section 8 listed some of the multicast > specific issues around security. For instance, I would presume that a HA > operating tunneled multicast service by n-casting is more vulnerable to > a DoS attack than some other more native multicast solution. > Multicast security concerns and counter measures is indeed a large issue - we don't know of any sufficiently general reference. Instead, we have added the following paragraph: "Multicast protocols exhibit a risk of network-based traffic amplification. For example, an attacker may abuse mobility signaling to inject unwanted traffic into a previously established multicast distribution infrastructure. These threats are partially mitigated by reverse path forwarding checks by multicast routers. However, a multicast or mobility agent that explicitly replicates multicast streams, e.g., Home Agent that n-casts data, may be vulnerable to denial of service attacks. In addition to source authentication, a rate control of the replicator may be required to protect the agent and the downstream network." We know there could be a larger story on multicast security, which interferes with mobility. However, given the focus of this document to address only a brief survey of the design space, we think it should suffice to only sketch the security concerns and leave details to actual protocol design. -- Prof. Dr. Thomas C. Schmidt ° Hamburg University of Applied Sciences Berliner Tor 7 ° ° Dept. Informatik, Internet Technologies Group 20099 Hamburg, Germany ° ° http://www.haw-hamburg.de/inet Fon: +49-40-42875-8452 ° ° http://www.informatik.haw-hamburg.de/~schmidt Fax: +49-40-42875-8409 °
- [Mobopts] IESG 3932 review of draft-irtf-mobopts-… Jari Arkko
- Re: [Mobopts] IESG 3932 review of draft-irtf-mobo… Thomas C. Schmidt
- Re: [Mobopts] IESG 3932 review of draft-irtf-mobo… Koodli, Rajeev
- Re: [Mobopts] IESG 3932 review of draft-irtf-mobo… Jari Arkko
- Re: [Mobopts] IESG 3932 review of draft-irtf-mobo… Thomas C. Schmidt