Re: [Mobopts] IESG 3932 review of draft-irtf-mobopts-mmcastv6-ps

"Thomas C. Schmidt" <schmidt@informatik.haw-hamburg.de> Mon, 19 October 2009 23:06 UTC

Return-Path: <schmidt@informatik.haw-hamburg.de>
X-Original-To: mobopts@core3.amsl.com
Delivered-To: mobopts@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EE9AB3A635F; Mon, 19 Oct 2009 16:06:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.45
X-Spam-Level:
X-Spam-Status: No, score=-1.45 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tas-hUeg-h-4; Mon, 19 Oct 2009 16:06:57 -0700 (PDT)
Received: from mail2.rz.htw-berlin.de (mail2.rz.fhtw-berlin.de [141.45.10.102]) by core3.amsl.com (Postfix) with ESMTP id 566FD28C0E5; Mon, 19 Oct 2009 16:06:57 -0700 (PDT)
Envelope-to: iesg@ietf.org, mobopts@irtf.org, multimob@ietf.org
Received: from 80-254-68-155.dynamic.monzoon.net ([80.254.68.155]) by mail2.rz.htw-berlin.de with esmtpsa (SSLv3:AES256-SHA:256) (Exim 4.68 (FreeBSD)) (envelope-from <schmidt@informatik.haw-hamburg.de>) id 1N01Jf-0005jY-6s; Tue, 20 Oct 2009 01:07:03 +0200
Message-ID: <4ADCF111.5060705@informatik.haw-hamburg.de>
Date: Tue, 20 Oct 2009 01:06:57 +0200
From: "Thomas C. Schmidt" <schmidt@informatik.haw-hamburg.de>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Jari Arkko <jari.arkko@piuha.net>
References: <4ABB39DF.10609@piuha.net>
In-Reply-To: <4ABB39DF.10609@piuha.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Cc: draft-irtf-mobopts-mmcastv6-ps@tools.ietf.org, multimob@ietf.org, IESG <iesg@ietf.org>, ml-mobopts <mobopts@irtf.org>
Subject: Re: [Mobopts] IESG 3932 review of draft-irtf-mobopts-mmcastv6-ps
X-BeenThere: mobopts@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobility Optimizations <mobopts.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/mobopts>, <mailto:mobopts-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/mobopts>
List-Post: <mailto:mobopts@irtf.org>
List-Help: <mailto:mobopts-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/mobopts>, <mailto:mobopts-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Oct 2009 23:06:59 -0000

Hi Jari,

many thanks again for your careful review - we are now back with 
addressing your points in detail (please see inline).
A new version of the document addresses the issues, and does not modify 
the recommendations.
The updated document is accessible at 
http://www.ietf.org/id/draft-irtf-mobopts-mmcastv6-ps-09.txt

Thomas

Jari Arkko wrote:

> 
>> obility management may issue
>>    traffic directives that lead to suboptimal routing, i.e., erroneous
>>    subscriptions following predictive handover operations, or slow
>>    effective leaves caused by MLD querying, or by departure of the MN
>>    from a previous network without leaving the subscribed groups.
>>   
> 
> I had a hard time parsing this. Maybe say instead: "Mobility management 
> may impact routing by, e.g., erroneous ... or by MNs leaving networks 
> without unsubscribing form the groups they were receiving.". What's a 
> "slow effective leave"?
> 

We replaced the first part as suggested.

2nd part changed to: "slow traffic termination at leaf nodes resulting 
from MLD query timeouts"
Hope this is clearer, now.

>> IP multicast deployment in general has been hesitant over the past 15
>>    years
> 
> s/hesitant/slow/?
> 
Changed.

>> a strong business case for IP
>>    portables
> ... portable IP-based devices.
> 
Changed.

>> Current packet filtering practice causes inter-working problems 
>> between Mobile IPv6 nodes connected via GPRS [46 
>> <http://tools.ietf.org/html/draft-irtf-mobopts-mmcastv6-ps-08#ref-46>].
>>   
> This is incorrect AFAIK. There are filtering procedures in IMS that 
> cause problems for Mobile IPv6 and other things. However, those 
> filtering mechanisms are not a part of the link layer nor are they 
> applied for regular Internet access. I would suggest this statement be 
> deleted from the draft, along with the reference.

D'accord: this isn't really important text. We removed as suggested.

> 
>> PTM uses an
>>    unidirectional common channel, operating in unacknowledged without
>>    adjustment of power levels and no reporting on lost packets.
>>   
> 
> ... unacknowledged mode?
> 

Yes, of course: thanks!

>>  Mobility services transport for MIH naturally reside
>>    on the network layer and are currently in the process of
>>    specification [55 
>> <http://tools.ietf.org/html/draft-irtf-mobopts-mmcastv6-ps-08#ref-55>].
>>
>>   
> draft-ietf-mipshop-mstp-solution is an approved specification (though 
> not yet out of the RFC Ed queue).
> 

O.K.: we changed to "have been specified" and refer to the draft ---
RFC-Ed can replace with this an RFC No when published.

> Also, I believe 802.21 specifies both network and link layer transport, 
> so its not clear why you say "naturally" above.
> 

Yes, but the point here was a bit different: Given link layer 
heterogeneity (beyond IEEE protocols) and the need to transfer states of 
multicast context, an abstraction above layer 2 is needed.

We changed the sentence to
"Mobility services transport for MIH are required as an abstraction for 
layer 2 multicast service transfer in an Internet context [54] and are 
specified in [55]."

> In general Section 4 wanders off a little bit to topics outside 
> multicast. I understand that some amount of explanation is needed about 
> what each L2 technology does, but I'd consider tightening the text in 
> AUTH48 in some places.
>

We agree that wireless link layer issues and mobile multicast routing 
are distinct topics and should be designed independently. However, 
mapping group communication well to distribution techniques on a shared 
link (s.a. in wireless) is  an important challenge (the efficiency of 
group communication increases with lowering the layers). And - as Rajeev 
& Charlie nicely state in their book - "It's hard to imagine being 
mobile without assuming wireless" ;)

So we tried to summarize the clues of l2 multicast capabilities - even 
if being a bit verbose. Following your hint, we tightened the text at 
many occasions, which is difficult to enumerate but easy to see from the 
diff.

>> MLD
>>    router querying will allow the multicast forwarding state to be
>>    restored in case of an erroneous prediction (i.e., an anticipated
>>    move to a network that is not fulfilled).
> fulfilled?
> 

Reworded: "has not taken place".

>>    Mobility protocols need to consider the implications and requirements
>>    for AAA. AAA binding records may change between attachments, or may
>>    be individually chosen prior to network (re-)association. The most
>>    appropriate network path may be one that satisfies user preferences,
>>    e.g., to use/avoid a specific network, minimize monetary cost, etc,
>>    rather than one that only minimizes the routing cost. Consequently,
>>    AAA bindings cannot be treated at a pure level of context transfer.
>>   
> It was not clear to me why AAA is relevant. And what's an "AAA binding 
> record"? I must say that I don't understand the rest of the paragraph 
> either.
> 
> The term AAA was not defined or expanded. Please check the other terms too.
> 

The issue pointed at here is that multicast (as a special per group 
service) may not be part of the standard connectivity offer of an 
operator (example: IPTV - realized as a multicast service - is offered 
as an additional, charged service by a number of European providers 
today). Re-routing may involve provider changes and thus be incompatible 
with "seamless/unnoticed network management operations".
This paragraph is an outcome of a discussion with Dave Thaler and Bill 
Atwood.

We reworded as follows:

"Mobility protocols need to consider the implications and requirements 
for Authentication, Authorization and Accounting (AAA). A MN may have 
been authorized to receive a specific multicast group when using one 
mobile network, but this may not be valid when attaching to a different 
network. In general, the AAA association for an MN may change between 
attachments, or may be individually chosen prior to network 
(re-)association. The most appropriate network path may be one that 
satisfies user preferences, e.g., to use/avoid a specific network, 
minimize monetary cost, etc, rather than one that only minimizes the 
routing cost. Consequently, AAA bindings may need to be considered when 
performing context transfer."

Better now?

>> Due to lack of feedback, the admission [83 
>> <http://tools.ietf.org/html/draft-irtf-mobopts-mmcastv6-ps-08#ref-83>] 
>> and binding
>>    updates [84 
>> <http://tools.ietf.org/html/draft-irtf-mobopts-mmcastv6-ps-08#ref-84>] 
>> of mobile multicast sources require autonomously
>>    verifiable authentication as can be achieved by Cryptographically
>>    Generated Addresses (CGAs).
>>   
> And presumably with other means as well. I would suggest saying "... be 
> achieved by, for instance, ...".

O.K. - changed.

> 
> It would have been interesting if Section 8 listed some of the multicast 
> specific issues around security. For instance, I would presume that a HA 
> operating tunneled multicast service by n-casting is more vulnerable to 
> a DoS attack than some other more native multicast solution.
> 

Multicast security concerns and counter measures is indeed a large issue 
- we don't know of any sufficiently general reference. Instead, we have 
added the following paragraph:

"Multicast protocols exhibit a risk of network-based traffic 
amplification. For example, an attacker may abuse mobility signaling to 
inject unwanted traffic into a previously established multicast 
distribution infrastructure. These threats are partially mitigated by 
reverse path forwarding checks by multicast routers. However, a 
multicast or mobility agent that explicitly replicates multicast 
streams, e.g., Home Agent that n-casts data, may be vulnerable to denial 
of service attacks. In addition to source authentication, a rate control 
of the replicator may be required to protect the agent and the 
downstream network."

We know there could be a larger story on multicast security, which 
interferes with mobility. However, given the focus of this document to 
address only a brief survey of the design space, we think it should 
suffice to only sketch the security concerns and leave details to actual 
protocol design.

-- 

Prof. Dr. Thomas C. Schmidt
° Hamburg University of Applied Sciences                   Berliner Tor 7 °
° Dept. Informatik, Internet Technologies Group    20099 Hamburg, Germany °
° http://www.haw-hamburg.de/inet                   Fon: +49-40-42875-8452 °
° http://www.informatik.haw-hamburg.de/~schmidt    Fax: +49-40-42875-8409 °