Re: [netmod] TSV-ART review of draft-ietf-netmod-acl-model-19
Allison Mankin <allison.mankin@gmail.com> Tue, 10 July 2018 19:15 UTC
Return-Path: <allison.mankin@gmail.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB5AA131056; Tue, 10 Jul 2018 12:15:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IM5BHS2JR5OR; Tue, 10 Jul 2018 12:15:41 -0700 (PDT)
Received: from mail-pl0-x22c.google.com (mail-pl0-x22c.google.com [IPv6:2607:f8b0:400e:c01::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 851A9130E6E; Tue, 10 Jul 2018 12:15:41 -0700 (PDT)
Received: by mail-pl0-x22c.google.com with SMTP id c41-v6so8036465plj.10; Tue, 10 Jul 2018 12:15:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=AdSsOOJF9eK3gWw5/3JssNhqIzSkkhE4Ugzmamtcx24=; b=iTdSe3g9N7PHJrutDBYJsDm8/NAGG81BbWHuRsWoAp7MoWh6r8+7GWah92W8ttuJhJ l+/IbXJBSecnp+5E8e0tV6hUWJ/eNM35rqGTGE4u0rsZUvrdhn4RAL1pO9FLfwVSrXGh 6BDQJCCnXHRntjoE3o0lOANztem639XToG1TYdHQxRyXXbCDWygyqzdCoEcrHrB4AGiW SxHjYGy+e+afAjsm0653Vb0Jl+FNB6AYxI+YJshcex8Nu64APLvs1WEAut27qUnbPbfK VXiwatIuCvQHOAWS7jFx1Yn5oQDPR/shP2AUsJ/zKNnJO9pJJXdojmmpWVxNW9biu/sX Tp6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=AdSsOOJF9eK3gWw5/3JssNhqIzSkkhE4Ugzmamtcx24=; b=YloVrNQRmrYDHcjbaoIQ24735CQTUlYM7E36aP2Kb8WJOhOjOBEII6zYcUNXv0dQ4A Ak3VNdOA9H+Y/GrjIJky4r9mcv9gC0kuoI00SDpd/xZAnoCR2QeMiIZQr9uxqQvlnfYo QfYSWCJsIQ9H3U1RF2CNADDraUQ8FUglDtgU4JOTMQLG0Fol2Pha1Dt7AZDbDk+pUCxg If2wX8g6vm8rO3HlL0RDGyudwVEQD43xSoB/q0YS6U7mN2eUwCewLktm1ii1EBMzVfbq i3TB/BTRChSsYugYKCJlqA7iAJbDDwJvjrw/BA3apZNlEl9x9hlpnz58LxHZg1Yr56ar 4LsQ==
X-Gm-Message-State: APt69E1c6C+Owx7Rh1bq5aVI2cVr28vsdIZlbl8K8ZMjRT4lW8TxTmkx sxXUe5sNjiqu9f885NhUZaQtYZV95S9Jz+NH42I=
X-Google-Smtp-Source: AAOMgpe65xwpm8LgNSSkYmFkR58JCH6gJUCpB+FJibS6OQV+l5DeO5Rxfuhvi0Q6Kb0fa9dPe04+oSQ1zvpu4xxFleA=
X-Received: by 2002:a17:902:7481:: with SMTP id h1-v6mr26453382pll.183.1531250141067; Tue, 10 Jul 2018 12:15:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a17:90a:ac18:0:0:0:0 with HTTP; Tue, 10 Jul 2018 12:15:40 -0700 (PDT)
In-Reply-To: <CAMMHi8jd5bGxN99M4O6yRe3CsR6GHVw4vCdEwm6fQ4UwZoL4gg@mail.gmail.com>
References: <CAP8yD=ur9Swpz92sRrJOp0r5ARp16Zhwmse7Q67sg+2okLEYOA@mail.gmail.com> <CAMMHi8jd5bGxN99M4O6yRe3CsR6GHVw4vCdEwm6fQ4UwZoL4gg@mail.gmail.com>
From: Allison Mankin <allison.mankin@gmail.com>
Date: Tue, 10 Jul 2018 15:15:40 -0400
Message-ID: <CAP8yD=v=e9VZ_cMR7RhssoD4sn5DDL0sJngCE8SbGpNJTDKBpQ@mail.gmail.com>
To: Sonal Agarwal <sagarwal12@gmail.com>
Cc: Transport Area Review Team <tsv-art@ietf.org>, "netmod@ietf.org" <netmod@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b87fff0570a9f4ab"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/anQW5kOEnDllXZbZaSlFMtwLwyA>
Subject: Re: [netmod] TSV-ART review of draft-ietf-netmod-acl-model-19
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jul 2018 19:15:46 -0000
Sonal, I’m very familiar with the flags and fields of TCP. My question is what are the use cases for and ACL to match on URG, PSH, or the sequence numbers? Allison (for the Transport Area review team) On Tuesday, 10 July 2018, Sonal Agarwal <sagarwal12@gmail.com> wrote: > Hi Allison, > > Please see inline: > > Thanks, > Sonal. > > On Mon, Jul 9, 2018 at 12:43 PM, Allison Mankin <allison.mankin@gmail.com> > wrote: > >> I've reviewed this document as part of the transport area review team's >> ongoing effort to review key IETF documents. These comments were written >> primarily for the transport area directors, but are copied to the >> document's authors for their information and to allow them to address any >> issues raised. When done at the time of IETF Last Call, the authors should >> consider this review together with any other last-call comments they >> receive. Please always CC tsv-art@… if you reply to or forward this >> review.. >> >> Summary: >> Almost Ready (but I do have a question) >> >> Technicals: >> I reviewed that the details about TCP, UDP, ECN, and DSCP are consistent >> with the specifications, and that the specifications are accurate. The >> model is accurate for these. >> >> >> Question: >> What is the use case for ACLs referencing TCP PSH and URG flags, and >> sequence numbers? These are not very predictable and I would think not >> very useful for the work that ACLs do, but I'm willing to be informed. >> >> [SA] The use case for this would be for applications that use ACL's and >> require high levels of security. Enumerating all the supported flags and >> their bit positions makes it clear to the user. These flags and the >> sequence number are all part of the TCP header. https://en.wikipedia. >> org/wiki/Transmission_Control_Protocol >> > > >> >> >> >> _______________________________________________ >> netmod mailing list >> netmod@ietf.org >> https://www.ietf.org/mailman/listinfo/netmod >> >> >
- [netmod] TSV-ART review of draft-ietf-netmod-acl-… Allison Mankin
- Re: [netmod] TSV-ART review of draft-ietf-netmod-… Sonal Agarwal
- Re: [netmod] TSV-ART review of draft-ietf-netmod-… Allison Mankin
- Re: [netmod] TSV-ART review of draft-ietf-netmod-… Sonal Agarwal