IETF Logo Mail Archive

Re: [NSIS] AD review comments of draft-ietf-nsis-qos-nslp-16

Roland Bless <bless@tm.uka.de> Tue, 13 October 2009 12:31 UTC

Return-Path: <bless@tm.uka.de>
X-Original-To: nsis@core3.amsl.com
Delivered-To: nsis@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0809B28C17B for <nsis@core3.amsl.com>; Tue, 13 Oct 2009 05:31:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.249
X-Spam-Level:
X-Spam-Status: No, score=-6.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vDVNnOEiQlbj for <nsis@core3.amsl.com>; Tue, 13 Oct 2009 05:31:02 -0700 (PDT)
Received: from iramx2.ira.uni-karlsruhe.de (iramx2.ira.uni-karlsruhe.de [141.3.10.81]) by core3.amsl.com (Postfix) with ESMTP id 5F85228C175 for <nsis@ietf.org>; Tue, 13 Oct 2009 05:31:02 -0700 (PDT)
Received: from irams1.ira.uni-karlsruhe.de ([141.3.10.5]) by iramx2.ira.uni-karlsruhe.de with esmtps port 25 id 1MxgWm-0007b5-1k; Tue, 13 Oct 2009 14:31:01 +0200
Received: from i72ms.tm.uni-karlsruhe.de ([141.3.70.5] helo=smtp.ipv6.tm.uni-karlsruhe.de) by irams1.ira.uni-karlsruhe.de with esmtps port 25 id 1MxgWl-0007J6-RQ; Tue, 13 Oct 2009 14:30:55 +0200
Received: from vorta.tm.uka.de (vorta.ipv6.tm.uni-karlsruhe.de [IPv6:2001:638:204:6:21b:fcff:fe96:fe02]) by smtp.ipv6.tm.uni-karlsruhe.de (Postfix) with ESMTP id C29942FC008; Tue, 13 Oct 2009 14:30:55 +0200 (CEST)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by vorta.tm.uka.de (Postfix) with ESMTP id AA7701016B; Tue, 13 Oct 2009 14:30:55 +0200 (CEST)
Message-ID: <4AD472FF.4060306@tm.uka.de>
Date: Tue, 13 Oct 2009 14:30:55 +0200
From: Roland Bless <bless@tm.uka.de>
Organization: Institute of Telematics, University of Karlsruhe
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060111 Thunderbird/1.5 Mnenhy/0.7.3.0
MIME-Version: 1.0
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
References: <4AC4B492.6070005@ericsson.com>
In-Reply-To: <4AC4B492.6070005@ericsson.com>
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-ATIS-AV: ClamAV (irams1.ira.uni-karlsruhe.de)
X-ATIS-AV: ClamAV (iramx2.ira.uni-karlsruhe.de)
X-ATIS-AV: Kaspersky (iramx2.ira.uni-karlsruhe.de)
X-ATIS-Timestamp: iramx2.ira.uni-karlsruhe.de 1255437061.963792000
Cc: draft-ietf-nsis-qos-nslp@tools.ietf.org, NSIS <nsis@ietf.org>
Subject: Re: [NSIS] AD review comments of draft-ietf-nsis-qos-nslp-16
X-BeenThere: nsis@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Next Steps in Signaling <nsis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nsis>
List-Post: <mailto:nsis@ietf.org>
List-Help: <mailto:nsis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Oct 2009 12:31:04 -0000

Hi Magnus,

I'll try to answer C. and D.

Magnus Westerlund wrote:
> B. Section 3.1.3 contains a reference to draft-manner-nsis-nslp-auth.
> This is an informational reference. But I do wonder about the security
> solution and its need to carry authentication information. No, I don't
> want to make this a normative reference. But I do wonder how the WG
> plans to present the lack of even one fully specified security solution,
> even if this is going for experimental.

This is indeed a good point. Without the session authorization object,
there is only TLS transport security in a hop-by-hop manner, which is
also not related to individual sessions or users. So the above draft
is indeed very useful.

> C. Section 3.2.12.1: How long does it take to detect that a new down
> stream peer exist, or that truncation has happened?

Route change detections depends on the GIST route change detection
mechanisms, at latest the next GIST probing Query message
sent. Details are described in section 4.4.4. of the GIST draft, so
in the default case of 30s routing state validity probing Querys are
sent in the interval [15s...22.5s]. In some cases GIST may detect
route changes faster and thus send a new Query earlier. Route change
detection requires the three-way GIST handshake to be completed first
though (i.e., at least RTT for GIST Query/Response pair).
In case of path truncation, one must distinguish whether the new
next hop is GIST aware or not. The draft describes the former case,
so GIST will respond with "Unknown NSLPID" error in the GIST Response
to the Query and the same duration as above can be expected. In the
latter case of a non GIST-aware hop it takes longer, because the
querying node may perform retransmissions and exponentially backup,
so in this case we get a default 127*500ms=63.5s (T1=500ms, T2=64s)
as worst case. But as indicated in 5.3.3 of the GIST draft, NSLPs may
bound this response time by limiting T2 in the sendmessage() primitive
explicitly.

> D. Section 4.6, page 35, second paragraph. It is not clear to me how (1)
> can be guaranteed to arrive prior to (2), or if both message are sent
> width bound to the other one?

That's exactly the motivation for the message binding. You cannot
guarantee it, so both messages have to wait on each other. This case
is described on p. 36: "Triggering message" (3) arrives before waiting
(bound) message (1). Usually the waiting condition is then already
satisfied, so (1) can be processed immediately. I'm not sure that I
understand the last part of your question correctly, but (1) will
contain a BOUND_MSG_ID and (2) and (3) will carry the corresponding
MSG_ID.

Regards,
 Roland

v2.23.0 | Report a Bug | By Email