IETF Logo Mail Archive

Re: [pcp] WGLC: draft-ietf-pcp-anycast-02 comments due by NOV 10

Markus Stenberg <markus.stenberg@iki.fi> Thu, 30 October 2014 08:33 UTC

Return-Path: <markus.stenberg@iki.fi>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B059B1A1A2A for <pcp@ietfa.amsl.com>; Thu, 30 Oct 2014 01:33:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.579
X-Spam-Level: *
X-Spam-Status: No, score=1.579 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CnGRG8nrUBS9 for <pcp@ietfa.amsl.com>; Thu, 30 Oct 2014 01:33:18 -0700 (PDT)
Received: from kirsi2.inet.fi (mta-out1.inet.fi [62.71.2.194]) by ietfa.amsl.com (Postfix) with ESMTP id 8CC371A1A03 for <pcp@ietf.org>; Thu, 30 Oct 2014 01:33:17 -0700 (PDT)
Received: from poro.lan (80.220.64.126) by kirsi2.inet.fi (8.5.142.08) (authenticated as stenma-47) id 541AB6BA005B777B; Thu, 30 Oct 2014 10:33:12 +0200
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Markus Stenberg <markus.stenberg@iki.fi>
In-Reply-To: <0d54be2504534facaaaddfb275ba982d@BY2PR03MB412.namprd03.prod.outlook.com>
Date: Thu, 30 Oct 2014 10:33:12 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <E9BFF7F2-AF64-4787-BFD6-C4F619C95B04@iki.fi>
References: <0d54be2504534facaaaddfb275ba982d@BY2PR03MB412.namprd03.prod.outlook.com>
To: Dave Thaler <dthaler@microsoft.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/pcp/BsI6JSw_kiuqluCrE8i8kKrZHTY
Cc: "pcp@ietf.org" <pcp@ietf.org>
Subject: Re: [pcp] WGLC: draft-ietf-pcp-anycast-02 comments due by NOV 10
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp/>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Oct 2014 08:33:20 -0000

On 27.10.2014, at 22.23, Dave Thaler <dthaler@microsoft.com> wrote:
> This email initiates a Working Group Last Call on : draft-ietf-pcp-anycast-02 to conclude on
> Monday, November 10th at the PCP WG meeting in Honolulu.  Please send comments to the list.
>  
> As a reminder, when responding to a WGLC, what we chairs are looking for is a statement about
> document quality (not really about whether the mechanism should move forward).  That is,
> state whether you think the document is ready as is, or if not, what issues you see.

I think the document (and the mechanism) is mostly fine and needed.

What I am wondering about is security considerations section; given implementations not aware of this draft, a host on the inner side can also advertise the anycast address, and potentially get traffic meant for first-hop PCP server. Given the scheme defined in section 2.1 (SHOULD use first-hop first), it is possible, although not probable. But still, I would say the same problem is both on local network(s) _and_ on the other side of the firewall.

(It could also state that finding (platform independently) next-hop gateway programmatically can be hard for pure ‘applications’ sometimes, but I wonder if this is too much detail. But if app just chose anycast address, the above SHOULD would not be followed and the security considerations problems would be more severe.)

Also.. Is there actually defined mechanism to redirect or provide list of PCP servers that is mentioned in the introduction?

Cheers,

-Markus

v2.23.0 | Report a Bug | By Email