Re: [pim] Benjamin Kaduk's Discuss on draft-ietf-pim-igmp-mld-yang-13: (with DISCUSS and COMMENT)

Benjamin Kaduk <> Wed, 29 May 2019 15:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C22AC120220; Wed, 29 May 2019 08:39:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xDfmBeAUUjwT; Wed, 29 May 2019 08:39:12 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8A1911201EE; Wed, 29 May 2019 08:39:12 -0700 (PDT)
Received: from ( []) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by (8.14.7/8.12.4) with ESMTP id x4TFd6Ad006730 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 29 May 2019 11:39:09 -0400
Date: Wed, 29 May 2019 08:39:06 -0700
From: Benjamin Kaduk <>
To: Alvaro Retana <>
Cc: The IESG <>, Stig Venaas <>,,,
Message-ID: <>
References: <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <>
Subject: Re: [pim] Benjamin Kaduk's Discuss on draft-ietf-pim-igmp-mld-yang-13: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Protocol Independent Multicast <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 29 May 2019 15:39:15 -0000

On Wed, May 29, 2019 at 09:12:00AM -0400, Alvaro Retana wrote:
> On May 26, 2019 at 10:15:05 PM, Benjamin Kaduk via Datatracker (
> wrote:
> Ben:
> Hi!
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> Let’s first take a step back.  IGMP/MLD have the function of managing
> multicast groups, as MLD’s name (Multicast Listener Discovery) suggests,
> the protocols already collect information related to which hosts are
> interested in which multicast groups.  §3 of rfc6636 has a good description:
>    Mobile hosts use IGMP and MLD to make a request to join or leave
>    multicast sessions.  When an adjacent upstream router receives the
>    IGMP/MLD Report messages, it recognizes the membership status on the
>    link.  To update the membership status reliably, the router sends
>    IGMP/MLD Query messages periodically, and sends Group-Specific and/or
>    Group-and-Source-Specific Queries when a member host reports its
>    leave.  An IGMP/MLD Query is therefore necessary to obtain up-to-date
>    membership information, but a large number of the reply messages sent
>    from all member hosts may cause network congestion or consume network
>    bandwidth.
> “Explicit Membership Tracking” is simply the realization of the ability of
> the router to remember the membership to save network resources and shorten
> group leave time.  Yes, the name is probably not the best, specially if
> we’re worried about privacy, but the protocols already expose that
> information.  IOW, the ability to know the hosts is not new.

That basically matches my expectation -- to put it glibly, the difference
between having a cached copy of the recipient list on hand (to potentially
be exfiltrated, if one is thinking in a paranoid fashion) versus needing to
go out and fetch the recipient list.  So the relevant security considerations
are actually pretty minor, in the grand scheme of things...

> Note that anyone on the link can listen to the Reports…so there’s no need
> to get access to the YANG information, or even implement explicit tracking,
> to know which host is interested in what.  From that point of view, I think
> that any privacy consideration should have been in the IGMP/MLD specs
> (rfc3376/rfc3810), but those documents only focus their Security
> Considerations on the impact/mitigation of forged messages.
> draft-ietf-pim-explicit-tracking had the intent of specifying Explicit
> Membership Tracking.  However, a couple of attempts for publication have
> resulted in the document being sent back to the WG, first as a result of
> the IESG Evaluation…and later my me.  In both cases the reason can be
> summarized as there not being enough clarity for it to be in the Standards
> Track.  The WG seems to have lost interest…. As described there, there are
> "various ways to implement the explicit tracking function…[it] does not
> change on-wire behavior, and the function or mechanisms described in this
> document do not break the interoperability between the existing
> implementations and the implementation based on this specification.”  IOW,
> multiple implementations can co-exist...
> Having said that, I don’t think the YANG module is the right place to
> document the privacy considerations of information that has existed in the
> protocols “forever" (IGMPv1 was specified in rfc1112 and MLDv1 in rfc2710).

... and given that I agree that the YANG module is not the right place to
document this stuff, the right answer may just be "do nothing".  The main
other option that comes to mind would be to write a separate short document
with "additional [security|privacy] considerations for internet multicast
protocols", but absent some forcing function I don't expect such a document
to get written/published.

Mostly I just wanted to have someone who knows more about the existing documents
than I do to take a look and see if there's an obvious place to mention this,
but since it sounds like there isn't one, I'll go ahead and clear.

Thanks for the discussion!