[pim] Re: Artart last call review of draft-ietf-pim-3228bis-05

Brian Haberman <brian@innovationslab.net> Tue, 04 June 2024 13:32 UTC

Return-Path: <brian@innovationslab.net>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64798C14F6E9 for <pim@ietfa.amsl.com>; Tue, 4 Jun 2024 06:32:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=innovationslab-net.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ddPSc3JdZOrg for <pim@ietfa.amsl.com>; Tue, 4 Jun 2024 06:31:58 -0700 (PDT)
Received: from mail-yw1-x112a.google.com (mail-yw1-x112a.google.com [IPv6:2607:f8b0:4864:20::112a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19698C14F6E2 for <pim@ietf.org>; Tue, 4 Jun 2024 06:31:58 -0700 (PDT)
Received: by mail-yw1-x112a.google.com with SMTP id 00721157ae682-62c6317d15cso53286987b3.2 for <pim@ietf.org>; Tue, 04 Jun 2024 06:31:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=innovationslab-net.20230601.gappssmtp.com; s=20230601; t=1717507917; x=1718112717; darn=ietf.org; h=in-reply-to:autocrypt:from:content-language:references:cc:to :subject:user-agent:mime-version:date:message-id:from:to:cc:subject :date:message-id:reply-to; bh=VknkbE6oyu/gZ7z8QXoe2pRPGkutaj3qiulp6jLRiz4=; b=UQ0ewcHjDZ63UXvalkXJDbtv2oXfxXQv7xq7/KQpfRkNwabmveGv4v8HBE9SVK4mOE 4sKA1EID1RxkR89rmqqRedjSLO7rpokGxiam/K9POHXmIwCacIjxqR227gqKLTZaDdjf BlAdCWDfCO5TFWO9nHzbOLCMVYDcPKWxa3g9gUsHEoJe/ZIYDlYfAzO7tTEAOf58DPXD l2jDUk9SQZ8ibILjuutkUyf9cogfUnFvxPNz5nsRShWuoTM/m115b9fK+gFOacq5di4F ulrVz8nk6VPaBEQL2FNM7oVLiofyh4hQtIKWWIVtlN/PpEai+mmxiHC9g/JF8TEwyxLY nVjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717507917; x=1718112717; h=in-reply-to:autocrypt:from:content-language:references:cc:to :subject:user-agent:mime-version:date:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=VknkbE6oyu/gZ7z8QXoe2pRPGkutaj3qiulp6jLRiz4=; b=Bw4lTJstR23x6WZqVkYWGepcJgTvsNM4TBwRN6Fb5XPJx2n5uMn+6L/kcT8I3qiQYS eMAkOdkaMQ0WIubjrWKoml5opJ20fOE2DK3ndfCfki2oWlNaOvv48NfFpSA5i2e7LupH dV2WdQTWVsBeuYnoD64dILlzkglRDZA483J1VlwDPLHIh+Z8NPixvw7ZnTEHK2HbnyCk AxPe22syg6l1yRdUYxkC16GhcDpCsI04KwK1UZrEWJSgndJOwyEy/PRJXI4Aj5b7UNCf 8Vlbz/JQES7F2GH2Po133oA+PVkLy0UHUKjvuJS5YFMOyyWnwshoGwbZVc3JO1YQkog6 eZDg==
X-Forwarded-Encrypted: i=1; AJvYcCVhn4mXWU5qtHKh61WAcLyaror8ZwZGrh2YhDpentm/eWaJihXtT4n6kd1mhqXjaFC6erBoV3WK/lHam+0=
X-Gm-Message-State: AOJu0YwSgOUeuL36Baqb61F4Z+U0sit9ZywnPu7JMMhBms+wqGMDFpiD onZf8GRx3XrUv0ZXTWKGd5HFmI4gvHICPvq0iDmam+h+KS7Et+XbcYnxgr9sxSk=
X-Google-Smtp-Source: AGHT+IHXb4EBw01hcuDZ1rFahW17rLfkfwg9cfyoNJjAxBPyUe1t9+CymFTZlANrt9kfusUxF1NzjQ==
X-Received: by 2002:a81:c205:0:b0:61a:b573:65f4 with SMTP id 00721157ae682-62c796887aamr110219477b3.6.1717507916931; Tue, 04 Jun 2024 06:31:56 -0700 (PDT)
Received: from [192.168.1.4] ([172.59.113.226]) by smtp.gmail.com with ESMTPSA id 00721157ae682-62c766c7043sm18275657b3.134.2024.06.04.06.31.56 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 04 Jun 2024 06:31:56 -0700 (PDT)
Message-ID: <cec9d2aa-e577-4659-b929-0199301c0641@innovationslab.net>
Date: Tue, 04 Jun 2024 09:31:54 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Martin Dürst <duerst@it.aoyama.ac.jp>, art@ietf.org
References: <171749084536.37257.3498399355231855483@ietfa.amsl.com>
Content-Language: en-US
From: Brian Haberman <brian@innovationslab.net>
Autocrypt: addr=brian@innovationslab.net; keydata= xsFNBGFCWtIBEAC2FIgMIrH27l4L1Uu+vxCBakOv0Y1nxsu61+aulA78two2kCl7OCF+myP8 KQHEFMoZSn+ZvR+QDFyhsHe7qDK0CVf1K3n97PptXG5kvbnDJdwVJV0w9zYC17/VDgGAKLqj 0iNDVc9mYg/zCYdPn616UAj7hNpFgc9f982gLokyR/xbMNvtOwOpToysK+7Oc25oOam0xuUx CHcE4BfzJHO2VmUgWHeTvxervtIeMcn5PUlQ4XhzYH88mLlI1Uno7W5Dfx8FjXLNNAq4aNBM 6QND2LRekYi75pSTFXNpYIZvmgVT/VB6SHpsyJ3Hkio4YqGkPiqCEcB6U1lArT2FmXnzsTOt 6ydx6ONClxtcOmoEWrES+8tU+knaCEo1/XOrWtivTFMzn3Mahf726XxQBG55FkhqQ/Mir70e mTtpm8MDf+Qj4o5OsSF01l0MMxwOPiB57pz+XuUoWvLEjLgnb83eY0/YpBJdYESL3zZ3zMBo zA65cUozqSGHwQnlE1ACRDKhsReSYmiPJR5o3pWvNf5z+1M3tyn4qpuPxFFA1X8tEstpoC9t QoX8oextRj9BXlJCcCOwSVbCN8buO7aJMN3PIwSewjYvNLMxLrMph/8jNAHIaZnIt3CRHAq6 RsEAv8VQBWruIyNyyX0N8upnOpvriqx1eI2yS/B/Z2D8fQoFewARAQABzSlCcmlhbiBIYWJl cm1hbiA8YnJpYW5AaW5ub3ZhdGlvbnNsYWIubmV0PsLBlAQTAQgAPhYhBKm74/fFK6tXux1c k5E020tPLWqqBQJhQlrSAhsDBQkHhh8tBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJE0 20tPLWqq9fAP/1BO1H3SxphcXPbIsuJ+LoBCoKhrIftwGrLZzyiHYyLSFJ/HWLH2Kv79XJP4 6GkpTCk3VfJp6LEjw9FItwXUn0BEf0LyEy1L7w81YXPq+e4kwTPaQI8CgnbpSS9HBkcUj2r9 bwCjf+QZMqfgbz4d2MkVdVrIM2XPLYQND+Xtu1tyTTnrvFndLQFkDdqHAM9HqoikoNqWqz5j JPaxpJfxqmWr86vNThI7sD0rgMX5TWj7Flngzv2G9/uGEz4rHOIwK6KKiXNKk79kTqjUCQ9j tXl8BC2LQj8xsnWeGISTMR3xbiBPeTX94686O6KcLl7QIVKVS+nqs2l2j2gaXo1AjhBXO7gP GFN+rZzPOUZnPQUek3FeQoZCkfC/ljWBPooCpBe2euv5uZ4NbfKHAr9nmmhg4Uh1IceMxMQ/ /kB2wXTbuoprWLkK02r/y9LyGI5zLqLNl0NG17erJ0NCke76xYJkKBYezgBj1pZmYQDC1Sox fKlsaFCWkBrcKuGWc49qbEtWVM8h/mw+0w5pFyKX733xa6A+S8TOPYng/qFYgauotV9unjjt b7Npn7XyYzypk7QqKo4zipBqpHKeQ96Y/FKXSHPuTVj7dGK3Dn4b0q9Dgti7ogCc8F3tJcZI E0R8Q+4TRcQ192dLvyyTrv4h9BY6q5aB56Z6dsn11TAx7YCAzsFNBGFCWtIBEACqN6OFHSNq jiPy8s05QTC2fCqi0G5CcbRFXcqmHDEKdwqHk5VuOEL8CcWKNzOEMCt6EJvNL4ivfeHs1e7f rfm08+0Da0xAFiab92B9lOTLfv/NkKZ3jakQs06rtSzX7tYDbnmDeX206Uqff1mDjsiXHoAJ fdW7CjNLdWp42B3fkSjUR8mUgeNPqO4Jhgd7d3tTN2ov7M0rS7kUoE6Gd01LmNoPUQ024g8G ecMXVBldgg78aKmehs5pSWLmoBfczymGmNT/++9B6btmy7ruU+febVXRaQJY7aqpkTL7oy4H 3LMRSy/0BXHm1WgO7201Aj7PuaXM424hAhzmAJhO5AvlT9PuS9eSaIP0sqgP7ZTX7UezVj1H Tv5VJtgHI1fiNfhd/KFqDQDGaKdlM0iysyPanSCscjsWqAG0Od2TPdSuURqvgt8suBZrAAfK d55Ovguy+8uCi047sQxShUonw7TxGl3FMAe04PBIOgMCB/uys4yDUjYrawrlNigvx60Nec+T ExE+qszoO57If3/rG78J2ntGjog+yTDNffkbzljcy3YDe3k/r+T2FKOcWxJTlwSWAs1aVLZ7 DWx73lpYrSNJxiU7PrPihfS/Doy3VfmfF/RbH/xmkuPvsyrVfd16pEEtHGi5hBk2KQyjVqi1 IWwXV9ZVOQFBE9nJ7i6A7Aw3EwARAQABwsF8BBgBCAAmFiEEqbvj98Urq1e7HVyTkTTbS08t aqoFAmFCWtICGwwFCQeGHy0ACgkQkTTbS08taqrpIBAAjc6GdUjCyVsZLYwV8bMM4loltFrx z/mroCIFW4PZ0u4zENaloQbHuhDx7Ii6mR9jRiVNbXP4XvuyhjlUO+pt6hGrPbzsmV9vGvN0 2nkGYmSpxQNEzHQf/CJyLhPWY5qTJlDEr4zHbloG2KRPQ6dv9mdRIyAwDxNDSq2tVlrJC+b4 hG9vYp9msCZspqVDRTzvRTZQoWAvGJUaUgZd/FLPTfFePAmX+enXkUKl332i82xNU/nTix73 WajK7WhWC2GugrEbi42fJgUKRtYWhY36QyxucB1VWUacn7iKt/eLfPrCVVsHP2j4vqjlL/HJ 38TvbqfI4WbXyXF630U7IOlMT8//vpo3Y8hjWw0p5dm22fyPcjfnqxDdDefKCJpN215JgvDi Ww42J+VDTsd+5FJYCSUqg3jXmJl1z6FewF5hjuUGf/VdKCrhFocfh1b8VFgne2M1vyNcPoS8 23lJOMpcVAmzFhmVl5y/az/kgPJzbQggSByv3pZZUlJttLKf9BSGwmKcoGEgNo8p/DUyMkQV kVCJdmnamJzYEa/s3XRasTZhoWzNSjIEfeJaLd8dVXTzByMzgYuj/raFP1UF33GQ8W+zr23b VLVc8pEjMQlWeRGfJRyvG4ZOYpFk0c7jw8LpERCd/1SGHL3RQ3CwOqouQgKV+0BjMbY6A6Vj CuWio7k=
In-Reply-To: <171749084536.37257.3498399355231855483@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------vszlu81IydrrSVPU80Vt0s0p"
Message-ID-Hash: IK7TO5R7XUDGUSKHHKSMFUQF7M2WYTNA
X-Message-ID-Hash: IK7TO5R7XUDGUSKHHKSMFUQF7M2WYTNA
X-MailFrom: brian@innovationslab.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-pim.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-pim-3228bis.all@ietf.org, last-call@ietf.org, pim@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [pim] Re: Artart last call review of draft-ietf-pim-3228bis-05
List-Id: Protocol Independent Multicast <pim.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/HBc3UYfCUKzGn94cm1Q-e_EfjyQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Owner: <mailto:pim-owner@ietf.org>
List-Post: <mailto:pim@ietf.org>
List-Subscribe: <mailto:pim-join@ietf.org>
List-Unsubscribe: <mailto:pim-leave@ietf.org>

Hi Martin,
      Thanks for the review! Some follow-up below...

On 6/4/24 4:47 AM, Martin Dürst via Datatracker wrote:
> Reviewer: Martin Dürst
> Review result: Ready with Issues
> 
> This document obsoletes RFC 3228. I have read both RFC 3228 and this document,
> they were both very short.
> 
> The new document changes registry policy for Type and Code fields in the IPv4
> IGMP header from IESG Approval or Standards Action to Standards Action
> exclusively. It also creates new registries for Query Message Flags (in the
> Multicast Listener Query Message and the IGMPv3 Query Message) and Report
> Message Flags (in the Multicast Listener Report Message and the IGMPv3 Report
> Message). Each of them is populated with one entry, with Standards Action for
> future entries.
> 
> This is mostly a document about registry bookkeeping. I did not find any
> application related issues.
> 
> The main issue and only issue that I found is that the detailed (10 lines)
> security section was replaced with a one-liner in the new document, without
> references elsewhere. As a result, there are some registries, but other than
> "Standards Action", there is no advice at all for what should be considered
> when planning additional registrations.

Several people provided feedback on the security text in 3228 and 
essentially said that it didn't really help. In a sentence, 3228 said 
that global visibility is needed for values in the fields in order to 
assist security devices to know how to interpret them.

Would the following make sense?

OLD:
This document only defines IANA registry actions and there are no 
associated security issues.

NEW:
The fields described in this document control the behavior of IGMP and 
MLD. Incorrect interpretations of these fields can lead to unexpected 
behavior or provide a vector of attack on multicast traffic, 
infrastructure devices, servers, and multicast-enabled hosts. Proper 
registration of used values provides the best opportunity for systems to 
handle these messages appropriately.

The fields controlled by these registries are limited in size. 
Assignments in these fields must be made carefully to ensure they are 
not exhausted. The use of Standards Action helps protect these fields 
from exhaustion.

Regards,
Brian