[pim] Re: Artart last call review of draft-ietf-pim-3228bis-05

"Martin J. Dürst" <duerst@it.aoyama.ac.jp> Wed, 05 June 2024 09:50 UTC

Return-Path: <duerst@it.aoyama.ac.jp>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10408C15106F; Wed, 5 Jun 2024 02:50:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=itaoyama.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hIJV-a7jMeIr; Wed, 5 Jun 2024 02:50:40 -0700 (PDT)
Received: from JPN01-OS0-obe.outbound.protection.outlook.com (mail-os0jpn01on2092.outbound.protection.outlook.com [40.107.113.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89341C151068; Wed, 5 Jun 2024 02:50:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X4yuQSZIGtdwjGE0fcUWwK27nwuOuS+aa54c9dOFldApkXv5JmDDeBbcDGn4Rq5+Zr/rhPBzV2EuqEIeQt3r5mHvZaivu6xrNMPC0byJLEnJrXosUpV8L2bIDAH4OF3yV4NFAYU5qKeA7o8D+Zq5nZNptHo1wpMi1HEOtNQNNHC6trtRLsXXvkAyBZPlDf9dCU3Obw0aI8t2pzzImoDBN422UjkxM+Zg9tmQCRU983MyqMebwnAOd4L7XwTFW6fT0vAEeIRvqWFYIZyRb6Zol2bgi4TW5AYOlOldJvL4rALTE0Naa3ZJjAFZT+ekBy0RunjJD0+aDsjrRYOMxvp0fw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PoFiQVjI+CGvl+RGIOkMWWPYfpmXQhP8+qWO2Wzs7rk=; b=bRzxwrJ/mUcwtQEaKDhaJM/HiPQiA/A4wd90i7PU5/8OtWq0Bhcm2jStGyuziAJdGrXPnvlVuyz/7lC7u/p4GSdtlv0pcOhLfoIASdcNw0LsI16yMyE5kiqJPbh0E2yv5JAqo45UbDDcbhdiWt1kQjU2wZVBzxj+c2J5AbL6bPHvdnoEh7AcRoDvNVTupr7xtcx7F8I5ROMJv2vyyEVdBuIlan7k0D5a8OCmZlIXFqCnhhFA9czXHkh146Ql9IdbzHHV3zkLCYhinQ1a42CO8l24j8X9j8F/bD3y1IBQ+dam7FPQqCpTAAzaYFCLqTBknK0awPos1F5oPi+0iS8YXw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=it.aoyama.ac.jp; dmarc=pass action=none header.from=it.aoyama.ac.jp; dkim=pass header.d=it.aoyama.ac.jp; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=itaoyama.onmicrosoft.com; s=selector2-itaoyama-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PoFiQVjI+CGvl+RGIOkMWWPYfpmXQhP8+qWO2Wzs7rk=; b=KsQHviWbNmlUonCYiY6mKXUlkP6K4n4puVeLFM8X18ekmSyj3kTmpnAcXdjzUjobpJVpqNL4JHc1Gmn7ivP6EkOqASh4AjMp08VOFE7EhXfuPYdgjSsZZo8r0LXEOFJy+9CrFxdNufGsGEW+YCl7LFyntvmSMJ0fdPEy4m+1Dgs=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=it.aoyama.ac.jp;
Received: from OS7PR01MB11468.jpnprd01.prod.outlook.com (2603:1096:604:23c::10) by OS3PR01MB8587.jpnprd01.prod.outlook.com (2603:1096:604:19c::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.31; Wed, 5 Jun 2024 09:50:35 +0000
Received: from OS7PR01MB11468.jpnprd01.prod.outlook.com ([fe80::b1ca:6bb5:acdb:e1ee]) by OS7PR01MB11468.jpnprd01.prod.outlook.com ([fe80::b1ca:6bb5:acdb:e1ee%4]) with mapi id 15.20.7633.021; Wed, 5 Jun 2024 09:50:35 +0000
Message-ID: <a310117b-d5d3-4aeb-bbe8-2a8927c67699@it.aoyama.ac.jp>
Date: Wed, 05 Jun 2024 18:50:32 +0900
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Brian Haberman <brian@innovationslab.net>, art@ietf.org
References: <171749084536.37257.3498399355231855483@ietfa.amsl.com> <cec9d2aa-e577-4659-b929-0199301c0641@innovationslab.net>
From: "Martin J. Dürst" <duerst@it.aoyama.ac.jp>
Organization: Aoyama Gakuin University
In-Reply-To: <cec9d2aa-e577-4659-b929-0199301c0641@innovationslab.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: TYCPR01CA0198.jpnprd01.prod.outlook.com (2603:1096:405:7a::19) To OS7PR01MB11468.jpnprd01.prod.outlook.com (2603:1096:604:23c::10)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: OS7PR01MB11468:EE_|OS3PR01MB8587:EE_
X-MS-Office365-Filtering-Correlation-Id: 59c0c991-925b-4879-ff0b-08dc8544f292
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230031|376005|1800799015|366007|41320700004;
X-Microsoft-Antispam-Message-Info: RL7c4SC4bmCsw3FO43yPjuoNZtV3v0YFSOXygSlPtfkKmPuerDh9kS4nln41u5btD82lwqmHX9P8AQapru0Ywlctaevn900saJOi/EUx5JJwsaSka9XkLxS72oh2IgJXHyCte86g3YYcEHoEgSfH622EQFOOYfYKdU4kko9E2bHLZ8N+4BR96BQvdmmh5Rp2DpAlZEGHGB5z3TwBBYbFDS78Bo2fKVePRYFpOYL7Jkma5typxvIWpyakEP3Ly4IWT4x7WIej0J8hL3DKOtXvfK1pitKiRSKeK6l0xlT1IJXnIgwUIV6D6rWfiRxha3C9ABDRLFZ32rDGLnLffyh4DMizzM6hIO2EjHSjav4tPlHHHf4wR8OxiKMGFYOoRIrZLEAKSiYCXYBTCvLMNmAbOcpEQ7gk0bUIKY1Wt9jUGhKHMNKEloxzkROlIA0irkMfhOwy5K9XVSGfcFsJJ5BlfXSZ6vee6jhU5JzDpqFpfD7Yn8HswEIzVB4qiPnkfvMtaDO4PeCrq1SAY/Qtmnk2OcO/R77lkMQk4+yC1c0gKmaUF5ek0hqFxu6sHfl4AraS3Gq2Owm8ZtFzMD1h4Mu6kP4PviBvervq28Zx2LecAlAocJOBvOjqkBWKTiuKogzyxA4QXh/g+k5LPRmTldC6xz5+4C9cEqOy6usYpwtN4ycaVz81pbG5rHRYnwWL/mfns57ZKrjiAj8nhMbu33pbNpu1IkuXEmz3gRjkw0VmxvXE9tO2fzC5tVsKqhM6FnDaMsze/rqii9DZxWpKoXomwh6ro1h8lYX/lzWfn2VFkWkntQKrKUsorlH7iCc14Qnsgv1HcZlVzxUFBx8hMf3HAAcwa7HwujJDWApQF9xEZwkhZQ2A8Q0dD2E9DZ7wyZcJPdmw8rBAG2/yNb0FkecDTLMofMTca23h8sSrdyrgpUOiHcA5rCt3QyHlmUyl36+EmYxeUTm2gO1NPLwYEQk+FwOspL8pICGrGIUtCrDaaCqg8daPGlsVVAhUgS6oFSfsWgxxzTx7YhgkYt5IoL7Keci0sC5yLysFdjDreB1kGWBu4BS7xn2rLGkUZk7ivIVs5M849LFhLeqZ4zHRfZmxQovEWqC8A2ouHq2KHGe/EvVbQYoHh09+5TIiOi4vFOwNutDpwQKszLgfhdzDNqUJTeMmOj/YBuehS9z7VRYh4AcqD5I+y0pdobHmrYNDhkSmdg+woyOXgIZVenhgqj3l27aqiCT5B73QVI3MMmmHPvtpwl94vURHuvSWlREw+Xl4PriekYY30C29nD6h5zVC1w==
X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:OS7PR01MB11468.jpnprd01.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(376005)(1800799015)(366007)(41320700004);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 8Bj2kWYqsze2izVcqngFmEuD6LmN/WAMEC9MdCcFBuALnMCQnIbWnENAySS9kot7ONbzj9NN8aFfVeoQiT85QvOsGDbvOt/nGIeQ86W/05Cozs/b8Kn+dSro588mWf1IN9KqxM1zIo8GYx2g92fON/T8XAbaedKqzmonFzl9GbkzJ1h20wT2SLJ5oU1IdYtxzmmkdvuKzVn+3KcpVfvvHjjocQiHXG8c/cPrDkidsazNzYqEqoCvesOjMg9/MJ71sRsZPDPmO/28laRuUbMNZAM8JTaBKBOyrP2vMkUxXQR5+5aN7WFM4+UYVeRFlo39VRxgdl7i5fyXQResSksycRWlewOUSXjnj6mFSwG+8XwRtX1kcZPc4J5pQkwEE8XqloAk5B80HMPRVm+no+guPviqjV8u2jgh1Jf0udUkCQAGWOSrh/P5pC5tVjJthj5SLhBaIo7i6VWrO2rYVyc8azWJrrFh+aOSwmhyoKdZEejo8Tse6yctNh3d3hpgTo6u3V7Bd3/5pDXPKxYcy5UaNhn5b4VHT2VeMWzAuDVq1wTxeTOdmLew9IfQZoSfaX3ZyvxXI3zxsPLPgunjD3BzPAmcpXBJfDEhzSRfOL/Yd7OfIV1nNug7aHqzOX9KxKkaDK0xDGOgKnnDsPkt/fya92sbj3I/uwEfRyW/p5OO7R5criLMGdozqU2le9K0EdK3MHVv1+0WfOpGyjy8w/RN/VI+A/5nnYT0NBb7iDGPTsnomzfGfpT/pReQI6kZDkP4oZ4s35K76opccoOAjSpYgr+DlvNlbfD0mlXiTehm7w+raJza8WUrswOzKPvLoozpG7FhzaFNcGuUR0QFK5QFPXzpfoxkAGlyC7phbQYcO3qmFMFHR/tcj4kJJWWmD03zd6iRUmETIBxKGhaiFO/kA4ggLAugUe6uNpl4pTBwIL5kdur8oTHtrM1gHeRuN9+aaAeXE2zyVBxGE+xh4o5Ppq99GwFUbyqpPSoEAojaTbce20G76qrpl/sW3f9XQgWaMRTuvBQkco3lj6UCz200aI0I2Esno6u5iYuEUVsrRQjLpRugKqilU5uIBik3KKIStqQWCdo6DsX5Rv4MtiDUjS4dw6i3L57AaFtpdeaUU5M85p49/0Vyl9IthHZiBp8o9g8AyeihL0B1sBThQkGu7Agrwr4UAKIX/46Mmb34W9dG3BHyDNWDUXhv7/7vzzpMgne0WC/V9l0YAbQvr/ZF4oFc5B/lFb/o9uidyid4JOJ1EupfVrwsu0a2UOuDi0PDMz6Vwx8kNGUpCbNGoW4nEH9yZzOvOSTye/wP3vkfT9hQ3BGk+vbHOXgykKexNsB5Jlxwq9Eie3KWvWLSXVxdb5nqRdkXIUMOYAZJXcjmiA3cihQMXsyVLlQFmWQ5gQGhM8RSZalg0Ida3i/Mg2NObCVo6RVTE7KGkl3umnWnl7eR2E91EiHMcwKx4NCX2Ym+Hrl0bXkNXyYW4YRDUBWzwwBe+vp4amKgrJjHBs1hOO8wPJaPepV9aBE+fsHq2S0nVeAigHu+jT0coFHvf3Hs68ceFPcdVVdQcvWxDrTnh5KDvqxPD8kjjaNc/9NzCzoV
X-OriginatorOrg: it.aoyama.ac.jp
X-MS-Exchange-CrossTenant-Network-Message-Id: 59c0c991-925b-4879-ff0b-08dc8544f292
X-MS-Exchange-CrossTenant-AuthSource: OS7PR01MB11468.jpnprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jun 2024 09:50:35.4509 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: e02030e7-4d45-463e-a968-0290e738c18e
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: d6CjMf60PezAVOy6OQpeoqUTIdU7kyIN1it+bM4rLEB4i+qO2MCFnVhNTrCZRO2WeV/HP5mjZZdbKJy1Inrijg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: OS3PR01MB8587
Message-ID-Hash: HIZVJNXIHT2IDJPX27Z6FKOW2WAJHIAC
X-Message-ID-Hash: HIZVJNXIHT2IDJPX27Z6FKOW2WAJHIAC
X-MailFrom: duerst@it.aoyama.ac.jp
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-pim.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-pim-3228bis.all@ietf.org, last-call@ietf.org, pim@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [pim] Re: Artart last call review of draft-ietf-pim-3228bis-05
List-Id: Protocol Independent Multicast <pim.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/Zh6BfAf8nHsNnJaUjuDaf-jf9oI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Owner: <mailto:pim-owner@ietf.org>
List-Post: <mailto:pim@ietf.org>
List-Subscribe: <mailto:pim-join@ietf.org>
List-Unsubscribe: <mailto:pim-leave@ietf.org>

Hello Brian,

Please see inline.

On 2024-06-04 22:31, Brian Haberman wrote:
> Hi Martin,
>       Thanks for the review! Some follow-up below...
> 
> On 6/4/24 4:47 AM, Martin Dürst via Datatracker wrote:
>> Reviewer: Martin Dürst
>> Review result: Ready with Issues
>>
>> This document obsoletes RFC 3228. I have read both RFC 3228 and this 
>> document,
>> they were both very short.
>>
>> The new document changes registry policy for Type and Code fields in 
>> the IPv4
>> IGMP header from IESG Approval or Standards Action to Standards Action
>> exclusively. It also creates new registries for Query Message Flags 
>> (in the
>> Multicast Listener Query Message and the IGMPv3 Query Message) and Report
>> Message Flags (in the Multicast Listener Report Message and the IGMPv3 
>> Report
>> Message). Each of them is populated with one entry, with Standards 
>> Action for
>> future entries.
>>
>> This is mostly a document about registry bookkeeping. I did not find any
>> application related issues.
>>
>> The main issue and only issue that I found is that the detailed (10 
>> lines)
>> security section was replaced with a one-liner in the new document, 
>> without
>> references elsewhere. As a result, there are some registries, but 
>> other than
>> "Standards Action", there is no advice at all for what should be 
>> considered
>> when planning additional registrations.
> 
> Several people provided feedback on the security text in 3228 and 
> essentially said that it didn't really help. In a sentence, 3228 said 
> that global visibility is needed for values in the fields in order to 
> assist security devices to know how to interpret them.

My reading was that it mainly pointed to the problems that might arise 
when new values were defined, but not yet implemented everywhere.
We could call this the compatibility issue or the upgrade issue.


> Would the following make sense?
> 
> OLD:
> This document only defines IANA registry actions and there are no 
> associated security issues.
> 
> NEW:
> The fields described in this document control the behavior of IGMP and 
> MLD. Incorrect interpretations of these fields can lead to unexpected 
> behavior or provide a vector of attack on multicast traffic, 
> infrastructure devices, servers, and multicast-enabled hosts. Proper 
> registration of used values provides the best opportunity for systems to 
> handle these messages appropriately.
> 
> The fields controlled by these registries are limited in size. 
> Assignments in these fields must be made carefully to ensure they are 
> not exhausted. The use of Standards Action helps protect these fields 
> from exhaustion.

All of the above isn't wrong, and I wouldn't oppose it. But it doesn't 
mention the compatibility/upgrade issue that was in the old document.

For my part, I'm fine with whatever the WG and the IESG is happy with. I 
just want to make sure that it's clear where I saw an issue.


Regards,   Martin.

> Regards,
> Brian