[pim] Re: [Shepherding AD review] review of draft-ietf-pim-light-03

"Gunter van de Velde (Nokia)" <gunter.van_de_velde@nokia.com> Fri, 09 August 2024 08:06 UTC

Return-Path: <gunter.van_de_velde@nokia.com>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 312DFC151065 for <pim@ietfa.amsl.com>; Fri, 9 Aug 2024 01:06:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.254
X-Spam-Level:
X-Spam-Status: No, score=-2.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nokia.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F_qmtNbJLSil for <pim@ietfa.amsl.com>; Fri, 9 Aug 2024 01:05:58 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2054.outbound.protection.outlook.com [40.107.22.54]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C53F2C14F616 for <pim@ietf.org>; Fri, 9 Aug 2024 01:05:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=u8jnefxskV+4rwsmz3Rjmlk2+gIWTh9IK8WLulTfa/U9BXtSLklUTDxtEZuilFjRrqd8D2jgu5vGtYY4EliGITNI6iF01s1EANwW+DKSI2zpKYTnIloCJOvr3FA8yQTOiSSTpXHNEDQuCvYjS30Q9pYmqRZAVmZ6Ita3SzUOkWCo0nRqQG41eYxZ8q3OHO//oDPPDXUSR+zC/Du09Q5mmw7JeKM0tfvcjNyeRuC5P8wojGbzfGCgMu5tz7pEyfvZn8tpITKVnyIzk/oB0boKfM2duIRUsZSaW92nrbfktRitDUMPXGqz/42EU8xBzj3lVfkUCEYXLsk8+pGjqoMG9A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iGEKy/m+roXv8tVmze0wNigCejHEKV1K0/rXvbEp+nE=; b=C39d3VnLzk/PGGCTRKTiU2xS72kAx25gY9K9+2jdqWx86oJ4Lp8F1qhWtoX9g+asfdyHlVmbFXBrMiSlxqnilBV4fNZjBMeOGs6wvJFCwIanUaqgLhvuEEbqTxvQNfcg07F4S2VdPpRvuTsq7ZRY8/IYV5h4YQGFpygY+kVGmJ3TnQKX4vthKF+ngzkPouDtdoRkbRRA10nnIPagxgushl2iU8ZxWuZPhWFi9dikX4q6voDb7CRrZkm0d1lDprciTKCqoE7m97m3uQG/UMom6ELzf4sHqhooh3CL5GpzmbUKRoHc552LFsMAe3PP+flfMIhARGJmJkjTyCwYVmsHRA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iGEKy/m+roXv8tVmze0wNigCejHEKV1K0/rXvbEp+nE=; b=iprlCbUPw815GizXqHsFN2JicE0JWQTSSmfrEEtyoPsTvD6LW19UPAT9BUdFnPWy7EU8HT7+Pnj6ZVFF0h2oZBjjB53Cq0yo0NHJJYELMLrnvpigea+ijiBKzWG1p/n5fpapavWlY8MTQ35nqNMnKTpzpaGZ2JfPC5tZh5qXAXRI072j2q1Fh27mCuSoFsYX436gJD44OGt3SZV/D7I1KX0rBAmnY2omowyUXVFegxSIkMKrTOFrtYNcEbCt+0sfiX1CJubXZSjRIDVHwYSIpv1lGnKFVm6Na4+S06FDDQWfn3F7a3EYweniJ/SCByTI9lOj8vUTguWdYOvc0ssIpw==
Received: from AS1PR07MB8589.eurprd07.prod.outlook.com (2603:10a6:20b:470::16) by PAWPR07MB9300.eurprd07.prod.outlook.com (2603:10a6:102:2f2::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7849.13; Fri, 9 Aug 2024 08:05:54 +0000
Received: from AS1PR07MB8589.eurprd07.prod.outlook.com ([fe80::5ca6:f902:8e31:6f3e]) by AS1PR07MB8589.eurprd07.prod.outlook.com ([fe80::5ca6:f902:8e31:6f3e%7]) with mapi id 15.20.7849.013; Fri, 9 Aug 2024 08:05:54 +0000
From: "Gunter van de Velde (Nokia)" <gunter.van_de_velde@nokia.com>
To: "Hooman Bidgoli (Nokia)" <hooman.bidgoli@nokia.com>, "pim@ietf.org" <pim@ietf.org>
Thread-Topic: Re: [pim] [Shepherding AD review] review of draft-ietf-pim-light-03
Thread-Index: AdrocT+vrp7U24ZpQ8GvUQpnIVCtRQBwFyZg
Date: Fri, 09 Aug 2024 08:05:54 +0000
Message-ID: <AS1PR07MB8589F3460E35F2DA13DCCB4AE0BA2@AS1PR07MB8589.eurprd07.prod.outlook.com>
References: <PH0PR08MB6581AACD25A98ECB7D6B72F091B82@PH0PR08MB6581.namprd08.prod.outlook.com>
In-Reply-To: <PH0PR08MB6581AACD25A98ECB7D6B72F091B82@PH0PR08MB6581.namprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nokia.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS1PR07MB8589:EE_|PAWPR07MB9300:EE_
x-ms-office365-filtering-correlation-id: 60e80b28-5067-4020-eccd-08dcb84a17a3
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|38070700018;
x-microsoft-antispam-message-info: UGtg23cfVUVC+8usbSHJX/1RtXCeGtTPRQxRocDUSQNaEztR5Fp6fjDypqf9mNO7g85Vp+7Qs1uYEUE7Zy9KgSq5PmESDy+6Zm7RMPSZf91U61URiT3xz5iDRT2JYTNwL/ND/ABpsQeBPkqsUHSFCu3bcUFZfrupPyJ+QckgkiGkB1Kw5K5R3c18vNl/Ic7fdDF6yUFvi04Agbq7peLupLH6tjiPrP7YHNGoJEGuoNRveO817QbbtTnV+69+gzi0gxPPkPbMrNHA/v3pVbJVCrjD5Mxp1MW1DwLLQd9z+DxcYwrhGVxww/SJV4XuHi9rIAEx63/G3MN/lptMue6gFqvAE0iNAXN7njKnS64dTMWxVjbMXuC+zjGC1Dyg6i/egzreos2spWz2pSeBM8kb0rL+kAZz/Kb/kTy10FvG32rBN0ldATpVgA5FNNOYqEnRuFDJeHLzRRh/jhqBtcfo5uNknlKXK0hQOOhwyO4saGmjXUf/AcTKpOwRsA3OBqNnYlJuydgYPTvg3U82v/wsRaJMAXPafZfBPWMIqjaGa/f0yx4Aukg7Nlup0gwaF1fAoRQHXYlJ9FH5akoexx/yCzyr+TS9+68yZSlFjaAvzmv8nE9NUzkSTVvdwBvqeaeab8Jt+m3LWEmbUr24bs/2fh4WOtWTU/XuCfOgi7lPmrlHdI2XM0hbh/VRoLU7NZf0PX5SZunMQp8KOVoeC+9b0HL6moPzr9or+xPf6hZxTQzKtAAuAkHy01bA1f2t7tZkQsDaAAS3tQBaf147mzViURGpWAVJn4zE0ZjD3Wmnbs0ER1S/rSVSGGYYtvp9/PiBDAiTFcsnjH5HXd0UyUoKl4f3LuwSlC+IpZDkOpFlFpg8sdItuVyBhID/v4LIDij+ZwhC122LD8S2SER8yYVQ2uiopQYgE9dCP7W7xwN8ndGkZkFBbDelYHykYIYQmHQ20+ffPscZdI/ziPX2h7S0ia9D9ydxgfy5YiDHXezN/dneUARSpE0vmOfv6BZDpUG6Hmru9pmMjjhdbrPWFRwncd2+tmIYZp7+rIJbynI0jQE4FVmB1d4ZkBGh5xZNm6ybm6F9+MOZ+8+qpB30gkZ2lUJHfTIb0gmRXrsE1628UH2GSKEYz1R/DqjCMcPEp7H0nfVGe5rDraNAGvr8aMbaM4du5pWMxvXK2NB9FdQXSwEKzCKYAaM6WIItXW62W2KE2tDiEDSO2Y5ze6uCMVPfqMScoG4EouXn/TaX+xxCP3L7+xnlIG26TzLfZOh9xYUzmOeURQvLoAI4T2iLEv78rG6Hs74pBeca7HjR8YERBHgrPgld+hE+2gH22c8TX80ZOPtD32kKfvOhq6Ngnxs1KsASgAMerX0eHop9yVhcCe8=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS1PR07MB8589.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: VX5nlxCQjJKIgIEICA5kWf0qwYIB1Cc2Ioh3ZF4r5KhYggNH9Ol3unYeaxEhbTR0HtLS7H7grQUn2fATBPO45eD2L1Oq0oXI7UWG0fnoA/uYteRteK66sn+dDKrQlFfeW/GIDXSL0T/2LlzXYCsG5BawXRLyfCo4ewkew9h9zDoB1FISWRABuueWcOKfzzbH1nSCZ+jsDbNPG6fz2HnVrk2OCe7jWr4qipBuh3B6vmVfuam5b2I3UQfF4CmXdOpqHQ2aCzPnjoO3hfALdaStbc4k3QODIUhwR9gxS57iVSq1q2nEloniYuSqJFflQHTHvlz/HDrwU3v4cPSb4RTy/Go+YK+4z+3SnqXAPioXUKFjnxlCOfibUcGcPTTzN09P1Rm53P/VUAv39Uobi0pA/K1Rdjr0MQQ8VIGSpUi4nP3NcvHNDO9VtAKsVhiK0OsHeq1pKy7Q0tti77WVJMsomGuEBoUErUecfVqnP+HKMY30jsdo14JaI4qDGweCVPLfd75a2ycpBpr+HoDiqe9Kpw81LwfxSba7ZYFEAQKkHEHjIuMhd7vmxwaaZd+bJ9GVCaK+SozIN3rr2H1LoW/OWCmKFXoLoY0ySde+gpBCwBI2fbt05iaX1LJj2xQYybcorGuzC6mPcc2V4YkdjEYpN9LKXpvRaE9eH61frwLkSj5zaTOkGSSyUMg3lzmtO0OLgYIL0NOAMPuQQdMqcAq/IkzAYd4+XhK7ilyRtVbRyQAd9B9tC2X2i+5nirUIJiMItwFwrz20ZYHFXg3Wo+n3Cg0gIgRnPBVAv//dS/9Ai13sFyqPU5BGxK5xvwi51G6YWbhO0VnPi+S++V92yxpG2xJEHDyPBaWjluxsZNRl0xt0cBQ06N7MPL1KbnHVSU0M1PEWyWHy3YgIWrGyr3UZlFgSUKH+W4b3zaNiC+TUBORc02Y70Dk+AxWqQPv6IWQNBBz6JuwYduQMvFadDz7YMuh9t63wE6LMTRH9HBTYWZOlDgjSkrxEMEscaZTMDYRMKwxnshGr0S4F2I0Q5hgN3vXbvYHPt9+6p9ZYBhcnLD9nRfKqx34AUGlVnCiDbNmFKjvpRx8NfIjbKs7xUScU6D7UTm201WnS66W1buuQcVGdEsAvz9yAxcRZrfL4/xcgjA3I79DABxZdc+RedAGxbyajhU4VO2x2tTsCZHagvxSzDecy2nsFYLma424/9TlHSluTF20ejRphcuP8FWnmkhB0BRhn1PvnqmdcOU3MSmq1Fzuao0DKNfzboi5nKG9FMra3rUC+AbebfV/ZrL0PPJjpmwmCx1JS07N4+O/Nw1w5blBLSssD8sNf1AXOlTA6Xvmi+akfOD9qHNT2GymqLDdkHTR9QNMzcLwZuwxX5WG+5bXN0CRG/1Vc1tMP47jxsXznpVOu4S0DNz6wNj/Qefj6FBWluiQKteYj8a+HIGzVr4FZsf6H7UHMBU/N1EMZ8tPPiytmkPCet31OMvq8BgeQ+KX1KJI6a9gzuUoYUXwzDf0xhDQbqo4rCTD+hJ40OO5m/T1d+ii87V+Je4YnpR6b7Dy3HQ/T62bx446qFl0DspXQEOfhkb2bfy+6PCv51b43diNyLMm7H9qOKFmFtRFhmT6fB2cLb91OoZYFf3AQA6WWdWjRfnnst5cCv9XoKj8Pb/W1qxSTgtQe3sEvEw==
Content-Type: multipart/alternative; boundary="_000_AS1PR07MB8589F3460E35F2DA13DCCB4AE0BA2AS1PR07MB8589eurp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS1PR07MB8589.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 60e80b28-5067-4020-eccd-08dcb84a17a3
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Aug 2024 08:05:54.3021 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: UENTVg9zeXb1oPaF+Dj9cspYL88W/1JnhUcMToAkm53AYtXBdBj7U38Yt6Duft3AFGVSpEH2VZr9IQ2vTrRw7AgCJsjn+Pdopn1dB6qV/Kc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR07MB9300
Message-ID-Hash: JZXNHUYRYKMHSPSS56B7M6ZYQRNDSHYQ
X-Message-ID-Hash: JZXNHUYRYKMHSPSS56B7M6ZYQRNDSHYQ
X-MailFrom: gunter.van_de_velde@nokia.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-pim.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [pim] Re: [Shepherding AD review] review of draft-ietf-pim-light-03
List-Id: Protocol Independent Multicast <pim.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/iB7PRLHWfeZ8Aa-7WdPMLdqqX8A>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Owner: <mailto:pim-owner@ietf.org>
List-Post: <mailto:pim@ietf.org>
List-Subscribe: <mailto:pim-join@ietf.org>
List-Unsubscribe: <mailto:pim-leave@ietf.org>

Hi Hooman,

Many thanks for the swift actions.

The draft is almost ready to go. One last sanity check when running idnits tool, few messages are seen: a downref and a duplicate ref (which i am confused about why it is shown)

https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-pim-light-05.txt

Is the downref to an experimental needed for PIM light? If yes, we will need to add it to the downref register. (This is something PIM AD, IESG and RFC editor will process, hence no workload for the authors. However we do try to avoid downrefs if possible. If the reference would be used as an example, and not formal procedures it is an informational reference.

In addition the Normative reference to "draft-ietf-bier-pim-signaling" seems to be better as Informational. I think it is only used in examples. If we make this Normative, then the PIM Light draft is fate sharing with draft-ietf-bier-pim-signaling which seems undesired and not required.

Any thoughts about this few final aspects?

G/

From: Hooman Bidgoli (Nokia) <hooman.bidgoli@nokia.com>
Sent: Thursday, August 8, 2024 1:04 AM
To: pim@ietf.org; Gunter van de Velde (Nokia) <gunter.van_de_velde@nokia.com>
Subject: Re: [pim] [Shepherding AD review] review of draft-ietf-pim-light-03

Hi Gunter

Thanks for your review and comments. I uploaded a new version of the document.

Some points/comments please


  1.
RFC 7761, Section 4.3.1, outlines the PIM neighbor discovery mechanism using Hello messages. Section 4.5 specifies that if a router receives a Join/Prune message from an IP source address without having previously received a PIM Hello message from that source, the router SHOULD discard the Join/Prune message without further processing. This procedure ensures that only messages from authenticated PIM neighbors are processed, maintaining the integrity and reliability of the multicast routing infrastructure.


HB> "This procedure ensures that only messages from authenticated PIM neighbors are processed, maintaining the integrity and reliability of the multicast routing infrastructure."
HB> I think you are misunderstanding the authenticated part. the hello messages can't authenticate the neighbor without IPsec AH mode or an authentication protocols like HMAC. This is why RFC7761 section 4.5 is pointing to section 6.3 and eventually IPsec for authentication.
HB> I am omitting this last bit of your suggestion and going with the original text.


  1.

The following rewrite may be more clear for consumers of the document.

The fact that with PIM Light there is processing of packets from an unauthenticated neighbor seems as a serious security concern. This shoul dbe mentioned as a concern and operational guidelines to reduce the risk vector



HB> again I think you are confusing authentication of a router to PIM hello adjacency. Authentication is done via IPsec or HMAC hash over the PIM hello packets and other packets including join/prunes. This authentication is possible with PIM Light as well as mentioned in the security section. Hello messages do not authenticate the router.

3.

The existing IANA registery for "PIM Message Types" may not be sufficient for PIM Light and may need update.

The existing table may need a new column, used explicit for PIM Light to show which of the PIM Message Types is supported.

It would be to lock the Message types currently supported and allows a framework for the future, unless through WG consensus the expectation is never any message ar eto be supported for PLI?

HB> I can't see us supporting any new message for PLI in near future. As PLI only support join/prune message.