[pim] Re: Paul Wouters' Discuss on draft-ietf-pim-3228bis-06: (with DISCUSS)

Brian Haberman <brian@innovationslab.net> Mon, 19 August 2024 13:39 UTC

Return-Path: <brian@innovationslab.net>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47382C16940C for <pim@ietfa.amsl.com>; Mon, 19 Aug 2024 06:39:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=innovationslab-net.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IAxqlhE6rxzV for <pim@ietfa.amsl.com>; Mon, 19 Aug 2024 06:39:16 -0700 (PDT)
Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76A2EC1654EF for <pim@ietf.org>; Mon, 19 Aug 2024 06:39:16 -0700 (PDT)
Received: by mail-qk1-x736.google.com with SMTP id af79cd13be357-7a3375015f8so305624985a.1 for <pim@ietf.org>; Mon, 19 Aug 2024 06:39:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=innovationslab-net.20230601.gappssmtp.com; s=20230601; t=1724074755; x=1724679555; darn=ietf.org; h=in-reply-to:autocrypt:from:content-language:references:cc:to :subject:user-agent:mime-version:date:message-id:from:to:cc:subject :date:message-id:reply-to; bh=UkmaO9JEg/vkKbV7OVwQDKpswEQJDhPCrcKcQB5H6Ts=; b=2sG8TS2xMOk29BPa39B3PeTHtFveYhTpUwP/0bc9kwA6vaVNESyTtuIFKEwTTyWwGg EYHvtLQSbKOCVCUhbmS5Ff1hlfCHhTjfRwTvszSwtL3FW2Q5AjM6MrtG4SD86Kgck3rQ 3JwyWwBUMjCLtxH0nAmdXCgt6QyzpZTJrzBOY4HQc+ffqv7VG51oyLj8tf/NbnD4hEXz kG6hj1LE11pEsU51T1hTCaY4n7HZcI5mlLsS9Q07JDwww6nQGxKayv2ypTpECbKzD9YK WCiuYpeX1HIPerfjKJHeawdGHVUl8L3j027PwYFk7B/WueV9yOntL5mlYTtdJGYijk8G svyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724074755; x=1724679555; h=in-reply-to:autocrypt:from:content-language:references:cc:to :subject:user-agent:mime-version:date:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=UkmaO9JEg/vkKbV7OVwQDKpswEQJDhPCrcKcQB5H6Ts=; b=TSjnFTK2cE+C381Z4xvQq72fQCZG/eZYGZNQ+GjHlIT4MQ7LgNq0E4kjRYVZAfdl38 z2uEN1wSB+pvDpHh52nb/vOTPcAJXRsjSENpOGVPiEeXedVJn4OvAJPGHyhEcieLu3e0 uBXfBhjIwgSenMNZokbgWHSjf2u+CLKO5a13ACl1PsOrCmuSVz4tWsjGu6DlBmoAQuQ1 Fzcn7x/BU/9Wo1ktJiON1JKWuoqttpyUtClksnVgGmHwkWaFGXLHg/jYrdMaNk7w+1WT 5c4TifWSzoyM0AnW50Id4fXGlrXGsyI8UPaWrQkFZSavgOxE7dUlXp7HaclYZVZfbHqe kfJQ==
X-Forwarded-Encrypted: i=1; AJvYcCXFT3YvPlfE1FgXdL2wjFlHfmeD0jmENG3SxcPxkdmSZH++wDCVQQRKUlZ8NCvWlFj5TnA0KZjPw2CTWz8=
X-Gm-Message-State: AOJu0Yxi207hxd8C8grLrc3qQUMQoWYq9KzPMfeMcjalkelFeFiB4FPS oCYcnKQ3T7jL/RciMbSNjJMkLJ/U7yxd5DLokHLrXnXqCCNTr0gCL+3hK97zwBc=
X-Google-Smtp-Source: AGHT+IHpdjP+8kAuBpmD5/ax9AIMi6KSAMDpM/cqF66Ta13wdCWwx6L8sfXWwjeTg3IVzvZjSuxUQQ==
X-Received: by 2002:a05:620a:4111:b0:79f:1e1:faa7 with SMTP id af79cd13be357-7a50693af70mr1243970885a.17.1724074755051; Mon, 19 Aug 2024 06:39:15 -0700 (PDT)
Received: from [192.168.1.23] ([172.59.112.90]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7a4ff06ac7csm428469185a.55.2024.08.19.06.39.14 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 19 Aug 2024 06:39:14 -0700 (PDT)
Message-ID: <3723768f-d714-4dcc-9e60-3101851b06ac@innovationslab.net>
Date: Mon, 19 Aug 2024 09:39:12 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: "Gunter van de Velde (Nokia)" <gunter.van_de_velde@nokia.com>, Paul Wouters <paul.wouters@aiven.io>, The IESG <iesg@ietf.org>
References: <172305835951.1013121.1666113825012029615@dt-datatracker-6dd76c4557-2mkrj> <5724e837-96cf-4b48-9d97-bc692ece7373@innovationslab.net> <AS1PR07MB85896DF42E6AD2572809C830E08C2@AS1PR07MB8589.eurprd07.prod.outlook.com>
Content-Language: en-US
From: Brian Haberman <brian@innovationslab.net>
Autocrypt: addr=brian@innovationslab.net; keydata= xsFNBGFCWtIBEAC2FIgMIrH27l4L1Uu+vxCBakOv0Y1nxsu61+aulA78two2kCl7OCF+myP8 KQHEFMoZSn+ZvR+QDFyhsHe7qDK0CVf1K3n97PptXG5kvbnDJdwVJV0w9zYC17/VDgGAKLqj 0iNDVc9mYg/zCYdPn616UAj7hNpFgc9f982gLokyR/xbMNvtOwOpToysK+7Oc25oOam0xuUx CHcE4BfzJHO2VmUgWHeTvxervtIeMcn5PUlQ4XhzYH88mLlI1Uno7W5Dfx8FjXLNNAq4aNBM 6QND2LRekYi75pSTFXNpYIZvmgVT/VB6SHpsyJ3Hkio4YqGkPiqCEcB6U1lArT2FmXnzsTOt 6ydx6ONClxtcOmoEWrES+8tU+knaCEo1/XOrWtivTFMzn3Mahf726XxQBG55FkhqQ/Mir70e mTtpm8MDf+Qj4o5OsSF01l0MMxwOPiB57pz+XuUoWvLEjLgnb83eY0/YpBJdYESL3zZ3zMBo zA65cUozqSGHwQnlE1ACRDKhsReSYmiPJR5o3pWvNf5z+1M3tyn4qpuPxFFA1X8tEstpoC9t QoX8oextRj9BXlJCcCOwSVbCN8buO7aJMN3PIwSewjYvNLMxLrMph/8jNAHIaZnIt3CRHAq6 RsEAv8VQBWruIyNyyX0N8upnOpvriqx1eI2yS/B/Z2D8fQoFewARAQABzSlCcmlhbiBIYWJl cm1hbiA8YnJpYW5AaW5ub3ZhdGlvbnNsYWIubmV0PsLBlAQTAQgAPhYhBKm74/fFK6tXux1c k5E020tPLWqqBQJhQlrSAhsDBQkHhh8tBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJE0 20tPLWqq9fAP/1BO1H3SxphcXPbIsuJ+LoBCoKhrIftwGrLZzyiHYyLSFJ/HWLH2Kv79XJP4 6GkpTCk3VfJp6LEjw9FItwXUn0BEf0LyEy1L7w81YXPq+e4kwTPaQI8CgnbpSS9HBkcUj2r9 bwCjf+QZMqfgbz4d2MkVdVrIM2XPLYQND+Xtu1tyTTnrvFndLQFkDdqHAM9HqoikoNqWqz5j JPaxpJfxqmWr86vNThI7sD0rgMX5TWj7Flngzv2G9/uGEz4rHOIwK6KKiXNKk79kTqjUCQ9j tXl8BC2LQj8xsnWeGISTMR3xbiBPeTX94686O6KcLl7QIVKVS+nqs2l2j2gaXo1AjhBXO7gP GFN+rZzPOUZnPQUek3FeQoZCkfC/ljWBPooCpBe2euv5uZ4NbfKHAr9nmmhg4Uh1IceMxMQ/ /kB2wXTbuoprWLkK02r/y9LyGI5zLqLNl0NG17erJ0NCke76xYJkKBYezgBj1pZmYQDC1Sox fKlsaFCWkBrcKuGWc49qbEtWVM8h/mw+0w5pFyKX733xa6A+S8TOPYng/qFYgauotV9unjjt b7Npn7XyYzypk7QqKo4zipBqpHKeQ96Y/FKXSHPuTVj7dGK3Dn4b0q9Dgti7ogCc8F3tJcZI E0R8Q+4TRcQ192dLvyyTrv4h9BY6q5aB56Z6dsn11TAx7YCAzsFNBGFCWtIBEACqN6OFHSNq jiPy8s05QTC2fCqi0G5CcbRFXcqmHDEKdwqHk5VuOEL8CcWKNzOEMCt6EJvNL4ivfeHs1e7f rfm08+0Da0xAFiab92B9lOTLfv/NkKZ3jakQs06rtSzX7tYDbnmDeX206Uqff1mDjsiXHoAJ fdW7CjNLdWp42B3fkSjUR8mUgeNPqO4Jhgd7d3tTN2ov7M0rS7kUoE6Gd01LmNoPUQ024g8G ecMXVBldgg78aKmehs5pSWLmoBfczymGmNT/++9B6btmy7ruU+febVXRaQJY7aqpkTL7oy4H 3LMRSy/0BXHm1WgO7201Aj7PuaXM424hAhzmAJhO5AvlT9PuS9eSaIP0sqgP7ZTX7UezVj1H Tv5VJtgHI1fiNfhd/KFqDQDGaKdlM0iysyPanSCscjsWqAG0Od2TPdSuURqvgt8suBZrAAfK d55Ovguy+8uCi047sQxShUonw7TxGl3FMAe04PBIOgMCB/uys4yDUjYrawrlNigvx60Nec+T ExE+qszoO57If3/rG78J2ntGjog+yTDNffkbzljcy3YDe3k/r+T2FKOcWxJTlwSWAs1aVLZ7 DWx73lpYrSNJxiU7PrPihfS/Doy3VfmfF/RbH/xmkuPvsyrVfd16pEEtHGi5hBk2KQyjVqi1 IWwXV9ZVOQFBE9nJ7i6A7Aw3EwARAQABwsF8BBgBCAAmFiEEqbvj98Urq1e7HVyTkTTbS08t aqoFAmFCWtICGwwFCQeGHy0ACgkQkTTbS08taqrpIBAAjc6GdUjCyVsZLYwV8bMM4loltFrx z/mroCIFW4PZ0u4zENaloQbHuhDx7Ii6mR9jRiVNbXP4XvuyhjlUO+pt6hGrPbzsmV9vGvN0 2nkGYmSpxQNEzHQf/CJyLhPWY5qTJlDEr4zHbloG2KRPQ6dv9mdRIyAwDxNDSq2tVlrJC+b4 hG9vYp9msCZspqVDRTzvRTZQoWAvGJUaUgZd/FLPTfFePAmX+enXkUKl332i82xNU/nTix73 WajK7WhWC2GugrEbi42fJgUKRtYWhY36QyxucB1VWUacn7iKt/eLfPrCVVsHP2j4vqjlL/HJ 38TvbqfI4WbXyXF630U7IOlMT8//vpo3Y8hjWw0p5dm22fyPcjfnqxDdDefKCJpN215JgvDi Ww42J+VDTsd+5FJYCSUqg3jXmJl1z6FewF5hjuUGf/VdKCrhFocfh1b8VFgne2M1vyNcPoS8 23lJOMpcVAmzFhmVl5y/az/kgPJzbQggSByv3pZZUlJttLKf9BSGwmKcoGEgNo8p/DUyMkQV kVCJdmnamJzYEa/s3XRasTZhoWzNSjIEfeJaLd8dVXTzByMzgYuj/raFP1UF33GQ8W+zr23b VLVc8pEjMQlWeRGfJRyvG4ZOYpFk0c7jw8LpERCd/1SGHL3RQ3CwOqouQgKV+0BjMbY6A6Vj CuWio7k=
In-Reply-To: <AS1PR07MB85896DF42E6AD2572809C830E08C2@AS1PR07MB8589.eurprd07.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------0CVhS1D29BwasAWp00BUY7zJ"
Message-ID-Hash: EVMAUEVRFT6MYAWORRB2L2BSYLJF74XZ
X-Message-ID-Hash: EVMAUEVRFT6MYAWORRB2L2BSYLJF74XZ
X-MailFrom: brian@innovationslab.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-pim.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-pim-3228bis@ietf.org" <draft-ietf-pim-3228bis@ietf.org>, "pim-chairs@ietf.org" <pim-chairs@ietf.org>, "pim@ietf.org" <pim@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [pim] Re: Paul Wouters' Discuss on draft-ietf-pim-3228bis-06: (with DISCUSS)
List-Id: Protocol Independent Multicast <pim.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/mbRj9wlXUJ9HFD2Wp23H6aaYI28>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Owner: <mailto:pim-owner@ietf.org>
List-Post: <mailto:pim@ietf.org>
List-Subscribe: <mailto:pim-join@ietf.org>
List-Unsubscribe: <mailto:pim-leave@ietf.org>

Hi Gunter,
      The removal of IETF Consensus was done to make the IANA 
Considerations for both MLD and IGMP more consistent since they now 
share code point registries created in this document. As a note RFC 4443 
says ICMPv6 Code values are assigned via Standards Action. There was not 
a huge discussion on the mailing list, so I suspect most WG participants 
weren't interested in the IANA-related aspects of IGMP/MLD.

      As for the Security Considerations, the text currently in the 
document comes directly from 3228. I vaguely recall there being an 
emphasis at the time of its publication to have some type of security 
discussion in every RFC, so I suspect that is the genesis of that text. 
If you go back to earlier versions of 3228bis, I had actually taken out 
that text and put this in its place:

This document only defines IANA registy actions and there are no 
associated security issues.

That text was flagged in the Artart review and the reviewer said: "But 
it doesn't mention the compatibility/upgrade issue that was in the old 
document." So the original text was returned to cover those 
compatibility/upgrade issues.

Regards,
Brian

On 8/19/24 5:34 AM, Gunter van de Velde (Nokia) wrote:
> Hi Brian,
> 
> I have a question regarding the recent change involving the removal of the IETF Consensus path for IANA assignments. Specifically, I am interested in understanding if there has been any effort to validate and reach consensus on the relevance of the original RFC3228 security section, particularly in relation to the motivation behind this proposed change in 3228bis. Has there been a review to ensure that the decision to eliminate the IETF Consensus path and retain only the standards track is well-founded?
> 
> Thank you for your attention to this matter. I look forward to your insights.
> Brgds,
> G/
> 
> 
> -----Original Message-----
> From: Brian Haberman <brian@innovationslab.net>
> Sent: Wednesday, August 7, 2024 9:35 PM
> To: Paul Wouters <paul.wouters@aiven.io>; The IESG <iesg@ietf.org>
> Cc: draft-ietf-pim-3228bis@ietf.org; pim-chairs@ietf.org; pim@ietf.org
> Subject: [pim] Re: Paul Wouters' Discuss on draft-ietf-pim-3228bis-06: (with DISCUSS)
> 
> 
> CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext for additional information.
> 
> 
> 
> Hi Paul,
>        Some follow up below...
> 
> On 8/7/24 3:19 PM, Paul Wouters via Datatracker wrote:
>> Paul Wouters has entered the following ballot position for
>> draft-ietf-pim-3228bis-06: Discuss
>>
>> When responding, please keep the subject line intact and reply to all
>> email addresses included in the To and CC lines. (Feel free to cut
>> this introductory paragraph, however.)
>>
>>
>> Please refer to
>> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
>> ietf.org%2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fhandling-ballot-positi
>> ons%2F&data=05%7C02%7Cgunter.van_de_velde%40nokia.com%7Cf13ee5fa65574b
>> 6057f808dcb7180f20%7C5d4717519675428d917b70f44f9630b0%7C0%7C0%7C638586
>> 561166060422%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM
>> zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=6MYQ3P95kU9cHnPM6
>> s7QOWQZe87KwjblIqOgQTOwujE%3D&reserved=0
>> for more information about how to handle DISCUSS and COMMENT positions.
>>
>>
>> The document, along with other ballot positions, can be found here:
>> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdata
>> tracker.ietf.org%2Fdoc%2Fdraft-ietf-pim-3228bis%2F&data=05%7C02%7Cgunt
>> er.van_de_velde%40nokia.com%7Cf13ee5fa65574b6057f808dcb7180f20%7C5d471
>> 7519675428d917b70f44f9630b0%7C0%7C0%7C638586561166069507%7CUnknown%7CT
>> WFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI
>> 6Mn0%3D%7C0%7C%7C%7C&sdata=45DzGEXVeqsMVvSEFSj%2FSDIt9U%2FTKSoCzFl%2By
>> hO%2Fu88%3D&reserved=0
>>
>>
>>
>> ----------------------------------------------------------------------
>> DISCUSS:
>> ----------------------------------------------------------------------
>>
>> I find it a bit odd that the reason for why the IANA registration
>> policies are changed to Standards Track is only listed in the Security
>> Considerations. I think this belongs in the Abstract and / or Introduction.
> 
> That isn't the primary purpose of this revision to 3228. There have been new fields created within the IGMP and MLD headers that need consistent policies for assignment. That is why the Abstract calls out revised IANA Considerations for these protocols.
> 
> If it would help, I could add a sentence to the Introduction that explicitly mentions dropping the IETF Consensus method for allocating codepoints.
> 
>>
>> In the Security Considerations it lists that the justification is more
>> or less that middleware screws up unknown values, so by making it
>> harder to make registrations, this will reduce the bad impact of this misbehaving middleware.
>> I guess my question is if this is really the appropriate action for
>> the IETF to take in response to badly engineered middleware boxes. I
>> am assuming the old registration policy had a justification that is
>> still valid but now thrown under the bus. Has there been any
>> discussion of this on an IETF list? For example have known middlware
>> vendors been approached to try and get their implementations updated?
> 
> The Security Considerations section is virtually unchanged from 3228, modulo dropping the IETF Consensus path for IANA assignments.
> 
> Regards,
> Brian