[pim] Re: [Shepherding AD review] review of draft-ietf-pim-light-03

Stig Venaas <stig@venaas.com> Fri, 09 August 2024 18:55 UTC

Return-Path: <stig@venaas.com>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23ADEC14F60A for <pim@ietfa.amsl.com>; Fri, 9 Aug 2024 11:55:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=venaas-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id baHBxjGecPp7 for <pim@ietfa.amsl.com>; Fri, 9 Aug 2024 11:55:03 -0700 (PDT)
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D373C14F5F7 for <pim@ietf.org>; Fri, 9 Aug 2024 11:55:03 -0700 (PDT)
Received: by mail-ed1-x52e.google.com with SMTP id 4fb4d7f45d1cf-5a10bb7bcd0so3026872a12.3 for <pim@ietf.org>; Fri, 09 Aug 2024 11:55:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=venaas-com.20230601.gappssmtp.com; s=20230601; t=1723229702; x=1723834502; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=f11aEo3TkuZslSFmoiTkPIjrd0rqIbDcyvPc+r4IzEQ=; b=sN3MdI1ktYO1QSpvNRQztJzsGMaGOWmRMW38n+sakQ/Q0feHpJCFfLHYcxyIp4bL/B TfdHN+N6Q/ncVngBM1kb+bxyPVY67z4PhsAxXcHedHudZAEBVTzhgFpzFvvA365QVZKG T6eAbjiLqFWLVMJnpyBtc69MMD5ejekjVycncZynNiC5hErS/OsR285CVcELfhwdcsr1 qoCv1vvz5l0vh9cuBAm8CSkF9X08MEPTUtap68wpE0w2v3nbvcoKElWiq21/EQcp2kZ3 F/DBOivhoax5EDmoaX7W4k5ev9/tylpc1eyBEqWx5cE53jER2wex5YoBSI3p04aSBp0+ 85og==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723229702; x=1723834502; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=f11aEo3TkuZslSFmoiTkPIjrd0rqIbDcyvPc+r4IzEQ=; b=wqH8AE7lNoPsOh8OdKUHQ5ek8eAC8YlOa5fIEvvZ5p9fppEjybUt0RrOnsOio8g5T3 g3eTNBiPV9zLoVtbvkXNOTf/aUo9CU7NhMDwv1i6YDDYSfNwVfbzcD3AjjudcwRFW6ze xV/KjFHjRVBptSDsmpr5GwLOuqe3bGRrOUjJpSGOKIPPvBualZvoPrCLeqtMvPjziRq3 QskRNb07w5qC6rFDQHF6sz5CEMVcJjZ/xgtv3nbhQaBAHwOxqFlmHouxjRVgEji5zPJ5 eRo+aC5KAVmIhvSOIMpgW4ZfCWW67DuA//yZPXQcQE6tVOLVOus6eoVfe31FCpbaTHKS rt4w==
X-Forwarded-Encrypted: i=1; AJvYcCVWgN99xZFyNlyK0SIPtEKKNvhVCAj2A/MkoIi9QdGORCHiLreYQANCUTFf9nxdQUQQYa/bD18byQDvB4o=
X-Gm-Message-State: AOJu0YzpWYyRCzwkJt6Hrq66gn7WngxiCul+R2kehcYUkd0jiWBZSZxf HIb+++lgHWa5OCJYXJqatujCqjf7KyF7JrOq7lZDZap/hU0sAsSr4PCCtkSayTjBLN58XOIM4wu QxX/2hzuP1EB0edjC2kc4Hj4lGceC/ouNEOv7Wg==
X-Google-Smtp-Source: AGHT+IEA5QCEPNUYa/2VWO3+1HzLekle1YguOgDX8HwXFR5ocL0fyC5BiliR6vyKrSXquzrWvMdI54XLC3wi46hWoZk=
X-Received: by 2002:a17:907:f1de:b0:a77:eb34:3b4e with SMTP id a640c23a62f3a-a80aa565fd7mr194477566b.7.1723229700787; Fri, 09 Aug 2024 11:55:00 -0700 (PDT)
MIME-Version: 1.0
References: <PH0PR08MB6581AACD25A98ECB7D6B72F091B82@PH0PR08MB6581.namprd08.prod.outlook.com> <AS1PR07MB8589F3460E35F2DA13DCCB4AE0BA2@AS1PR07MB8589.eurprd07.prod.outlook.com> <PH0PR08MB658183918513D4A16F99FABF91BA2@PH0PR08MB6581.namprd08.prod.outlook.com>
In-Reply-To: <PH0PR08MB658183918513D4A16F99FABF91BA2@PH0PR08MB6581.namprd08.prod.outlook.com>
From: Stig Venaas <stig@venaas.com>
Date: Fri, 09 Aug 2024 11:54:49 -0700
Message-ID: <CAHANBt+MnY60Jmpfz-H2niLiFM-p5iMdGsNLORfUJP9eqXYNWQ@mail.gmail.com>
To: "Hooman Bidgoli (Nokia)" <hooman.bidgoli=40nokia.com@dmarc.ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: VVWS32ABKLHC5MW4H6G637EUN77WCA6W
X-Message-ID-Hash: VVWS32ABKLHC5MW4H6G637EUN77WCA6W
X-MailFrom: stig@venaas.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-pim.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "pim@ietf.org" <pim@ietf.org>, "pim-chairs@ietf.org" <pim-chairs@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [pim] Re: [Shepherding AD review] review of draft-ietf-pim-light-03
List-Id: Protocol Independent Multicast <pim.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/uSuJ8_jHmKXdt2kCxNt2NaiE30Q>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Owner: <mailto:pim-owner@ietf.org>
List-Post: <mailto:pim@ietf.org>
List-Subscribe: <mailto:pim-join@ietf.org>
List-Unsubscribe: <mailto:pim-leave@ietf.org>

Hi Hooman and Gunter

I think it's useful to explain that pim light can work with PORT and
how, and in this case I also think it needs to be a normative
reference. Isn't it ok to have a down reference as long as we have a
reasonable reason?

The pim light solution itself does not depend on PORT, so I think it
can be Standards Track even if PORT isn't. It only affects section 3.5
that explicitly talks about PORT.

If we really need to avoid the down reference, I would rather the
reference be made informational. But in that case I think 3.5 should
be reworded slightly so that one doesn't need to understand PORT to
understand the text.

Thanks,
Stig

On Fri, Aug 9, 2024 at 11:24 AM Hooman Bidgoli (Nokia)
<hooman.bidgoli=40nokia.com@dmarc.ietf.org> wrote:
>
> Hi Gunter
>
>
>
> RFC 6559 is the PIM over Reliable Transport (PORT) which the section 3.5 of draft is addressing. So the reader needs to understand RFC6559 this is why I put it in Normative References. Personally I am ok with removing section 3.5  and saying that this draft doesn’t cover (PORT). But anyway if section 3.5 stays I guess we need RFC6559 in Normative References again if @pim-chairs@ietf.org and you agree I can move it to informative reference. Please let me know.
>
>
>
>
>
> draft-ietf-bier-pim-signaling, ok moved it.
>
>
>
> Duplication of RFC 2119 and RFC 8174, no idea what is happening here. Looking at some of the other RFCs they list them both under Normative references. Anyone?
>
>
>
> Thanks
>
> Hooman
>
>
>
>
>
>
>
>
>
> From: Gunter van de Velde (Nokia) <gunter.van_de_velde@nokia.com>
> Sent: Friday, August 9, 2024 4:06 AM
> To: Hooman Bidgoli (Nokia) <hooman.bidgoli@nokia.com>; pim@ietf.org
> Subject: RE: Re: [pim] [Shepherding AD review] review of draft-ietf-pim-light-03
>
>
>
> Hi Hooman,
>
>
>
> Many thanks for the swift actions.
>
>
>
> The draft is almost ready to go. One last sanity check when running idnits tool, few messages are seen: a downref and a duplicate ref (which i am confused about why it is shown)
>
>
>
> https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-pim-light-05.txt
>
>
>
> Is the downref to an experimental needed for PIM light? If yes, we will need to add it to the downref register. (This is something PIM AD, IESG and RFC editor will process, hence no workload for the authors. However we do try to avoid downrefs if possible. If the reference would be used as an example, and not formal procedures it is an informational reference.
>
>
>
> In addition the Normative reference to “draft-ietf-bier-pim-signaling” seems to be better as Informational. I think it is only used in examples. If we make this Normative, then the PIM Light draft is fate sharing with draft-ietf-bier-pim-signaling which seems undesired and not required.
>
>
>
> Any thoughts about this few final aspects?
>
>
>
> G/
>
>
>
> From: Hooman Bidgoli (Nokia) <hooman.bidgoli@nokia.com>
> Sent: Thursday, August 8, 2024 1:04 AM
> To: pim@ietf.org; Gunter van de Velde (Nokia) <gunter.van_de_velde@nokia.com>
> Subject: Re: [pim] [Shepherding AD review] review of draft-ietf-pim-light-03
>
>
>
> Hi Gunter
>
>
>
> Thanks for your review and comments. I uploaded a new version of the document.
>
>
>
> Some points/comments please
>
>
>
>
>
> RFC 7761, Section 4.3.1, outlines the PIM neighbor discovery mechanism using Hello messages. Section 4.5 specifies that if a router receives a Join/Prune message from an IP source address without having previously received a PIM Hello message from that source, the router SHOULD discard the Join/Prune message without further processing. This procedure ensures that only messages from authenticated PIM neighbors are processed, maintaining the integrity and reliability of the multicast routing infrastructure.
>
>
>
> HB> “This procedure ensures that only messages from authenticated PIM neighbors are processed, maintaining the integrity and reliability of the multicast routing infrastructure.”
> HB> I think you are misunderstanding the authenticated part. the hello messages can’t authenticate the neighbor without IPsec AH mode or an authentication protocols like HMAC. This is why RFC7761 section 4.5 is pointing to section 6.3 and eventually IPsec for authentication.
>
> HB> I am omitting this last bit of your suggestion and going with the original text.
>
>
>
>
>
> The following rewrite may be more clear for consumers of the document.
>
> The fact that with PIM Light there is processing of packets from an unauthenticated neighbor seems as a serious security concern. This shoul dbe mentioned as a concern and operational guidelines to reduce the risk vector
>
>
>
> HB> again I think you are confusing authentication of a router to PIM hello adjacency. Authentication is done via IPsec or HMAC hash over the PIM hello packets and other packets including join/prunes. This authentication is possible with PIM Light as well as mentioned in the security section. Hello messages do not authenticate the router.
>
>
>
> 3.
>
> The existing IANA registery for "PIM Message Types" may not be sufficient for PIM Light and may need update.
>
> The existing table may need a new column, used explicit for PIM Light to show which of the PIM Message Types is supported.
>
> It would be to lock the Message types currently supported and allows a framework for the future, unless through WG consensus the expectation is never any message ar eto be supported for PLI?
>
>
>
> HB> I can’t see us supporting any new message for PLI in near future. As PLI only support join/prune message.
>
>
>
>
>
> _______________________________________________
> pim mailing list -- pim@ietf.org
> To unsubscribe send an email to pim-leave@ietf.org