IETF Logo Mail Archive

Re: [radext] Alissa Cooper's Discuss on draft-ietf-radext-ip-port-radius-ext-11: (with DISCUSS and COMMENT)

Alissa Cooper <alissa@cooperw.in> Tue, 16 August 2016 20:54 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17FDE12D18E; Tue, 16 Aug 2016 13:54:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cooperw.in header.b=AdlAXb6O; dkim=pass (1024-bit key) header.d=messagingengine.com header.b=PTlgEqbt
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZV-idGpRsOuY; Tue, 16 Aug 2016 13:54:43 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C45812D1BD; Tue, 16 Aug 2016 13:54:43 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 77968204D7; Tue, 16 Aug 2016 16:54:42 -0400 (EDT)
Received: from frontend1 ([10.202.2.160]) by compute3.internal (MEProxy); Tue, 16 Aug 2016 16:54:42 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=meXPn8E6g3/pXDgZWbocEvC3JCY=; b=AdlAXb 6OnWY8jRM6qEknQrIc9hgwEECVurScCMVZXa04JqTat+dCTFPm72byPbju5xICVu cvqDifHiQSkn76AQ3Z63gVwzZ83ySaDxUMfHbl88LbSwFm2nUUMdJLZKdGObTmm4 hTnp6zHiK+xICQjI7QtmkVbSrB3chWte/lMg8=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=meXPn8E6g3/pXDg ZWbocEvC3JCY=; b=PTlgEqbt/TqBS/xJAjR72wbpx3fq3hfd0Kgi/SVcIfluiX3 zJajVnb08u3GqCdr7R6rz7lkqxR7MjQ/+6CX1NtSc1vE/HS6fKtZI3OHg/SoyBUy HW1l3V3XXtg7CmtryhAKuJcwaNe6qLkMpHjcfoH7XfYwDgkqJEtHsjgPQgto=
X-Sasl-enc: qv3KFKpxyN2eWkxVjZ/plfQbATybb8Y6Gd+h3VUzsA2Y 1471380881
Received: from sjc-alcoop-8813.cisco.com (unknown [128.107.241.175]) by mail.messagingengine.com (Postfix) with ESMTPA id 24072F296F; Tue, 16 Aug 2016 16:54:41 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <CAHbuEH7+Gw=zDiN66Aydmie2M4dXcVqjLKWHixR7Qe6ECfN9Hg@mail.gmail.com>
Date: Tue, 16 Aug 2016 16:54:39 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <D0152C61-D391-482B-BF1E-45180F89DA41@cooperw.in>
References: <147137412687.22998.17081075232946825763.idtracker@ietfa.amsl.com> <CAHbuEH7+Gw=zDiN66Aydmie2M4dXcVqjLKWHixR7Qe6ECfN9Hg@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/8UJsfx3Gr15Bj5UL_Mx-ido0yy4>
Cc: radext-chairs@ietf.org, draft-ietf-radext-ip-port-radius-ext@ietf.org, "radext@ietf.org" <radext@ietf.org>, IESG <iesg@ietf.org>, "<lionel.morand@orange.com>" <lionel.morand@orange.com>
Subject: Re: [radext] Alissa Cooper's Discuss on draft-ietf-radext-ip-port-radius-ext-11: (with DISCUSS and COMMENT)
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Aug 2016 20:54:46 -0000

> On Aug 16, 2016, at 4:41 PM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote:
> 
> Alissa,
> 
> Thanks for your detailed review, this is helpful.  Hopefully we will
> be able to resolve this with the editors and shepherd before Thursday.
> I have one question in line that may help with the resolution for at
> least #1 & #6.
> 
> On Tue, Aug 16, 2016 at 3:02 PM, Alissa Cooper <alissa@cooperw.in> wrote:
>> Alissa Cooper has entered the following ballot position for
>> draft-ietf-radext-ip-port-radius-ext-11: Discuss
>> 
>> When responding, please keep the subject line intact and reply to all
>> email addresses included in the To and CC lines. (Feel free to cut this
>> introductory paragraph, however.)
>> 
>> 
>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>> for more information about IESG DISCUSS and COMMENT positions.
>> 
>> 
>> The document, along with other ballot positions, can be found here:
>> https://datatracker.ietf.org/doc/draft-ietf-radext-ip-port-radius-ext/
>> 
>> 
>> 
>> ----------------------------------------------------------------------
>> DISCUSS:
>> ----------------------------------------------------------------------
>> 
>> (1) I find the absence of any definition of error handling behavior in
>> this document to be a problem. I realize that the attributes specified in
>> this document are meant to be transmitted between components that are all
>> operated by the same administrative entity, but implementors can still
>> make mistakes, and for those cases it seems like error handling should be
>> defined. For example:
>> 
>> - What happens if the AAA server sends an IP-Port-Limit-Info attribute
>> with a larger limit than the CGN is able to allocate to that particular
>> user? What is the CGN supposed to do and how is that communicated back to
>> the AAA server?
>> 
>> - What happens if the CGN sends an IP-Port-Range attribute that
>> encompasses a larger range than a previously sent IP-Port-Limit-Info?
>> What is the AAA server supposed to do?
>> 
>> - What happens if the AAA server sends an IP-Port-Forwarding-Map
>> attribute to map a port that is not within the requesting host's
>> allocated range? Is the CGN expected to change the mapping and send a CoA
>> with a different IP-Port-Forwarding-Map, or communicate some sort of
>> error, or something else?
>> 
>> There are surely other error cases. I think it's worth going through the
>> uses of each attribute and specifying all the error handling behavior.
>> This seems especially important since part of the motivation for these
>> attributes is for identification and the consequences of erroneous
>> identification could be severe for the user. Discussion of those
>> consequences is also missing from Section 6.
> 
> As an alternative, I usually approach this type of problem as defining
> what is acceptable and making everything else less acceptable.  White
> lists are much easier to maintain and eliminate the possibility of
> missing something.  If you and the WG agree, could we go forward with
> that approach instead of defining all possible problems, just limiting
> what is acceptable and making everything else an error?  

I think it’s fine to say “the only correct behavior is X” but you still need to say what implementations are expected to do when not-X happens. And X will have different values for the different usages of each of these attributes.

Alissa

> This approach
> applies to a few of your other discuss points as well, namely #2, #5,
> and to some degree #3.
> 
>> 
>> (2) Section 3.1.2 says:
>> 
>> "For port allocation, both IP-Port-Range-Start TLV and IP-
>>   Port-Range-End TLV must be included; for port deallocation, the
>>   inclusion of these two TLVs is optional and if not included, it
>>   implies that all ports that are previously allocated are now
>>   deallocated."
>> 
>> How does an AAA server distinguish between port allocation and
>> deallocation requests if a deallocation request includes a range start
>> and range end? Is the server supposed to assume that whatever range is
>> specified by the most recently received IP-Port-Range attribute
>> represents the only range of allocated ports for the host? What is the
>> meaning of sending an IP-Port-Range request with only a start value or an
>> end value but not both (as seems to be allowable by the above)?
>> 
>> (3) The specification of IP-Port-Local-Id seems to allow for unnecessary
>> exposure of potentially sensitive information. There is no explanation
>> given for why the combination of the other identifiers included in
>> IP-Port-Range and IP-Port-Forwarding attributes is insufficient to
>> identify the host in DS-Extra-Lite and Lightweight 4over6 cases. As
>> defined, it sounds like implementations could put basically any user,
>> device, or interface identifier in there. If this TLV is actually
>> necessary to communicate what these attributes are trying to accomplish,
>> the justification for it should be provided and the limitations on when
>> this field may be used and what kind of identifiers can appear here
>> should be stated.
>> 
>> (4) The shepherd write-up discusses two different approaches to defining
>> the sub-TLV types and then says: "Both approaches were considered as
>> valid and the WG has decided to let IANA decide what the approach is
>> preferred when allocating the TLV-Type for the sub-TLVs defined in this
>> document." This is not appropriate. The document needs to explicitly
>> define how the types should be allocated and should not leave the
>> decision to IANA. I see that IANA has already noted that Section 7.3 is
>> ambiguous about this; the WG needs to make a choice.
> 
> Thank you, and yes, the WG needs to make a decision.
> 
> Kathleen
> 
>> 
>> (5) Section 6 seems to be missing a discussion of the consequences of
>> communicating erroneous port range and port mapping information. Since
>> part of the motivation for these attributes is identification of the
>> host, this needs to be discussed.
>> 
>> 
>> ----------------------------------------------------------------------
>> COMMENT:
>> ----------------------------------------------------------------------
>> 
>> (1) What does it mean for an IP-Port-Range attribute to have IP-Port-Type
>> 1 or 2? Can numbers in the whole range be used for any of the port or
>> identifier types? Or is the range expected to be split up somehow among
>> the multiple types? I think this needs to be explained.
>> 
>> (2) In 4.1.4, how does the ISP know that Joe is traveling?
>> 
>> 
> 
> 
> 
> -- 
> 
> Best regards,
> Kathleen

v2.23.0 | Report a Bug | By Email