IETF Logo Mail Archive

Re: [radext] Alissa Cooper's Discuss on draft-ietf-radext-ip-port-radius-ext-11: (with DISCUSS and COMMENT)

kathleen.moriarty.ietf@gmail.com Tue, 16 August 2016 21:15 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F32DA12D181; Tue, 16 Aug 2016 14:15:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BGQC2FpwajLz; Tue, 16 Aug 2016 14:15:25 -0700 (PDT)
Received: from mail-qt0-x244.google.com (mail-qt0-x244.google.com [IPv6:2607:f8b0:400d:c0d::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB1E912B024; Tue, 16 Aug 2016 14:15:24 -0700 (PDT)
Received: by mail-qt0-x244.google.com with SMTP id c52so3741823qte.1; Tue, 16 Aug 2016 14:15:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=2UgViBvL/I+tT2krSavk7g0yhsv/bvir4d4tnY7Y54c=; b=N/+IiRtWYJ3YMOwc+CrNJzX6v5MnKFJ+XpejpY52frC++M/Tu2N+WTpkZAuwaJ3hKq zunbojBormaJ6lI7TC6sZa9+jkOY/KL1nO+MVnS83Zq66jXF5eyMOLIONBxzFnsSsyWl 0MAxbnFojpeMOujFTYKY5oompIdHlWQogXEz1ckchTkWtiBXUXOqLQfFTo5jbNoLFg3P ehC7RSNqUN0xKI6O/VjpIAgD7srqCEMhEF8yNGLNkoAnitKKs0P9pedlKP66j8Ee54Lc j2LPV/2TRj1IlQb4Ecw9tFuwoPaO/w07e2N/ispPSQmtz3XRTuEPCSvXdPyTGzftd+kD 1DFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=2UgViBvL/I+tT2krSavk7g0yhsv/bvir4d4tnY7Y54c=; b=ZZ/YzOa8dPLYiEzwrMFiFE3xyDOJDFZiJb9/Nr5E75QBgH0fFKa5vsuJWuplKT5vM3 TMANksx06KdzJmGCnpYxZt0csGk2/Tde8T1p+mlU5ZYyLMYXxsG0YBUEO7FHGWCLrZOJ nWuNjSYlFxK+53Yl4VWd4V6Wq4zXgKiTnuS0JAtfewTHVs9xUcvtQrnoib8c0ow8hqyw F8YSY3mvpzsIC/XshK6ODlcl9htBkarLF0h3/WS2PGhcnUzfST8+lln8r1dAhJw5g0IP s9qq2NqKzHGiDD4QZjeZO34p62izr0Y4hffpdTewRseaZmPpN54bdenhWHcBtAfFBGDf X3Cg==
X-Gm-Message-State: AEkoous0qrpaHjbfmcbjbqkwLiidgYf3vASG4QUzNgu6ffwx/rldeQrxjS94cf9yUxcxTQ==
X-Received: by 10.200.45.181 with SMTP id p50mr39283483qta.31.1471382123882; Tue, 16 Aug 2016 14:15:23 -0700 (PDT)
Received: from [192.168.1.6] (209-6-124-204.c3-0.arl-ubr1.sbo-arl.ma.cable.rcn.com. [209.6.124.204]) by smtp.gmail.com with ESMTPSA id d133sm14836805qke.40.2016.08.16.14.15.22 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 16 Aug 2016 14:15:22 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: kathleen.moriarty.ietf@gmail.com
X-Mailer: iPhone Mail (13F69)
In-Reply-To: <D0152C61-D391-482B-BF1E-45180F89DA41@cooperw.in>
Date: Tue, 16 Aug 2016 17:15:22 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <E4E4781D-85F1-48CD-83A6-24023B090C68@gmail.com>
References: <147137412687.22998.17081075232946825763.idtracker@ietfa.amsl.com> <CAHbuEH7+Gw=zDiN66Aydmie2M4dXcVqjLKWHixR7Qe6ECfN9Hg@mail.gmail.com> <D0152C61-D391-482B-BF1E-45180F89DA41@cooperw.in>
To: Alissa Cooper <alissa@cooperw.in>
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/mEExCGhzr7JN_aUSeqJsLuJUqRQ>
Cc: radext-chairs@ietf.org, draft-ietf-radext-ip-port-radius-ext@ietf.org, "radext@ietf.org" <radext@ietf.org>, IESG <iesg@ietf.org>, "<lionel.morand@orange.com>" <lionel.morand@orange.com>
Subject: Re: [radext] Alissa Cooper's Discuss on draft-ietf-radext-ip-port-radius-ext-11: (with DISCUSS and COMMENT)
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Aug 2016 21:15:27 -0000


Sent from my iPhone

> On Aug 16, 2016, at 4:54 PM, Alissa Cooper <alissa@cooperw.in> wrote:
> 
> 
>> On Aug 16, 2016, at 4:41 PM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote:
>> 
>> Alissa,
>> 
>> Thanks for your detailed review, this is helpful.  Hopefully we will
>> be able to resolve this with the editors and shepherd before Thursday.
>> I have one question in line that may help with the resolution for at
>> least #1 & #6.
>> 
>>> On Tue, Aug 16, 2016 at 3:02 PM, Alissa Cooper <alissa@cooperw.in> wrote:
>>> Alissa Cooper has entered the following ballot position for
>>> draft-ietf-radext-ip-port-radius-ext-11: Discuss
>>> 
>>> When responding, please keep the subject line intact and reply to all
>>> email addresses included in the To and CC lines. (Feel free to cut this
>>> introductory paragraph, however.)
>>> 
>>> 
>>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>>> for more information about IESG DISCUSS and COMMENT positions.
>>> 
>>> 
>>> The document, along with other ballot positions, can be found here:
>>> https://datatracker.ietf.org/doc/draft-ietf-radext-ip-port-radius-ext/
>>> 
>>> 
>>> 
>>> ----------------------------------------------------------------------
>>> DISCUSS:
>>> ----------------------------------------------------------------------
>>> 
>>> (1) I find the absence of any definition of error handling behavior in
>>> this document to be a problem. I realize that the attributes specified in
>>> this document are meant to be transmitted between components that are all
>>> operated by the same administrative entity, but implementors can still
>>> make mistakes, and for those cases it seems like error handling should be
>>> defined. For example:
>>> 
>>> - What happens if the AAA server sends an IP-Port-Limit-Info attribute
>>> with a larger limit than the CGN is able to allocate to that particular
>>> user? What is the CGN supposed to do and how is that communicated back to
>>> the AAA server?
>>> 
>>> - What happens if the CGN sends an IP-Port-Range attribute that
>>> encompasses a larger range than a previously sent IP-Port-Limit-Info?
>>> What is the AAA server supposed to do?
>>> 
>>> - What happens if the AAA server sends an IP-Port-Forwarding-Map
>>> attribute to map a port that is not within the requesting host's
>>> allocated range? Is the CGN expected to change the mapping and send a CoA
>>> with a different IP-Port-Forwarding-Map, or communicate some sort of
>>> error, or something else?
>>> 
>>> There are surely other error cases. I think it's worth going through the
>>> uses of each attribute and specifying all the error handling behavior.
>>> This seems especially important since part of the motivation for these
>>> attributes is for identification and the consequences of erroneous
>>> identification could be severe for the user. Discussion of those
>>> consequences is also missing from Section 6.
>> 
>> As an alternative, I usually approach this type of problem as defining
>> what is acceptable and making everything else less acceptable.  White
>> lists are much easier to maintain and eliminate the possibility of
>> missing something.  If you and the WG agree, could we go forward with
>> that approach instead of defining all possible problems, just limiting
>> what is acceptable and making everything else an error?  
> 
> I think it’s fine to say “the only correct behavior is X” but you still need to say what implementations are expected to do when not-X happens. And X will have different values for the different usages of each of these attributes.
> 
> Alissa
> 
>> This approach
>> applies to a few of your other discuss points as well, namely #2, #5,
>> and to some degree #3.
>> 
>>> 
>>> (2) Section 3.1.2 says:
>>> 
>>> "For port allocation, both IP-Port-Range-Start TLV and IP-
>>>  Port-Range-End TLV must be included; for port deallocation, the
>>>  inclusion of these two TLVs is optional and if not included, it
>>>  implies that all ports that are previously allocated are now
>>>  deallocated."
>>> 
>>> How does an AAA server distinguish between port allocation and
>>> deallocation requests if a deallocation request includes a range start
>>> and range end? Is the server supposed to assume that whatever range is
>>> specified by the most recently received IP-Port-Range attribute
>>> represents the only range of allocated ports for the host? What is the
>>> meaning of sending an IP-Port-Range request with only a start value or an
>>> end value but not both (as seems to be allowable by the above)?
>>> 
>>> (3) The specification of IP-Port-Local-Id seems to allow for unnecessary
>>> exposure of potentially sensitive information. There is no explanation
>>> given for why the combination of the other identifiers included in
>>> IP-Port-Range and IP-Port-Forwarding attributes is insufficient to
>>> identify the host in DS-Extra-Lite and Lightweight 4over6 cases. As
>>> defined, it sounds like implementations could put basically any user,
>>> device, or interface identifier in there. If this TLV is actually
>>> necessary to communicate what these attributes are trying to accomplish,
>>> the justification for it should be provided and the limitations on when
>>> this field may be used and what kind of identifiers can appear here
>>> should be stated.
>>> 
>>> (4) The shepherd write-up discusses two different approaches to defining
>>> the sub-TLV types and then says: "Both approaches were considered as
>>> valid and the WG has decided to let IANA decide what the approach is
>>> preferred when allocating the TLV-Type for the sub-TLVs defined in this
>>> document." This is not appropriate. The document needs to explicitly
>>> define how the types should be allocated and should not leave the
>>> decision to IANA. I see that IANA has already noted that Section 7.3 is
>>> ambiguous about this; the WG needs to make a choice.
>> 
>> Thank you, and yes, the WG needs to make a decision.
>> 
>> Kathleen
>> 
>>> 
>>> (5) Section 6 seems to be missing a discussion of the consequences of
>>> communicating erroneous port range and port mapping information. Since
>>> part of the motivation for these attributes is identification of the
>>> host, this needs to be discussed.
>>> 
>>> 
>>> ----------------------------------------------------------------------
>>> COMMENT:
>>> ----------------------------------------------------------------------
>>> 
>>> (1) What does it mean for an IP-Port-Range attribute to have IP-Port-Type
>>> 1 or 2? Can numbers in the whole range be used for any of the port or
>>> identifier types? Or is the range expected to be split up somehow among
>>> the multiple types? I think this needs to be explained.
>>> 
>>> (2) In 4.1.4, how does the ISP know that Joe is traveling?
>> 
>> 
>> 
>> -- 
>> 
>> Best regards,
>> Kathleen
>

v2.23.0 | Report a Bug | By Email