Re: [savi] AD review of draft-ietf-savi-framework
"Jun Bi" <junbi@tsinghua.edu.cn> Wed, 25 May 2011 01:47 UTC
Return-Path: <junbi@tsinghua.edu.cn>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62486E07CA for <savi@ietfa.amsl.com>; Tue, 24 May 2011 18:47:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.104
X-Spam-Level:
X-Spam-Status: No, score=-101.104 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_RFC_DSN=1.495, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tSlSVpeihc77 for <savi@ietfa.amsl.com>; Tue, 24 May 2011 18:47:08 -0700 (PDT)
Received: from smtp.tsinghua.edu.cn (smtp.tsinghua.edu.cn [166.111.8.81]) by ietfa.amsl.com (Postfix) with ESMTP id 45922E0764 for <savi@ietf.org>; Tue, 24 May 2011 18:47:06 -0700 (PDT)
Received: from th053212.ip.tsinghua.edu.cn ([59.66.53.212] helo=junbiVAIOz138) by smtp.tsinghua.edu.cn with esmtpa (Exim 4.69) (envelope-from <junbi@tsinghua.edu.cn>) id 1QP3BL-0001rw-GW; Wed, 25 May 2011 09:46:43 +0800
Message-ID: <634BEF66B2B74684B180B35F2C94BCEB@junbiVAIOz138>
From: Jun Bi <junbi@tsinghua.edu.cn>
To: Jari Arkko <jari.arkko@piuha.net>, draft-ietf-savi-framework@tools.ietf.org, SAVI Mailing List <savi@ietf.org>
References: <4DDC19D4.2040104@piuha.net>
In-Reply-To: <4DDC19D4.2040104@piuha.net>
Date: Wed, 25 May 2011 09:46:43 +0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="UTF-8"; reply-type="response"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3508.1109
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3508.1109
Subject: Re: [savi] AD review of draft-ietf-savi-framework
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 May 2011 01:47:09 -0000
Hi Jari, Thank you very much for your review, we will update a new version ASAP. Best Regards, Jun Bi -----原始邮件----- From: Jari Arkko Sent: Wednesday, May 25, 2011 4:49 AM To: draft-ietf-savi-framework@tools.ietf.org ; SAVI Mailing List Subject: [savi] AD review of draft-ietf-savi-framework I have reviewed this draft. I think it is in relatively OK shape, though I had a number of issues. Please see below. I'm expecting a new version, and then I can start the IETF last call for this document. > Finer-grained IP > source address validation would be helpful to enable IP-source- > address-based authentication, authorization, and host localization, > as well as to efficiently identify misbehaving hosts. I would cut down this list a little bit. Source-address based authentication may not be recommended practice to begin with. Just say: Finer-grained IP source address validation would ensure that source address information is accurate, reduce the ability to launch denial-of-service attacks, and help with localizing hosts and identify misbehaving hosts. > This model allows a SAVI instance to be located anywhere on the link > to which the hosts attach, hence enabling different locations for a > SAVI instance. The term "SAVI instance" sounds a bit odd. Perhaps you could say "... allows SAVI functionality (a SAVI instance) to be located ...." > To make SAVI of better applicability, to handle the scenarios in > which hosts are not directly attached is of value. > SAVI instance is attached by a legacy switch which is attached by > hosts. The language could be improved here. > However, to take such scenario into consideration requires > support in the bind-and-identify model. > o A legacy switch to which hosts are attaching uses two trunked > ports to connect to SAVI switch. > > o STP runs among switches, and a link failure happens. > > Both scenarios require more specified design to build correct > binding. Thus, for each SAVI solution, the applicability must be > specified explicitly. > I'm not sure what this means. Please rewrite in clearer language. In particular, I had the following questions: - What specific new support is needed in the bind-and-identify model? - Is the bind-and-identify model the one that you introduced earlier? You're calling it with a different name ... based on the beginning of the Section, it should perhaps be called Identify-Bind-Enforce model. - Link failures make for complex effects to SAVI. Mere disconnection by itself is not a problem, packets just don't flow. Network partition and re-merge would cause some problems. One possible rewrite: Nevertheless, it is useful for SAVI mechanisms to be able to handle situations where hosts are not directly attached to the SAVI-capable device. For instance, deployments with both SAVI-capable and legacy switches could be supported. In general, a SAVI solution needs to specify how it deals with a number of deployment scenarios and exceptional situations, including interaction with legacy devices, hosts moving between wireless attachment points, network partitions, and so on. > o A legacy switch to which hosts are attaching uses two trunked > ports to connect to SAVI switch. > to a SAVI capable switch > The SAVI method hence comes in multiple variants: > for links with Stateless Address Autoconfiguration [rfc4862 > <http://tools.ietf.org/html/rfc4862>], for > links with DHCP [rfc2131 <http://tools.ietf.org/html/rfc2131>][rfc3315], > for links with Secure Neighbor > Discovery [rfc3971 <http://tools.ietf.org/html/rfc3971>], for links with > IKEv2 [rfc5996 <http://tools.ietf.org/html/rfc5996>] [rfc5739 > <http://tools.ietf.org/html/rfc5739>] > [rfc5026 <http://tools.ietf.org/html/rfc5026>] and for links that use any > combination of IP address > assignment methods. > SEND is perhaps more of a variation ofg SLAAC than its own free-standing address allocation method. > The reason to develop SAVI method variants for each single IP address > configuration method, in addition to the variant that handles all IP > address assignment methods, is to minimize the complexity of the > common case: many link deployments today either are constrained to a > single IP address assignment methods or, equivalently from the > perspective of the SAVI method, separate IP address assignment > methods into different IP address prefixes. The SAVI method for such > links can be simpler than the SAVI method for links with multiple IP > address assignment methods per IP address prefix. > Hmm. I'm not sure I buy this. First of all, I would claim that many links support multiple address assignment methods. For instance, dual stack links typically today support SLAAC for IPv6 and DHCP for IPv4. And its obvious that to fly in the IETF, the SAVI solution needs to support multiple methods. I would just replace the above text with: To provide a complete solution, SAVI methods need to support a variety of address configuration mechanisms. Of course there may be different SAVI specifications that specify, for instance SAVI functionality for IPv4 and IPv6 address configuration. It is expected that SAVI methods can collectively support DHCP [rfc2131,rfc3315], Stateless Address Autoconfiguration [rfc4862 <http://tools.ietf.org/html/rfc4862>] with or without Secure Neighbor Discovery [rfc3971], IKEv2 [rfc5996,rfc5739,rfc5026] and combinations thereof. > > 6. Mix Scenario > Mixed Scenario? > o Manually Prefix Configuration: The allowed prefix scope of IPv4 > Addresses, IPv6 static addresses, IPv6 addresses assigned by > SLAAC, and IPv6 addresses assigned by DHCPv6 can be set manually > at SAVI device. FE80::/64 is always a feasible prefix in IPv6. > I think you want: o Manual Prefix Configuration: ... > o Prefix Configuration by RA Snooping: The allowed prefix scope of > IPv6 static addresses and IPv6 addresses assigned by SLAAC can be > set at SAVI device through snooping RA message at SAVI device. > FE80::/64 is always a feasible prefix in IPv6. > > o Prefix Configuration by DHCP-PD Snooping: The allowed prefix > scope of IPv6 static addresses, IPv6 addresses assigned by SLAAC, > and IPv6 addresses assigned by DHCPv6 can be set through snooping > DHCP-PD message at SAVI device. FE80::/64 is always a feasible > prefix in IPv6. > > I don't think the FE80::/64 statement is needed on these two bullets (RAs and DHCP-PD do not use FE80 AFAIK.) > If some of the prefix scopes is set to have non prefix, it implies > corresponding address assignment method is not allowed in the > network. > ... no prefix, it implies ... > The author would like to thank the SAVI working group for a thorough The authors... > This document only discusses the possible methods to mitigrate the > usage of forged IP address, but doesn't propose a mechanism that > provides strong security for IP address. I'd say: This document only discusses the possible methods to mitigate the usage of forged IP addresses. Some such methods may rely on cryptographic methods, but not all do. As a result, it is generally not possible to prove address ownership in any strong sense. Jari _______________________________________________ savi mailing list savi@ietf.org https://www.ietf.org/mailman/listinfo/savi
- [savi] AD review of draft-ietf-savi-framework Jari Arkko
- Re: [savi] AD review of draft-ietf-savi-framework Jun Bi
- Re: [savi] AD review of draft-ietf-savi-framework marcelo bagnulo braun
- Re: [savi] AD review of draft-ietf-savi-framework Jun Bi
- Re: [savi] AD review of draft-ietf-savi-framework Jun Bi
- Re: [savi] AD review of draft-ietf-savi-framework Jari Arkko