Re: [secdir] secdir review of draft-ietf-ospf-node-admin-tag-05

Shraddha Hegde <shraddha@juniper.net> Thu, 15 October 2015 04:35 UTC

Return-Path: <shraddha@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 045E21B3033; Wed, 14 Oct 2015 21:35:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8m7tYRCpMyR4; Wed, 14 Oct 2015 21:35:45 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0752.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::752]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BC601B3032; Wed, 14 Oct 2015 21:35:44 -0700 (PDT)
Received: from BY1PR0501MB1381.namprd05.prod.outlook.com (10.160.107.139) by BY1PR0501MB1381.namprd05.prod.outlook.com (10.160.107.139) with Microsoft SMTP Server (TLS) id 15.1.293.16; Thu, 15 Oct 2015 04:35:26 +0000
Received: from BY1PR0501MB1381.namprd05.prod.outlook.com ([10.160.107.139]) by BY1PR0501MB1381.namprd05.prod.outlook.com ([10.160.107.139]) with mapi id 15.01.0293.007; Thu, 15 Oct 2015 04:35:26 +0000
From: Shraddha Hegde <shraddha@juniper.net>
To: Benjamin Kaduk <kaduk@MIT.EDU>
Thread-Topic: secdir review of draft-ietf-ospf-node-admin-tag-05
Thread-Index: AQHRAtRkmhe1qX1HzE+v6FQBX6gc055lH6mAgABoLJCABH8tgIAAbyuggAFMpwCAADYS0A==
Date: Thu, 15 Oct 2015 04:35:26 +0000
Message-ID: <BY1PR0501MB1381F767EA3D6871AA4928EFD53E0@BY1PR0501MB1381.namprd05.prod.outlook.com>
References: <alpine.GSO.1.10.1510091159450.26829@multics.mit.edu> <D23ED021.34690%acee@cisco.com> <BY1PR0501MB1381A8D06B804AE4508F371AD5320@BY1PR0501MB1381.namprd05.prod.outlook.com> <alpine.GSO.1.10.1510131547130.26829@multics.mit.edu> <BY1PR0501MB13815C096D0BF8D4221E5600D53F0@BY1PR0501MB1381.namprd05.prod.outlook.com> <alpine.GSO.1.10.1510142037140.26829@multics.mit.edu>
In-Reply-To: <alpine.GSO.1.10.1510142037140.26829@multics.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=shraddha@juniper.net;
x-originating-ip: [116.197.184.11]
x-microsoft-exchange-diagnostics: 1; BY1PR0501MB1381; 5:54C2Uc6wZUlC6J1NshUAOhkMKnx6wXFzkG3LY6pO5Sh66AgyfBwfoanIi9OTuZq3q9RrUInDLTvAi5nPCIkHxtY9urlbSku7dAJbHS50DFQF/rz+N6bHmmIUUOdWafuNiNQz04ky7EDCCl9Ps8KSpw==; 24:1fkU41TGp1sthyIWhKmdA91wD505Ed4oNQNFOGKRdyO0NYUxZsRb5PgEGTec3EowFrdIKuEZYWcfeqeM/BaHxJIBeYENFUwzTelrRikVGIk=; 20:GE+lLWJQCh1GiZO8KINLxsbQ7Yk2x84NLwljy+Au58/nNZrWEZnl7EfoWCOV75drshuYIML3GRn5QmglVe37DA==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY1PR0501MB1381;
x-microsoft-antispam-prvs: <BY1PR0501MB13818413438245B63DBF3DD9D53E0@BY1PR0501MB1381.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(240460790083961)(138986009662008)(95692535739014);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(5005006)(8121501046)(3002001); SRVR:BY1PR0501MB1381; BCL:0; PCL:0; RULEID:; SRVR:BY1PR0501MB1381;
x-forefront-prvs: 0730093765
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(377454003)(24454002)(13464003)(189002)(92566002)(66066001)(46102003)(64706001)(81156007)(2900100001)(102836002)(99286002)(33656002)(2171001)(5004730100002)(5001960100002)(105586002)(87936001)(19580395003)(77096005)(93886004)(97736004)(101416001)(106116001)(54356999)(5003600100002)(11100500001)(110136002)(50986999)(5001920100001)(19580405001)(106356001)(74316001)(10400500002)(122556002)(76576001)(5002640100001)(5008740100001)(5007970100001)(76176999)(189998001)(86362001)(2950100001)(5890100001)(230783001)(40100003); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0501MB1381; H:BY1PR0501MB1381.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Oct 2015 04:35:26.1423 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0501MB1381
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/C4FNLdT-VIjqnPxXVnjL_Cl6xDk>
X-Mailman-Approved-At: Thu, 22 Oct 2015 07:18:02 -0700
Cc: "draft-ietf-ospf-node-admin-tag.all@ietf.org" <draft-ietf-ospf-node-admin-tag.all@ietf.org>, "Acee Lindem \(acee\)" <acee@cisco.com>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-ospf-node-admin-tag-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Oct 2015 04:35:48 -0000

Ben,

<... snip to open comments....>
The diagram for the TLV format in Figure 1 still has a 15-bit type and 17-bit length; both should be 16 bits.

<Shraddha> done

> > Similarly, I would find it helpful if there was some text motivating 
> > the "middle patch" mentioned above, towards the beginning of the 
> > technical
> > (non-example) portion of the document.
>
> <Shraddha> I could not get this comment. Could you pls elaborate?

This is related to Alvaro's DISCUSS.  Basically, there is conflict between saying that the interpretation of tag values is entirely local, and imposing restirctions on how the tags should be interpreted.  It is helpful to the reader to discuss why the document does not pick one extreme of completely-local interpretation and a fully specified protocol that dictates the meaning of all tags.  Instead, the document picks something in-between, with tag interpretation mostly a matter of local policy, but some restrictions on their use.  Describing why this choice was made early in the text gives the reader a better picture of what the goals of the protocol are, to better understand the details of the protocol itself.


<Shraddha> Although , the actual values of node admin tags do not need to be standardized and is left to the operator's discretion to allocate values and assign meanings to it, It's necessary to layout certain rules/regulations and guidelines on how the tags can be used and how
they cannot be used. That will help in getting interoperable implementations from vendors and avoid surprises in the field.
For ex:  We have a statement administrative tag order has no meaning. If this document does not specify such a statement, there is every possibility some implementation will have policies that will look at the order in which the tags are encoded. Some other implementation which does not care about the order of the tag might keep changing it at every LSA refresh so it's hard to get them to interoperate.

Added below text in section 3.2.1
" This section describes general rules/ regulations 
and guidelines for using and interpreting an administrative tag which will
 facilitate interoperable implementations by vendors."

Rgds
Shraddha

-----Original Message-----
From: Benjamin Kaduk [mailto:kaduk@MIT.EDU] 
Sent: Thursday, October 15, 2015 6:26 AM
To: Shraddha Hegde <shraddha@juniper.net>
Cc: Acee Lindem (acee) <acee@cisco.com>om>; iesg@ietf.org; secdir@ietf.org; draft-ietf-ospf-node-admin-tag.all@ietf.org
Subject: RE: secdir review of draft-ietf-ospf-node-admin-tag-05

On Wed, 14 Oct 2015, Shraddha Hegde wrote:

>
> I completely missed looking at editorial comments and the diff in 
> previous mail. Sorry about that.
>
> Have taken your changes in the latest version and diff (-06 to -08) 
> attached. Pls take a look.

The new version seems improved; I'll skip line-by-line discussion of the grammar changes since the IESG teleconference call is fast approaching.

The diagram for the TLV format in Figure 1 still has a 15-bit type and 17-bit length; both should be 16 bits.

<Shraddha> done

> Editorial comments:
>
> >
> > I also have some editorial comments unrelated to the secdir review:
> >
> > Section 3.2 reads rather like a jumbled list and could benefit from 
> > some additional structure.
> <Shraddha.>Updated. Pls refer diff.
> >
> > Similarly, I would find it helpful if there was some text motivating 
> > the "middle patch" mentioned above, towards the beginning of the 
> > technical
> > (non-example) portion of the document.
>
> <Shraddha> I could not get this comment. Could you pls elaborate?

This is related to Alvaro's DISCUSS.  Basically, there is conflict between saying that the interpretation of tag values is entirely local, and imposing restirctions on how the tags should be interpreted.  It is helpful to the reader to discuss why the document does not pick one extreme of completely-local interpretation and a fully specified protocol that dictates the meaning of all tags.  Instead, the document picks something in-between, with tag interpretation mostly a matter of local policy, but some restrictions on their use.  Describing why this choice was made early in the text gives the reader a better picture of what the goals of the protocol are, to better understand the details of the protocol itself.


<Shraddha> Although , the actual values of node admin tags do not need to be standardized and is left to the operator's discretion to allocate values and assign meanings to it, It's necessary to layout certain rules/regulations and guidelines on how the tags can be used and how
they cannot be used. That will help in getting interoperable implementations from vendors and avoid surprises in the field.

Added below text in section 3.2.1
" This section describes general rules/ regulations 
and guidelines for using and interpreting an administrative tag which will
 facilitate interoperable implementations by vendors."

> > For a construction as weakly structured as these administrative 
> > tags, preventing any internal structure or dependencies between tags 
> > (as this document attempts to do) seems correct.  However, this 
> > sentiment seems to be expressed differently in several different 
> > places in the document, and it would be good to consolidate and 
> > coordinate them.  In particular, paragraph 3 of section 3.2 
> > explicitly says that tag order has no meaning, but paragraph 4 has the weaker "SHOULD be considered an unordered list".
> > (The word "set" might be appropriate here.)
>
> <shraddha>Below is the latest text. SHOULD is changed to MUST
>
> " Each tag MUST be treated as an independent identifier that MAY be 
> used in policy to perform a policy action. Each tag carried by the 
> administrative tag TLV SHOULD be used to indicate a characteristic of 
> a node that is independent of the characteristics indicated by other 
> administrative tags.
> The administrative tag list within the TLV MUST be considered an 
> unordered list. Whilst policies may be implemented based on the 
> presence of multiple tags (e.g., if tag A AND tag B are present), they 
> MUST NOT be reliant upon the order of the tags (i.e., all policies 
> should be considered commutative operations, such that tag A preceding 
> or following tag B does not change their outcome)."

This seems okay in a quick read, but again, the resolution of Alvaro's DISCUSS will be relevant to this text.

> > Paragraph 7 of section 3.2 seems to be trying to say that the 
> > administrative tags must indicate inherent or administratively 
> > configured properties of a node and must not be used to convey 
> > attributes of the routing topology.  (The word "tie" seems 
> > insufficiently clear.)
>
> <Shraddha>Changed to text below.
>
> "Being part of the RI LSA, the per-node administrative tag TLV must be 
> reasonably small and stable. In particular, but not limited to, 
> implementations supporting per-node administrative tags MUST NOT be 
> used to convey attributes of the routing topology or associate tags 
> with changes in the network topology (both within and outside the OSPF 
> domain) or reachability of routes."

That's an improvement, thanks.  ("but not limited to" is still bad grammar, but the best fix is not immediately obvious.)

> > The last paragraph of section 3.2 could probably be written more clearly.
> > In particular, "in any instance of the RI-LSA" is not entirely clear 
> > to me (but then again, I don't really understand how LSAs normally 
> > work).  Is it enough to just say that implementations MUST detect 
> > when the administrative tags associated with a given node change, 
> > and update their state accordingly?
> >
> <Shraddha> hope this issue is resolved in other mail thread.

I think so, yes.

-Ben