Re: [secdir] draft-ietf-bess-multicast-damping-04 SECDIR Review
Donald Eastlake <d3e3e3@gmail.com> Tue, 10 May 2016 19:12 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62DC612D616; Tue, 10 May 2016 12:12:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.45
X-Spam-Level:
X-Spam-Status: No, score=-2.45 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2ld07tb8biN0; Tue, 10 May 2016 12:12:03 -0700 (PDT)
Received: from mail-oi0-x232.google.com (mail-oi0-x232.google.com [IPv6:2607:f8b0:4003:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E42612D85A; Tue, 10 May 2016 12:12:02 -0700 (PDT)
Received: by mail-oi0-x232.google.com with SMTP id k142so32076896oib.1; Tue, 10 May 2016 12:12:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=JYkS62+QkwCcXEEw4O17mCPxkcmiaui538XFF04QV8M=; b=lc4FsQxcBKlXRrxBHJxf2PdkntQnVkN3EPRqIskAcyMhDowrgRnrbQ5dnufVPWKRAP vIJWYOCTS5cYsxzB2fsKQ27lBcK83UoRjT4MGXOWdIr3Xa7/QFsyTSet8+aHCJy4G8je xnmyLBXNdi+cabe0zwYikiAANb9iBr4BuUXzeqqXzg2jKlZLeeI7cpmmKrijuxqYMwrC INgvDhwZUauTLSmkSF0qBurI1CmlJiYZPfHDa/CfR0wqhMjhFC3sguMQWx5mq1t0YtDg 9VuWflYxT7CEaAvO+fxqqQISEJEKm4DHR0vmQIaEJYdVL56aCNBXopFyofcf/pLINSLM 62NQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=JYkS62+QkwCcXEEw4O17mCPxkcmiaui538XFF04QV8M=; b=eoGrk8rleqVxq3bWBZkIboyWG8dx+VOLu/bbB5JwZHkgjRL6QFbEbfRgx3ywo4VTc3 2+ZE0UP+U8caSDY9243HyXr298oO52zeNgUukOoK3zkTXr41xl0NhNyMbklxMc2XQjDv vZO46xop9YTfmEQeceNJA9Eqku2Py4qgEMwxEuTLFPVmcOnaZ3jLYN2dyltw4s9DTaa9 4oNqCgBz2WYKkqt4vUTqIBI6CX7aQiYoBX6hvhC4T3kGMjiuG+Hhbs4mH/htjrK06arO QZUyU878DvnxOWMUdwPh6nI1rzgIbTO2sARaKCVzZFc/B7D27jpHjltfc2/elzuq4bhV cYzw==
X-Gm-Message-State: AOPr4FUyuYxsbUeTUjQ4kcwLCrsItKL67bXswKCPhNMoaKFSfFxrxQVpINItXPLX6g9tzJGda4UFDUuZ9trbAA==
X-Received: by 10.202.228.2 with SMTP id b2mr18617676oih.81.1462907522204; Tue, 10 May 2016 12:12:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.22.216 with HTTP; Tue, 10 May 2016 12:11:47 -0700 (PDT)
In-Reply-To: <5729B602.2040004@orange.com>
References: <CAF4+nEGuRSm0zQCj44TEAu3h7KbbXj+MiOQqgJ7c4sHMKHooLw@mail.gmail.com> <5729B602.2040004@orange.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Tue, 10 May 2016 15:11:47 -0400
Message-ID: <CAF4+nEH2Ho07NV+XMb84o4_TZs_+1kZ2XX=9vQnUMRGDQOhBSw@mail.gmail.com>
To: Thomas Morin <thomas.morin@orange.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/HAXgZT-OwWFY82sJ9KZqIGO0Wwg>
Cc: draft-ietf-bess-multicast-damping.all@ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] draft-ietf-bess-multicast-damping-04 SECDIR Review
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2016 19:12:05 -0000
Hi, Thanks for the changes. This resolves my technical and editorial comments. I also have one response at the end below which is unlikely to be of interest to most people. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com On Wed, May 4, 2016 at 4:42 AM, Thomas Morin <thomas.morin@orange.com> wrote: > Hi Donald, > > 2016-04-27, Donald Eastlake: > > > The feature specified in this document is aimed at limiting one type of > denial of service, or at least at interference to some users by others: > denial or interference due to excessive control plane traffic due to a high > rate of multicast group membership change. Still, it makes me a bit queasy > that the document has not one word, even by reference, about security for > the setting or changing of the parameters used at a node in the damping > algorithm. > > > The document does not introduce a new way of controlling parameters on a > router; so in this regard it does not introduces a new security issue. > But of course, I agree letting an attacker control configuration can lead to > much havoc ; again, nothing specific to these specs. > > I suppose it is reasonable that it doesn't talk about how any of the control > messages involved are protected or authenticated since the document is just > about suppressing such messages... > > > Yes, precisely. > > > The Security Considerations section has a reasonable discussion of how and > to what extent the mechanisms specified provide the services claimed. > > > Page 15, Section 9 (Security Considerations), 1st paragraph starting on this > page: There are a number of things wrong with the following sentence: > > Note well that the two > mechanism may interact: state for which Prune has been requested may > still remain taken into account for some time if damping has been > triggered and hence result in otherwise acceptable new state from > being successfully created. > > I would guess it should be "result in preventing otherwise" or should end > with "state not being successfully created". Here is a suggested > replacement: > > The two mechanisms may interact as follows: if damping has > > been triggered, state for which Prune has been requested may remain > > and still be taken into account for some time resulting in an > > otherwise acceptable new state not being created. > > > Your replacement text is much better, and will be incorporated in next > revision. > Thanks. > > > Editorial: > > This document is very heavy with acronymic jargon with no expansion or > definition in this document. However, most of it is defined in other RFCs > that are referenced. > > Although I am willing to accept that it is just a matter of style, this > document has lots of extra words that add nothing but verbosity. Things that > could be completely dropped with no loss, like starting a sentence with > "Additionally, it is worth nothing that ...". If it wasn't worth noting, it > presumably wouldn't be in the document. > > > Your style suggestions are appreciated. > In some cases, I'd keep the original formulation (see below), but I'd take > your suggestions in others. > > > Page 4, Section 3, 3rd paragraph: "...this technique will allow to meet the > goals..." -> "...this technique will meet the goals..." > > > Ok. > > > Page 12, Section 7.2: "More specifically it is RECOMMENDED to complement the > existing ... (e.g. MRIB states): ..." -> "Complementing the existing ... > (e.g. MRIB states) is RECOMMENDED: ..." > > > Done. > > > Page 13, Section 7.3, 2nd paragraph: What does "dimentioning" mean? > > > Corrected already based on OPS review. That should be 'dimensioning'. > > Also "...state churn to go beyond what..." -> "...state churn going beyond > what..." > > > Ok. > > > > Page 14, Section 9, 3rd paragraph: The word "shall" is used. While not > capitalized, this word sounds quite mandatory to me but it is not used in a > mandatory requirement context... I suggest "shall rely upon" -> "relies on". > > > Ok. > > Page 15, near the top: "should rely upon already" -> "should use already" > > > Ok. > > > Finally, while I understand that others have a different opinion, I find it > objectionable that not a single first page author is willing to list a > telephone number of any sort in the Authors' Addresses section. To my mind, > this sort of corner cutting does not speak well for the document. > > > I'm honestly surprised that someone finds these phone numbers in IETF specs > ! I am not going to engage in a conversation about this but I will respond once. > If someone wants to contacts authors of a spec, he's much more likely to > succeed with email, not only because it can talk to all of them at the same > time. I agree it is convenient to have email addresses if you with to shotgun a query to all the authors. I have not suggested leaving out email addresses. > I have a reasonable filter on my email for spam/commercial sollicitations, > but not on my phone lines; this is a strong obstacle to providing phone > numbers in the wild. Most IETF participants can easily list a main number for a sponsor which is, in effect, filtered. In any case, experience show this is not a problem. > Emails can also be slightly more stable than phone numbers. Any of the three types of pointers can, in some cases, be much more stable than the other two. Direct pointers for an individual can change asynchronously from those via a sponsor. Of the three types of information, any one could, in a particular case change more rapidly than the others. It is more robust to list all three. > Last, if voice can end up being useful for some exchange, I think it is > likely that time will have to be coordinated in advance via email -- the > actual phone number to use can be provided at this time, and may end up > being the more convenient phone number among a few possible ones, a confcall > bridge or a login on video chat system... You seem to keep falsely implying I asked for email addresses to be left out. I didn't. > So we aren't "cutting corners". > I think it simply reflects the reality that this is an obsolete practice. > In fact, I would suggest removing the postal address as well. Sure you are. You are trying to get by with the minimal author address information you can get away with. It's not hard to include a bit more. So when I see this, I wonder what other corners have been cut. But, not to worry, I'm pretty sure you will find your opinion on this being backed up by the IAB and IESG. > Thanks for your comments, > -Thomas
- [secdir] draft-ietf-bess-multicast-damping-04 SEC… Donald Eastlake
- Re: [secdir] draft-ietf-bess-multicast-damping-04… Thomas Morin
- Re: [secdir] draft-ietf-bess-multicast-damping-04… Donald Eastlake