Re: [secdir] secdir re-review of draft-ietf-mpls-residence-time-14
Greg Mirsky <gregimirsky@gmail.com> Tue, 07 March 2017 17:34 UTC
Return-Path: <gregimirsky@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8913B1295C8; Tue, 7 Mar 2017 09:34:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 86ciFKZZDXNT; Tue, 7 Mar 2017 09:34:26 -0800 (PST)
Received: from mail-oi0-x22e.google.com (mail-oi0-x22e.google.com [IPv6:2607:f8b0:4003:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF8441295D5; Tue, 7 Mar 2017 09:34:26 -0800 (PST)
Received: by mail-oi0-x22e.google.com with SMTP id 126so5398350oig.3; Tue, 07 Mar 2017 09:34:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=mfS3EK+Hyl81XzCkvIwECThSQ/IVI5phyx+1KXhCZWs=; b=q0EU9TWn7UInuAVSoFntHEwN9oN5MY631p3Ia9EHPw/Ha9KD/Y3WiD+aHB/9rsw78P QYPm1uI3Vswx7aUSs+W1/lYNkT2BFP36xedJBwCFzHQd56ZXCvr9+dCrdTe9mPFMjb1m HXCPwGOiXAZD8YEq2SPl+JxaeEczWD78g3RkKhWUUgRXwpxyb0bGMdfowPe5434oCVgO RFHffcBEs5q0Y4CU0U5lrJUnHCLUR9QX9q+vNmSdeUlWuaDRHPh4L+E0dB+kW3dgXRnP 1Sk/DzemLK4I92cL1NDwgoCVI8mH+JpHwOvFjP3SplRrKU45wISsldct0ZgCxD5dn4ew M0Bg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=mfS3EK+Hyl81XzCkvIwECThSQ/IVI5phyx+1KXhCZWs=; b=CeAlgCh+T+RvgBAqyiGgmL7aZGhVavGjN4DNpXzGhnUoIYu08PhCFfe8MLAqVI9+dc NvFZ2NoExgZ4xrI6OtvkL35DH477JMNPdm2LD7P7LCRJ8m9g3wIqwOJb5aJpqeeBeTM8 L6UbtRPXkDX3xsyRxLPOF0JYCMriHpY2XTNP9v8huk46WzG0rdosjHK2srnklbaS2/sl 4b8AMgd9lYCpWZ3G0XgVtqF8raYo85vmMvwhvXYNZn4ZwHYQ1JO+qmvwlrhiA0JIGvtu c6f54H/qenSorVo+7uQcLDjNkOiSR7iX2Dxvn34MFV5sMPw4wFoFBUu1WJttj0JnWmZD eHyg==
X-Gm-Message-State: AMke39n4EqTudhrlWG0+wr1PG0oWVgd9+a06PL6gXRvUtM7WekMr69lZtgUMYSFI2R4GL60tHk/wZYUFTHRunw==
X-Received: by 10.202.79.13 with SMTP id d13mr881096oib.167.1488908066092; Tue, 07 Mar 2017 09:34:26 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.21.21 with HTTP; Tue, 7 Mar 2017 09:34:25 -0800 (PST)
In-Reply-To: <20170301222133.GH30306@kduck.kaduk.org>
References: <20170301222133.GH30306@kduck.kaduk.org>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Tue, 07 Mar 2017 09:34:25 -0800
Message-ID: <CA+RyBmUG_VLoRCaSy4dxYSbxLTRxEm5qk=F-9-QLP3o-eXktNQ@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Content-Type: multipart/alternative; boundary="001a113d80986218fb054a276c61"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/IKwipcvvrrrKvo7Ke-L8NvvjzrI>
Cc: draft-ietf-mpls-residence-time.all@ietf.org, "iesg@ietf.org" <iesg@ietf.org>, secdir@ietf.org
Subject: Re: [secdir] secdir re-review of draft-ietf-mpls-residence-time-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Mar 2017 17:34:28 -0000
Hi Ben, et.al, many thanks for your the most thorough review, helpful comments and patience. I've uploaded the new version of the draft that includes all changes we've discussed and your editorial recommendations. Hope I haven't missed any of them. Regards, Greg On Wed, Mar 1, 2017 at 2:21 PM, Benjamin Kaduk <kaduk@mit.edu> wrote: > I previously reviewed the -12 > (https://www.ietf.org/mail-archive/web/secdir/current/msg07110.html); > the -14 seems much improved. On this re-read, I have a better sense > of how the various TLVs and sub-TLVs fit together to achieve the > goal of having the RTM-capable nodes identify each other and > collaborate to account for residence time when processing timing > packets. > > I have no security concerns with the document, as the updated > security considerations address the concerns previously raised. > > However, there are a couple of issues that should probably block > publication (but ought to be easy to resolve): > > Figure 7 appears to only be 31 bits wide, not 32 -- 'Type' is 7 > bits, 'Length' 8, 'I' 1, and 'Reserved' 15. Presumably Type is > intended to be the full 8 bits, given the assigned values in the > registry. > > On page 16, second paragraph: > > The ingress node MAY inspect the I bit flag received in each RTM_SET > TLV contained in the LSP_ATTRIBUTES object of a received Resv > message. Presence of the RTM_SET TLV with I bit field set to 1 > indicates that some RTM nodes along the LSP could be included in the > calculation of the residence time. An ingress node MAY choose to > resignal the LSP to include all RTM nodes or simply notify the user > via a management interface. > > Is that supposed to be "included" or "excluded"? My reading of the > previous paragraph was that the I bit would be set when a node > failed to compute the next RTM-capable node along the path, and of > course, we expect normal operation to include the residence time for > all RTM-capable nodes, so signalling potential inclusion is odd. > > > I'll close off this review by noting that sections 4.3 through 4.6 > seem to all talk about how to use other protocols to indicate that > RTM may be used and could perhaps be grouped into an intermediate > subsection, wondering whether the "Type" and "Length" fields in > Figure 2 are the same octets of the packet as in Figure 1, and > repeating my as-yet unfulfilled intention to send further minor > editorial patches to the authors. > > -Ben >
- [secdir] secdir re-review of draft-ietf-mpls-resi… Benjamin Kaduk
- Re: [secdir] secdir re-review of draft-ietf-mpls-… Greg Mirsky
- Re: [secdir] secdir re-review of draft-ietf-mpls-… Benjamin Kaduk
- Re: [secdir] secdir re-review of draft-ietf-mpls-… Greg Mirsky