IETF Logo Mail Archive

Re: [secdir] Adrian Farrel's Discuss on draft-ietf-ippm-rt-loss-03: (with DISCUSS and COMMENT)

Al Morton <acmorton@att.com> Mon, 09 April 2012 13:44 UTC

Return-Path: <acmorton@att.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA6A421F8730; Mon, 9 Apr 2012 06:44:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.463
X-Spam-Level:
X-Spam-Status: No, score=-102.463 tagged_above=-999 required=5 tests=[AWL=-0.667, BAYES_00=-2.599, MSGID_FROM_MTA_HEADER=0.803, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IJJYQa84N+Ew; Mon, 9 Apr 2012 06:44:41 -0700 (PDT)
Received: from nbfkord-smmo06.seg.att.com (nbfkord-smmo06.seg.att.com [209.65.160.94]) by ietfa.amsl.com (Postfix) with ESMTP id 000F321F872D; Mon, 9 Apr 2012 06:44:40 -0700 (PDT)
Received: from unknown [144.160.20.145] (EHLO mlpd192.enaf.sfdc.sbc.com) by nbfkord-smmo06.seg.att.com(mxl_mta-6.11.0-8) over TLS secured channel with ESMTP id 8c7e28f4.0.217180.00-413.574673.nbfkord-smmo06.seg.att.com (envelope-from <acmorton@att.com>); Mon, 09 Apr 2012 13:44:41 +0000 (UTC)
X-MXL-Hash: 4f82e7c963cf6b99-077fb75ad523a386d37f952ba8e964db280c505b
Received: from enaf.sfdc.sbc.com (localhost.localdomain [127.0.0.1]) by mlpd192.enaf.sfdc.sbc.com (8.14.5/8.14.5) with ESMTP id q39DieeX031645; Mon, 9 Apr 2012 09:44:40 -0400
Received: from sflint02.pst.cso.att.com (sflint02.pst.cso.att.com [144.154.234.229]) by mlpd192.enaf.sfdc.sbc.com (8.14.5/8.14.5) with ESMTP id q39DiZEv031630 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 9 Apr 2012 09:44:36 -0400
Received: from alpd052.aldc.att.com (alpd052.aldc.att.com [130.8.42.31]) by sflint02.pst.cso.att.com (RSA Interceptor); Mon, 9 Apr 2012 09:44:12 -0400
Received: from aldc.att.com (localhost.localdomain [127.0.0.1]) by alpd052.aldc.att.com (8.14.4/8.14.4) with ESMTP id q39DiBEW003302; Mon, 9 Apr 2012 09:44:12 -0400
Received: from dns.maillennium.att.com (dns.maillennium.att.com [135.25.114.99]) by alpd052.aldc.att.com (8.14.4/8.14.4) with ESMTP id q39Di1hp002727; Mon, 9 Apr 2012 09:44:01 -0400
Message-Id: <201204091344.q39Di1hp002727@alpd052.aldc.att.com>
Received: from acmt.att.com (dn135-16-251-71.dhcpn.ugn.att.com[135.16.251.71](misconfigured sender)) by maillennium.att.com (mailgw1) with SMTP id <20120409134102gw1004or3be>; Mon, 9 Apr 2012 13:41:03 +0000
X-Originating-IP: [135.16.251.71]
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Mon, 09 Apr 2012 09:45:09 -0400
To: adrian@olddog.co.uk, 'Samuel Weiler' <weiler@watson.org>, 'The IESG' <iesg@ietf.org>
From: Al Morton <acmorton@att.com>
In-Reply-To: <099701cd15b1$fc18c990$f44a5cb0$@olddog.co.uk>
References: <20120406144445.4188.3196.idtracker@ietfa.amsl.com> <201204061553.q36FrBRV007699@alpd052.aldc.att.com> <07e001cd14e0$41b408c0$c51c1a40$@olddog.co.uk> <201204080018.q380I1VK007743@alpd052.aldc.att.com> <099701cd15b1$fc18c990$f44a5cb0$@olddog.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-RSA-Action: allow
X-Spam: [F=0.2000000000; CM=0.500; S=0.200(2010122901)]
X-MAIL-FROM: <acmorton@att.com>
X-SOURCE-IP: [144.160.20.145]
X-AnalysisOut: [v=1.0 c=1 a=dit6Jc5sqrAA:10 a=ZswZ2TFLv48A:10 a=ofMgfj31e3]
X-AnalysisOut: [cA:10 a=BLceEmwcHowA:10 a=kj9zAlcOel0A:10 a=ZRNLZ4dFUbCvG8]
X-AnalysisOut: [UMqPvVAA==:17 a=qC9bzmnWH6raC_HTLtwA:9 a=x26R20QU5c1DXOaTW]
X-AnalysisOut: [ZEA:7 a=CjuIK1q_8ugA:10 a=O1HhnQeX7jb0MREE:21 a=syYVULWv_0]
X-AnalysisOut: [LOc0yk:21]
Cc: ippm-chairs@tools.ietf.org, draft-ietf-ippm-rt-loss@tools.ietf.org, 'Dan Frost' <danfrost@cisco.com>, "'Murphy, Sandra'" <Sandra.Murphy@sparta.com>, secdir@ietf.org
Subject: Re: [secdir] Adrian Farrel's Discuss on draft-ietf-ippm-rt-loss-03: (with DISCUSS and COMMENT)
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Apr 2012 13:44:42 -0000

Hi Adrian,

Thanks for clearing your DISCUSS. As always, the memo reads better
owing to your efforts, and those of Dan and Sandra.

Here's what I added in section 4.4, with supporting modifications
elsewhere:

We add the following guidance regarding the responder process to
"send a Type-P packet back to the Src as quickly as possible".

A response that was not generated within Tmax is inadequate for any 
realistic test, and the Src will discard such responses. A responder 
that serves typical round-trip loss testing (which is relevant to 
higher-layer application performance) SHOULD produce a response in 1 
second or less. A responder that is unable to satisfy this 
requirement SHOULD log the fact so that an operator
can adjust the load and priorities as necessary. Analysis of 
responder time-stamps [RFC5357] that finds responses are not 
generated in a timely fashion SHOULD result in operator notification, 
and the operator SHOULD suspend tests to the responder since it may 
be overloaded. Additional measurement considerations are described in 
Section 8, below.

Ciao,
Al


At 02:04 PM 4/8/2012, Adrian Farrel wrote:
>Hello Al,
>
> > > > Although IPPM has never formalized a strategy, we have been repeating
> > > > security material in metrics RFCs. This allows new folks to read
> > > > and improve the text, rather than be referred to a fixed reference.
> > > > It seems to work.
> > >
> > >I can see how that would lead to the verbatim reproduction of 
> text. I have no
> > >problem with that per se, but I worry that the process has 
> become formulaic
> > >without any new consideration of security for the specific 
> document in hand.
> > >
> > >If you tell me that this is adequate for this document and no 
> refinement is
> > >needed in this case, I will clear and let the Security ADs and
> > >Directorate worry
> > >about the security details.
> >
> > I think it is. We are essentially conducting a two-way version of RFC 2680
> > (one-way loss), so all the same considerations apply. We have exposure in
> > two (possibly different) paths, but the threats are the same.
>
>OK. I cleared my Discuss.
>
> > > > > > 1. The phrase "as immediately as possible" that appears a couple of
> > > > > > times in the text (and that seems to originate in RFC 
> 5357) is a bit
> > > > > > unfortunate.  "Immediately" or "as quickly as possible" are better.
> > > >
> > > > This odd turn of phrase resulted from many hours of discussion
> > > > dating back to TWAMP's development.  We wear the scar proudly.
> > >
> > >Well, this is only a Comment, and you do not have to address it, but "as
> > >immediately as possible" is hogwash. It is a butchery of the
> > >language and means
> > >nothing!
> > >
> > >In fact, and as a general principle of writing standards, even 
> "as quickly as
> > >possible" would be poor. The English would be fine, but it is a subjective
> > >statement against which conformance cannot be measured.
> >
> > Under typical protocol development circumstances, we could write a
> > real requirement:
> >          The response MUST be prepared and sent on the wire in <X seconds.
> >
> > But that's not the case here.  Instead we have desire that the response
> > will be sent immediately, yet we understand that measurement systems will:
> >
> >   - occasionally execute higher priority processes that delay the response
> >     (processing routing updates comes to mind)
> >   - carry 2 time stamps that allow the tester to determine if the response
> >     was generated fast enough for the intended purpose
> >   - serve purposes with greater or lesser need for immediacy
> >   - either meet the variable needs for measurement immediacy or not, and
> >     this is a judgement that can be made on each and every 
> measurement packet
> >
> > Is it useful to explain some/all of this in the memo?
>
>I don't think so. I would just fix the text to say what you mean!
>
>I found key text in your mail to be:
>
> >     allow the tester to determine if the response
> >     was generated fast enough for the intended purpose
>
>Surely it is not enough to have the tester discard all response because they
>were not fast enough. Surely it is a good idea to give *meaningful* advice to
>the responder about how to respond so that the response is "fast 
>enough for the
>intended purpose."
>
>Clearly "immediately" is not what is meant since it is allowed for 
>this to be a
>background process. So perhaps the correct thing to do is warn the implementer
>of the responder about the expectations of the tester. Something like:
>
>A tester will normally find that a response that was not generated within 3
>weeks is inadequate for the purposes of a realistic test and will discard such
>responses. Therefore, a responder needs to ensure that at least 67.2% of
>responses are generated within 1 hour of receiving the request. A 
>responder that
>is unable to satisfy this requirement SHOULD log the fact so that an operator
>can adjust the load and priorities as necessary. A tester that finds that
>responses regularly are not generated in a timely fashion SHOULD notify the
>operator that the responder is compromising the tests, and SHOULD suspend
>sending requests to the responder since it is clearly overloaded.
>
>
>Ciao,
>Adrian

v2.23.0 | Report a Bug | By Email