Re: [secdir] Adrian Farrel's Discuss on draft-ietf-ippm-rt-loss-03: (with DISCUSS and COMMENT): new (temp) draft?
Benoit Claise <bclaise@cisco.com> Wed, 11 April 2012 12:28 UTC
Return-Path: <bclaise@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B310211E808F; Wed, 11 Apr 2012 05:28:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.261
X-Spam-Level:
X-Spam-Status: No, score=-2.261 tagged_above=-999 required=5 tests=[AWL=-0.262, BAYES_00=-2.599, J_CHICKENPOX_21=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id myhssLoKLTto; Wed, 11 Apr 2012 05:28:22 -0700 (PDT)
Received: from av-tac-bru.cisco.com (weird-brew.cisco.com [144.254.15.118]) by ietfa.amsl.com (Postfix) with ESMTP id B831021F8650; Wed, 11 Apr 2012 05:28:21 -0700 (PDT)
X-TACSUNS: Virus Scanned
Received: from strange-brew.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-bru.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id q3BCSIE7004402; Wed, 11 Apr 2012 14:28:18 +0200 (CEST)
Received: from [10.60.67.85] (ams-bclaise-8914.cisco.com [10.60.67.85]) by strange-brew.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id q3BCSEwG024638; Wed, 11 Apr 2012 14:28:15 +0200 (CEST)
Message-ID: <4F8578DE.1020808@cisco.com>
Date: Wed, 11 Apr 2012 14:28:14 +0200
From: Benoit Claise <bclaise@cisco.com>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: afarrel@juniper.net, 'Al Morton' <acmorton@att.com>
References: <20120406144445.4188.3196.idtracker@ietfa.amsl.com> <201204061553.q36FrBRV007699@alpd052.aldc.att.com> <07e001cd14e0$41b408c0$c51c1a40$@olddog.co.uk> <201204080018.q380I1VK007743@alpd052.aldc.att.com> <099701cd15b1$fc18c990$f44a5cb0$@olddog.co.uk> <201204091344.q39Di1rK002725@alpd052.aldc.att.com> <0bea01cd168a$7ed8ae80$7c8a0b80$@juniper.net>
In-Reply-To: <0bea01cd168a$7ed8ae80$7c8a0b80$@juniper.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Wed, 11 Apr 2012 05:30:38 -0700
Cc: secdir@ietf.org, Wesley Eddy <wes@mti-systems.com>, "'Murphy, Sandra'" <Sandra.Murphy@sparta.com>, 'Samuel Weiler' <weiler@watson.org>, ippm-chairs@tools.ietf.org, 'The IESG' <iesg@ietf.org>, adrian@olddog.co.uk, 'Dan Frost' <danfrost@cisco.com>, draft-ietf-ippm-rt-loss@tools.ietf.org
Subject: Re: [secdir] Adrian Farrel's Discuss on draft-ietf-ippm-rt-loss-03: (with DISCUSS and COMMENT): new (temp) draft?
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Apr 2012 12:28:22 -0000
Al, Wes I want to review this draft before the IESG telechat tomorrow. However, it's getting difficult to keep track of the all the changes between - the posted version 3 - the diff-03-04 you sent - the extra proposal. What is the best way to proceed? - Al, have you kept a temp version with all the changes? - Are we shooting for "revised-ID" at the telechat? I could start my review from there - Do we want to have a version 4 posted now? What is the best way to proceed? Regards, Benoit. > Al, > > As always, a reasoned response from you. > > A > >> -----Original Message----- >> From: Al Morton [mailto:acmorton@att.com] >> Sent: 09 April 2012 14:45 >> To: adrian@olddog.co.uk; 'Samuel Weiler'; 'The IESG' >> Cc: secdir@ietf.org; 'Murphy, Sandra'; 'Dan Frost'; > ippm-chairs@tools.ietf.org; >> draft-ietf-ippm-rt-loss@tools.ietf.org >> Subject: RE: Adrian Farrel's Discuss on draft-ietf-ippm-rt-loss-03: (with > DISCUSS >> and COMMENT) >> >> Hi Adrian, >> >> Thanks for clearing your DISCUSS. As always, the memo reads better >> owing to your efforts, and those of Dan and Sandra. >> >> Here's what I added in section 4.4, with supporting modifications >> elsewhere: >> >> We add the following guidance regarding the responder process to >> "send a Type-P packet back to the Src as quickly as possible". >> >> A response that was not generated within Tmax is inadequate for any >> realistic test, and the Src will discard such responses. A responder >> that serves typical round-trip loss testing (which is relevant to >> higher-layer application performance) SHOULD produce a response in 1 >> second or less. A responder that is unable to satisfy this >> requirement SHOULD log the fact so that an operator >> can adjust the load and priorities as necessary. Analysis of >> responder time-stamps [RFC5357] that finds responses are not >> generated in a timely fashion SHOULD result in operator notification, >> and the operator SHOULD suspend tests to the responder since it may >> be overloaded. Additional measurement considerations are described in >> Section 8, below. >> >> Ciao, >> Al >> >> >> At 02:04 PM 4/8/2012, Adrian Farrel wrote: >>> Hello Al, >>> >>>>>> Although IPPM has never formalized a strategy, we have been repeating >>>>>> security material in metrics RFCs. This allows new folks to read >>>>>> and improve the text, rather than be referred to a fixed reference. >>>>>> It seems to work. >>>>> I can see how that would lead to the verbatim reproduction of >>> text. I have no >>>>> problem with that per se, but I worry that the process has >>> become formulaic >>>>> without any new consideration of security for the specific >>> document in hand. >>>>> If you tell me that this is adequate for this document and no >>> refinement is >>>>> needed in this case, I will clear and let the Security ADs and >>>>> Directorate worry >>>>> about the security details. >>>> I think it is. We are essentially conducting a two-way version of RFC 2680 >>>> (one-way loss), so all the same considerations apply. We have exposure in >>>> two (possibly different) paths, but the threats are the same. >>> OK. I cleared my Discuss. >>> >>>>>>>> 1. The phrase "as immediately as possible" that appears a couple > of >>>>>>>> times in the text (and that seems to originate in RFC >>> 5357) is a bit >>>>>>>> unfortunate. "Immediately" or "as quickly as possible" are > better. >>>>>> This odd turn of phrase resulted from many hours of discussion >>>>>> dating back to TWAMP's development. We wear the scar proudly. >>>>> Well, this is only a Comment, and you do not have to address it, but "as >>>>> immediately as possible" is hogwash. It is a butchery of the >>>>> language and means >>>>> nothing! >>>>> >>>>> In fact, and as a general principle of writing standards, even >>> "as quickly as >>>>> possible" would be poor. The English would be fine, but it is a > subjective >>>>> statement against which conformance cannot be measured. >>>> Under typical protocol development circumstances, we could write a >>>> real requirement: >>>> The response MUST be prepared and sent on the wire in<X seconds. >>>> >>>> But that's not the case here. Instead we have desire that the response >>>> will be sent immediately, yet we understand that measurement systems will: >>>> >>>> - occasionally execute higher priority processes that delay the response >>>> (processing routing updates comes to mind) >>>> - carry 2 time stamps that allow the tester to determine if the response >>>> was generated fast enough for the intended purpose >>>> - serve purposes with greater or lesser need for immediacy >>>> - either meet the variable needs for measurement immediacy or not, and >>>> this is a judgement that can be made on each and every >>> measurement packet >>>> Is it useful to explain some/all of this in the memo? >>> I don't think so. I would just fix the text to say what you mean! >>> >>> I found key text in your mail to be: >>> >>>> allow the tester to determine if the response >>>> was generated fast enough for the intended purpose >>> Surely it is not enough to have the tester discard all response because they >>> were not fast enough. Surely it is a good idea to give *meaningful* advice to >>> the responder about how to respond so that the response is "fast >>> enough for the >>> intended purpose." >>> >>> Clearly "immediately" is not what is meant since it is allowed for >>> this to be a >>> background process. So perhaps the correct thing to do is warn the >> implementer >>> of the responder about the expectations of the tester. Something like: >>> >>> A tester will normally find that a response that was not generated within 3 >>> weeks is inadequate for the purposes of a realistic test and will discard > such >>> responses. Therefore, a responder needs to ensure that at least 67.2% of >>> responses are generated within 1 hour of receiving the request. A >>> responder that >>> is unable to satisfy this requirement SHOULD log the fact so that an operator >>> can adjust the load and priorities as necessary. A tester that finds that >>> responses regularly are not generated in a timely fashion SHOULD notify the >>> operator that the responder is compromising the tests, and SHOULD suspend >>> sending requests to the responder since it is clearly overloaded. >>> >>> >>> Ciao, >>> Adrian >
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Al Morton
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Adrian Farrel
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Al Morton
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Adrian Farrel
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Al Morton
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Adrian Farrel
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Benoit Claise
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Wesley Eddy
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Murphy, Sandra
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Stephen Farrell
- Re: [secdir] Adrian Farrel's Discuss on draft-iet… Al Morton