[Sidrops] Roman Danyliw's Discuss on draft-ietf-sidrops-8210bis-08: (with DISCUSS and COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Tue, 14 June 2022 02:00 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: sidrops@ietf.org
Delivered-To: sidrops@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 590A9C15AE2C; Mon, 13 Jun 2022 19:00:19 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-sidrops-8210bis@ietf.org, sidrops-chairs@ietf.org, sidrops@ietf.org, morrowc@ops-netman.net, morrowc@ops-netman.net
X-Test-IDTracker: no
X-IETF-IDTracker: 8.3.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <165517201935.45433.15262387673481973752@ietfa.amsl.com>
Date: Mon, 13 Jun 2022 19:00:19 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/Jnu_PqHEDK5EyAipT66lgeWqoLQ>
Subject: [Sidrops] Roman Danyliw's Discuss on draft-ietf-sidrops-8210bis-08: (with DISCUSS and COMMENT)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2022 02:00:19 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-sidrops-8210bis-08: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-8210bis/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- ** Section 5.11 The diagnostic text is optional; if not present, the Length of Error Text field MUST be zero. If error text is present, it MUST be a string in UTF-8 encoding (see [RFC3629]). How does the protocol convey the language the diagnostic text? Per Section 4.2 of BCP 18, “[p]rotocols that transfer text MUST provide for carrying information about the language of that text.” I appreciate that this behavior in v2 comes from v1 and v0. How was it handled previously? ** Section 7. The guidance on error reporting seems inconsistent. (a) Section 5.11 says “If error text is present, it MUST be a string in UTF-8 encoding” (b) Section 7 says “in which case the Arbitrary Text field of the ERROR Report PDU MUST be a list of one octet binary integers indicating the version numbers the cache supports.” The text in (b) seems to be describing an encoding inconsistent with the guidance in (a). ** Section 9. Use of TCP MD5. It is expected that, when the TCP Authentication Option (TCP-AO) [RFC5925] is available on all platforms deployed by operators, it will become the mandatory-to-implement transport. … * Caches and routers MAY use TCP MD5 transport [RFC5925] using the rpki-rtr port. Note that TCP MD5 has been obsoleted by TCP-AO [RFC5925]. The above text comes from RFC6810 (2013), repeated again in RFC8210 (2017) and stated here (2022). Why isn’t it appropriate 9 years later to drop support for TCP MD5 in v2? Can the operational considerations preventing older platforms from staying with v1 be explained? If there was a compelling operational reason, could the text be rewritten to the effect of “TCP MD5 SHOULD NOT be used unless TLS, IPSec and SSH are NOT supported.” ** Section 9. Per the TLS guidance, is there a reason why conformance to RFC7525 or draft-ietf-uta-rfc7525bis-07 cannot be required to ensure modern version of TLS and secure ciphersuites. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ** Relationship with RFC8210. I support Martin Duke's DISCUSS. -- The abstracts says “This document updates and replaces RFC 8210.” When I read “replaces”, I took that to mean that RFC8210 is obsoleted by this document. -- Section 1 says “This document updates [RFC8210].” I found that confusing because I don’t see how I need to read this document to implement v1 of the protocol. I was under the impression this was v2, something stand-alone. ** Section 4. Per “It is configured with a semi-ordered list of caches …”, what kind of data structure is “semi-ordered”? Is this a priority list? ** Section 4. ... servers' clocks MUST be correct to a tolerance of approximately an hour. How does an implementer reconcile the strict “MUST” guidance of “approximately an hour” and still ensure interoperability? What is the “tolerance” on “approximately” -- 60 minutes and 1 second, 70 minutes, etc. I recommend s/approximately an hour/an hour/. ** Section 5.1. Why do some fields have a data-type and others just text description. For example, “Protocol Version” is explicitly described as being an 8-bit unsigned integer, but the text doesn’t say that a Serial number is 32-bits. ** Section 5.1. A cache increments its Serial Number when completing a rigorously validated update from a parent cache or the Global RPKI. Is there are update which is not “rigorously validated”? I’m trying to understand if there are updates which don’t bump the serial number. ** Section 5.1. With a 16-bit Session ID, how concerning or likely is a collision? Rob Wilton asked a similar question. A few birthday paradox approximations says 50% chance of a collision with 256 caches or 1% chance of collision with 36 caches assuming they are randomly selected. ** Section 5.1 A seconds-since-epoch timestamp value such as the POSIX time() function makes a good Session ID value. What is the recommended approach to convert the POSIX time() result into the smaller 16-bit value? ** Section 5.1. Per the definition of a Provider AS Number, what is a “spacified AFI”? ** Section 5.6, 5.7, and 5.10. Editorial. In the PDU descriptions prior to these, the section text opened with some notional description of who sends the PDU and why. Here, the section opens with a diagram and only covers a field level description. ** Section 5.7. Analogous to the IPv4 Prefix PDU, it has 96 more bits and no magic. What is mean by “… and no magic?” ** Section 5.10. What is the Length of the PDU? The figure suggests that the Subject Key Info is a fixed 4 bytes which doesn’t seem right. ** Section 5.11. The section doesn’t explicitly define the contents of the “Encapsulated PDU” field. ** Section 9.1. Per the SSH authentication information: User authentication MUST be supported; host authentication MAY be supported. Implementations MAY support password authentication. -- What is “user authentication”? Per the authentication method names in https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-10, there isn’t one called that. Do you mean “publickey”? Maybe: NEW User authentication (“publickey”) MUST be supported; host authentication (“hostbased”) MAY be supported. Implementations MAY support password authentication (“password”). -- Since this text appears to be profiling SSH, and the this here comes from Section 5 of RFC4252, should it be explicitly said that “none” MUST NOT be used. ** Section 9.2. The client router MUST set its "reference identifier" to the DNS name of the rpki-rtr cache. What is a “reference identifier”? ** Section 9.3. If TCP MD5 is used, implementations MUST support key lengths of at least 80 printable ASCII bytes, per Section 4.5 of [RFC5925]. RFC5925 doesn’t have a Section 4.5, or provide guidance about using printable ASCII bytes ** Section 10. This preference merely denotes proximity, not trust, preferred belief, et cetera. “Proximity” to what? I though this list was rank order list per the preference value. ** Section 11. When a cache is sending ROA PDUs to a router ... I missed something. What are ROA PDUs in this context? Why are they not defined in Section 5. ** Section 12. To keep load on Global RPKI services from unnecessary peaks, it is recommended that primary caches which load from the distributed Global RPKI not do so all at the same times, e.g., on the hour. I’m trying to tie this recommendation for “primary caches” back to the three deployment scenarios. Is the ISP backbone the only one that operates a “primary cache?” ** Section 13. This error code text appears to be verbatim from RFC8210. The text also suggests that [iana-err] is the registry for these error code points. [iana-err] says the reference for these errors is RFC6810 for 0-7, and RFC8210 for 8. If [iana-err] isn’t being updated to point to this text as the canonical definition, then why repeat it here? Couldn’t it just cite RFC8210? What new information is being added? ** Section 14. ... they need to be given consistent trust anchors to use in their internal validation process. Distribution of a consistent trust anchor is assumed to be out of band. -- Distributed to who? Is it the routers? -- What makes a trust anchor “consistent?” Is the intent of this text to say that in order to access a variety of caches, routers need the corresponding trust anchors of these caches? ** Section 14. Hence, the last link, from cache to router, is secured by server authentication and transport-level security. Please be clear that this is not always the case. Section 9 allows for TCP. ** Section 14. The identity of the cache server SHOULD be verified and authenticated by the router client, and vice versa, before any data are exchanged. (Excluding normal TCP) Are these verification and authentication practices something different than specified by the protocol behavior in Section 9? If not, why the “SHOULD” as conformance to these protocols is a MUST. ** Section 14. The text doesn't explicitly describe the risks of using an unprotected TCP connection. ** Section 15. The policy for adding to the registry is RFC Required per [RFC8126]; the document must be either Standards Track or Experimental. Is this text needed? The registry already says this is the policy. ** Section 15. Protocol version 1 added one new error code: Error Code Description ----- --------------------------- 8 Unexpected Protocol Version Why is a change made by v1 germane to the IANA considerations of v2? I don’t think this text is needed.
- [Sidrops] Roman Danyliw's Discuss on draft-ietf-s… Roman Danyliw via Datatracker
- Re: [Sidrops] Roman Danyliw's Discuss on draft-ie… Randy Bush
- Re: [Sidrops] Roman Danyliw's Discuss on draft-ie… Roman Danyliw