IETF Logo Mail Archive

Re: [tcpm] Comments for draft-ietf-tcpm-yang-tcp-00

tom petch <ietfa@btconnect.com> Thu, 05 November 2020 11:04 UTC

Return-Path: <ietfa@btconnect.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C64A33A0E7E for <tcpm@ietfa.amsl.com>; Thu, 5 Nov 2020 03:04:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mlh3v8JfxHCq for <tcpm@ietfa.amsl.com>; Thu, 5 Nov 2020 03:04:12 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2124.outbound.protection.outlook.com [40.107.20.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AD2B3A0E7D for <tcpm@ietf.org>; Thu, 5 Nov 2020 03:04:11 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=k+6q07V15edVYKSclAI89SE878AHTtcW8S2/SuoVL1uzImEzxgpFM8og2ruRXvMGHLAPlzo3kw5QJWI+ulJqYVM/QIz22KjdyqTXxHo4nKSiqT1V761x955QZzZU1Boo06vHK72i8tOPf2GsKrb40TMVzjYIHzToT/K/byJeh08OG8kEKp8HZIxXjWLSFgkdTtSu7ZLgSWCzlygF2Hg+IO1wlWhc9yZKLNP2WXMk5l94p27eE4Ja+TCkqh16HUbKm9pelYOOp8oYAHgig5xuiXGI6mM5vvNKDBZLACxWJKUHGxVMXNDKu/BSXMqFdA0aCC9xbC1lg6lPCjix8WDMDw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wP0cUPfFaOYbLUEkwDs6IyBuXytxuuaV5OsHoQ7ooAI=; b=GRQU9rau8Zcr8CwFC0Y65qT3K6UCNVXwZyz4R+zrmfONgr4qLmAzaza2k8yo4C5P+FscQWf1q53NZbeUM1aQuOH2mcG8zh0YCxGQFh9PuFtZPSLa4zOGQc0t+Zx7OCsGEUbnTC1g7dVInCQ/CNpARQEJjd5OcsGr9sqdFiPg4JbM2eamklQxg7ItslWjp7vXQlWVeCse3ciI8IyvhzMsJAiJnSf3bQNhCQyBtZauPuSsHwJCYoaTjTwxudZ232ggrgHK8ZOXrTZaDigyosYgb/CGqIvdbDpHQf+I2Vo1NTgVn1KiCz+8XRJpraAi+hQc38gKPGQWxmT/lzBqIbWXow==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wP0cUPfFaOYbLUEkwDs6IyBuXytxuuaV5OsHoQ7ooAI=; b=E4/E/SkHfSTMwwaFVNYnDsY0K8PXvSp2BtvgOTdiCLUa+RNebeAmbX+aXJxSPpA2R2VApGRcp6fngkGsWlUP7AM1tH4cQL0z2xuyfYWBzSyf/G6DnuRlJchDqreuWyvHZ6vYmsNqlj6hiLp1ffIwXnu3fuEZuSMum9w6FUKLk1k=
Received: from AM6PR07MB5784.eurprd07.prod.outlook.com (2603:10a6:20b:95::29) by AS8PR07MB7463.eurprd07.prod.outlook.com (2603:10a6:20b:2a5::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.13; Thu, 5 Nov 2020 11:04:10 +0000
Received: from AM6PR07MB5784.eurprd07.prod.outlook.com ([fe80::8826:83d6:417f:4897]) by AM6PR07MB5784.eurprd07.prod.outlook.com ([fe80::8826:83d6:417f:4897%5]) with mapi id 15.20.3541.015; Thu, 5 Nov 2020 11:04:09 +0000
From: tom petch <ietfa@btconnect.com>
To: Joseph Touch <touch@strayalpha.com>, Juhamatti Kuusisaari <juhamatk@gmail.com>
CC: tcpm IETF list <tcpm@ietf.org>
Thread-Topic: [tcpm] Comments for draft-ietf-tcpm-yang-tcp-00
Thread-Index: AQHWsCX8yotO44JUg0uIKWvSPHlD0Km2qIaAgADJDwCAARMdAIAA4AKy
Date: Thu, 05 Nov 2020 11:04:09 +0000
Message-ID: <AM6PR07MB5784C86531CE986F91431D4CA2EE0@AM6PR07MB5784.eurprd07.prod.outlook.com>
References: <CACS3ZpBJOfctZjW0qUD+2p1vw63p9KeJ+ie15SHE=k_fk6suTw@mail.gmail.com> <CACS3ZpD7dL=gbZd_mqA21+qX2nvKh7TDj3cx3xJvEUc_bnRZfg@mail.gmail.com> <EB42CDCE-2BF5-462D-8CBF-0589998AC883@gmail.com> <CACS3ZpCj+1XZC+RkQcGUaC90XcGBUF_OR_qor8V4Zn0nTSGrRg@mail.gmail.com>, <340D363A-3C02-4A64-9DF4-A335B69CC87F@strayalpha.com>
In-Reply-To: <340D363A-3C02-4A64-9DF4-A335B69CC87F@strayalpha.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: strayalpha.com; dkim=none (message not signed) header.d=none;strayalpha.com; dmarc=none action=none header.from=btconnect.com;
x-originating-ip: [86.146.121.140]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9809e221-2c11-47e9-80f7-08d8817a8585
x-ms-traffictypediagnostic: AS8PR07MB7463:
x-microsoft-antispam-prvs: <AS8PR07MB74634BD13ED00BCAC81753DCA2EE0@AS8PR07MB7463.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: IHR1ivDDkXFe6Q3A8TxvbLaqBAjy1/XTJyWgqHv4fiVs5VuYMlIlEL4x/D1vclReKPlw/ecEm6loolGRdqJdS616+7oq+u8apB3blgP8ModwXAz6AzaEOQJ01bzHz8YguqFTl54Ddg8d7IDnwxVni28ibnPYiEkce/0OatyZDPjEoY5Zq5vEbcwswDwcz6E2rHok36ePrzOiFEY7HHv/xRg4wI+AvRJEx0jtNxXBu26Gh25rHW7Mb/GO6eTwBzdMsu01NuA056KnIO9QXzQT0zPzaHBy7bXhlMKpz35Aq9D9MIOhyupEZJJGUi2WODfytFELp/0aeCFRova8coiIUxS+oxBvLQOVJSAbsHd0Fqhy0BUowv8cj+N4W5YwhVUh4a2QLcuicce+TBt5RbiYFw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR07MB5784.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(39860400002)(346002)(136003)(396003)(376002)(316002)(4326008)(55016002)(71200400001)(9686003)(5660300002)(186003)(86362001)(83380400001)(110136005)(2906002)(76116006)(91956017)(33656002)(66946007)(8936002)(53546011)(8676002)(6506007)(66446008)(66476007)(478600001)(52536014)(26005)(64756008)(66556008)(966005)(7696005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: n0PTTt72DDMGc1casIFcEy+W4WP67YjhggGIQj0PoDYx7GN7eD1sJN6wDnqwSO7D/aPhQeX7FoUk8LbiaP3KbtXG0ubcBvTUoW/MxeQEZptQyj2rwDqLGCHdE+pmNuIfyFuAmKg83AaSRL/q0258PVQJPxALtx1UGk2x2qDclzlwCWty3eQOsOnH5xELzOYAgcBOWQ21XHgB9ETlXsq38Dh0x/n8QmqFPQPlNGQb/UC74J6b5uUOMekE7ChUzbCtr6DWDlPPHSZsV45FIm7GM3kr2OsnxXurtAbi9c5N3bCaGvAwi2Icw64zjB3SSkW2T/edddmnOcSuEFqBweq+WcxsU1BiJTqw2E1Xzg/Sw15NwdWcbTaRRf/8v7Qt4HUNxpaaGjXrfKKKFRf/+qr1ypkZhPPta6WTxYJb12tDlWoSITypsMxbDn9nHwPHlqENl94P0vWQC50bUOy8rr8+TYJ/OXHf1hCi9G5CV6wv/owU+GkNsypy1kVFFF5nG23Y3c5yC/4r+4ol7tU0kBAk18JHJWqvOHreCsH8vKrNU9PvKseTz5Wm7gceIQxtW1ZHFZUvK1a303bRyUa3i5nRa8UAvWObjC47igiLu2HDWRsWZQTcZMQUX4KP60csyQjNdJuGfKov5jloUkuup0bmykKLMnJAl2abpCJ/pPIna5EOHFa3VBnQFBkOg4UEOTd6XFraGdjCVO15RQqhYTSAaPoHEl4CU9NqPQcNSF8egoJXyx8IbKbscisnDOriUbRKdDh3V/d/1PkrvLBFksDfrZU+P4Yeue3MYkk+WhZsbu8nS9qUGxeCTyaDMP7v/Oc/HBDzqVAXIjelxRvzO3RwOJlvVUthWXswh7CJe9xd2FDvmuwPeyU6Dn+OtYck54Zuo2ZafPy3ILnsoOBz/hlgmw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM6PR07MB5784.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9809e221-2c11-47e9-80f7-08d8817a8585
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2020 11:04:09.7808 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: M3x914CZnSx5jIYcB03onmS0/ymWayk7yU5lzJ8z3k6AbXKv8zihxa30Nlw2INSneZze26IFKZ4rHaK1IoxF4w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR07MB7463
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/AAijNGuYl2J7BT3dr_pJKYXUixw>
Subject: Re: [tcpm] Comments for draft-ietf-tcpm-yang-tcp-00
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Nov 2020 11:04:15 -0000

From: tcpm <tcpm-bounces@ietf.org> on behalf of Joseph Touch <touch@strayalpha.com>
Sent: 04 November 2020 21:36
Is there a convention in YANG for such situations?

I personally would not expect all values to have “default=true” or “on" everywhere. Sometimes you’re actively turning on something that is typically disabled (default=false or off).

I think the “include-tcp-options” matches the way it’s described in the doc (TCP option flag, where true implies includdd) and the default=true would match better.

<tp>
>From a YANG, rather than TCPM, perspective, I am not clear what you are asking.  In this case RFC5925 - which the leaf would benefit from as a reference to - seems clear to me
'by default including options'
in which case I would expect the YANG to default true.
I think it good practice to be explicit in any YANG description clause of a boolean as to what true means or false or ideally both).
Also, I think the choice of 'include' in the leaf identifier unfortunate given that 'include' is a YANG technical term that appears in every YANG module.  I know that it used in RFC5925 but still see it as unfortunate.

Tom Petch


Joe

> On Nov 3, 2020, at 9:11 PM, Juhamatti Kuusisaari <juhamatk@gmail.com> wrote:
>
> Hello Mahesh,
>
>> Would it not be simple to add a ‘default true’ to ‘include-tcp-options’ to achieve the same result? Somehow my head does not comprehend a double negative very well :-).
>
> Yes, ‘default true’ to ‘include-tcp-options’ would achieve the same
> end result. However, I think it would guide implementers to have a
> special "include"-mode for options in the TCP AO implementation,
> especially as TCP MD5 does not have options included. There should be
> nothing special about including options, the special part is to ignore
> them. Thus, I think 'ignore-tcp-options' is the way to go. Then again,
> having 'default true' with ‘include-tcp-options’ is certainly an
> improvement and another valid choice.
>
> --
> Juhamatti
>
> On Tue, 3 Nov 2020 at 19:11, Mahesh Jethanandani
> <mjethanandani@gmail.com> wrote:
>>
>> Hi Juhamatti,
>>
>> On Nov 1, 2020, at 1:06 AM, Juhamatti Kuusisaari <juhamatk@gmail.com> wrote:
>>
>> Hello,
>>
>> My comments included below apply also to draft-ietf-tcpm-yang-tcp-00.
>>
>> In brief:
>> * include-tcp-options -> ignore-tcp-options with default false
>> * accept-ao-mismatch -> accept-key-mismatch
>>
>> BR,
>> --
>> Juhamatti
>>
>>
>> ---------- Forwarded message ---------
>> From: Juhamatti Kuusisaari <juhamatk@gmail.com>
>> Date: Fri, 18 Sep 2020 at 11:53
>> Subject: [tcpm] Comments for draft-scharf-tcpm-yang-tcp-06
>> To: tcpm IETF list <tcpm@ietf.org>, Scharf, Michael
>> <Michael.Scharf@hs-esslingen.de>
>>
>>
>> Hello,
>>
>> I read through draft-scharf-tcpm-yang-tcp-06 and overall it looks fine to me.
>>
>> Nevertheless, there are a couple of items that may need
>> clarifications/improvements.
>>
>> (1) I believe "leaf include-tcp-options" should be "leaf
>> ignore-tcp-options" with a false default as the options are included
>> by default in the RFC 5925. In my opinion, this would better emphasize
>> the fact that options really should be included by default and not
>> including them should be a special case. Change suggestion in detail
>> below:
>>
>>     leaf include-tcp-options {
>>       type boolean;
>>       must "../enable-ao = 'true'";
>>       description
>>         "Include TCP options in HMAC calculation.";
>>     }
>> =>
>>     leaf ignore-tcp-options {
>>       type boolean;
>>       default "false";
>>       must "../enable-ao = 'true'";
>>       description
>>         "Ignore TCP options in MAC calculation.";
>>     }
>>
>>
>> Would it not be simple to add a ‘default true’ to ‘include-tcp-options’ to achieve the same result? Somehow my head does not comprehend a double negative very well :-).
>>
>> Please also note the "HMAC"->"MAC" change suggestion. And yes, I do
>> realize that a default could be added to the original "include" leaf.
>> After pondering about this, I do think "ignore" leaf would be a better
>> end result for the reasons I mentioned above.
>>
>> (2) There is now a leaf that says:
>>
>>     leaf accept-ao-mismatch {
>>       type boolean;
>>       must "../enable-ao = 'true'";
>>       description
>>         "Accept packets with HMAC mismatch.";
>>     }
>>
>> It is true that RFC 5925 allows non-existing MKT connections that
>> should be accepted. Then again, the above configuration and its
>> description looks to me that any mismatch would be accepted. So, maybe
>> a configuration setting better reflecting RFC 5925 would be something
>> on the lines of
>>
>>     leaf accept-key-mismatch {
>>       type boolean;
>>       must "../enable-ao = 'true'";
>>       description
>>         "Accept TCP segments with a Master Key Tuple (MKT) that is
>> not configured.";
>>     }
>>
>> As this configuration option does not have such a strong default as
>> the former one, I do not see a need to change its logic otherwise nor
>> add a default. I would assume that most security aware users would
>> have "false" there as a setting - especially those users that would
>> use a YANG model to do the configuration.
>>
>>
>> I am fine with making this change.
>>
>> Thanks
>>
>>
>> Best regards,
>> --
>> Juhamatti
>>
>> _______________________________________________
>> tcpm mailing list
>> tcpm@ietf.org
>> https://www.ietf.org/mailman/listinfo/tcpm
>>
>>
>> Mahesh Jethanandani
>> mjethanandani@gmail.com
>>
>>
>>
>>
>>
>
> _______________________________________________
> tcpm mailing list
> tcpm@ietf.org
> https://www.ietf.org/mailman/listinfo/tcpm

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email