IETF Logo Mail Archive

Re: [trill] Shepherd write-up for draft-ietf-trill-channel-tunnel-06.txt

Donald Eastlake <d3e3e3@gmail.com> Fri, 14 August 2015 00:44 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: trill@ietfa.amsl.com
Delivered-To: trill@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2C451AD0B9; Thu, 13 Aug 2015 17:44:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RjxDG-V-BO-x; Thu, 13 Aug 2015 17:44:31 -0700 (PDT)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F39071AD0B8; Thu, 13 Aug 2015 17:44:30 -0700 (PDT)
Received: by oio137 with SMTP id 137so36421354oio.0; Thu, 13 Aug 2015 17:44:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=zZEjjdltXsq/g8JVZwjqsrJFDft/Y8anfdSf41zEGjQ=; b=jL/3if8bDRlBlUMlM1pzX83yGZeuWVqAnBVa5jstFg229XnV22xBXuDxmieX4l214u xLDEGt894JhMYwCvAkJdvZpOeU8u+a5GeIF5CuKye7elhBF5M1w3qMwog8W1YQaFWcTk hyX8nTgAmf4HPvM+JbfIQ5RhcE5T1AltXGOZ1cf18ez1ciY49JCy0rbTGkLUrJrgbEor kBRC1N3wLhuikuud8zTes9j65QSWbJvDYz7Bz3RHUUfKeZJfYw9p4Y9y+fT5rNd5ixMu 3z03NB9LrW1jlFw1m53HcPoZxzKHu67OVP/CZLVSdH33j8E/YOZHDCykCGpscH1hG7Sl FSLg==
X-Received: by 10.202.196.70 with SMTP id u67mr16289108oif.73.1439513070322; Thu, 13 Aug 2015 17:44:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.173.3 with HTTP; Thu, 13 Aug 2015 17:44:15 -0700 (PDT)
In-Reply-To: <017701d0d61f$255ce6c0$7016b440$@ndzh.com>
References: <005f01d0d5ca$9018f850$b04ae8f0$@ndzh.com> <CAF4+nEHMOOtLj3WgEwicr-cJtu02jfWKTQdy3R-C6LRg8Yyj3g@mail.gmail.com> <00cf01d0d608$3bdfa7a0$b39ef6e0$@ndzh.com> <CAF4+nEFfB3E7VYh=XB7aTy4eG3JftVFjw1pLsDEia20zOjGV_Q@mail.gmail.com> <017701d0d61f$255ce6c0$7016b440$@ndzh.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Thu, 13 Aug 2015 20:44:15 -0400
Message-ID: <CAF4+nEHWi4JY0fVkQ-qPrFxWewZZ2w8AsKGojCVm=bza68Rgvg@mail.gmail.com>
To: Susan Hares <shares@ndzh.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/trill/o7LxhTK05B5C7vVeA0voD8D6BRY>
Cc: draft-ietf-trill-channel-tunnel@ietf.org, "trill@ietf.org" <trill@ietf.org>, Jon Hudson <jon.hudson@gmail.com>
Subject: Re: [trill] Shepherd write-up for draft-ietf-trill-channel-tunnel-06.txt
X-BeenThere: trill@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Developing a hybrid router/bridge." <trill.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trill>, <mailto:trill-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trill/>
List-Post: <mailto:trill@ietf.org>
List-Help: <mailto:trill-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trill>, <mailto:trill-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2015 00:44:32 -0000

Hi Sue,

On Thu, Aug 13, 2015 at 7:24 PM, Susan Hares <shares@ndzh.com> wrote:
> Donald:
>
>
> One other thing for this draft.  The NITS indicates that RFC 3060 and
> RFC5869 are informative drafts that you have indicated as normative.   This
> NIT will cause problems in the IETF review.

Well, this needs to be mentioned in the Shepherd review and in the
IETF Last Call but other than that, I don't see why, in this case, it
will cause any problem. It is very common for cryptographic algorithms
to be documented in Informational RFCs because the IETF does not have
change control over them.

> If you intend these two types security algorithms to be utilized, it is
> important to put something in the security section of the draft that warns
> people regarding the use of informative drafts.

I can't recall seeing such language. Can you point to an example? Why
would it matter to anyone implementing the draft?

HMAC is probably the strongest example of such a downref. It is
referenced by 235 RFCs many of which have normative references. See
http://datatracker.ietf.org/doc/rfc2104/referencedby/
I looked at a few of these that are recent and didn't see any explicit
mention of RFC 2104 being Informational. They typically just say
things like "The HMAC authentication mode defined in [RFC2104] is
used."

Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3@gmail.com

> 872        [RFC3610] - Whiting, D., Housley, R., and N. Ferguson, "Counter with
> 873              CBC-MAC (CCM)", RFC 3610, September 2003, <http://www.rfc-
> 874              editor.org/info/rfc3610>.
>
>
> 888        [RFC5869] - Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-
> 889              Expand Key Derivation Function (HKDF)", RFC 5869, May 2010,
> 890              <http://www.rfc-editor.org/info/rfc5869>.
>
>
> Sue
>
>
>
> From: Donald Eastlake [mailto:d3e3e3@gmail.com]
> Sent: Thursday, August 13, 2015 6:04 PM
> To: Susan Hares
> Cc: draft-ietf-trill-channel-tunnel@ietf.org; Jon Hudson; trill@ietf.org
> Subject: Re: [trill] Shepherd write-up for
> draft-ietf-trill-channel-tunnel-06.txt
>
>
>
> Hi Sue,
>
>
>
> Actually I take back one thing I said earlier. See below at <dee3>.
>
>
> Thanks,
> Donald
> =============================
>  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
>  155 Beaver Street, Milford, MA 01757 USA
>  d3e3e3@gmail.com
>
>
>
> On Thu, Aug 13, 2015 at 4:40 PM, Susan Hares <shares@ndzh.com> wrote:
>
> ...
>
>
>
> p. 9 figure 3.1 – Do you want the text in the possible security information
> to be changed from:
>
>
>
> from:
>
>
>
> RBridge-channel (0x8946) | CHV=0 | channel Protocol
>
>
>
> to:
>
>
>
> RBridge-channel (0x8946) | CHV=0 | Tunnel Protocol = TBD
>
>
>
> Yup, good catch.
>
>
>
> <dee3> Not really. At first glance, you seemed to be correct and I thought
> so but looking at this more closely, what is going on is that you have an
> RBridge Channel protocol message nested inside an RBridge Channel Tunnel
> message. So looking at figure 3.1, in the first line we have the TBD RBridge
> Channel Tunnel protocol number. This is followed by the rest of that RBridge
> Channel message header. Then, the nested RBridge Channel protocol message
> starts with a 2nd instance of the RBridge Channel Ethertype. The protocol
> number for this nested RBridge Channel message could be any valid RBridge
> Channel protocol number. I've changed the figure to look like the following
> so where it used to say "channel Protocol" it now says "Nested Channel
> Protocol" and where it said "Channel Protocol Specific Data ..." it now says
> "Nested Channel Protocol Specific Data ...". Also, this isn't actually data
> inside the Possible Security Information. The Possible Security Information
> is variable length material that is only present if the SType (Security
> Type) field is non-zero.
>
>
>
>                      1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
>
>  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
> |    RBridge-Channel (0x8946)   | CHV=0 | Tunnel Protocol = TBD |
>
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
> |          Flags        |  ERR  | SubERR| RESV4 | SType |  0x2  |
>
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
> |  Possible Security Information
>
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
> |    RBridge-Channel (0x8946)   | CHV=0 |Nested Channel Protocol|
>
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
> |          Flags        |  ERR  |                               |
>
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
>
> |         Nested Channel Protocol Specific Data ...             /
>
> /                                                               /
>
>

v2.23.0 | Report a Bug | By Email