Re: [trill] Shepherd write-up for draft-ietf-trill-channel-tunnel-06.txt

"Susan Hares" <shares@ndzh.com> Thu, 13 August 2015 23:24 UTC

Return-Path: <shares@ndzh.com>
X-Original-To: trill@ietfa.amsl.com
Delivered-To: trill@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA1FA1ACEC0; Thu, 13 Aug 2015 16:24:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.054
X-Spam-Level:
X-Spam-Status: No, score=-99.054 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k43XQ_VxUKwh; Thu, 13 Aug 2015 16:24:08 -0700 (PDT)
Received: from hickoryhill-consulting.com (hhc-web3.hickoryhill-consulting.com [64.9.205.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97ED81ACEBC; Thu, 13 Aug 2015 16:24:07 -0700 (PDT)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=174.124.199.108;
From: Susan Hares <shares@ndzh.com>
To: 'Donald Eastlake' <d3e3e3@gmail.com>
References: <005f01d0d5ca$9018f850$b04ae8f0$@ndzh.com> <CAF4+nEHMOOtLj3WgEwicr-cJtu02jfWKTQdy3R-C6LRg8Yyj3g@mail.gmail.com> <00cf01d0d608$3bdfa7a0$b39ef6e0$@ndzh.com> <CAF4+nEFfB3E7VYh=XB7aTy4eG3JftVFjw1pLsDEia20zOjGV_Q@mail.gmail.com>
In-Reply-To: <CAF4+nEFfB3E7VYh=XB7aTy4eG3JftVFjw1pLsDEia20zOjGV_Q@mail.gmail.com>
Date: Thu, 13 Aug 2015 19:24:04 -0400
Message-ID: <017701d0d61f$255ce6c0$7016b440$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0178_01D0D5FD.9E4FDAA0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJ3x24c8Tn/NgeW1ndKDqVQBllxXwK64yRHAcK3Y1cDe5DFDpx82+wQ
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/trill/rOQnXGP3dHYHmvuZmtHvmbwBm-w>
Cc: draft-ietf-trill-channel-tunnel@ietf.org, trill@ietf.org, 'Jon Hudson' <jon.hudson@gmail.com>
Subject: Re: [trill] Shepherd write-up for draft-ietf-trill-channel-tunnel-06.txt
X-BeenThere: trill@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Developing a hybrid router/bridge." <trill.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trill>, <mailto:trill-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trill/>
List-Post: <mailto:trill@ietf.org>
List-Help: <mailto:trill-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trill>, <mailto:trill-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2015 23:24:09 -0000

Donald: 

 

One other thing for this draft.  The NITS indicates that RFC 3060 and RFC5869 are informative drafts that you have indicated as normative.   This NIT will cause problems in the IETF review. 

 

If you intent these two types security algorithms to be utilized, it is important to put something in the security section of the draft that warns people regarding the use of informative drafts. 

 

872        [RFC3610] - Whiting, D., Housley, R., and N. Ferguson, "Counter with

873              CBC-MAC (CCM)", RFC 3610, September 2003, <http://www.rfc-

874              editor.org/info/rfc3610>.

 

888        [RFC5869] - Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-
889              Expand Key Derivation Function (HKDF)", RFC 5869, May 2010,
890              <http://www.rfc-editor.org/info/rfc5869>.

 

Sue 

 

From: Donald Eastlake [mailto:d3e3e3@gmail.com] 
Sent: Thursday, August 13, 2015 6:04 PM
To: Susan Hares
Cc: draft-ietf-trill-channel-tunnel@ietf.org; Jon Hudson; trill@ietf.org
Subject: Re: [trill] Shepherd write-up for draft-ietf-trill-channel-tunnel-06.txt

 

Hi Sue,

 

Actually I take back one thing I said earlier. See below at <dee3>.




Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3@gmail.com

 

On Thu, Aug 13, 2015 at 4:40 PM, Susan Hares <shares@ndzh.com> wrote:

...

 

p. 9 figure 3.1 – Do you want the text in the possible security information to be changed from: 

 

from: 

 

RBridge-channel (0x8946) | CHV=0 | channel Protocol 

 

to:

 

RBridge-channel (0x8946) | CHV=0 | Tunnel Protocol = TBD

 

Yup, good catch.

 

<dee3> Not really. At first glance, you seemed to be correct and I thought so but looking at this more closely, what is going on is that you have an RBridge Channel protocol message nested inside an RBridge Channel Tunnel message. So looking at figure 3.1, in the first line we have the TBD RBridge Channel Tunnel protocol number. This is followed by the rest of that RBridge Channel message header. Then, the nested RBridge Channel protocol message starts with a 2nd instance of the RBridge Channel Ethertype. The protocol number for this nested RBridge Channel message could be any valid RBridge Channel protocol number. I've changed the figure to look like the following so where it used to say "channel Protocol" it now says "Nested Channel Protocol" and where it said "Channel Protocol Specific Data ..." it now says "Nested Channel Protocol Specific Data ...". Also, this isn't actually data inside the Possible Security Information. The Possible Security Information is variable length material that is only present if the SType (Security Type) field is non-zero.

 

                     1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3

 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

|    RBridge-Channel (0x8946)   | CHV=0 | Tunnel Protocol = TBD |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

|          Flags        |  ERR  | SubERR| RESV4 | SType |  0x2  |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

|  Possible Security Information

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

|    RBridge-Channel (0x8946)   | CHV=0 |Nested Channel Protocol|

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

|          Flags        |  ERR  |                               |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |

|         Nested Channel Protocol Specific Data ...             /

/                                                               /