Re: [Tsv-art] [Last-Call] Tsvart last call review of draft-ietf-sfc-nsh-integrity-06

"Joel M. Halpern" <jmh@joelhalpern.com> Thu, 29 July 2021 15:01 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF0F73A2558; Thu, 29 Jul 2021 08:01:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VnCRVTpMXIJa; Thu, 29 Jul 2021 08:01:43 -0700 (PDT)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EE623A2560; Thu, 29 Jul 2021 08:01:42 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 4GbDJQ2BkGz1nwVj; Thu, 29 Jul 2021 08:01:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1627570902; bh=AzQzYFSr0Io0C+79psZEw/eHg/rBDxQGm+lzOXiAIqA=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=lkmHcSKavW6g+Q0iYJF55ey8a32fynZbn3wSqCOLQf/xTmN5UeBsl2kDs/ixXPQYv UlcFPlSS4bJjgxlfGcJwlDwGKgE8JJ1TKYt+MuEsZftE+IpKzhHpHezQjcWiaSgBay IxHvgi7OKOVNwO6YLG7Rk+5phvOLO71SQNXAz8Xc=
X-Quarantine-ID: <QKQFUycZ9dFG>
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [192.168.23.64] (50-233-136-230-static.hfc.comcastbusiness.net [50.233.136.230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 4GbDJP2NtHz1nwg7; Thu, 29 Jul 2021 08:01:41 -0700 (PDT)
To: Joe Touch <touch@strayalpha.com>, tirumal reddy <kondtir@gmail.com>
Cc: tsv-art@ietf.org, draft-ietf-sfc-nsh-integrity.all@ietf.org, sfc@ietf.org, last-call@ietf.org
References: <CAFpG3gdRLTQvuoaEeRAhDUAqD3yBQ0jdBpZJzSvrJVPN-bMKTg@mail.gmail.com> <FA6B54B4-28FA-4C19-AB37-66B54B22E53E@strayalpha.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <031a8199-7a93-afc7-37e4-7fcdb4733c60@joelhalpern.com>
Date: Thu, 29 Jul 2021 11:01:39 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0
MIME-Version: 1.0
In-Reply-To: <FA6B54B4-28FA-4C19-AB37-66B54B22E53E@strayalpha.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/2ghUsxZzzbsuOBYCK1sPreHflWk>
Subject: Re: [Tsv-art] [Last-Call] Tsvart last call review of draft-ietf-sfc-nsh-integrity-06
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jul 2021 15:01:48 -0000

If you want the terminology usage clarified, then what they have 
proposed is sufficient.

If you want to change RFC 8300, this is not the place to do that.

Yours,
Joel

On 7/29/2021 12:41 AM, Joe Touch wrote:
> Insufficient.
> 
>> On Jul 28, 2021, at 7:09 AM, tirumal reddy <kondtir@gmail.com> wrote:
>>
>> 
>> Thanks Joseph for the detailed comment and explanation. We plan to add 
>> the following text to address the issue:
>>
>> Note that the term “transport encapsulation” used in this document is 
>> equivalent to the term “tunnel encapsulation” used In 
>> [ietf-intarea-tunnel].
>>
>>
>> Cheers,
>>
>> -Tiru
>>
>>
>> On Mon, 26 Jul 2021 at 10:34, Joseph Touch via Datatracker 
>> <noreply@ietf.org <mailto:noreply@ietf.org>> wrote:
>>
>>     Reviewer: Joseph Touch
>>     Review result: Not Ready
>>
>>     This document has been reviewed as part of the transport area
>>     review team's
>>     ongoing effort to review key IETF documents. These comments were
>>     written
>>     primarily for the transport area directors, but are copied to the
>>     document's
>>     authors and WG to allow them to address any issues raised and also
>>     to the IETF
>>     discussion list for information.
>>
>>     When done at the time of IETF Last Call, the authors should
>>     consider this
>>     review as part of the last-call comments they receive. Please
>>     always CC
>>     tsv-art@ietf.org <mailto:tsv-art@ietf.org> if you reply to or
>>     forward this review.
>>
>>     It was very difficult to review this document for IETF transport
>>     protocol
>>     considerations.
>>
>>     Although "transport encapsulation" is indicated repeatedly, it is
>>     never
>>     referred to directly or described either in this document or its
>>     citations. It
>>     appears to be using this term in the sense of RFC8300, which too
>>     never defines
>>     it, but uses examples that are more accurately referred to in the
>>     IETF as link
>>     layer protocols or either network or link tunnel protocols (IP in
>>     IP, GRE,
>>     VXLAN, Ethernet).
>>
>>     Regardless of the fact that this confusion originates in RFC8300,
>>     it needs to
>>     be addressed here and corrected before this document can be
>>     reviewed to
>>     determine if there are any IETF transport area issues.
>>
>>     The remainder of these notes provide detail of this issue.
>>
>>     -----
>>
>>     The document refers back to RFC8300 to define the NSH itself; that
>>     document
>>     discusses transport issues just as vaguely (never mentioning a
>>     particular
>>     transport protocol), and when it discusses fragmentation, it
>>     refers to section
>>     9 of a document (draft-ietf-rtgwg-dt-encap-02 from 2017) that had
>>     expired prior
>>     to the publication of RFC8300.  Because transport fragmentation
>>     is, IMO, a
>>     normative issue, this should not have been permitted.
>>
>>     Further, Section 9 of that draft incorrectly recommends reliance
>>     on ICMP
>>     feedback to address MTU failures when not under a single
>>     operator’s management.
>>     That was widely known even then to be insufficient due to
>>     blackholing; this had
>>     motivated PLPMTUD in RFC4821 a full decade earlier. RFC8300
>>     compounds this
>>     error by simply asserting that the operator should ensure that
>>     ICMPs are not
>>     blocked, overlooking the need to address when this is not the case.
>>
>>     This document cannot ignore that issue and simply refer to RFC8300
>>     on this
>>     issue.
>>
>>     Note that one of the only places an actual encapsulation protocol
>>     is mentioned
>>     is RFC8300, in which Section 5 mentions IP and  Section 6.1 Table
>>     1 describes
>>     VXLAN-GPE, GRE, and Ethernet – all of which are described as
>>     “transport
>>     encapsulation”.
>>
>>     If, in fact, IETF transport protocols are being used, at some
>>     point the use of
>>     an actual IETF transport protocol should be described (e.g., TCP,
>>     UDP, SCTP,
>>     DCCP). At that point, the transport issues would be reviewable. As
>>     the document
>>     currently stands, it completely ignores such transport issues and
>>     should not
>>     proceed until this is addressed and re-reviewed.
>>
>>     If instead, as I suspect, the term “transport encapsulation”
>>     actually refers to
>>     “network layer encapsulation” or “link layer encapsulation” and
>>     really implies
>>     some sort of tunnel, there would be no transport area issues to
>>     review unless
>>     that tunnel were to include a transport protocol as part of the
>>     layers of
>>     encapsulation. If that is the case, the document should be revised
>>     to replace
>>     the term “transport” with something that more accurately describes
>>     VXLAN-GPE,
>>     GRE, Ethernet, and IP encapsulation using IETF terminology. Note that
>>     draft-ietf-intarea-tunnels never uses the term “transport” except when
>>     referring to the use of IETF transport protocols as a tunnel
>>     layer, e.g. (i.e.,
>>     the last sentence of Sec 8 of this doc is incorrect in implying
>>     otherwise).
>>
>>     (I would also note that neither this doc nor RFC8300 define “transport
>>     encapsulation” in their terminology; even if they would, they
>>     should not
>>     attempt to define it in a way inconsistent with widespread use in
>>     the IETF).
>>
>>
>>
>> -- 
>> last-call mailing list
>> last-call@ietf.org
>> https://www.ietf.org/mailman/listinfo/last-call