Re: [Tsv-art] [babel] Tsvart last call review of draft-ietf-babel-mac-relaxed-04
David Schinazi <dschinazi.ietf@gmail.com> Fri, 14 April 2023 17:14 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AD7AC1516F2; Fri, 14 Apr 2023 10:14:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tyJnDnBFwJvD; Fri, 14 Apr 2023 10:14:20 -0700 (PDT)
Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59760C14CE45; Fri, 14 Apr 2023 10:14:20 -0700 (PDT)
Received: by mail-ej1-x633.google.com with SMTP id gc14so2241471ejc.5; Fri, 14 Apr 2023 10:14:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681492458; x=1684084458; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=R/++Gw7kzk0IMwl6X31MSmMYogjRhi4KGR6XT3OvVx0=; b=LD2TZyuDg7xPmTI5IOHEZdsAYC/TEYjSL1jkan6co0hm0PxXASaYHN+0VaAaE1ptCD wlHt/ORszIaalKOGMt8AVLpTYw6Hwg41dvGfpEPQrWX+thGDr0FHkFL0f3Qv7dZLJ016 RAIzsxVu/6wJLgibCfMechCdBkBCfHhtH2HC8/pboksLSOhufQxcebCC+y1MRAn4wIh3 qGGWMbHrpPigewVXXWuL9USWijAbxt9trWhe7Ygy3tMgQuPxxC/MFI9GjZPzsX31Krhs 49WMCYFsQNWzbQB/3UPhlaO3Mq6oSr+sdR8jGYccDa4RphyEIpLWbU0bho7CsK12zJTR TSpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681492458; x=1684084458; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=R/++Gw7kzk0IMwl6X31MSmMYogjRhi4KGR6XT3OvVx0=; b=Wmw2BYqg6u25zSbX06WEn9mzf97YcZNlK5blCdYc6hD+yWNOsr8i05QbfkWjX0cmsv JGM28qVm9VPx/98cpJnDvNLn5o6jX9loaFSU5eaEgSTP/mBobnegfYfB5D4SdW3VA+M8 hHIl8TQCtZ7XOiMztHLGJftHSpQDFWSl41tT1Xh9h2c9wpXEw38nyFfXa/GzsGGhIl/F Yw+8wXxg4b+eT3ptN35gRC5cPn8SS0imbd5CK4++aE8d9isa2bJKu6/S+qY+VVMEOXTK TM1PvhXPgubZ5hbmZnTsp0TUETuxc/M++j1RByUh2XJh7U5r7bwY1qqSQxBLO1Uc2zVl SAJw==
X-Gm-Message-State: AAQBX9dZt5/HYpncoJWnTgL5JHvz6LIVBteLJR7dDtkS7b3POtIfjSmI xOOCwmZCKHtyYFvoVRICkUhmlD8QHX7c/oq2Akd3YkTDUck=
X-Google-Smtp-Source: AKy350YMEjB5J4L70YpIdMXqqrM3GYcHW/hHj/sdR+/WJmcufg0qDsHZOH18hX/jLYodWxy8fqDR0URdWW4C3qi4DV4=
X-Received: by 2002:a17:906:95cd:b0:94e:d44d:a34c with SMTP id n13-20020a17090695cd00b0094ed44da34cmr1894844ejy.1.1681492458090; Fri, 14 Apr 2023 10:14:18 -0700 (PDT)
MIME-Version: 1.0
References: <168148347371.47309.16234400313355691909@ietfa.amsl.com>
In-Reply-To: <168148347371.47309.16234400313355691909@ietfa.amsl.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Fri, 14 Apr 2023 10:14:06 -0700
Message-ID: <CAPDSy+5ehHyZj9LNuWirEmx8ZtM=2B4vaUk5oZWrRmMK2kL4MQ@mail.gmail.com>
To: Kyle Rose <krose@krose.org>
Cc: tsv-art@ietf.org, babel@ietf.org, draft-ietf-babel-mac-relaxed.all@ietf.org, last-call@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a8348405f94ef879"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/GAvLXLdv_qgpjclnpmqRNoNMvqo>
Subject: Re: [Tsv-art] [babel] Tsvart last call review of draft-ietf-babel-mac-relaxed-04
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Apr 2023 17:14:24 -0000
Hi Kyle, To respond to your comment about "insufficient prior outreach to subject matter experts", you're missing an important bit of context. When RFC 7298 was written, Babel was RFC 6126 and that only supported sending packets over link-local multicast. As you know, there is negligible amount of reordering there, for either Wi-Fi or Ethernet, or even overlays for that matter. However, when we rewrote Babel in RFC 8966, we added the ability to also send packets over link-local unicast. This feature did get implemented, and so did HMAC - however no one deployed both simultaneously in production. When that was done, we realized that there was indeed an oversight because unicast and multicast do get significantly reordered on Wi-Fi. The document that you reviewed fixes that oversight. All that to say, we're not completely clueless over here in Babel land. We made a mistake not foreseeing how two separate features interact, but please don't assume incompetence. Back to your first point, yes the document does assume that, when treated independently, link-local unicast and link-local multicast are generally not reordered much in known deployed link layers. Maybe making that assumption explicit to help explain why the reordering window is optional sounds like a reasonable enhancement. That way if someone deploys Babel HMAC later over a new future link layer that reorders, they'll know to implement the window. To your other note about adding a protected field, the intent in this doc was to build something backwards compatible - but maybe we should note that to help explain the design choices. David On Fri, Apr 14, 2023 at 7:44 AM Kyle Rose via Datatracker <noreply@ietf.org> wrote: > Reviewer: Kyle Rose > Review result: Ready with Issues > > This document has been reviewed as part of the transport area review team's > ongoing effort to review key IETF documents. These comments were written > primarily for the transport area directors, but are copied to the > document's > authors and WG to allow them to address any issues raised and also to the > IETF > discussion list for information. > > When done at the time of IETF Last Call, the authors should consider this > review as part of the last-call comments they receive. Please always CC > tsv-art@ietf.org if you reply to or forward this review. > > This document is Ready with Issues. > > The only issue I will note with this scheme is one that I'm sure has been > litigated to death on the mailing list, and that may be unresolvable > within the > bounds of technically-permissible but unobserved reordering behavior on > networks: that packets will be delivered more-or-less in-order to receivers > within each category (unicast and multicast). If that is true in practice, > and > especially if it is a property that network device vendors already have as > an > explicit requirement when implementing packet handling queues, then it's > probably fine to note that clearly, and maybe to explain the reasoning > behind > the RECOMMENDED vs. OPTIONAL mitigations in section 1. > > I am frankly more concerned that RFCs 7298 and 8967 both made it to > publication > with only one mention of the word "reordering" between them, perhaps > suggesting > a lack of vendor attention to, or knowledge of, the work being done in this > space. Given the near complete absence of any normative prohibition against > packet reordering in datagram handling, this oversight may reflect > insufficient > prior outreach to subject matter experts that should be noted and > corrected by > ADs in future work for which packet handling behavior by on-path devices > is of > critical importance to protocols being developed. > > Other notes: > > Section 3.1.1. If the problem with maintaining more queues is that the > 4-tuple > comprises "the only fields...protected by the MAC", a natural solution > might be > to protect that field, as well. I'm not suggesting that is desirable; > rather, I > note there is no discussion in this draft, or in RFC 8967, discussing the > motivation behind the choice of header fields to protect with the MAC. > > Nits: there is an HTML entity rendered as literal text ("Gröber") in > the > Acknowledgements section of the HTML I am reading > (https://www.ietf.org/archive/id/draft-ietf-babel-mac-relaxed-04.html). > Make > sure to follow tools guidance for encoding non-Latin characters in drafts. > > > > _______________________________________________ > babel mailing list > babel@ietf.org > https://www.ietf.org/mailman/listinfo/babel >
- [Tsv-art] Tsvart last call review of draft-ietf-b… Kyle Rose via Datatracker
- Re: [Tsv-art] [babel] Tsvart last call review of … David Schinazi
- Re: [Tsv-art] [babel] Tsvart last call review of … Kyle Rose
- Re: [Tsv-art] [babel] Tsvart last call review of … Juliusz Chroboczek
- Re: [Tsv-art] [babel] Tsvart last call review of … Dave Taht
- Re: [Tsv-art] [babel] Tsvart last call review of … Kyle Rose