IETF Logo Mail Archive

Re: [Tsv-art] Tsvart last call review of draft-ietf-dots-requirements-16

Joe Touch <touch@strayalpha.com> Mon, 26 November 2018 05:08 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60BA6128CE4; Sun, 25 Nov 2018 21:08:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YxmvPDCrS37r; Sun, 25 Nov 2018 21:08:43 -0800 (PST)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 827B71271FF; Sun, 25 Nov 2018 21:08:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=1QtIMbS4l479fduHD0JDyf7Tf1A0XaF84qNZnwm3a7c=; b=Uevc+EiYt5gORGXbL7+OMYR6E VQeqGuElS+2SfL7CYa67SFlUfrjQtMbYKLC5SMB5rNzQcx9UCqqQF/A3+j6H17fr7xbVDxxOQi7mS mjuGACBCfN8eBmPkcgjnPKJSCo6PophGvgUYWfOiIjdp3s0VPBwbJR9k0h2PM+715TBZj7fdG+qT4 6lD0BfJHbZCnJrLrLkvozCe2rVhnX7k3fgAZXx2+76Y9T4hR/33Yv7ixXLOO5BGE4LEGoQ5BMhEsi uFqzJFBPhvMYJFVYqtil3+bn4/sea8A1mYFWs80XnME8ML/ZcOuhmJvUUMzmWzYFMUh3IRZz0saVX IZfVsdpWA==;
Received: from cpe-172-250-240-132.socal.res.rr.com ([172.250.240.132]:60087 helo=[192.168.1.77]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from <touch@strayalpha.com>) id 1gR98S-004Biz-Co; Mon, 26 Nov 2018 00:08:42 -0500
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Joe Touch <touch@strayalpha.com>
In-Reply-To: <20181125211734.GE70217@kduck.kaduk.org>
Date: Sun, 25 Nov 2018 21:08:39 -0800
Cc: tsv-art <tsv-art@ietf.org>, draft-ietf-dots-requirements.all@ietf.org, ietf@ietf.org, dots@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <887D02F8-A9BA-4467-9CE8-D8A3583F5773@strayalpha.com>
References: <154250516269.15956.17131342239124604403@ietfa.amsl.com> <20181125211734.GE70217@kduck.kaduk.org>
To: Benjamin Kaduk <kaduk@mit.edu>
X-Mailer: Apple Mail (2.3445.9.1)
X-OutGoing-Spam-Status: No, score=-0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/SURmq5cO7fU3l0lK40RMpD7KjaE>
Subject: Re: [Tsv-art] Tsvart last call review of draft-ietf-dots-requirements-16
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2018 05:08:45 -0000

Hi, Benjamin,

> On Nov 25, 2018, at 1:17 PM, Benjamin Kaduk <kaduk@mit.edu> wrote:
> 
> Hi Joe,
> 
> On Sat, Nov 17, 2018 at 05:39:22PM -0800, Joseph Touch wrote:
>> Reviewer: Joseph Touch
>> Review result: Ready with Issues
> 
> [reformatted for readability]
> 
>> Transport issues:
>> - The GEN requirements refer to signal and data channels; it should be more
>> clear that these would be transport associations or connections, not
>> necessarily separate port assignments
>> 
>> - GEN-03 recommends transports that avoid
>> HOL blocking, but that blocking can occur at any protocol layer (e.g., when
>> using TCP as a tunneling layer or at the application layer)
> 
> Is the concern about "conveyed over a transport not susceptible"?  I don't
> think that one needs to read "transport" as "lowest level transport
> protocol" here and it would equally apply to any tunneling layer.

The point is that avoiding HOL blocking at one layer may have no impact on HOL blocking at another layer. If HOL blocking is a significant problem, it needs to be noted that this can happen at many places in the stack, not just at the transport layer.

> 
>> - SIG-001 – PLPMTUD
>> should be used instead of PMTUD; PMTUD (relying on ICMP, which is often blocked
>> and remains insecure) should be avoided. The PMTU of 1280 is relevant only for
>> IPv6. The use of 576 should be more clearly indicated as applying only to IPv4.
>> (note there is emerging PLPMTUD for UDP).
> 
> The IPv4 text is phrased as it currently is since there may be tunneling
> scenarios that go over IPv4 at some intermediate link even if the endpoints
> are speaking IPv6.

That should be made more explicit.

> With respect to PMTU vs. PLPMTU, can you give any guidance on whether the
> literl 1280 and 576 values are equally valid for assumed PLPMTU as for
> "true" PMTU?

These are independent issues. The MTU minimums are set by the protocols; the MTU used on a given path is discovered by PMTUD or PLPMTUD; the former is not as reliable as the latter, due to ICMP blocking.

> 
>> - SIG-004 should address the use of
>> TCP keepalives for TCP connections as a way to achieve heartbeats.
> 
> I don't believe that there is an IETF consensus position about what layer
> is best for performing heartbeats; see the "statement regarding keepalives"
> thread.  

There’s a lot of misundestanding on this issue. Keepalives can be needed at multiple layers; a keep alive at one layer is never a direct substitute for a keep alive at another layer. If keepalives are enabled at multiple layers, they should never need to interfere, though - they basically disable keepalives at lower layer ONLY when they are frequent enough relative to that lower layer.

> In particular, since this signal channel is going to support
> non-TCP transports and prefers UDP over TCP, it will need its own heartbeat
> mechanism anyway, at which point the TCP-layer functionality is going to be
> fairly redundant.

It depends on whether you also need TCP to keep active state. If so, turning TCP keepalives on would not necessarily interfere with app-layer keepalives; it would serve its own purpose.

Again, the error is thinking that keealives at one layer either avoid the need for keepalives at another layer OR interfere per se; correctly implemented, they do not interfere even when enabled at multiple layers.

> 
>> - SIG-004 is
>> self-contradictory, at first claiming that agents SHOULD avoid termination due
>> to heartbeat loss then later saying they MAY use heartbeat absence as
>> indication of defunct connections. Even though SHOULD and MAY can be used
>> together this way, the advise is confusing. This is a case (see below) where
>> the reasoning behind exceptions to SHOULDs are needed -- but the MAY clause is
>> a far too trivial (and, based on our experience with BGP, incorrect) condition
> 
> Can you double-check this?  My read is that there are two factors involved
> and we are only giving guidance on two quadrants of the truth table, with
> the two factors being "failing to receive heartbeats" and "attack traffic
> is present".  (The attack traffic is assumed to be swamping other traffic,
> but when there is no attack traffic the heartbeats should be more
> reliable.)

You need to explain these as a SINGLE recommendation. Putting contradictory advice in different places makes it confusing to determine how it is applied.

> 
>> - DATA-002 should suggest protocols for security, at least indicating whether
>> these need to be at a particular protocol layer (IP, transport, application),
>> etc.
> 
> I think it's fine for a requirements document to limit itself to the actual
> cryptographic requirements.

If you have something in mind that exists, say it. If not, then assume it will be incorrectly interpreted as suggesting something you didn’t have in mind.

IMO, better to avoid the ambiguity, i.e., to actually include the following to explain that TLS is sufficient:

>  FWIW, the current data-channel spec is using
> TLS.
> 
> -Ben
> 
>> Other issues:
>> - the document uses SHOULD without qualifying the conditions for exception
>> 
>> Nits
>> - the abstract is too brief
>> - Several requirements suggest that use of TCP avoids the need for separate
>> congestion control; the same should be mentioned of SCTP and DCCP.
>> 
>> 
> 
> _______________________________________________
> Tsv-art mailing list
> Tsv-art@ietf.org
> https://www.ietf.org/mailman/listinfo/tsv-art

v2.23.0 | Report a Bug | By Email