Re: [Tsv-art] Tsvart last call review of draft-ietf-dots-requirements-16
Benjamin Kaduk <kaduk@mit.edu> Sun, 25 November 2018 21:17 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FCC5130DD5; Sun, 25 Nov 2018 13:17:45 -0800 (PST)
X-Quarantine-ID: <j3Xfu04KYu1r>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char 9C hex): Received: ...s kaduk@ATHENA.MIT.EDU)\n\t\234by outgoing.mit[...]
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j3Xfu04KYu1r; Sun, 25 Nov 2018 13:17:43 -0800 (PST)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAD9A129C6A; Sun, 25 Nov 2018 13:17:42 -0800 (PST)
X-AuditID: 1209190f-d77ff7000000457c-3f-5bfb117535b6
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id B1.19.17788.5711BFB5; Sun, 25 Nov 2018 16:17:41 -0500 (EST)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.14.7/8.9.2) with ESMTP id wAPLHd8j011625; Sun, 25 Nov 2018 16:17:40 -0500
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) �by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id wAPLHYgu027532 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 25 Nov 2018 16:17:37 -0500
Date: Sun, 25 Nov 2018 15:17:34 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Joseph Touch <touch@strayalpha.com>
Cc: tsv-art@ietf.org, draft-ietf-dots-requirements.all@ietf.org, ietf@ietf.org, dots@ietf.org
Message-ID: <20181125211734.GE70217@kduck.kaduk.org>
References: <154250516269.15956.17131342239124604403@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <154250516269.15956.17131342239124604403@ietfa.amsl.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprAKsWRmVeSWpSXmKPExsUixCmqrVsq+Dva4N9+JYu1b46wWty+tpbZ 4tnG+SwWq14/YbGYtWcRiwOrx5IlP5k8brZeYA1giuKySUnNySxLLdK3S+DKOPT5E0tBh3TF yRPpDYwPRbsYOTkkBEwkPux5yNTFyMUhJLCGSeLI0m2sEM5GRomej99ZIJy7TBLHzp1g62Lk 4GARUJVYdKMapJtNQEWiofsyM4gtIqAusbfxMCOIzSyQJnFyykSwuLCAu8SCaXvB4rxA22a3 fWMBsYUEXCT6ZvRCxQUlTs58wgLRqy7xZ94lZpBVzALSEsv/cUCE5SWat84GG8kp4CrxZucW NhBbVEBZYm/fIfYJjIKzkEyahWTSLIRJs5BMWsDIsopRNiW3Sjc3MTOnODVZtzg5MS8vtUjX RC83s0QvNaV0EyM44CX5dzDOafA+xCjAwajEwzvh169oIdbEsuLK3EOMkhxMSqK88x2BQnxJ +SmVGYnFGfFFpTmpxYcYJTiYlUR4eex/RgvxpiRWVqUW5cOkpDlYlMR5f4k8jhYSSE8sSc1O TS1ILYLJynBwKEnwNgj8jhYSLEpNT61Iy8wpQUgzcXCCDOcBGr4UpIa3uCAxtzgzHSJ/ilFR SpxXDCQhAJLIKM2D6wUlJIns/TWvGMWBXhHmrQap4gEmM7juV0CDmYAGy8//DjK4JBEhJdXA GBn2XV7fSjSsLuNcmNG9VyXzinI9T4kX3n96YmJcaOwhjg8ZZyxe1axcGb8o3k7kR5v9n6sH H2Sc3bDlx+Sgy3K3Pio3T1t8KnjHzoT96/ZsZPPh48oNnzPx5Gu9yie3suYVsKct7Lg/6cV/ PqsHOt/Czrxya/12gTX93mox7UzxfZO9tk/3s1ViKc5INNRiLipOBADu0svAIwMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/YXZyBq5FKRijK0Xa-VtBHwGdJvk>
Subject: Re: [Tsv-art] Tsvart last call review of draft-ietf-dots-requirements-16
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Nov 2018 21:17:45 -0000
Hi Joe, On Sat, Nov 17, 2018 at 05:39:22PM -0800, Joseph Touch wrote: > Reviewer: Joseph Touch > Review result: Ready with Issues [reformatted for readability] > Transport issues: > - The GEN requirements refer to signal and data channels; it should be more > clear that these would be transport associations or connections, not > necessarily separate port assignments > > - GEN-03 recommends transports that avoid > HOL blocking, but that blocking can occur at any protocol layer (e.g., when > using TCP as a tunneling layer or at the application layer) Is the concern about "conveyed over a transport not susceptible"? I don't think that one needs to read "transport" as "lowest level transport protocol" here and it would equally apply to any tunneling layer. > - SIG-001 – PLPMTUD > should be used instead of PMTUD; PMTUD (relying on ICMP, which is often blocked > and remains insecure) should be avoided. The PMTU of 1280 is relevant only for > IPv6. The use of 576 should be more clearly indicated as applying only to IPv4. > (note there is emerging PLPMTUD for UDP). The IPv4 text is phrased as it currently is since there may be tunneling scenarios that go over IPv4 at some intermediate link even if the endpoints are speaking IPv6. With respect to PMTU vs. PLPMTU, can you give any guidance on whether the literl 1280 and 576 values are equally valid for assumed PLPMTU as for "true" PMTU? > - SIG-004 should address the use of > TCP keepalives for TCP connections as a way to achieve heartbeats. I don't believe that there is an IETF consensus position about what layer is best for performing heartbeats; see the "statement regarding keepalives" thread. In particular, since this signal channel is going to support non-TCP transports and prefers UDP over TCP, it will need its own heartbeat mechanism anyway, at which point the TCP-layer functionality is going to be fairly redundant. > - SIG-004 is > self-contradictory, at first claiming that agents SHOULD avoid termination due > to heartbeat loss then later saying they MAY use heartbeat absence as > indication of defunct connections. Even though SHOULD and MAY can be used > together this way, the advise is confusing. This is a case (see below) where > the reasoning behind exceptions to SHOULDs are needed -- but the MAY clause is > a far too trivial (and, based on our experience with BGP, incorrect) condition Can you double-check this? My read is that there are two factors involved and we are only giving guidance on two quadrants of the truth table, with the two factors being "failing to receive heartbeats" and "attack traffic is present". (The attack traffic is assumed to be swamping other traffic, but when there is no attack traffic the heartbeats should be more reliable.) > - DATA-002 should suggest protocols for security, at least indicating whether > these need to be at a particular protocol layer (IP, transport, application), > etc. I think it's fine for a requirements document to limit itself to the actual cryptographic requirements. FWIW, the current data-channel spec is using TLS. -Ben > Other issues: > - the document uses SHOULD without qualifying the conditions for exception > > Nits > - the abstract is too brief > - Several requirements suggest that use of TCP avoids the need for separate > congestion control; the same should be mentioned of SCTP and DCCP. > >
- [Tsv-art] Tsvart last call review of draft-ietf-d… Joseph Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Benjamin Kaduk
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Benjamin Kaduk
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch