Re: [Tsv-art] [Last-Call] [sfc] Tsvart last call review of draft-ietf-sfc-nsh-integrity-06

Joseph Touch <> Thu, 29 July 2021 16:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1A9CA3A0B85; Thu, 29 Jul 2021 09:33:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.32
X-Spam-Status: No, score=-1.32 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qIpcKG9g6i3q; Thu, 29 Jul 2021 09:33:11 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1B9403A0B80; Thu, 29 Jul 2021 09:33:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=538NubAObvvkIKTnLSi//b1E8woB149pDGvGSIZ0YYw=; b=S+4oc6ZKLO9DLU8Zrwl0WIf8uD /wLQQuO0mVlE4uoNbVD12xKRmUHaeDWmE4T86gTHHXqjq+KRkbBWxId9E8DiU1ecQEA1CjMibwoiV qACkwBemI9/6dLH4221iLMebUyPfZvPah8LIguYocbocaveaCS/gw28Yy/U5BYyrFkD9uq4QovshU Fbb0/hoQi/cj7GEtw3Q5AWoB2mYCfUfSKMLP9jIBoAcpG25bYgPw7xPoIFM9W66R3rBsX/R7SUjbc Q0KoDBsmJq8/TKXMUDzUgsjSnWT3s1s5aVn8YU/4Bo6Otq8aeSfCpL3TaoC2iWZB+mxb50Q4VfHDP str8JO2g==;
Received: from ([]:50728 by with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <>) id 1m98y1-001qct-Hi; Thu, 29 Jul 2021 12:33:10 -0400
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.\))
From: Joseph Touch <>
In-Reply-To: <>
Date: Thu, 29 Jul 2021 09:33:04 -0700
Cc: tirumal reddy <>, tsv-art <>,,,
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <>
To: "Joel M. Halpern" <>
X-Mailer: Apple Mail (2.3654.
X-OutGoing-Spam-Status: No, score=-0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-Get-Message-Sender-Via: authenticated_id:
X-From-Rewrite: unmodified, already matched
Archived-At: <>
Subject: Re: [Tsv-art] [Last-Call] [sfc] Tsvart last call review of draft-ietf-sfc-nsh-integrity-06
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 29 Jul 2021 16:33:16 -0000


> On Jul 29, 2021, at 8:44 AM, Joel M. Halpern <> wrote:
> "Insufficient" is not an acceptable answer from a reviewer.  it is not even an acceptable answer from an AD.

My review is commensurate with the response.

> I do understand that your review is on behalf of the TSV Area Directors.  If you are not willing to be more clear about what (within the constraints that we are NOT rewriting 8300) is going to be helpful, then we will leave it to the Transport ADs.

I did below, when I received engagement commensurate with the review I provided.

> We will not play "fetch a rock" / "no not that rock" until you are happy.

That is your decision; it is mine as to what constitutes a single sentence followup on a review that already provided much more detail than “fetch a rock”. 

Nor will I play “ignore the review and redefine the very term that defines the area providing that review”.


> Yours,
> Joel
> On 7/29/2021 11:21 AM, Joseph Touch wrote:
>> Joel,
>> I performed this review for the transport area.
>> An IETF document should never attempt to redefine the word “transport” in a single sentence and refer to an unpublished draft (even mine) to explain. It takes more than that.
>>> On Jul 29, 2021, at 8:01 AM, Joel M. Halpern <> wrote:
>>> If you want the terminology usage clarified, then what they have proposed is sufficient.
>>> If you want to change RFC 8300, this is not the place to do that.
>> Agreed, but we cannot continue to propagate the error. At a minimum, the sentence should clarify that the term is being used inconsistently with the rest of IETF as a whole and explain what it means in a stand-alone way. That either warrants a separate (even if brief) section or at least a terminology section entry.
>> Additionally, it is not feasible to review how their approach - which makes packets bigger, necessarily - without understanding how that tunneling works.
>> Joe
>>> On 7/29/2021 12:41 AM, Joe Touch wrote:
>>>> Insufficient.
>>>>> On Jul 28, 2021, at 7:09 AM, tirumal reddy <> wrote:
>>>>> Thanks Joseph for the detailed comment and explanation. We plan to add the following text to address the issue:
>>>>> Note that the term “transport encapsulation” used in this document is equivalent to the term “tunnel encapsulation” used In [ietf-intarea-tunnel].
>>>>> Cheers,
>>>>> -Tiru
>>>>> On Mon, 26 Jul 2021 at 10:34, Joseph Touch via Datatracker < <>> wrote:
>>>>>    Reviewer: Joseph Touch
>>>>>    Review result: Not Ready
>>>>>    This document has been reviewed as part of the transport area
>>>>>    review team's
>>>>>    ongoing effort to review key IETF documents. These comments were
>>>>>    written
>>>>>    primarily for the transport area directors, but are copied to the
>>>>>    document's
>>>>>    authors and WG to allow them to address any issues raised and also
>>>>>    to the IETF
>>>>>    discussion list for information.
>>>>>    When done at the time of IETF Last Call, the authors should
>>>>>    consider this
>>>>>    review as part of the last-call comments they receive. Please
>>>>>    always CC
>>>>> <> if you reply to or
>>>>>    forward this review.
>>>>>    It was very difficult to review this document for IETF transport
>>>>>    protocol
>>>>>    considerations.
>>>>>    Although "transport encapsulation" is indicated repeatedly, it is
>>>>>    never
>>>>>    referred to directly or described either in this document or its
>>>>>    citations. It
>>>>>    appears to be using this term in the sense of RFC8300, which too
>>>>>    never defines
>>>>>    it, but uses examples that are more accurately referred to in the
>>>>>    IETF as link
>>>>>    layer protocols or either network or link tunnel protocols (IP in
>>>>>    IP, GRE,
>>>>>    VXLAN, Ethernet).
>>>>>    Regardless of the fact that this confusion originates in RFC8300,
>>>>>    it needs to
>>>>>    be addressed here and corrected before this document can be
>>>>>    reviewed to
>>>>>    determine if there are any IETF transport area issues.
>>>>>    The remainder of these notes provide detail of this issue.
>>>>>    -----
>>>>>    The document refers back to RFC8300 to define the NSH itself; that
>>>>>    document
>>>>>    discusses transport issues just as vaguely (never mentioning a
>>>>>    particular
>>>>>    transport protocol), and when it discusses fragmentation, it
>>>>>    refers to section
>>>>>    9 of a document (draft-ietf-rtgwg-dt-encap-02 from 2017) that had
>>>>>    expired prior
>>>>>    to the publication of RFC8300.  Because transport fragmentation
>>>>>    is, IMO, a
>>>>>    normative issue, this should not have been permitted.
>>>>>    Further, Section 9 of that draft incorrectly recommends reliance
>>>>>    on ICMP
>>>>>    feedback to address MTU failures when not under a single
>>>>>    operator’s management.
>>>>>    That was widely known even then to be insufficient due to
>>>>>    blackholing; this had
>>>>>    motivated PLPMTUD in RFC4821 a full decade earlier. RFC8300
>>>>>    compounds this
>>>>>    error by simply asserting that the operator should ensure that
>>>>>    ICMPs are not
>>>>>    blocked, overlooking the need to address when this is not the case.
>>>>>    This document cannot ignore that issue and simply refer to RFC8300
>>>>>    on this
>>>>>    issue.
>>>>>    Note that one of the only places an actual encapsulation protocol
>>>>>    is mentioned
>>>>>    is RFC8300, in which Section 5 mentions IP and  Section 6.1 Table
>>>>>    1 describes
>>>>>    VXLAN-GPE, GRE, and Ethernet – all of which are described as
>>>>>    “transport
>>>>>    encapsulation”.
>>>>>    If, in fact, IETF transport protocols are being used, at some
>>>>>    point the use of
>>>>>    an actual IETF transport protocol should be described (e.g., TCP,
>>>>>    UDP, SCTP,
>>>>>    DCCP). At that point, the transport issues would be reviewable. As
>>>>>    the document
>>>>>    currently stands, it completely ignores such transport issues and
>>>>>    should not
>>>>>    proceed until this is addressed and re-reviewed.
>>>>>    If instead, as I suspect, the term “transport encapsulation”
>>>>>    actually refers to
>>>>>    “network layer encapsulation” or “link layer encapsulation” and
>>>>>    really implies
>>>>>    some sort of tunnel, there would be no transport area issues to
>>>>>    review unless
>>>>>    that tunnel were to include a transport protocol as part of the
>>>>>    layers of
>>>>>    encapsulation. If that is the case, the document should be revised
>>>>>    to replace
>>>>>    the term “transport” with something that more accurately describes
>>>>>    VXLAN-GPE,
>>>>>    GRE, Ethernet, and IP encapsulation using IETF terminology. Note that
>>>>>    draft-ietf-intarea-tunnels never uses the term “transport” except when
>>>>>    referring to the use of IETF transport protocols as a tunnel
>>>>>    layer, e.g. (i.e.,
>>>>>    the last sentence of Sec 8 of this doc is incorrect in implying
>>>>>    otherwise).
>>>>>    (I would also note that neither this doc nor RFC8300 define “transport
>>>>>    encapsulation” in their terminology; even if they would, they
>>>>>    should not
>>>>>    attempt to define it in a way inconsistent with widespread use in
>>>>>    the IETF).
>>>>> -- 
>>>>> last-call mailing list
>>> -- 
>>> last-call mailing list
>> _______________________________________________
>> sfc mailing list
> -- 
> last-call mailing list