Re: [Tsv-art] [sfc] [Last-Call] Tsvart last call review of draft-ietf-sfc-nsh-integrity-06

"Joel M. Halpern" <jmh@joelhalpern.com> Thu, 29 July 2021 15:44 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87EA43A0865; Thu, 29 Jul 2021 08:44:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yR9Rz-_J8IfL; Thu, 29 Jul 2021 08:44:50 -0700 (PDT)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2059A3A082E; Thu, 29 Jul 2021 08:44:45 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 4GbFG55drCz1ntsV; Thu, 29 Jul 2021 08:44:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1627573485; bh=t0IMClxLdJkMkljdNjfteoih2rPpl79RQIjvkipW/VI=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=pAwxIn9iyWl3gh5yzW0/tAlOIBOs6CzdJZPwaW13y8M5p4ek+S2T+FBLNOj9vMd4o Qenfho+Fhl2sRXMR0lY9ePv+7lANMSOeK9uFG4mlSUcmKsnsUhPzrxfnAVUQzZ8Xo1 ecmm+KbINFhiuFF/38UA1oSc8ALjPR9QVpRGTAX8=
X-Quarantine-ID: <ujB2e4JtEsxF>
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [192.168.23.64] (50-233-136-230-static.hfc.comcastbusiness.net [50.233.136.230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 4GbFG4402Gz1nsyQ; Thu, 29 Jul 2021 08:44:44 -0700 (PDT)
To: Joseph Touch <touch@strayalpha.com>
Cc: tsv-art <tsv-art@ietf.org>, draft-ietf-sfc-nsh-integrity.all@ietf.org, last-call@ietf.org, sfc@ietf.org, tirumal reddy <kondtir@gmail.com>
References: <CAFpG3gdRLTQvuoaEeRAhDUAqD3yBQ0jdBpZJzSvrJVPN-bMKTg@mail.gmail.com> <FA6B54B4-28FA-4C19-AB37-66B54B22E53E@strayalpha.com> <031a8199-7a93-afc7-37e4-7fcdb4733c60@joelhalpern.com> <45937185-139B-4948-8635-DBAAE044F797@strayalpha.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <9df24c0f-1462-037a-8d86-b55356a0ae67@joelhalpern.com>
Date: Thu, 29 Jul 2021 11:44:42 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0
MIME-Version: 1.0
In-Reply-To: <45937185-139B-4948-8635-DBAAE044F797@strayalpha.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/tY3EJOOuTnvEoojHqWWxbvIbbfI>
Subject: Re: [Tsv-art] [sfc] [Last-Call] Tsvart last call review of draft-ietf-sfc-nsh-integrity-06
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jul 2021 15:44:58 -0000

"Insufficient" is not an acceptable answer from a reviewer.  it is not 
even an acceptable answer from an AD.

I do understand that your review is on behalf of the TSV Area Directors. 
  If you are not willing to be more clear about what (within the 
constraints that we are NOT rewriting 8300) is going to be helpful, then 
we will leave it to the Transport ADs.

We will not play "fetch a rock" / "no not that rock" until you are happy.

Yours,
Joel

On 7/29/2021 11:21 AM, Joseph Touch wrote:
> Joel,
> 
> I performed this review for the transport area.
> 
> An IETF document should never attempt to redefine the word “transport” in a single sentence and refer to an unpublished draft (even mine) to explain. It takes more than that.
> 
>> On Jul 29, 2021, at 8:01 AM, Joel M. Halpern <jmh@joelhalpern.com> wrote:
>>
>> If you want the terminology usage clarified, then what they have proposed is sufficient.
>>
>> If you want to change RFC 8300, this is not the place to do that.
> 
> Agreed, but we cannot continue to propagate the error. At a minimum, the sentence should clarify that the term is being used inconsistently with the rest of IETF as a whole and explain what it means in a stand-alone way. That either warrants a separate (even if brief) section or at least a terminology section entry.
> 
> Additionally, it is not feasible to review how their approach - which makes packets bigger, necessarily - without understanding how that tunneling works.
> 
> Joe
> 
>> On 7/29/2021 12:41 AM, Joe Touch wrote:
>>> Insufficient.
>>>> On Jul 28, 2021, at 7:09 AM, tirumal reddy <kondtir@gmail.com> wrote:
>>>>
>>>> 
>>>> Thanks Joseph for the detailed comment and explanation. We plan to add the following text to address the issue:
>>>>
>>>> Note that the term “transport encapsulation” used in this document is equivalent to the term “tunnel encapsulation” used In [ietf-intarea-tunnel].
>>>>
>>>>
>>>> Cheers,
>>>>
>>>> -Tiru
>>>>
>>>>
>>>> On Mon, 26 Jul 2021 at 10:34, Joseph Touch via Datatracker <noreply@ietf.org <mailto:noreply@ietf.org>> wrote:
>>>>
>>>>     Reviewer: Joseph Touch
>>>>     Review result: Not Ready
>>>>
>>>>     This document has been reviewed as part of the transport area
>>>>     review team's
>>>>     ongoing effort to review key IETF documents. These comments were
>>>>     written
>>>>     primarily for the transport area directors, but are copied to the
>>>>     document's
>>>>     authors and WG to allow them to address any issues raised and also
>>>>     to the IETF
>>>>     discussion list for information.
>>>>
>>>>     When done at the time of IETF Last Call, the authors should
>>>>     consider this
>>>>     review as part of the last-call comments they receive. Please
>>>>     always CC
>>>>     tsv-art@ietf.org <mailto:tsv-art@ietf.org> if you reply to or
>>>>     forward this review.
>>>>
>>>>     It was very difficult to review this document for IETF transport
>>>>     protocol
>>>>     considerations.
>>>>
>>>>     Although "transport encapsulation" is indicated repeatedly, it is
>>>>     never
>>>>     referred to directly or described either in this document or its
>>>>     citations. It
>>>>     appears to be using this term in the sense of RFC8300, which too
>>>>     never defines
>>>>     it, but uses examples that are more accurately referred to in the
>>>>     IETF as link
>>>>     layer protocols or either network or link tunnel protocols (IP in
>>>>     IP, GRE,
>>>>     VXLAN, Ethernet).
>>>>
>>>>     Regardless of the fact that this confusion originates in RFC8300,
>>>>     it needs to
>>>>     be addressed here and corrected before this document can be
>>>>     reviewed to
>>>>     determine if there are any IETF transport area issues.
>>>>
>>>>     The remainder of these notes provide detail of this issue.
>>>>
>>>>     -----
>>>>
>>>>     The document refers back to RFC8300 to define the NSH itself; that
>>>>     document
>>>>     discusses transport issues just as vaguely (never mentioning a
>>>>     particular
>>>>     transport protocol), and when it discusses fragmentation, it
>>>>     refers to section
>>>>     9 of a document (draft-ietf-rtgwg-dt-encap-02 from 2017) that had
>>>>     expired prior
>>>>     to the publication of RFC8300.  Because transport fragmentation
>>>>     is, IMO, a
>>>>     normative issue, this should not have been permitted.
>>>>
>>>>     Further, Section 9 of that draft incorrectly recommends reliance
>>>>     on ICMP
>>>>     feedback to address MTU failures when not under a single
>>>>     operator’s management.
>>>>     That was widely known even then to be insufficient due to
>>>>     blackholing; this had
>>>>     motivated PLPMTUD in RFC4821 a full decade earlier. RFC8300
>>>>     compounds this
>>>>     error by simply asserting that the operator should ensure that
>>>>     ICMPs are not
>>>>     blocked, overlooking the need to address when this is not the case.
>>>>
>>>>     This document cannot ignore that issue and simply refer to RFC8300
>>>>     on this
>>>>     issue.
>>>>
>>>>     Note that one of the only places an actual encapsulation protocol
>>>>     is mentioned
>>>>     is RFC8300, in which Section 5 mentions IP and  Section 6.1 Table
>>>>     1 describes
>>>>     VXLAN-GPE, GRE, and Ethernet – all of which are described as
>>>>     “transport
>>>>     encapsulation”.
>>>>
>>>>     If, in fact, IETF transport protocols are being used, at some
>>>>     point the use of
>>>>     an actual IETF transport protocol should be described (e.g., TCP,
>>>>     UDP, SCTP,
>>>>     DCCP). At that point, the transport issues would be reviewable. As
>>>>     the document
>>>>     currently stands, it completely ignores such transport issues and
>>>>     should not
>>>>     proceed until this is addressed and re-reviewed.
>>>>
>>>>     If instead, as I suspect, the term “transport encapsulation”
>>>>     actually refers to
>>>>     “network layer encapsulation” or “link layer encapsulation” and
>>>>     really implies
>>>>     some sort of tunnel, there would be no transport area issues to
>>>>     review unless
>>>>     that tunnel were to include a transport protocol as part of the
>>>>     layers of
>>>>     encapsulation. If that is the case, the document should be revised
>>>>     to replace
>>>>     the term “transport” with something that more accurately describes
>>>>     VXLAN-GPE,
>>>>     GRE, Ethernet, and IP encapsulation using IETF terminology. Note that
>>>>     draft-ietf-intarea-tunnels never uses the term “transport” except when
>>>>     referring to the use of IETF transport protocols as a tunnel
>>>>     layer, e.g. (i.e.,
>>>>     the last sentence of Sec 8 of this doc is incorrect in implying
>>>>     otherwise).
>>>>
>>>>     (I would also note that neither this doc nor RFC8300 define “transport
>>>>     encapsulation” in their terminology; even if they would, they
>>>>     should not
>>>>     attempt to define it in a way inconsistent with widespread use in
>>>>     the IETF).
>>>>
>>>>
>>>>
>>>> -- 
>>>> last-call mailing list
>>>> last-call@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/last-call
>>
>> -- 
>> last-call mailing list
>> last-call@ietf.org
>> https://www.ietf.org/mailman/listinfo/last-call
> 
> _______________________________________________
> sfc mailing list
> sfc@ietf.org
> https://www.ietf.org/mailman/listinfo/sfc
>