AD review: draft-ietf-tsvwg-rsvp-security-groupkeying-09
"David Harrington" <ietfdbh@comcast.net> Tue, 19 April 2011 21:22 UTC
Return-Path: <ietfdbh@comcast.net>
X-Original-To: tsvwg@ietfc.amsl.com
Delivered-To: tsvwg@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id E47B9E086D for <tsvwg@ietfc.amsl.com>; Tue, 19 Apr 2011 14:22:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.549
X-Spam-Level:
X-Spam-Status: No, score=-102.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zr0kW4LA+6KT for <tsvwg@ietfc.amsl.com>; Tue, 19 Apr 2011 14:22:03 -0700 (PDT)
Received: from qmta03.westchester.pa.mail.comcast.net (qmta03.westchester.pa.mail.comcast.net [76.96.62.32]) by ietfc.amsl.com (Postfix) with ESMTP id 89741E08B2 for <tsvwg@ietf.org>; Tue, 19 Apr 2011 14:22:01 -0700 (PDT)
Received: from omta01.westchester.pa.mail.comcast.net ([76.96.62.11]) by qmta03.westchester.pa.mail.comcast.net with comcast id ZZK71g0050EZKEL53ZN18S; Tue, 19 Apr 2011 21:22:01 +0000
Received: from davidPC ([67.189.235.106]) by omta01.westchester.pa.mail.comcast.net with comcast id ZZN01g0152JQnJT3MZN1Ln; Tue, 19 Apr 2011 21:22:01 +0000
From: David Harrington <ietfdbh@comcast.net>
To: tsvwg@ietf.org, draft-ietf-tsvwg-rsvp-security-groupkeying@tools.ietf.org
Subject: AD review: draft-ietf-tsvwg-rsvp-security-groupkeying-09
Date: Tue, 19 Apr 2011 17:21:50 -0400
Message-ID: <C6268D671DD04FA7BDADBA8212CACB88@davidPC>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MIMEOLE: Produced By Microsoft MimeOLE V6.1.7600.16776
Thread-index: Acv+18wptvljEK1ITqGvJbPzSX0YDQ==
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Apr 2011 21:22:05 -0000
Hi, I have performed an AD review of this document. Overall, I found the content of this document well written, but have a few concerns. I believe these should be fairly easy to resolve. -- Technical and Process concerns: 1) section 2 last paragraph "... the RSVP router that receives the Path message will be able to authenticate it successfully using the group key." It is important to be consistent in specifying what is being authenticated. Here "it" appears to refer to a message. Earlier text in section 2 says "If a group key is used, the authentication granularity becomes group membership of devices, not (individual) peer authentication between devices", which seems to indicate a device (or peer) is being authenticated (or a group of devices). 2) I am concerned with the number of "should" and "should not" recommendations, using non-RFC2119 keywords in an Informational document. This feels like you are trying to define a standard or BCP without using the standards track process. I think the usage of "should" should be eliminated from an Informational document. 3) Has the WG explicitly discussed acceptability of the IPR terms related to this document? The RAND terms apply for compliance to the standard, but this is not being submitted as a standards-track document. As noted in 2), there are a number of shoulds in this Informational document. The terms in the IPR declaration do not seem to provide non-assert status for implementing an Informational document. Has the WG discussed this? Comments (mainly suggestions for improving the text): 1) The text is made much harder to read because there are a bunch of unnecesary lead-in phrases. You do not need a lead-in phrase for most sentences. Sentences that start with "Note that" generally don't need the "Note that". Sentences that start with "This implies that" generally don't need the "This implies that". Sentences that start with "We observe that" generally don't need the "We observe that". Sentences that start with "As observed in the security considerations section of RFCXXXX," generally don't need the introductory lead-in, just a simple reference after the stated content. These superfluous phrases obscure the real content of the text. 2) [I-D.weis-gdoi-mac-tek] is referenced informationally. I generally prefer to avoid referencing IDs; they are an unstable thing to reference, and can delay document publication. 3) The next-to-last paragraph of section2 (starting with "This means that") could benefit from rephrasing. The first sentence seems to belong to the preceding paragraph (the challenge), while the rest of this paragraph is about the impact of handshakes. I think the paragraph could be more succinct: OLD: Section 4.3 of [RFC2747] states that "... the receiver MAY initiate an integrity handshake with the sender." We note that if this handshake is taking place, it can be used to determine the identity of the next RSVP hop. In this case, non-RSVP hops can be traversed also using per interface or per neighbor keys. NEW: Section 4.3 of [RFC2747] states that "... the receiver MAY initiate an integrity handshake with the sender." Non-RSVP hops can be traversed more easily using per interface or per neighbor keys if an integrity handshake is used to determine the identity of the next RSVP hop. (The ease is impacted; are the security properties impacted at all?) 4) section 3.1 defines "security domain". I think the definition is not clear and unambiguous. I think if you are going to define a term, it should not be buried in the fourth sentence of a paragraph. Put it in a terminology section, and make sure it is clear and unambiguous. If the term is already clearly defined in another document, please reference the normative document. 5) please ask the RFC editor whether they would prefer that "per interface" and "per neighbor" be hyphenated. 6) "per interface" should be "Per interface" when it starts a sentence. 7) please run id-nits and correct the problems it finds. I ran it and it complains about copyright year, lack of an RFC2119 reference, and the IPR disclaimer. Some complaints are caused by crossing a year-end during processing and are easy fixes. 8) I found section 3.1 a bit confusing on first read. The problem is the repetition using different words: "However, when the interface is multipoint, all RSVP speakers on a given subnet have to share the same key in this model. This makes it unsuitable for deployment scenarios where nodes from different security domains are present on a subnet" and "As mentioned above, per interface keys are only applicable when all the nodes reachable on the specific interface belong to the same security domain." and "Again, interface level keys can be deployed safely only when all the reachable neighbors on the interface belong to the same security domain." What happens if interpretatiosn of the wording differ because your wording differs? State it once clearly, so you don't have to keep repeating it in different language. 9) s/We observe that, alternatively, in some environments, // 10) The sentence starting "Group keying may allow" might be better as the start of the next paragraph. 11) section 5.2 OLD: In its Security Considerations section, [RFC4875] points out that RSVP message integrity mechanisms for hop- by-hop RSVP signaling apply to the hop-by-hop P2MP RSVP-TE signaling. Suggested: RSVP message integrity mechanisms for hop- by-hop RSVP signaling apply to the hop-by-hop P2MP RSVP-TE signaling (see [RFC4875] Security Considerations). 12) s/In turn, we observe that the analyses in this document of keying methods apply equally to P2MP RSVP-TE for the hop-by-hop signaling. /analyses in this document apply to P2MP RSVP-TE hop-by-hop signaling./ But after cutting away the excess words, does this sentence actually say anything? Is it the analyses in this document that apply to P2MP signalling, or is it the RSVP integrity mechanism that applies? Or are you saying that the analysis of keying methods for RSVP apply to the keying for P2MP signalling? 13) "We note that the observation in Section 3.1 of this document about use of group keying for protection of non-hop-by-hop messages apply to protection of non-hop-by-hop signaling for LSP Hierarchy and P2MP RSVP- TE." What does this sentence actually say? Please be clear and unambiguous in your wording. Let me see if I can understand what you are trying to say here. a) section 3.1 discusses per-interface and per-neighbor keying, not group keying. and doesn't even mention non-hop-by-hop messages. b) If I assume you meant 3.2, not 3.1, then I find that 3.2 says "As discussed in Section 2, group keying can be used in the presence of non-RSVP hops." So to understand 5.2, I should read 3.2, which says I should read section 2. and the message is ... "group keying can simplify protection of non-hop-by-hop signaling for LSP Hierarchy and P2MP RSVP- TE." Is that what you are trying to say? 14) please expand all acronyms on first usage. David Harrington Director, IETF Transport Area ietfdbh@comcast.net (preferred for ietf) dbharrington@huaweisymantec.com +1 603 828 1401 (cell)
- AD review: draft-ietf-tsvwg-rsvp-security-groupke… David Harrington
- Re: AD review: draft-ietf-tsvwg-rsvp-security-gro… Michael Behringer