Hi Brian and Jim,
The IESG reviewed draft-ietf-magma-mrdisc-03 on our most recent
telechat (2-Dec), and I have included our review comments below.
There were a few blocking issues found (the "discuss" comments from
Russ, Thomas and Alex) that will need to be addressed before the
document can be approved. These issues seem fairly straightforward
to me, so I hope that we can get them addressed quickly and get the
document approved.
There were also a few non-blocking comments that you may wish to
consider while you are editing the document to address the discuss
comments.
Please let me know if you need any further information to address these issues.
Margaret
---
Discusses and Comments
Harald Alvestrand:
Comment:
[2004-12-01] Reviewed by Mary Barnes, Gen-ART
Her review:
Draft is ready for publication as Proposed Standard.
Russ Housley:
Discuss:
[2004-11-30]
Section 6 says:
>
> Another solution which supports both IPv4 and IPv6 is to use IPSec in
> Authentication Header mode[11] to protect against attacks by ensuring
> that messages came from a system with the proper key. When using
> IPSEC, the messages sent to the All-Snoopers address should be
> authenticated using AH. For keying, a symmetric signature algorithm
> with a single key for routers sending Advertisements. This allows
> validation that the MRD message was sent by a system with the key.
> It should be noted that this does not prevent a system with the key
> from forging a message and it requires the disabling of IPSec's
> Replay Protection.
>
First, AH does not generally employ a signature algorithm. It usually
employs a symmetric authentication algorithm, such as HMAC-SHA-1.
Second, ESP can be used in environments where AH cannot. This text
should point out that ESP with a null encryption algorithm and a
symmetric authentication algorithm, such as HMAC-SHA-1, is also viable.
This is important because rfc2401bis (which just completed IETF Last
Call) requires implementation of ESP, but makes support for AH optional.
Third, something needs to be said about the manner in which the key is
put in place. It seems that manual configuration of the same key is
envisioned. Finally, please change "IPSEC" to "IPsec."
Thomas Narten:
Discuss:
[2004-12-02] Note: some of these are weak discusses, but I'd like to
at least hear
back from the WG.
3.1.1 MaxAdertisementInterval
typo
Also, for 3.1.1, is this for all advertisements, or just unsolicited
ones? I assume just the latter...
actually, the document would benefit from saying "unsolicited"
everywhere advertisement is used but unsolicited is what is intended.
3.1.5 NeighborDeadInterval
The NeighborDeadInterval variable is the maximum time (in seconds)
allowed to elapse (after receipt of the last valid Advertisement)
before a neighboring router is declared unreachable. This variable
is maintained per neighbor. In order for all devices to have a
consistent state, it is necessary for the MaxAdvertisementInterval to
be configured consistently in all devices on the subnet.
this seems like a not-so-good requirement. Wouldn't it be better to
have the advertiser indicate what interval it is using, so that
everything "just works"? This is no more work on a node since they are
required to keep per-neighbor state anyway. Actually, such info is
available (or is it? see later comment on Query Interval Field)
... Why not just make the default be roughly 3X the advertised
interval?
1. For IPv4 it is the 16-bit one's complement of the one's
complement sum of the IGMP message, starting with the Type field.
For computing the checksum, the checksum field is set to 0.
Checksum does not include any IPv4 header fields. This seems like a
bad design choice. Note that in the IPv6 case, the checksum does
include a pseudo-header. Why not be consistent?
3.2.4 Query Interval Field
How is this value used? Searching for "Query Interval Field", the
document doesn't seem to say...
3.3.4 IPv4 Protocol
The IPv4 Protocol field is set to IGMP (2).
But you don't mention the IPv6 case here. Why?
1. The expiration of the periodic advertisement interval timer.
Note that it this timer is not strictly periodic since it is a
random number between MaxAdvertisementInterval and
MinAdvertisementInterval.
this doesn't seem good. The spread between these values can be pretty
wide, I think. What you want is an average value with some randomness
to prevent syncrhonization. You don't want the value to be completely
random between (say) 3 and 180 seconds.
Bert Wijnen:
Comment:
[2004-12-02] !! Missing citation for Informative reference:
P016 L030: [14] Bradner, S., "Intellectual Property Rights in
IETF Technology",
!! Missing citation for Informative reference:
P016 L034: [15] Daigle, L. and Internet Architecture Board,
"IETF ISOC Board of
QUestion: is there a MIB doc (in development) for the management variables
listed in the subsections of sect 3?
Section "9 Authors" may be a bit confusing with the other heading
"Authors' Addresses" further down
-----------
Comment from OPSDIR (Pekka) review:
Nit:
Although MRD messages could be sent as ICMP messages, the group
management protocols were chosen since this functionality is
multicast specific.
Alex Zinin:
Discuss:
[2004-12-02] Rather minor DISCUSS:
2. Protocol Overview
...
All MRD messages are sent with an IPv4 TTL or IPv6 Hop Limit of 1 and
contain the Router Alert Option[4][5]. All MRD messages SHOULD be
Advertisement and Termination messages are sent to the All-Snoopers
multicast address.
To what rate? Same comment for other instances of rate limiting in the doc.
3.1.2 MinAdvertisementInterval
Does this section specify intervals for unsolicited Ads only or
for solicited as well?
_______________________________________________
magma mailing list
magma@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/magma
|