Hi Ben, Thanks for your comments, and happy new year! Please see below.
On 12/30/19, 11:49 AM, "Benjamin Kaduk via Datatracker" <[email protected]> wrote: Benjamin Kaduk has entered the following ballot position for draft-ietf-lisp-gpe-12: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-lisp-gpe/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for the updates in -10 through -12 to leave nonce/versioning to additional shim headers/extensions; that does alleviate the concerns that left me balloting Abstain on the -09. I do have some (new) comments on the -12. Section 3 Conceptually, I'm thinking about this document as allocating the 'P' bit in the header and specifying its format when the P bit is set to 1; I don't expect it to be making changes to generic non-GPE LISP behavior. So it's a little surprising to see that bits 0-3 are now marked as Reserved (though that could probably be wordsmithed away, and the existing Section 2 probably sets the reader up to do the right thing already), and fairly surprising to see the following in the P-Bit description: If the P-bit is clear (0) the LISP header is bit-by-bit equivalent to the definition in [I-D.ietf-lisp-rfc6830bis] with bits N, L, E and V set to 0. Is the claim that once an implementation supports GPE, it will never use the non-shim-header versions of echo-nonce, map-versioning, etc? If not, then I don't think it's appropriate to say "with bits N, L, E, and V set to 0" here. [FM] I think you make a good point, especially that we don't want to alter the behavior of the protocol when P=0. We can re-word the document accordingly: we leave NLEV bits in the header definition, and we limit the document to specify the behavior for the case when P=1. I'm also not sure I fully understand the motivation for pulling out the Locator-Status-Bits, as that field's width is unchanged from stock 6830bis. Leaving them to a TBD shim-header does prevent the conflict with the Instance ID field, and perhaps the current usage patterns justify such a shift, so this may be more of a side note than an indication of a flaw in the document. [FM] Indeed, there isn't a strong rationale to prevent the use of LSBs with GPE. Following your suggestion of specifying GPE as "allocating the P bit in LISP" we can leave that feature available even when P=1. Section 7 LISP-GPE, as many encapsulations that use optional extensions, is subject to on-path adversaries that by manipulating the g-Bit and the packet itself can remove part of the payload. Typical integrity Is "g-Bit" supposed to be "P-Bit"? I am failing to remember what the g-Bit is, at least... [FM] yes, typo. Will fix in next rev. With LISP-GPE, issues such as data-plane spoofing, flooding, and traffic redirection may depend on the particular protocol payload encapsulated. I'd consider adding another clause, "noting that an attacker that is spoofing LISP-GPE traffic can claim to encapsulate any protocol payload type" -- the risk here is based on what types the receiver's implementation supports, not just what the legitimate sender is encapsulating. [FM] Ok, we will address this in the next rev. I'll post an updated version to reflect the comments above asap. Thanks, Fabio _______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
