Last call comments: draft-farrell-perpass-attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Sam,

I expect that a BCP document to have solutions of new/old practices.
The document has opinions but no clear reasonable solutions or
guidances for future/past/present protocols. The attacks defined are
mostly on community for long, but when got serious among some this
time then it became an issue,

Comments below


On Friday, December 13, 2013, Sam Hartman wrote:
>
>
>
> Hi.
> I strongly support the consensus statements that were the sense of the
> room at the IETF 88 technical plenary.
> I strongly support publication of a document like this, but I believe
> this document should provide more guidance before publication.

I agree
>
>
>
> We have a history of publishing vaguely worded security BCPs that are
> really hard on our area directors and chairs.  As an AD, I found
> aspects of RFC 3352, BCP 61 and RFC 4107 very challenging.
> The big questions tended to surround protocols already in progress and
> architectural re-use.
>
> Let's not do that again.

I agree, and suggest more clear guides.
>
>
> Protocols already in progress  is a fairly obvious problem.  I don't
> think we want Stephen and Sean to hold a DISCUSS on every document on
> the telechat following approval of this BCP because none of them explain
> how they mitigate pervasive monitoring.


How can ADs write this BCP without their WGs support (or going through
WG) is it not related to the security area or it is pure general area
or it is related to IESG and IAB. There was a preference in another
thread that a WG chair does not author an adopted work related to that
WG, IMHO, prefer current ADs not to author BCPs related to their Area
only if WGs support it.

>
> Stephen and Sean wouldn't do
> something that ridiculous, but I believe they and the community could
> use better guidance than "use good judgment."  I know as a document
> author, chair and former AD I sure could.


I agree that all participants need more time to do better work, why
some want to rush this through LC, will need at least 6 months or
three meetings
>
>
> my recommendation is that protocols with no significant solution work
> accepted by a WG need to address this BCP the same way new protocols
> would.  Protocols with significant solution work within a WG need to
> address this  BCP to the extent that doing so is consistent with the
> existing work antd doesn't  involve reopening decisions that would
> otherwise be closed or revisiting earlier stages in the process that
> would not otherwise be revisited.  So, if you haven't decided on your
> security mechanism yet, take this into account.  If you're working on
> security considerations but your protocol is basically done, write up
> how well you did but don't revisit things.

Yes

>
> If you're in last call, move
> on as usual.

Disagree
>
>
> The architectural re-use question is harder to explain.  Imagine you're
> desiging something new.  You could use enum-like things or some other
> directory.  It would be convenient to use DNS because similar
> technologies you care about use DNS.  If you use DNS, then people can
> more easily monitor the queries to your service.  How much do you need
> to consider pervasive monitoring in your technology choice.


I see that the document ignores applicability statement section,  and
use cases. I agree with your suggestion of explaining.

>
>  We've had
> this sort of thing come up lots with previous security BCPs; I most
> especially remember being told by PCE that they had chosen not to follow
> RFC 4107 because they wanted to be like other routing protocols and use
> TCP-AO even though it doesn't provide key management.
>
> The issue of architecture re-use is important to discuss in the
> community because it significantly affects how much impact this BCP will
> have.


I don't think the community realise the impact, because the document
ignores that also, this document can be used by IESG and ADs.

>
> If we say "use good judgment," and nothing more, then we're
> basically leaving it entirely up to the WGs,


Not only WG, but I think we will leave it also to ADs of those WG areas.

>
>  because cross-area-review
> time is really late for telling someone they need a new fundamental
> technology.  Obviously the WG will have significant impact on this, but
> I think if we provide useful guidance here it can really help.


I support more guide in the doc, and more cross area guide in this doc
which not only security area can produce.

>
> My
> personal preference is that this BCP should impact future architectural
> choices more than RFC 4107 has managed to but that architectural re-use
> is quite important.

Yes, please provide your input guides, as you mention above that you
can do better.

>
>
> A related issue is how to treat extensions to existing  protocols.
> Again we've had a lot of heart-ache from not specifying that.


This needs another new document of extensions of existing protocols
and the new doc needs to reference this doc.
>
>
> I think it is important for the community to receive guidance on these
> issues.  I think it would be fine for this BCP to delegate that
> guidance.


Disagree,

>
> I'd support a paragraph describing each issue plus a
> paragraph saying that the IESG would provide guidance if the IESG would
> be willing to do that.


I will add another important condition, which is the community or WG
requests such guide related to an issue from IESG or others ( similar
to DT job when they get request from community).

>
> Obviously that would mean we're trusting the
> IESG to make that decision; I'd be happy to do that.  I'd also be happy
> to work on guidance to be included in the BCP on these issues.


We should not forget that all IESG members are part of community, so
their advise and guide is already received at LC, so why does the
community body (i.e. the WG)leaves its decisions to others.
>
>
> I do not support the document remaining silent on these issues.


I agree and support
>
>
> Please, whatever you do, remove section 3 on the process note.
> As it stands, it reads as follows:
>
> * We're unable to find a way for the IESG and IAB to publish a document
>   together
>
> * We really wish the IESG and IAB could publish a document together bbut
>   reluctantly being unable to do that we'll settle for a community
>   consensus document.
>
> If you must say something how about:
> In the past, architectural statements of this sort have been published
> as joint  products of the IESG and IAB.  This document represents the
> community consensus of the IETF and was published in accordance with the
> processes in affect at time of publication.
>
> In particular, I think a community statement of the whole community is
> stronger than a joint IAB/IESG work product.  I'd hope that the IESG and
> IAB would support the team and say that "Hey, we're part of the
> community, and a community consensus is how we present really strong
> statements."


Yes, we all are part of the community but some bodies have different
authorities.
>
>
> The IAB also has an ISOC role beyond the IETF.  If they want to
> emphasize support in that role, they could release a statement on their
> own making that clear.  However I think it would be more powerful if the
> IAB worked with ISOC to release such a statement and was included in
> that statement.


Yes I agree only that they don't add statements involve in this document.
>
>
> I'm also still sputtering at the idea that our leadership cannot find a
> way within the current process for the IESG and IAB to publish a
> document together ifg they wanted to.  I don't think that would be
> desirable in this instance.  We've changed and there's more focus on the
> community than there was in the RFC 1984 days.  However, I hope that if
> it were the right thing to do our leadership could work together and
> publish a joint document.


This document is about attacks on the community not attacks on
leaders. The old internet leaders are responsible for the attacks the
community got these days, so let us leave now the community guide
itself for the future. A WG or DT should do more work on this
document.

>
> The current text really sounds like you
> believe you couldn't.  Let's try and be better team players than that.
>
> In response to other last call comments:
>
> I do not support the idea of taking the time to figure out how each WG
> is impacted by this document.


Why not? The attacks (pervasive monitoring) are on all the community
so all WGs may be involved or responsible.

>
>
> I understand the desire to figure out whether we have consensus that
> pervasive monitoring is a threat quickly.  If we find that we have some
> open issues to resolve like the ones I bring up, but that we have
> consensus on the basic point, we have a quick way forward.  Jari could
> announce that the consensus of the IETF 88 plenary has been confirmed on
> the list and we could move forward.


Consensus by IETF on supporting a document is different of consensus
on some points, so we need a WG or we need more time to reach the
community (6 months may be the shortest time for this LC).

>
> It's rare that the IETF acts in
> plenary, but not rare that we make consensus calls about the big points
> in documents while details are still open.


I agree we need more details on agreed points and then we need
consensus from WGs on the final document when ready before submission.
IMHO, if this document will be used by IESG then all WGs should agree
on the document.

AB





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]