Ballot for draft-ietf-core-groupcomm-bis
Yes
No Objection
Note: This ballot was opened for revision 15 and is now closed.
Hi Esko & Marco, Many thanks for the effort put into this specification. The document is well-written. I enjoyed reading it. I appreciate the thoughts and effort to identify and articulate the configuration model and deployment considerations. Please find some comments (ordered following the spec flow), fwiw. Feel free to grab whatever useful. # Implementation frozen in an RFC CURRENT: Notable CoAP implementations that support group communication include "Eclipse Californium" [Californium], "Go-CoAP" [Go-CoAP] as well as "libcoap" [libcoap]. This might be too late but following the guidance in rfc7942 would be appropriate. Another option is to consider adding related_implementation tag rather than having those frozen in an RFC? # Alternate solutions CURRENT: One example is Publish-Subscribe [I-D.ietf-core-coap-pubsub] which uses a central broker server that CoAP clients access via unicast communication. These alternative methods may be usable for the same or similar use cases as the ones targeted in this document. Are there any guidance where the use of group communication is more appropriate than these alternative mechanisms? # ASM-only CURRENT: Only the Any Source Multicast (ASM) mode [RFC5110] of IP multicast operation is in scope. I naively thought that having an SSM-like mode would be more appropriate if we want to better control who issue the requests. For example, a controller will behave as a CoAP client in such case. # Demux for Multiple groups CURRENT: A node may be a member of multiple CoAP groups, by hosting multiple CoAP server endpoints on different UDP ports. Why not considering distinct addresses (typically, IPv4 and IPv6) as another way to support that? what is that restricted to port numbers only? # Deployment assumptions CURRENT: There can be a many-to-many relationship between security groups and CoAP groups, but often it is one-to-one. Also, there can be a many- ^^^^^^^^^ to-many relationship between security groups and application groups, but often it is one-to-one. Such relationships are discussed in more ^^^^^^^^^ detail in Section 2.1.4. The “often” part may not be stand (in the future, all cases) as this is deployment-specific. Maybe better to focus on protocol implications to support such schemes. I wonder whether we can translate this into an operational consideration such as a controllers/managers should be able to associate multiple groups and avoid restriction by design. Also, endpoints should be able to support such configuration. # Preference CURRENT: In this case, a CoAP client can join just one of the security groups, based on what it supports and prefers, while a CoAP server in the application group would rather have to join all of them. Is this a local decision or inferred from a local policy? Can we translate this into an operational consideration for this matter? # Access Policies CURRENT: In particular, it is NOT RECOMMENDED to use different security groups to reflect different access policies for resources in the same application group. IMO, there is nothing broken if that recommendation is not followed for other reasons (e.g., isolation, ease troubleshooting). That is up to a local deployment. The key message here should be that security groups are not meant to enforce access policies; these are enforced using other means. # UML CURRENT: Figure 1 summarizes the relationships between the different types of groups described above in Unified Modeling Language (UML) class diagram notation. Consider adding a reference for UML. # Figure 1 From a deployment perspective, which entity has to maintain this view depicted in Figure 1? # Conflicting actions CURRENT: These clients may be temperature/humidity sensors that report measurements periodically to all HVAC devices (Srv5, Srv6) in the Application Group 3, using for example /resC to report temperature and /resD to report humidity. When an endpoint belongs to multiple application groups, but conflict actions are being requested for each appl, how is that handled but an endpoint? # dual-stack CURRENT: The host subcomponent indirectly defines the IP multicast address of the CoAP group, in case the host consists of a hostname: resolving the hostname to an IP address in this case produces the IP multicast address. How this is supposed to work for dual stack hosts? I guess two groups should be defined in such case? but.. CURRENT: For example, if the two hostnames group1.example and group1.alias.example both resolve to the IP multicast address [ff15::1234], then the following authority components are all names for the same CoAP group. This may resolved to an IPv4/IPv6 multicast address. From IP multicast perspective, these are distinct groups, but this text seems to says that these should be handled as single one. # Non-default port numbers CURRENT: Also note that, when using the "coap" scheme, the two authority components <HOST> and <HOST>:5683 both identify the same CoAP group, whose members listen to the CoAP default port number 5683. Do we allow to configure a distinct port number other than the default one? # Dependency on DNS CURRENT: When configuring a CoAP group membership, it is recommended to configure an endpoint with an IP multicast address literal, instead of a group hostname. This is because an infrastructure providing a name resolution service, such as DNS, may not be deployed in many constrained networks. The first point is reasonable, as a generic statement. However, for the second sentence, wouldn’t this be known to the entity that will deploy the service? # Multiple channels CURRENT: An application group name can be explicitly encoded in a group URI. Specifically, it can be encoded within one of the following URI components: Should this discuss the case where the info is provided in several channels (may be a side effect of various configuring entities), which one takes priority? At least the text can say this is not recommended? # Not encoded or encoded? CURRENT: Finally, it is also possible to not encode the application group name in the CoAP request, yielding the most compact representation on the wire. I guess you ment “encode”? # authorization request CURRENT: * A CoAP endpoint may have to request an authorization to join a specific security group through the respective Group Manager, Can we provide examples how to do that? # Infer nosec mode from the name CURRENT: Indications that endpoints can use the NoSec mode MUST NOT rely on setting up and advertising a pseudo security group with name "NoSec" or any of its lowercase/ uppercase combinations. I would generalize and say that the (no)security mode MUST NOT be inferred from the name (and then provide nosec and its variation as an example). # Configuration scope CURRENT: The configuring entity can be, for example, a local application with pre-configuration, a user, a software developer, a cloud service, or a local commissioning tool. This seems to assume that the configuration origin may be any. There are deployment implications of such model. If the configuration is done by an entity distinct from the one that deploys, then there might be configuration conflicts and even potential of stale configuration. # Remind IPv4 address as well CURRENT: For IPv6 CoAP groups, common multicast address ranges from which group addresses can be taken are ff1x::/16 and ff3x::/16. I would also remind the IPv4 multicast address. # Various configuring entities CURRENT: To create a security group, a configuring entity defines an initial subset of the related security material. Do we assume that it is the same entity that configures/control all the various app/sec/etc. groups? # Lack of mechanism to retrieve actual configuration CURRENT: The configuration of groups and membership may be performed at different moments in the life-cycle of a device. For example, it can occur during product (software) creation, in the factory, at a reseller, on-site during first deployment, or on-site during a system reconfiguration operation. Given that configuration may done by various entities (including even a software dev as mentioned previously), there are some implication on upgrading/maintaining the functionality in a given network. Support of means to control/retrieve embedded configuration, flushing it out, and also help with troubleshooting. This feature is important for operations. # GET access control CURRENT: As discussed below, such a GET request may be sent to the IP multicast address of an already known CoAP group associated with one or more application groups; or to the "All CoAP Nodes" multicast address (see Section 12.8 of [RFC7252]), thus targeting all reachable CoAP servers in any CoAP group. Also, the GET request may specify a query component, in order to filter the application groups of interest. Does this means that every node can discover what is available in a network? Shouldn’t some filtering be in place? Doesn’t this help to detect which applications to target by a misbehaving node? # This is not a new behavior OLD: All CoAP requests that are sent via IP multicast MUST be Non- confirmable (NON), see Section 8.1 of [RFC7252]. NEW: All CoAP requests that are sent via IP multicast must be Non- confirmable (NON), see Section 8.1 of [RFC7252]. This is redundant with RFC7252. # Application context CURRENT: This document adds the requirement that a server SHOULD suppress the response in case of error or in case there is nothing useful to respond, unless the application related to a ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ particular resource requires such a response to be made for that^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ resource. How is this technically characterized? Is this managed by a policy? # Urgent? CURRENT: Therefore, it is more urgent to have a strategy in place for handling the loss of group requests than the loss of unicast responses. What is the purpose of this text? # Tokens CURRENT: The CoAP client then sends this group request using a different Message ID (and the same or a different Token value), in which case all servers that received the initial To what extent the use of same token is conflicting with RFC7252: The client SHOULD generate tokens in such a way that tokens currently in use for a given source/destination endpoint pair are unique. # Delivery of responses CURRENT: Due to UDP level multiplexing, the UDP destination port number of the response MUST match to the client endpoint's UDP port number, i.e., to the UDP source port number of the client's request. In doing so, this response will traverse on-path devices with EIM/EIF (rfc4787). The response may be filtered if more restrictive filtering is in place (EDF). # Implementable? CURRENT: How the client in the case above determines the CoAP servers that are currently members of the CoAP group is out of scope for this document. How can the feature discussed in this section be implemented if we don’t have a way to implement it? I expected some more explicit behavior to be specified here as this is targeting STD tracks. # dst port number CURRENT: the same port number is used as the destination port number for requests across all CoAP servers that are members of a CoAP group and across all CoAP clients sending group requests to that group. I guess we meant the dst port nb of multicast request (not dst of responses from servers). I would make this clearer. # Tracking requests CURRENT: As a result, each server accepts only the first copy of the group request received from one of the proxies, while discarding as replay any later copies received from any other proxy. This requires some tracking, which is needed anyway to store the required info to forward a response back. I guess that tracking should be maintained for a minimum period that would accommodate any reordering/delay in the network. # TCP, TLS, and WebSockets This is more describing approaches to support this, but does not specify an exact behavior. This can be better fit in an appendix, IMO. # Other Transports I’m not sure whether all will be applicable. Better to declare those out of scope. # No NoSec again CURRENT: Indications that endpoints can use the NoSec mode MUST NOT rely on setting up and advertising a pseudo security group with name "NoSec" or any of its lowercase/uppercase combinations. This reco is already stated in 2.2.1.3 Cheers, Med
# Andy Newton, ART AD, comments for draft-ietf-core-groupcomm-bis-15 CC @anewton1998 * line numbers: - https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-core-groupcomm-bis-15.txt&submitcheck=True * comment syntax: - https://github.com/mnot/ietf-comments/blob/main/format.md * "Handling Ballot Positions": - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/ Many thanks to Claudio Allocchia for the ARTART review. I have no objections on this document.
Thanks for the work done in this document and for addressing the blocking DISCUSS points of my previous ballot [1] and the issues raised by Brian Haberman in his int-dir review [2]. The I-D is now much cleaner wrt to multicast. Regards -éric [1] https://mailarchive.ietf.org/arch/msg/core/N0x5gyVLzepZA_aTdsXZcYJyGyY/ [2] https://datatracker.ietf.org/doc/review-ietf-core-groupcomm-bis-15-intdir-telechat-haberman-2025-10-14/
Thank you for preparing this document on multicast transport. This is a topic I have worked with over many years, and I know this touches on a wide range of issues and trade-offs. Thank you also for the changes in -17 that address my other topics. Please consider the following comments for draft-ietf-core-groupcomm-bis: Thank you for the TSV-ART review by Magnus, it raised many issues that were important to me as a WIT AD. I see the document was revised following this (rev -14), some of my comments below relate also to these topics as seen in rev -14. Section 2.2.2 / For unsecure group communication using the NoSec mode (see Section 4), there is no security material to be provided, hence there is no security group for CoAP endpoints to participate in./ - For me, this text is not well constructed, because I earlier understood that NoSec mode was only permitted under very specific uses and I'd expected this to be clear here also and for the avoidance of any doubt I'd expect this also to be clear in the introduction to section 4. --- /This task MAY be entrusted to a dedicated administrator, that interacts with a Group Manager as defined in Section 5./ - Is this really an interoperability requirement, could the /MAY/ be a /may/? --- These commenst mostly relate to editorial NiTs, I've suggested some proposed text, but you my find other text, if you wish to clarify please do: /Then, Group configuration/ - Why capital "G" here, could this be "group"? --- /In fact, being a member of a security group actually grants/ - I didn't understand why this is written this way, would it be the same as something like: /Being a member of a security group grants/ --- Section 2.2.1.1. I see the text refers to the IPv6 prefix: ff15 - I think this is intended to be a a temporary site-local multicast address, if so please state this also in the text, rather than allowing any possibly for a reader to think this is a special reserved prefix. --- Section 2.2.1.2. This text mentions ff35:30:2001:db8:f1:0:8000:1 which seems like it may be an example of a site-local scope multicast address, please state this also in the text. --- I see this text: /For IPv6 CoAP groups, common multicast address ranges from which group addresses can be taken are ff1x::/16 and ff3x::/16./ - This does not clearly point to the address allocation and its specified use. Please explain the scope and refer to the IANA registry entry. ---- At various places, the word "effective" is used to describe the impact of an attack. Whilst it is true an attack would have an "effect", I don't think this word is the best, and I could suggest: /more effective/ is replaced by /makes this more vulnerable/ or something equivalent that indicates this is a problem not a goal. --- /the attack may/the attack could/ - only to avoid potential mis-reading. --- Section 3.1.3 makes a general statement I think is wrong: /Group requests sent over IP multicast generally have much higher loss rates than messages sent over unicast, particularly in constrained networks./ - I can see that loss ratios can be higher for multicast when sent over a different link with a different property, but in the general Internet this is not so. I suggest: /Group requests sent over IP multicast can have much higher loss rates than messages sent over unicast, particularly when using a constrained network./ --- /This document updates [RFC7252] by allowing a group request to contain ETag Options as specified below./ - please refer to section number where the update is to be applied in RFC 7252. --- /the CoAP default UDP port number 5683/ - OK, but please insert a reference to the IANA allocation registry. --- /One way to create multiple CoAP groups is using different UDP ports with the same IP multicast address, .../ - True, but it seems like this should probably be prefaced by something like: /When COAP groups are created with unique IP multicast addresses the receivers of these messages can utilise multicast filters to extract the messages of interest./ - and then make the directly above sentence in the text start as: /Another way..." --- /The port number 5684/ - OK, but please insert a reference to the IANA allocation registry. --- /For a CoAP server node that supports resource discovery as defined in Section 2.4 of [RFC7252], the default port number 5683 MUST be supported / - I don't know what "supported" means in this context - must the receiver process packets received on this port; or only if configure, or what? (please change supported to some explanation). --- /If this happens, the reverse-proxy MUST / - appears in a separate paragraph to the description. I think it would be better for the sentence to state what /this/ is, i.e. if a client re-uses a Token value, or something similar. - Consider also making this one paragraph to clearly link the description with the requirement. --- / For the operation of HTTP-to-CoAP reverse proxies, see the last two paragraphs of Section 3.5.1, which apply also to the case of reverse- proxies./ - Would this be clearer rewritten, e.g.: / The last two paragraphs of Section 3.5.1, also apply for the operation of HTTP-to-CoAP reverse proxies./ --- /CoAP group requests may result in a multitude of responses from/ - To avoid doubt, can this be rewritten as something like: /CoAP group requests could result in a multitude of responses from/ --- /Multicast usage of Block1 is non-trivial due to potential message loss (leading to missing blocks or missing confirmations), and potential diverging block size preferences of different members of the CoAP group./ - I agree, but would also strongly encourage that you add another consideration: that retransmission needs to conform to the congestion control requirements stated in section XX of this document. --- /the default port number 5683 MUST be supported as per Sections 7.1 and 12.8 of [RFC7252] / - as before, please expand upon the word /supported/, does this mean messages received and processed? (Also the same comment to explain the meaning of support in 3.9.3) --- /A suitable cross-proxy can be set up, such that it receives a unicast CoAP group request over TCP/TLS/WebSockets, and then forwards the request to the servers in the group over UDP/IP multicast / - OK, but please explicitly state that any multicast transmission MUST respect the requirements stated in this document. --- Section 4: Please consider moving the text within the first few paras. I'd hoped the requirement: /It is NOT RECOMMENDED to use CoAP group communication in NoSec mode./ at the start of section 4 followed by the next para an explanation why, so that this is made this very clear. --- Plase consider whether you can creat a separate section title: "Operational Considerations" to alert the operator community to relevant content (no need for extra content, just restructuring to make this more obvious). - If you do this, I'd encourage you to move the subsections 6.6, 6.7 and 6.8 to this new section. --- I assume all appendices are Informative - but this is not stated, please add a sentence to state this. ---
Thank you for providing context and considerations about this DISCUSS. I'll clear the DISCUSS and will let you decide how to best document the relevant aspects in the document. https://mailarchive.ietf.org/arch/msg/core/KG1PXIc9bqW6lJ7HWkDj9tBEBmc/
Thanks to the authors and WG for their work on this document. Also thanks to the authors for the updated version to address my comments and clear the previous DISCUSS position.
Thank you to Roni Even for the GENART review. Thanks for addressing my DISCUSS feedback.
# Internet AD comments for draft-ietf-core-groupcomm-bis-15 CC @ekline * comment syntax: - https://github.com/mnot/ietf-comments/blob/main/format.md * "Handling Ballot Positions": - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/ ## Comments * I tried to use this URL to jumpstart reviewing the deltas: https://author-tools.ietf.org/iddiff?url1=rfc7390&url2=draft-ietf-core-groupcomm-bis-15&difftype=--html It's not the easiest to read. It might be nice to bear in mind this kind of a review when preparing future -bis documents. ### S2.2.1.1, S3.1.1, S3.4, etc * It might be worth noting that draft-ietf-intarea-multicast-application-port may support/impact some of these statements about UDP port use.
While I have no items to add to the discussion myself, I am very interested to see the other DISCUSS points resolved.