Flow Identity Extension for HTTP-Enabled Location Delivery (HELD)
draft-ietf-geopriv-flow-identity-02

[Ballot comment]
My original Discuss read...

> This is borderline for me, but I am trying to understand how an
> existing deployed implementation of RFC 6155 handles the case
> that a protocol element it is using has been deprecated.  More
> importantly, how a new implementation handles receipt of a
> now-illegal protocol element.
>
> I understand that the change is "before, we said you could do this,
> but we have discovered that you can't get it through some NATs,
> so don't." But it seems to me that the problem is not with all NATs,
> and anyway, not all circumstances inevitably involve the presence
> of a NAT. So surely there will be some deployments using the
> deprecated feature that are operating just fine and will find this
> deprecation at least inconvenient.
>
> You can probably resolve this by adding a short section on
> backwards compaitiblity noting:
> - that deprecation means that new implementation MUST NOT,
>    but that existing implementations MAY continue
> - that new implementations SHOULD continue to receive and
>    process

Robert has explained to me that the problem being fixed is basically one that the entired deployed codebase has found and avoided. Therefore there is no risk of backward compatibility issues.
That's enough for me to clear my Discuss, but maybe the issue could be addressed with a couple of lines of text, so I'll leave this Comment in place.

[Ballot comment]
My original Discuss read...

> This is borderline for me, but I am trying to understand how an existing
> deployed implementation of RFC 6155 handles the case that a protocol
> element it is using has been deprecated.  More importantly, how a new
> implementation handles receipt of a now-illegal protocol element.
>
> I understand that the change is "before, we said you could do this, but
> we have discovered that you can't get it through some NATs, so don't."
> but it seems to me that the problem is not with all NATs, and anyway,
> not all circumstances inevitably involve the presence of a NAT. So
> surely there will be some deployments using the deprecated feature that
> are operating just fine and will find this deprecation at least
> inconvenient.
>
> You can probably resolve this by adding a short section on backwards
> compaitiblity noting:
> - that deprecation means that new implementation MUST NOT, but that
>  existing implementations MAY continue
> - that new implementations SHOULD continue to receive and process

Robert has explained to me that the problem being fixed is basically one that the entired deployed codebase has found and avoided. Therefore there is no risk of backward compatibility issues.
That's enough for me to clear my Discuss, but maybe the issue could be addressed with a couple of lines of text, so I'll leave this Comment in place.

[Ballot comment]

- The RFC editor note on the privacy considerations is
good, thanks.

- I had a security discuss on this draft but Robert convinced
me there was no problem so I'll record it here as a comment.
The potential problem would be if a bad actor could ask
about flows and received "no information" for non-existent
flows but "unauthorized" when the bad actor stumbled
onto an existing flow. Robert told me that in that case the
bad actor will get "unauthorized" all the time so its not
a problem.

- general: how (if at all) would this be affected by shared
address space?  (I ask since you say this is motivated by
CGNs.)

- section 3: Interesting that the example on p5 looks like its
not something from which you could (by itself) determine a
specific location. Where does it explain how you could
determine a location based on that info?

- section 3: I was confused on 1st reading by the last para
here - I thought you were saying that the src/dst elements
from the example were attributes, might be worth saying that
src is both an element name and an attribute value or
something.

- 4: The "layer3" attribute just seems broken since it assumes
both ends of the flow are using the same address family and
they might not.

- 4: I guess the layer4 attribute might be broken by an ALG.
I'm also not sure how tcp or udp will really help there.

- 4: What'd you put in layer4 if using e.g. SCTP/UDP? Don't
you need to say?

- 4: I don't get what it might mean if I put in number for a
port that's usable with either tcp or udp, e.g. 53.  Its just
hard to believe there are no tricky combinations based on use
of port numbers that'd need explaining.

I've gotta say: given the above comments, and that this is
deprecating a feature from a pretty recent (2011) but
presumably now known-faulty RFC, and that there are no known
implementations (inferred from the write-up), and that this'll
be referenced from other "national" specs, I'd be quite
nervous that this isn't fully baked and might have to be fixed
yet again after someone does write code and try it out.

[Ballot discuss]
This is borderline for me, but I am trying to understand how an existing
deployed implementation of RFC 6155 handles the case that a protocol
element it is using has been deprecated.  More importantly, how a new
implementation handles receipt of a now-illegal protocol element.

I understand that the change is "before, we said you could do this, but
we have discovered that you can't get it through some NATs, so don't."
but it seems to me that the problem is not with all NATs, and anyway,
not all circumstances inevitably involve the presence of a NAT. So
surely there will be some deployments using the deprecated feature that
are operating just fine and will find this deprecation at least
inconvenient.

You can probably resolve this by adding a short section on backwards
compaitiblity noting:
- that deprecation means that new implementation MUST NOT, but that
  existing implementations MAY continue
- that new implementations SHOULD continue to receive and process

[Ballot discuss]

I had a chat with Robert where he conviced me I was mistaken
about some of this.

(1) Can we add the following (or similar) to section 6:

"This specification assumes that the LIS already has access
to the internal state of e.g. a NAT and so can usefully
map the flow information to locations. If the LIS did not
have access to that internal state then sending the flow
information to the LIS would represent an additional
privacy exposure for the client."

(2) cleared, now a comment

[Ballot comment]

- I had a security discuss on this draft but Robert convinced
me there was no problem so I'll record it here as a comment.
The potential problem would be if a bad actor could ask
about flows and received "no information" for non-existent
flows but "unauthorized" when the bad actor stumbled
onto an existing flow. Robert told me that in that case the
bad actor will get "unauthorized" all the time so its not
a problem.

- general: how (if at all) would this be affected by shared
address space?  (I ask since you say this is motivated by
CGNs.)

- section 3: Interesting that the example on p5 looks like its
not something from which you could (by itself) determine a
specific location. Where does it explain how you could
determine a location based on that info?

- section 3: I was confused on 1st reading by the last para
here - I thought you were saying that the src/dst elements
from the example were attributes, might be worth saying that
src is both an element name and an attribute value or
something.

- 4: The "layer3" attribute just seems broken since it assumes
both ends of the flow are using the same address family and
they might not.

- 4: I guess the layer4 attribute might be broken by an ALG.
I'm also not sure how tcp or udp will really help there.

- 4: What'd you put in layer4 if using e.g. SCTP/UDP? Don't
you need to say?

- 4: I don't get what it might mean if I put in number for a
port that's usable with either tcp or udp, e.g. 53.  Its just
hard to believe there are no tricky combinations based on use
of port numbers that'd need explaining.

I've gotta say: given the above comments, and that this is
deprecating a feature from a pretty recent (2011) but
presumably now known-faulty RFC, and that there are no known
implementations (inferred from the write-up), and that this'll
be referenced from other "national" specs, I'd be quite
nervous that this isn't fully baked and might have to be fixed
yet again after someone does write code and try it out.

[Ballot comment]
Anti-support for Stephen's DISCUSS: As I see it, this is asking for exactly the same information, for exactly the same entity, as specified in 6155.  It's just passing more information in the request in order to deal with certain NAT situations, but this isn't allowing it to get information it shouldn't be getting.  It seems to me that 6155 already has this covered.

IESG/Authors/WG Chairs:

IANA has reviewed draft-ietf-geopriv-flow-identity-01.  Authors should review the comments and/or questions below.  Please report any inaccuracies and respond to any questions as soon as possible.

We understand that, upon approval of this document, there are two actions
which IANA must complete.

First, in the namespaces registry of the IANA XML documents registry
located at:

http://www.iana.org/assignments/xml-registry/ns.html

a new namespace will be registered as follows:

ID: geopriv:held:flow
URI: urn:ietf:params:xml:ns:geopriv:held:flow
Registration template: [ As provided in Section 5.1 of the current document ]
Reference: [ RFC-to-be ]

Second, in the schema registry of the IANA XML documents registry
located at:

http://www.iana.org/assignments/xml-registry/schema.html

ID: geopriv:held:flow
URI: urn:ietf:params:xml:ns:geopriv:held:flow
Filename:geopriv:held:flow
Reference: [ RFC-to-be ]

We understand these two actions to be the only ones required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed
until the document has been approved for publication as an RFC.
This message is only to confirm what actions will be performed.

[Ballot discuss]

(1) I don't buy that there are no new privacy considerations.
6155's privacy considerations are mostly about targets asking
about their own location, but asking about yourself seems to
be irrelevant for this draft - why would a target ask for its
own location based on a flow with some other host?  6155, 4.2
does seem relevant, but I would think ought be repeated or
expanded upon here.  This draft also exposes that a flow is
occurring and between which hosts and (implicitly) when, which
seems like new and sensitive information compared to 6155.

(2) I don't buy that there are no new security considerations.
What if I ask about a src/dst pair neither of which is me?
What if I get a different (esp. negative) answer based on
whether or not the flow concerned actually exists at the
moment or not?  Doesn't that seem new compared to 6155? It
does to me.

[Ballot comment]

- general: how (if at all) would this be affected by shared
address space?  (I ask since you say this is motivated by
CGNs.)

- section 3: Interesting that the example on p5 looks like its
not something from which you could (by itself) determine a
specific location. Where does it explain how you could
determine a location based on that info?

- section 3: I was confused on 1st reading by the last para
here - I thought you were saying that the src/dst elements
from the example were attributes, might be worth saying that
src is both an element name and an attribute value or
something.

- 4: The "layer3" attribute just seems broken since it assumes
both ends of the flow are using the same address family and
they might not.

- 4: I guess the layer4 attribute might be broken by an ALG.
I'm also not sure how tcp or udp will really help there.

- 4: What'd you put in layer4 if using e.g. SCTP/UDP? Don't
you need to say?

- 4: I don't get what it might mean if I put in number for a
port that's usable with either tcp or udp, e.g. 53.  Its just
hard to believe there are no tricky combinations based on use
of port numbers that'd need explaining.

I've gotta say: given the above comments, and that this is
deprecating a feature from a pretty recent (2011) but
presumably now known-faulty RFC, and that there are no known
implementations (inferred from the write-up), and that this'll
be referenced from other "national" specs, I'd be quite
nervous that this isn't fully baked and might have to be fixed
yet again after someone does write code and try it out.

The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Subject: Last Call:  (Flow Identity Extension for HELD) to Proposed Standard


The IESG has received a request from the Geographic Location/Privacy WG
(geopriv) to consider the following document:
- 'Flow Identity Extension for HELD'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2013-02-27. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  RFC 6155 specifies an extension for the HTTP-Enabled Location
  Delivery (HELD) Protocol allowing the use of an IP address and port
  number to request a Device location based on an individual packet
  flow.

  However, certain kinds of NAT require that identifiers for both ends
  of the packet flow must be specified in order to unambiguously
  satisfy the location request.

  This document specifies an XML Schema and URN Sub-Namespace for a
  Flow Identity Extension for HELD to support this requirement.

  This document updates RFC 6155 by deprecating the port number
  elements specified therein.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-geopriv-flow-identity/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-geopriv-flow-identity/ballot/


No IPR declarations have been submitted directly on this I-D.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header?

The RFC is being requested as Proposed Standard, and the title page lists it as Standards Track. This is the the proper classification because it is an update to a Standards Track RFC, 6155.

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:

Technical Summary:

This document specifies an extension to the HTTP-Enabled Location
Delivery (HELD) Protocol to allow a location of an endpoint behind
certain kinds of NAT to be requested.

Working Group Summary:

This document is a simple extension to an existing protocol and was
uncontroversial in the working group.

Document Quality:

This document received thorough review in the working group. National
standards bodies plan to refer to this extension, and providers of
Location Information Servers may choose to implement it depending on
their user bases.

Personnel:

Alissa Cooper is the Document Shepherd. Robert Sparks is the Responsible
Area Director.

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

The shepherd performed a thorough review of this short document. It is ready for publication.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

No.

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.

The document needs no further review. We have individuals with XML expertise in the WG who reviewed the document.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

There are no concerns or issues with this document. It is a simple update.

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

Yes.

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

No IPR disclosure has been filed.

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

The WG is firmly behind this document.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)

There have been no appeals or expressions of extreme discontent.

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.

There are is one actionable nit that will require a change before RFC Editor processing: the abstract needs to mention that this document updates RFC 6155. I suggest adding the following sentence at the end of the last paragraph of the abstract: "It updates RFC 6155."

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews.

No formal reviews are required.

(13) Have all references within this document been identified as either normative or informative?

Yes.

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?

There are no such references.

(15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.

There are no such references.

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.

The suggested mention of RFC 6155 in the abstract is included in (11) above. I suggest adding the following text at the end of the last paragraph of the introduction: "It updates RFC 6155 to include this extension and it deprecates the port number elements specified in Section 3.3 of RFC 6155."

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226).

The IANA Considerations section is consistent with the body of the document and clearly identifies what is required of IANA.

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

This document creates no new registries.

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc.

All instances of XML in the document have been validated.