The Locator/ID Separation Protocol Internet Groper (LIG)
draft-ietf-lisp-lig-06

[Ballot comment]
I cleared my DISCUSS based on the change of Intended Status form Experimental to Informational recorded in the tracker. Note that the change was not made yet in the document. RFC Editor should pay attention.

I like the way this document is written, the fact that it describes an operational tool, that it is based on implementation experience and deals how the tool is deployed and used. Very little documents nowadays include this type of information.

[Ballot comment]
I cleared my Discuss. I believe the IESG debated my Discuss point on the telechat and reached a conclusion such that the responsible AD knows what to do.

---

Section 1

s/IDS/IDs/

---                   

Section 2

s/an destination/a destination/

---

Section 3

  Verifying registration is called "ligging yourself".

Surely this is "groping yourself"?

---

Please add a note somewhere to explain to the reader of this document that the DB is public. I.e. be precise on the fact that the DB is the set of publicly available LISP resolvers.

---

Section 8

Please add a sentence stating that LIG can be misused hence the importance to protect LISP-MS and support security features.

[Ballot discuss]
I actually liked the way this document is written, the fact that it describes an operational tool, that it is based on implementation experience and deals how the tool is deployed and used. Very little documents nowadays include this type of information.

I somehow must agree with other ADs that the document looks more like Informational than Experimental. True that (all?) other LISP documents are Experimental, but this is not an automatic license to make Experimental a document that would never make it on the standards track and does not describe any new interoperability element. If the document is to stay Experimental I suggest that information is added about what are the goals and expected results of the experiment.

[Ballot comment]
Section 1

s/IDS/IDs/

---                   

Section 2

s/an destination/a destination/

---

Section 3

  Verifying registration is called "ligging yourself".

Surely this is "groping yourself"?

---

Please add a note somewhere to explain to the reader of this document that the DB is public. I.e. be precise on the fact that the DB is the set of publicly available LISP resolvers.

---

Section 8

Please add a sentence stating that LIG can be misused hence the importance to protect LISP-MS and support security features.

[Ballot discuss]
Updated Discuss after exchanges with the document shepherd. Most material moved into the Comment (hoping that the authors will still address it).

I expect the remaining Discuss issue to be resolved by the IESG on the telechat.

---

I am having trouble with this document. I can't work out what there
is to implement for interoperability. I suppose a stretch would be to
say that user-level interop would be achieved by all implementations
of a tool for inspecting the mapping database having the same command
structure. That would reduce the document to some of the text in 4.2.

It is not that I think the document is harmful, it is just that I
don't understand why it is WG Experimental output. Maybe if I had seen
it as Informational I would have been more inclined to accept it. Maybe
if it had come as independent.

Anyway, this is not a big, blocking Discuss. I would just genuinely
like to discuss it to hear what the thinking was in the WG so we can
make sure we do the right thing.

[Ballot discuss]
1) References to draft-ietf-lisp and draft-ietf-lisp-ms should be normative, not informative. If the referenbced drafts change radically, the sense of draft-ietf-lisp-lig may change.

2) It is not clear what needs to be standardized. All of the bits requiring interoperability are defined in the referenced drafts.

3 )There are 3 instances of lines with non-RFC2606-compliant FQDNs in the document.

4) There are 24 instances of lines with private range IPv4 addresses in the  document.  If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 5735 (or successor): 192.0.2.x,  198.51.100.x or 203.0.113.x.

[Ballot comment]
- I guess the definitions here aren't meant to be authoritative
if they conflicted with e.g. another of the WG's documents. It
might be no harm to just say that and point at the document
that will have the authoritative definitions just in case.
(The UDP port number included here is what triggered this, I
guess there's an outside chance that might change for some
reason as some other document progresses.)

- Some ascii-art would be helpful if the authors had the time
and energy, but that might be better in some other draft (or
maybe exists elsewhere).

- PTR is used but not defined.

- Is it right to say "EID address"? There're a couple of those.

typos:

s/an destination/a destination/
s/an a address block/address blocks/
s/usage cases/use cases/
s/each which/each of which/

[Ballot comment]
Section 1

s/IDS/IDs/

---                   

Section 2

s/an destination/a destination/

---

Section 3

  Verifying registration is called "ligging yourself".

Surely this is "groping yourself"?

[Ballot discuss]
I am having trouble with this document. I can't work out what there
is to implement for interoperability. I suppose a stretch would be to
say that user-level interop would be achieved by all implementations
of a tool for inspecting the mapping database having the same command
structure. That would reduce the document to some of the text in 4.2.

It is not that I think the document is harmful, it is just that I
don't understand why it is WG Experimental output. Maybe if I had seen
it as Informational I would have been more inclined to accept it. Maybe
if it had come as independent.

Anyway, this is not a big, blocking Discuss. I would just genuinely
like to discuss it to hear what the thinking was in the WG so we can
make sure we do the right thing.

---

Section 8 says

  The use of lig does not affect the security of the LISP
  infrastructure as it is simply a tool that facilities diagnostic
  querying.  See [LISP], [ALT], and [LISP-MS] for descriptions of the
  security properties of the LISP infrastructure.

Isn't it the case that you would not want unauthorized access to the
mapping database? even read-only access seems to allow unauthorized
people to find out stuff about location of devices that might not be
generally desirable. That means that the existence of the tool is a
security consideration, and the document should give advice about
securing the tool and any associated data flows.

Presumably, a server shold also rate limit requests to prevent an
attacker using this tool from DoSing the it.

State changed to In Last Call from Last Call Requested.

The following Last Call Announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Subject: Last Call:  (LISP Internet Groper (LIG)) to Experimental RFC


The IESG has received a request from the Locator/ID Separation Protocol
WG (lisp) to consider the following document:
- 'LISP Internet Groper (LIG)'
  as an Experimental RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2011-08-12. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  A simple tool called the LISP Internet Groper or 'lig' can be used to
  query the LISP mapping database.  This draft describes how it works.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-lisp-lig/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-lisp-lig/


No IPR declarations have been submitted directly on this I-D.

(1.a) Luigi Iannone is the Shepherd and has reviewed this version
and believes it is ready to be forwarded to the IESG.

(1.b) The document has had adequate review. The shepherd has no concerns
regarding the reviews which have been performed.

(1.c) The document shepherd does not have concerns that the document
requires a broader review.

(1.d) The document shepherd has no specific concerns, No IPR disclosures
have been raised.

(1.e) The WG consensus reflects active agreement among about about 10
participants, with the bulk of the WG being silent.

(1.f) No threats of appeal or discontent on this document have
manifested.

(1.g) IDNITs responds with:


Checking boilerplate required by RFC 5378 and the IETF Trust (see
http://trustee.ietf.org/license-info):

----------------------------------------------------------------------------

No issues found here.

Checking nits according to http://www.ietf.org/id-info/1id-guidelines.txt:

----------------------------------------------------------------------------

No issues found here.

Checking nits according to http://www.ietf.org/id-info/checklist :

----------------------------------------------------------------------------

== There are 3 instances of lines with non-RFC2606-compliant FQDNs in the
document.

== There are 24 instances of lines with private range IPv4 addresses in
the document. If these are generic example addresses, they should be
changed to use any of the ranges defined in RFC 5735 (or successor):
192.0.2.x, 198.51.100.x or 203.0.113.x.

== There are 1 instance of lines with non-RFC3849-compliant IPv6 addresses
in the document. If these are example addresses, they should be
changed.

The authors responded with the need to call on a broader and deeper
set of example prefixes to add meaning to the document.
Documentation prefixes alone could not provide this so RFC1918
based addresses were used.


(1.h) References have been split. All WIP documents are listed as
Informative. No downward normative references exist.


(1.i) The document makes no request of the IANA

(1.j) Formal language has been verified.

(1.k)
Technical Summary

A simple tool called the LISP Internet Groper or 'lig' can be
used to query the LISP mapping database. This draft describes
how it works

The 'lig' is a manual management tool to query the mapping
database. It can be run by all devices which implement LISP,
including ITRs, ETRs, PTR, Map-Resolvers, Map-Servers, and
LISP-ALT routers, as well as by a host system at either a
LISP-capable or non-LISP-capable site.

Working Group Summary

This WG process was uncontroversial

Document Quality

There are multiple implementations of 'lig' encoded in
different LISP codebases.