ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Gen-ART LC Review of draft-bryan-metalinkhttp-19

2011-02-14 11:50:24
from [Ben Campbell] [Permanent Link] 
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, 
please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please resolve these comments along with any other Last Call comments you may 
receive.

Document: draft-bryan-metalinkhttp-19
Reviewer: Ben Campbell
Review Date: 2011-02-11
IETF LC End Date: 2011-02-11

Summary: 

This document is on the right track for a proposed standard, but there are open 
issues and editorial issues that should be addressed prior to publication.

--- Major issues: 

none.

--- Minor issues:

-- Section 1, paragraph 1, first sentence:

Is this really intended as an alternative to Metalink/XML? It seems like more 
of a complementary approach than an alternative one.

-- section 2, third paragraph:

If they must have the same eTag policy, should this document not specify at 
least one mandatory-to-implement policy?

-- section 2, last paragraph: "Metalink clients MAY make use of digital 
signatures if they are offered."

That seems too weak. We usually recommend that people check signatures on 
downloads when available. Wouldn't we want an automated system to treat this as 
at least a SHOULD?

-- section 3, 4th paragraph: "[[Some organizations have many mirrors. Only send 
a few mirrors, or only use the Link header fields if Want-Digest is used?]]"

Open issue?

-- section 3.3, 1st paragraph:"([draft-ietf-ftpext2-hash] allows for FTP 
mirrors to be coordinated and provide file hashes)."

Do you mean to allow such FTP servers to be preferred? 

-- section 4.1 "This is particularly useful for providing metadata such as 
cryptographic hashes of parts of a file, allowing a client to recover from 
partial errors (see Section 7.1.2)."

Seems like this might warrant a SHOULD.

-- section 5, last paragraph: "Metalink clients MAY support the use of OpenPGP 
signatures."

MAY seems weak here. This means that the publisher of a file has no reasonable 
expectation that clients will check the signature.

-- section 6, 3rd paragraph: "Digest: SHA-256=..."

Example needs more context


-- section 7, 4th paragraph from end: "Downloads from mirrors that do not have 
the same file size as the Metalink server are considered unusable and the 
client can deal with it as it sees fit."

What if the client sees fit to use it? Is there a normative  "client SHOULD 
NOT" implied here?

-- section 7.1.1, 1st paragraph:"the requirement is that merging of ranges from 
multiple responses must be verified"

The requirement for what? Is this intended to be normative?


-- section 7.1.2, 2nd paragraph:"If no partial cryptographic hashes are 
available, then the client MUST fetch the complete object from other mirrors."

Does this imply that the client also MUST fetch from other mirrors if the 
hashed are present but fail verification?

-- section 8, last paragraph: "The size of chunks chosen by the client should 
be sufficiently large that the chunk request header fields and reponse header 
fields represent neglible overhead, and sufficiently large that they can be 
pipelined effectively without needing a very high rate of chunk requests."

Can you provide guidance on what "sufficiently large", and  "negligible 
overhead" mean, either in terms of examples or real numbers?

"Note that Range requests impose an overhead on servers and clients need to be 
aware of that and not abuse them."

What constitutes abuse? Can you provide more specific guidance on when range 
should not be used, since all the other guidance seems to suggest using it?

-- section 10.2:

What can an implementor do to mitigate spoofing?

-- section 10.4:

This section should include a warning that clients only have a MAY level 
requirement to support signature verification.

"Metalinks should include digital signatures, as described in Section 5."

Normative?

-- section 11.1, [BITTORRENT]

Is bittorrent.org an acceptable SDO for the purposes of normative references? 
(I'm not saying it's not--just asking)

[draft-ietf-ftpext2-hash]  -- is this a normative downref?







--- Nits/editorial comments:

-- section 2, 4th paragraph: "HTTP mirror servers SHOULD share the same ETag 
policy as the originating Metalink server."

-- section 2, 5th paragraph: "Metalink clients use the mirrors provided by a 
Metalink server with Link header fields [RFC5988]."

Sentence seems ambiguous. Do you mean "_in_ Link header fields."

-- section 3, 2nd paragraph: "A brief Metalink server response with two mirrors 
only:"

Sentence fragment

-- section 3, last paragraph: "fieldss"

Typo. (Note same typo repeats throughout)

"Such a decision could be a hard-coded limit, a random selection, based on file 
size, or based on server load."

I assume this is not meant to be exhaustive?

-- section 3.3, last paragraph:

Paragraph is redundant with similar normative statements in section 2

-- section 4.1: "as shown in Section 4."

.. as shown in the example in section 4.

-- section 6, 1st paragraph: "Metalink servers MUST provide Instance Digests in 
HTTP [RFC3230] for files they describe with mirrors via Link header fields."

Redundant with previously mentioned normative requirement.

-- section 7, paragraph starting with: "If no range limit was given in the 
original request then work from the tail of the object (the first request is 
still running and will eventually catch up), otherwise continue after the range 
requested in the first request."

Implied "you". Restate as "the client works from the tail" (Please avoid use of 
2nd person pronouns in an RFC, implied or otherwise) (Note that this usage is 
sprinkled throughout )

"If no Range was provided,"

... in the original request,...

Also, be careful with the passive voice in this paragraph. Who undertakes HEAD 
requests first? Who undertakes Range-based requests?

-- section 7, paragraph 10: "If-Match conditions based on the ETag SHOULD be 
used..."

Clients should use If-Match conditions...

"If no indication of ETag syncronisation/ knowledge is given then If-Match 
should not be used, and optimally there will be an Instance Digest in the 
mirror response which we can use to detect a mismatch early, and if not then a 
mismatch won’t be detected until the completed object is verified."

Is there any way other than the pref parameter to indicate this? If not, it 
would be better to say "if no pref parameter is present..."

Is this sentence intended to be normative?

Also, "... The client should not use..."

Finally, the sentence is hard to follow--please break it up.

-- section 7.1.1, general:

This whole section switches to an almost stream-of-consciousness style. It has 
very long sentences with many comma separated clauses that are hard to follow. 
It really needs to be rewritten to be more readable and precise.

-- section 7.1.1, paragraph 3:

Paragraph seems self contradictory. How is guaranteeing correct content 
different than verifying integrity?

-- paragraph 4: "This guarantees that a mismatch will be detected by using only 
the synchronized ETag from a master server and mirror server, even alerted by 
the mirror servers themselves by responding with an error, preventing 
accidental merges of ranges from different versions of files with the same 
name."

I can't parse this sentence.

"This even includes many malicious attacks where the data on the mirror has 
been replaced by some other file, but not all."

Antecedent of "this" is ambiguous

-- 2nd to last paragraph:

This is the first mention of e idea of slave and master mirror servers. Is this 
the same as preferred and normal mirrors? Please use consistent terms.

-- section 7.1.2, 2nd paragraph: "If the object cryptographic hash does not 
match the Instance Digest then fetch the Metalink/XML if available, where 
partial file cryptographic hashes can be found, allowing detection of which 
server returned incorrect data."

I can't parse this sentence.

-- section 8, paragraph after bullet list:

Please avoid first person pronouns in an RFC.

"Based on laboratory experiments,..."

Reference?

"we suggest a good default number of simultaneous connections is probably four,"

That's very weak language--can you remove "we suggest" and "probably"?

-- Section 9, 1st paragraph: "registration to the Link Relation Type registry"

Can you provide the URL to the registry?

-- section 10.2 "In that case, this could deceive unaware downloaders that they 
are downloading a malicious or worthless file."

Sentence does not make sense. Does the attacker with to deceive them into 
downloading a malicious file, or convince them that they are when they are not?



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.txt> (Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry) to BCP, Alexey Melnikov
Next by Date:  Re: Last Call: <draft-ietf-intarea-shared-addressing-issues-02.txt> (Issues with IP Address Sharing) to Informational RFC, Richard L. Barnes
Previous by Thread:  Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.txt> (Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry) to BCP, Alexey Melnikov
Next by Thread:  Re: Gen-ART LC Review of draft-bryan-metalinkhttp-19, Anthony Bryan
Indexes:  [Date] [Thread] [Top] [All Lists]