[apps-discuss] Fwd: review of draft-ietf-ecrit-lost-sync-12
S Moonesamy <sm+ietf@elandsys.com> Thu, 22 September 2011 16:47 UTC
Return-Path: <sm@elandsys.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB29421F8B7D for <apps-discuss@ietfa.amsl.com>; Thu, 22 Sep 2011 09:47:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.579
X-Spam-Level:
X-Spam-Status: No, score=-102.579 tagged_above=-999 required=5 tests=[AWL=0.020, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f0n0Lkbfq7jA for <apps-discuss@ietfa.amsl.com>; Thu, 22 Sep 2011 09:47:28 -0700 (PDT)
Received: from mail.elandsys.com (mail.elandsys.com [208.69.177.125]) by ietfa.amsl.com (Postfix) with ESMTP id CB9E321F8B65 for <apps-discuss@ietf.org>; Thu, 22 Sep 2011 09:47:28 -0700 (PDT)
Received: from SUBMAN.elandsys.com ([41.136.233.118]) (authenticated bits=0) by mail.elandsys.com (8.13.8/8.13.8) with ESMTP id p8MGnjkF018013; Thu, 22 Sep 2011 09:49:50 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=elandsys.com; s=mail; t=1316710192; bh=6PKZUvFhLBVW0yO0Y4UBv9tGs2s=; h=Message-Id:Date:To:From:Subject:Cc:Mime-Version:Content-Type; b=CQvu57ecTke6OL0WkSgnI4LTyYZjXMGzvripOZe7+ZWHykpJWssi10YntMfr85zuz +PHdUQreLQ+O8dFuHJKqyoD8K6we7rvkMa+/HUNsZGwrKHsiREWT0QQJQ23lk6yU/+ 1RXRsMYhA++/y/57XG2XM+blvZsJjxnBkweppqgA=
Message-Id: <6.2.5.6.2.20110922094551.09a60060@elandnews.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Thu, 22 Sep 2011 09:49:32 -0700
To: apps-discuss@ietf.org
From: S Moonesamy <sm+ietf@elandsys.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: Henning Schulzrinne <hgs+ecrit@cs.columbia.edu>
Subject: [apps-discuss] Fwd: review of draft-ietf-ecrit-lost-sync-12
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Sep 2011 16:47:29 -0000
I am forwarding the review performed by Martin Durst. Please direct the follow-up to the apps-discuss mailing list. Thanks, S. Moonesamy I have been selected as the Applications Area Review Team reviewer for this draft (for background on apps-review, please see http://www.apps.ietf.org/content/applications-area-review-team). Document: draft-ietf-ecrit-lost-sync-12 Reviewer: Martin Durst Review Date: September 22, 2011 Review Summary: This draft should be clarified in various places before being published. There is also a deeper design issue that I will mention upfront and that hopefully will be taken to heart for future work. Document Summary: The document defines a 'protocol' (actually a number of XML messages, under a common Media type, carried over http(s)) for synchronizing Location-to-Service Translation (LoST) service boundaries and mapping elements. Design Issue: It seems still in fashion to define a 'protocol' independent of underlying transport. This is preferable if there is a truely expected need for multiple transports, and if there is a large abstraction gap between the newly defined 'protocol' and the potential underlying transport mechanism. However, in the case at hand, only one transport (HTTP, including its secured equivalent HTTPS) is used, and the abstraction gap is extremely low. Once one has understood REST, it's very easy to see a set of mappings as a resource, a <getMappingRequest> as a simple HTTP GET and a <pushMappingRequest> as a PUT. A <getMappingRequest> with <mapping-fingerprint> element would require some thought, although there are several possible solutions. Major Issues (necessary clarifications): Independence of LoST: The Introduction says: In any case, this document can also be used without the LoST protocol even though the format of the <mapping> element is re-used from the LoST specification. What does "can be used without the LoST protocol" mean? If it said something like "this specification is independent of the LoST protocol specification except in that it reuses the <mapping> element (and some error elements) from that specification", that would be easier to understand. Namespaces: It is overkill to define new namespaces for each spec. It's a well-known secret in the XML community that it's easily possible to add a number of new elements to an existing namespace. This would be very appropriate in this case, because the number of reused elements and attributes is quite large, and the number of new elements is low. This would simplify most of the examples. 4.2 Behavior of the LoST Sync Destination: This needs various clarifications. The first paragraph uses 'replace', the next one after the conditions uses 'update'. Is this the same? Then use the same word. Also, it says: If the received mapping M' does not update any existing mapping M then it MUST be added to the local cache as an independent mapping. If I apply this to a mapping with conditions 1. and 2. being true, but condition 3. being false, then this means that older mappings of the same source and sourceID MUST be added to the local cache. Surely this must be wrong. Also, it says that an emply <mapping> element means that a "corresponding" mapping has to be determined based on source, sourceID, and lastUpdated. The "lastUpdated" here is ambiguous and could lead to differing implementations. Does lastUpdated have to match with equality? Does it have to be (the same or?) newer than the one being cached? Also, all the examples (Figs. 10/12) also contain an 'expires' attribute. Is that necessary? Does it have to be the same as the lastUpdated attribute? Please specify. Further, we have: "The <notDeleted> element MAY carry a <message> element": What kind of message element? If this is from RFC 5222, then please say so. In Fig. 12, there is a 'message' attribute, is that what is meant? If yes, then please fix the prose (element-> attribute). If no, then point out the difference. Fig. 12: This uses an attribute value for human-readable text. This is considered bad practice, because it forecloses the use of further markup in case this is considered necessary (can often become the case for internationalization reasons). in Transport, it says: The HTTP request MUST use the Cache-Control response directive "no-cache" to (*) HTTP-level caching At (*), a verb such as 'suppress' or 'avoid' or some such seems to be missing. Please clarify. In Operational Considerations, the use of XML Digital Signatures is mentioned. With just the text that is there, it seems impossible to guess what actually should be done. For example, how is authorization verified? Also, why only sign the first time? Wouldn't it be easier/more straightforward to just sign every time? This looks like either an afterthought (in which case the MUST isn't appropriate, because it doesn't have anything to do with the protocol per se) or some missing context (e.g. from LoST itself) in which case there should be some reference or so to clarify the context. Security Considerations: In particular the last two sentences read like security considerations not for synchronization, but for the underlying PSAP data and LoST itself. Probably similar considerations have already been given in RFC 5222 or elsewhere, in which case they should be included by reference. 9.1: "8-bit characters": This term is highly inappropriate, because it's actually 8-bit bytes, not characters. Please just point to RFC 3023. 9.1, security considerations: Replace the current text with a pointer to the security considerations in the spec (text similar to the "Published Specification" item) p. 25: The namespace document has the namespace as urn:ietf:params:xml:ns:lost1:sync, while in the examples it is urn:ietf:params:xml:ns:lostsync1. Please fix and check carefully. Minor Issues (mainly editorial): Abstract and Introduction: add a comma at end of clause The main data structure, the <mapping> element, used for encapsulating information about service boundaries*,* is defined... p.4: "we call them Austria and Finland": "we call them" makes sense with fictive country names, but in this case "for example Austria and Finland" makes more sense. p. 8: "Node B issuing the first request and plays" -> "Node B is issuing the first request and plays" p. 12: There should be a short explanation of the <mapping-fingerprint> element in the prose. 4.3: The first two example given with bullet points add a linebreak after the first attribute, it would be easier if they also added a linebreak after the second one. 6. Relax: Please add some introductory text. 7. Operational Considerations: When B obtained this new mapping it would find out that it has to distribute it to its peer C. C would also want to distribute the mapping to B (and vice versa). Either remove the 'vice versa' or the sentence before it. "If the originally mapping" -> "If the original mapping" Security Considerations: Split the long paragraph into shorter pieces for easier readability. 9.1, Additional Information: Please add "None" 10. In earlier times, the shepherd was called the PROTO shepherd. But these days, PROTO isn't used anymore as far as I know. Please remove. Regards, Martin.
- [apps-discuss] Fwd: review of draft-ietf-ecrit-lo… S Moonesamy
- Re: [apps-discuss] review of draft-ietf-ecrit-los… Peter Saint-Andre
- Re: [apps-discuss] review of draft-ietf-ecrit-los… Martin J. Dürst
- Re: [apps-discuss] review of draft-ietf-ecrit-los… Robert Sparks
- Re: [apps-discuss] [Ecrit] review of draft-ietf-e… Robert Sparks
- Re: [apps-discuss] review of draft-ietf-ecrit-los… Peter Saint-Andre
- Re: [apps-discuss] review of draft-ietf-ecrit-los… Hannes Tschofenig