IETF Logo Mail Archive

Re: [apps-discuss] APPSDIR rdraft-ietf-pcp-base-22

"Vijay K. Gurbani" <vkg@bell-labs.com> Fri, 24 February 2012 21:28 UTC

Return-Path: <vkg@bell-labs.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEE5821F85C2 for <apps-discuss@ietfa.amsl.com>; Fri, 24 Feb 2012 13:28:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.895
X-Spam-Level:
X-Spam-Status: No, score=-106.895 tagged_above=-999 required=5 tests=[AWL=-0.296, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dPWRdqQJTLJh for <apps-discuss@ietfa.amsl.com>; Fri, 24 Feb 2012 13:28:20 -0800 (PST)
Received: from ihemail3.lucent.com (ihemail3.lucent.com [135.245.0.37]) by ietfa.amsl.com (Postfix) with ESMTP id B722221F85C0 for <apps-discuss@ietf.org>; Fri, 24 Feb 2012 13:28:06 -0800 (PST)
Received: from usnavsmail2.ndc.alcatel-lucent.com (usnavsmail2.ndc.alcatel-lucent.com [135.3.39.10]) by ihemail3.lucent.com (8.13.8/IER-o) with ESMTP id q1OLS5dF029334 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 24 Feb 2012 15:28:05 -0600 (CST)
Received: from umail.lucent.com (umail-ce2.ndc.lucent.com [135.3.40.63]) by usnavsmail2.ndc.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id q1OLS4Oj016583 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 24 Feb 2012 15:28:04 -0600
Received: from shoonya.ih.lucent.com (shoonya.ih.lucent.com [135.185.238.235]) by umail.lucent.com (8.13.8/TPES) with ESMTP id q1OLS4xU022624; Fri, 24 Feb 2012 15:28:04 -0600 (CST)
Message-ID: <4F4801EF.9020703@bell-labs.com>
Date: Fri, 24 Feb 2012 15:32:31 -0600
From: "Vijay K. Gurbani" <vkg@bell-labs.com>
Organization: Bell Laboratories, Alcatel-Lucent
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0) Gecko/20120131 Thunderbird/10.0
MIME-Version: 1.0
To: Dan Wing <dwing@cisco.com>
References: <4F3592E5.3080707@bell-labs.com> <0a5701cceab4$f723c070$e56b4150$@com>
In-Reply-To: <0a5701cceab4$f723c070$e56b4150$@com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.37
X-Scanned-By: MIMEDefang 2.64 on 135.3.39.10
Cc: draft-ietf-pcp-base@tools.ietf.org, apps-discuss@ietf.org
Subject: Re: [apps-discuss] APPSDIR rdraft-ietf-pcp-base-22
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Feb 2012 21:28:21 -0000

Dan: Sorry for the delay in responding.  Day job gets in the
way.

Please see inline for residual comments.  I am skipping all
those that we agreed on for brevity.  Thanks for attending to
these!

On 02/13/2012 07:07 PM, Dan Wing wrote:
>> - S7.1, second-to-last paragraph: I suspect that if more than one
>> server was specified in the server list, the client will cycle
>> through and try the next server.  I also note that this document
>> only considers one server, so exact guidance is not provided on
>> what to do when a PCP client has more than one server.
>
> We are purposefully silent on multiple servers, because we expect that
> to be described in a later document.  There are a lot of nuances and
> details related to multiple servers, including a multi-homed network
> (where you purposefully want to talk to one server, or both servers,
> for different reasons).  Such a network is purposefully out of scope.
>
> However, we wanted the text to allow a list of servers to be returned,
> so that we could do something with that list in the future.

Sure; maybe a small indented note will help the reader that you allow
a list of servers for future extensibility but in this draft you are
only considering the case where this list has a singleton element.  (I
know I would have found such a note helpful as an implementer).

> I adjusted the sentence so it now reads:
>
>          The PCP client SHOULD impose
>          an upper limit on this returned value (to protect against
>          absurdly large values, e.g., 5 years), and the suggested values
>          are 24 hours for success responses and 30 minutes for error
>          responses.
>
> which should be clearer?

Perfect.  Thanks!

>> - S16.2: To protect against Advanced Threat Model attacks, the
>>    draft assumes a PCP security mechanism that provides channel
>>    authentication and encryption.  However, no further information
>>    is provided for such a mechanism.  Will it help to provide
>>    any candidates for such a mechanism (TLS?  S/MIME?) or is there
>>    something entirely different in mind?
>
> The candidate at this time is draft-wasserman-pcp-authentication,
> which uses EAP.  However, it is not yet a working group document
> and it seemed premature to cite it.

... even as an Informational Reference?

> Thanks for your review!

No problem; thank you for paying attention to my comments!

- vijay
-- 
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60563 (USA)
Email: vkg@{bell-labs.com,acm.org} / vijay.gurbani@alcatel-lucent.com
Web:   http://ect.bell-labs.com/who/vkg/

v2.41.0 | Report a Bug | By Email | System Status