IETF Logo Mail Archive

Re: [Asap] Review of draft-kinamdar-dispatch-sip-auto-peer-05

Marc Petit-Huguenin <marc@petit-huguenin.org> Mon, 14 June 2021 17:05 UTC

Return-Path: <marc@petit-huguenin.org>
X-Original-To: asap@ietfa.amsl.com
Delivered-To: asap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74BBE3A2B1E; Mon, 14 Jun 2021 10:05:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u-FqvmbH3dsY; Mon, 14 Jun 2021 10:05:50 -0700 (PDT)
Received: from implementers.org (implementers.org [IPv6:2001:4b98:dc0:45:216:3eff:fe7f:7abd]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D47E3A2B1A; Mon, 14 Jun 2021 10:05:50 -0700 (PDT)
Received: from [IPv6:2601:204:e600:411:d250:99ff:fedf:93cd] (unknown [IPv6:2601:204:e600:411:d250:99ff:fedf:93cd]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "Marc Petit-Huguenin", Issuer "implementers.org" (verified OK)) by implementers.org (Postfix) with ESMTPS id 53033AE255; Mon, 14 Jun 2021 19:05:45 +0200 (CEST)
To: "Kaustubh Inamdar (kinamdar)" <kinamdar=40cisco.com@dmarc.ietf.org>, "draft-kinamdar-dispatch-sip-auto-peer.authors@ietf.org" <draft-kinamdar-dispatch-sip-auto-peer.authors@ietf.org>
Cc: "asap@ietf.org" <asap@ietf.org>
References: <ced4f399-3fe9-9117-6fc0-f3820e5a6318@petit-huguenin.org> <DM4PR11MB54864AAA7F27AFCC7F47348AD7329@DM4PR11MB5486.namprd11.prod.outlook.com>
From: Marc Petit-Huguenin <marc@petit-huguenin.org>
Message-ID: <682622c1-6b59-953e-b9b3-a27e3a6699f4@petit-huguenin.org>
Date: Mon, 14 Jun 2021 10:05:43 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <DM4PR11MB54864AAA7F27AFCC7F47348AD7329@DM4PR11MB5486.namprd11.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/asap/uKMpL1_MK11JAX5hzgAqqS48L5U>
Subject: Re: [Asap] Review of draft-kinamdar-dispatch-sip-auto-peer-05
X-BeenThere: asap@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automatic SIP trunking And Peering WG <asap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/asap>, <mailto:asap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/asap/>
List-Post: <mailto:asap@ietf.org>
List-Help: <mailto:asap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/asap>, <mailto:asap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2021 17:05:55 -0000

Thanks Sreekanth and Kaustubh.

Looks good, see inline for a few comments.

On 6/12/21 10:02 PM, Kaustubh Inamdar (kinamdar) wrote:
> Thanks for your comments Marc...please find responses below from both Sreekanth & I.
> 
> 
>    A. Major General Comments
>        A.1. The document refers to the SIP Connect profile. and my understanding of SIP Connect is that it is US centric -- e.g., UK's NICC certainly has a different understanding on how Private-Asserted-Identity is used.  So I think that the capability set should be based first on a choice of profiles, not just implicitly on one (and BTW, which SIP Connect profile? there is 3 of them).  After a profile is selected, there seems to be two different set of properties that can be attached to it:
>        1) Choices that are part of the profile (e.g. DNS servers, Registration Mode vs Static Mode, any choice related to MAY keyword, etc..)
>        2) Properties that override the profile MUST/MUST NOT and SHOULD/SHOULD NOT.  E.g., if the provider does not support TCP (which is a MUST) there should be a property that overrides that implicit value.  It could also be used to add stuff that is not existing in the profile, like the SCTP transport for SIP.
>        To complement that, I would permit profile-less capabilities, where all the properties have to be explicit.
> Not applied, I'd like to know the reasoning here.
> KI:The SIP Connect technical recommendations isn’t US centric, it is applicable globally. There is a possibility of course of certain countries and geographies deferring to other, more localised, technical recommendations. The capability set document has been designed to include elements, which when populated correctly by the ITSPs, convey enough information to provide successful peering. The capability set isn’t using SIP Connect as a template, rather, it was designed looking at common ITSP peering issues across the globe. Having said that, there should ideally be a section added about caller identity (which currently isn’t there) - specifically around how caller ID is formatted (E.164 v/s non E.164 formatting) and which header field values must be included to convey called ID. For example, whether it is required to include the PAID along with the From header field value. We will add a section on Caller ID in an upcoming version of the draft.

OK.  After these modifications a review by someone familiar with different jurisdictions may still be useful.

> 
>        A.2. There may be a need to provide a new capability set ahead of time, to ensure a smooth transition when properties change.  That can be done by permitting multiple capability sets in a document, and adding a "not-before" date.
> Not applied, I'd like to know the reasoning here.
> 
> KI: We actually wanted to have the group weigh in on this one. Below is the text we sent in response to the new version notification:
> “Also, it might be useful to have the SIP service provider being capable of providing a capability set document that is applicable at a future date. However, perhaps, providing multiple capability sets in a document might not be the cleanest approach. The following approaches might be more tenable -
> 
> A) Use WebFinger to find out if an new capability set document is available.
> B) Enhance the YANG model to include elements that accommodate the specifics of a future applicable version of the capability set document. For example:
> 
>    <revision>
>       <notBefore>Some_future_date</notBefore>
>       <location>URL to fetch future version</location>
>     </revision>
> 
> Option B above might be cleaner as it removes any dependencies on WebFinger.”

Yes, Option B seems simpler.

Thanks.

> 
> B.4. The first sentence of Section 7 should be moved to section 1 "Introduction" as it is not normative.
> Not applied, please elaborate.
> 
> KI: The introduction section mentions about the capability set, however, it doesn’t include any details about the elements within the capability set. The placement of the section on state deltas is incorrect and ideally should go after the section on “Processing the Capability Set Response” and provides a natural, logical flow to the sequence of events. We will change this in a new version.
> 
>   B.3. Similarly section 10 and 11 could be moved as subsections of a new section "Examples", with some text explaining that the examples are informative.
> 
> Seems applied, but for the informative admonition.
> SN: Will correct the text in the new version
> 
>   B.5. I would move section 6.6 "Identifying the Request Target" before 6.5 "Generating the Response", so the text follows the messages flow (client->server->client).
> 
> Section 6.6. seems to have disappear.
> SN: This is now section 4.5
> 
>   B.6. In the same spirit I would add a section after section 9 that explains the processing of the response from the client point of view.
> 
> I think that's the new section 8, correct?
> SN: Yes this is now section 8.
> 
>   B.7. Section 6.3 should probably add some text about verifying the TLS hostname.
> 
> I see some new text in section 4.3, but that text is AFAICT incorrect. Verifying the TLS hostname is not an alternate way of authenticating the client, but a way of validating the server. If you are looking for alternate ways of authenticating the client, client certificates or OAUTH can be added to the list.
> SN: I agree. The text in this section can be a little clearer. Will correct this in the new version.
>   C.2 The Yang model in section 9.2, the example of extension in section9.4, and the examples in section 10.1 do not fit in a 72 column page, which makes them difficult to read and review.
> 
> There is still some places were lines are too long. Converting the xml2rfc v3 file in text format lists these places.
> SN: The lines in the yang model definition will be corrected in the new version. There were a few lines that were longer in the Example section (xml representation of the model) as we didn't want to break the line. We will break the line in the new version.
>   C.3 The references bibliography does not seem to follow the standard used by most RFC, namely that the URI in in the bibliographic item, not on a separate list.  Also the DOI is missing.
> 
> Thanks for doing that, it is better now. That said I think that putting the URL together with the citation label is a bit distracting when reading the text version of the draft.
> SN: Ack. Will rework this issue in the next version.
> ________________________________
> From: Marc Petit-Huguenin <marc@petit-huguenin.org>
> Sent: Sunday, March 7, 2021 9:19 PM
> To: draft-kinamdar-dispatch-sip-auto-peer.authors@ietf.org <draft-kinamdar-dispatch-sip-auto-peer.authors@ietf.org>
> Cc: asap@ietf.org <asap@ietf.org>
> Subject: Review of draft-kinamdar-dispatch-sip-auto-peer-05
> 
> Hi,
> 
> Gonzalo asked me if I could do a review of this draft.  You will find a preliminary review below -- there is still stuff in that draft I need to think about, mostly around sections 9.2 and 9.3.
> 
> A. Major General Comments
> 
> A.1. The document refers to the SIP Connect profile. and my understanding of SIP Connect is that it is US centric -- e.g., UK's NICC certainly has a different understanding on how Private-Asserted-Identity is used.  So I think that the capability set should be based first on a choice of profiles, not just implicitly on one (and BTW, which SIP Connect profile? there is 3 of them).  After a profile is selected, there seems to be two different set of properties that can be attached to it:
> 
> 1) Choices that are part of the profile (e.g. DNS servers, Registration Mode vs Static Mode, any choice related to MAY keyword, etc..)
> 
> 2) Properties that override the profile MUST/MUST NOT and SHOULD/SHOULD NOT.  E.g., if the provider does not support TCP (which is a MUST) there should be a property that overrides that implicit value.  It could also be used to add stuff that is not existing in the profile, like the SCTP transport for SIP.
> 
> To complement that, I would permit profile-less capabilities, where all the properties have to be explicit.
> 
> A.2. There may be a need to provide a new capability set ahead of time, to ensure a smooth transition when properties change.  That can be done by permitting multiple capability sets in a document, and adding a "not-before" date.
> 
> A.3. I'd really like to see the mechanism described in his draft used to also retrieve properties related to STIR/SHAKEN.  E.g. the ACME server to use to get a delegated certificate from the provider acting as a CA (which could serve as an alternate way to retrieve the list of DIDs).
> 
> 
> B. Minor General Comments
> 
> B.1. I would move section 2 "Conventions and Terminology" after section 5 "Overview of Operations" as a way to indicate where the Informative part ends, and where the Normative part starts.  Also you should use BCP 14 instead of just RFC 2119.
> 
> B.2. Section 3 "Reference Architecture" and section 4 "Configuration Workflow" should probably be moved as subsections of section 5 "Overview of Transport".  That may help look at redundancies, like the last paragraph of section 5 that says more or less the same thing than the first paragraph of section 3.
> 
> B.3. Similarly section 10 and 11 could be moved as subsections of a new section "Examples", with some text explaining that the examples are informative.
> 
> B.4. The first sentence of Section 7 should be moved to section 1 "Introduction" as it is not normative.
> 
> B.5. I would move section 6.6 "Identifying the Request Target" before 6.5 "Generating the Response", so the text follows the messages flow (client->server->client).
> 
> B.6. In the same spirit I would add a section after section 9 that explains the processing of the response from the client point of view.
> 
> B.7. Section 6.3 should probably add some text about verifying the TLS hostname.
> 
> 
> C. Presentation Comments
> 
> C.1. It would be great to submit the xml2rfc v3 file instead of the txt file so more convenient reviewing tools can be used.
> 
> C.2 The Yang model in section 9.2, the example of extension in section9.4, and the examples in section 10.1 do not fit in a 72 column page, which makes them difficult to read and review.
> 
> C.3 The references bibliography does not seem to follow the standard used by most RFC, namely that the URI in in the bibliographic item, not on a separate list.  Also the DOI is missing.
> 
> 
> D. Nits
> 
> D.1. Section 5, 1st paragraph: s/HTTPs"HTTPS/
> 
> D.2. Section 6.2: s/https uri/HTTPS URI/
> 
> D.3. Section 6.4, last paragraph:  Use MUST and MUST NOT.
> 
> D.4. Section 9.3, "signallingForking" item: s/Boolen/Boolean/
> 
> D.5. Section 9.3, "version" item: s/provide/provider/
> 
> D.11. Section 11, first example: s!GET //!GET /!
> 

-- 
Marc Petit-Huguenin
Email: marc@petit-huguenin.org
Blog: https://marc.petit-huguenin.org
Profile: https://www.linkedin.com/in/petithug

v2.23.0 | Report a Bug | By Email