[anonsec] Fwd: Review of draft-ietf-btns-c-api-03

Julien Laganier <julien.IETF@laposte.net> Mon, 14 April 2008 07:47 UTC

Return-Path: <anonsec-bounces@postel.org>
X-Original-To: ietfarch-btns-archive-waDah9Oh@core3.amsl.com
Delivered-To: ietfarch-btns-archive-waDah9Oh@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 43EF03A69D3 for <ietfarch-btns-archive-waDah9Oh@core3.amsl.com>; Mon, 14 Apr 2008 00:47:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.349
X-Spam-Status: No, score=-1.349 tagged_above=-999 required=5 tests=[AWL=-1.050, BAYES_00=-2.599, MANGLED_AVOID=2.3]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id XcAh2wdD29z2 for <ietfarch-btns-archive-waDah9Oh@core3.amsl.com>; Mon, 14 Apr 2008 00:47:49 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu []) by core3.amsl.com (Postfix) with ESMTP id ECBA73A67B2 for <btns-archive-waDah9Oh@lists.ietf.org>; Mon, 14 Apr 2008 00:47:48 -0700 (PDT)
Received: from boreas.isi.edu (localhost []) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id m3E7cAt6024459; Mon, 14 Apr 2008 00:38:11 -0700 (PDT)
Received: from ug-out-1314.google.com (ug-out-1314.google.com []) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id m3E7Yq27023635 for <anonsec@postel.org>; Mon, 14 Apr 2008 00:34:53 -0700 (PDT)
Received: by ug-out-1314.google.com with SMTP id e2so378207ugf.21 for <anonsec@postel.org>; Mon, 14 Apr 2008 00:34:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:user-agent:mime-version:cc:date:content-type:message-id:sender; bh=UBe8Bmv2Ys5W+qElh00ts3nWur+udWxR4GPk8pj0VC4=; b=lWZ/J0AkQ9KVmyEPd7VIo1GXsqZaPtioI6NYHRJ5TijbFtpaWBNQBC279Hf4/Njc7bbj6By/9Og3pJODMbByehWYQ/XrlQeYTtxe4br75whd95rjGbFLDUEJYKnW1/eI/CB/fvYIG0C7h+Yi2R8STQvGurY9m+2ASUMKh3ka4Qk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:user-agent:mime-version:cc:date:content-type:message-id:sender; b=QZEe2DqXt5hNKjN/EqsxPvHrEyOYAtvtq+6b9Y8g1rSfLkBOjOHiAY36jFzgC6W3CfXbEYPFopaMabyF0NJGKbywZOghRgpFR+voFP0lLHtAKS5S6fGyMtopfRcPPehtzBorYhRbnMmSaCyfxT4Df4vTcOndyIK9piVyFqWqdO0=
Received: by with SMTP id d7mr3542102ugj.23.1208158491427; Mon, 14 Apr 2008 00:34:51 -0700 (PDT)
Received: from ubik.local ( []) by mx.google.com with ESMTPS id e34sm5298588ugd.17.2008. (version=TLSv1/SSLv3 cipher=OTHER); Mon, 14 Apr 2008 00:34:50 -0700 (PDT)
From: Julien Laganier <julien.IETF@laposte.net>
To: anonsec@postel.org
User-Agent: KMail/1.9.6
MIME-Version: 1.0
Date: Mon, 14 Apr 2008 09:34:45 +0200
Content-Type: Multipart/Mixed; boundary="Boundary-00=_WkwAIK0umxmPpwQ"
Message-Id: <200804140934.46272.julien.IETF@laposte.net>
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: julien.laganier@gmail.com
Cc: Love =?iso-8859-1?q?H=F6rnquist_=C5strand?= <lha@it.su.se>, "Vijay K. Gurbani" <vkg@alcatel-lucent.com>
Subject: [anonsec] Fwd: Review of draft-ietf-btns-c-api-03
X-BeenThere: anonsec@postel.org
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: "Discussions of anonymous Internet security." <anonsec.postel.org>
List-Unsubscribe: <http://mailman.postel.org/mailman/listinfo/anonsec>, <mailto:anonsec-request@postel.org?subject=unsubscribe>
List-Archive: <http://mailman.postel.org/pipermail/anonsec>
List-Post: <mailto:anonsec@postel.org>
List-Help: <mailto:anonsec-request@postel.org?subject=help>
List-Subscribe: <http://mailman.postel.org/mailman/listinfo/anonsec>, <mailto:anonsec-request@postel.org?subject=subscribe>
Sender: anonsec-bounces@postel.org
Errors-To: anonsec-bounces@postel.org


Vijay Gurbani has reviewed the BTNS C API and kindly agreed to 
let me forward it to the mailing list, please see it below. 

Many thanks to Vijay!

--- Begin Message ---
Dr. Richardson et al.: I was asked by the Applications area to review

Here is a review of it, following a similar one I did last week for

As a follow-up draft to draft-ietf-btns-abstract-api, the reasons
why this document is important are much the same as why the latter
one was important.  I do note that this document appears to be
more fleshed out than its abstract-api counterpart, whereas I would
have expected the opposite.  For instance, the Security Considerations
section of the abstract-api I-D was empty, and the one for c-api
is filled out.  Ostensibly, the Security Considerations section
for the abstract-api should be the one that could be filled out
and "inherited", if you will, by a language-specific binding
document that fulfills the abstract-api one.

Furthermore, and I think this is important, the c-api document
should do more to align itself with the abstract-api document
since the latter document asserts the shape of the information
in the c-api document.  For instance, S2.3.2 of c-api contains
the attributes of a pToken.  Clearly, these are related to
S7 of abstract-api (Properties of pToken objects).  Likewise,
S2.2.2 of c-api is similarly related to S8 of abstract-api.
Currently, there is a lack of such close cross referencing
between these documents.  I suspect that the c-api is the
first language binding document; thus, any time spent now in
such cross-referencing will pay for itself later when c-api
is used as a template for a Java-api or c++-api document.

Here are more focused comments:

- S1, end of first paragraph: (1) may be a good idea to provide
  a reference for HIP (also expand the acronym).  SIP (RFC3261)
  may be another protocol that could use this API; S26.3.1 of
  rfc3261 does state that "Proxy servers, redirect servers,
  registrars, and UAs MAY also implement IPSec or other lower-
  layer security protocols."  So conceivably, a user agent
  can create a connection to its proxy and use the IPSec APIs to
  figure out whether that connection is integrity and confidentiality
  protected.  In certain networks (like IMS), IPSec is used
  fairly heavily between the UA and the proxy.

- S1, third paragraph:
  (1) s/we defined APIs/we define APIs/
  (2) s/document fulfisl/document fulfills/
  (3) s/requirements presented in/requirements in/
  (4) s/and present C-bindings/and presents C-bindings/

- S1, paragraph under Figure 1: s/'The third/The third

- IMHO, it would be good to move S2.1 to *after* the
  attributes for pToken and iToken are defined.
  That way, the reader can make more sense of these APIs.  As
  the draft currently stands, the reader does not know
  anything about the attributes when he or she
  reaches S2.1, so the discussion there appears out of place,
  without a good context.

- S2.1, second paragraph: s/using malloc/from heap.

- S2.1, second paragraph, last sentence: "When attr_val is NULL ...
  of the attr_val."  I do not understand the need for this.
  If attr_val is NULL, why would it have a non-zero attr_len?
  Maybe I am missing somethng?

- S2.1, last paragraph: You may want to mention that attr_val
  must not be NULL, and neither should attr_len.

- S2.2.1, text under Figure 3: what does the size have to do
  with a c'tor and d'tor?  I would suggest a re-write as follows:

    Operating environments that support the IPSec API will
    provide appropriate constructor and destructor for the
    iToken objects.  Because applications will often not be
    aware of the byte-representation of the iToken object, nor
    will it know which attributes to initialize upon construction,
    applications MUST only use the provided constructor to
    create an iToken object, and when no longer needed, use the
    provided destructor to destroy it.  Figure 4 shows the

  Also, you may want to tie these attributes to S8 in abstract-api

- S2.2.2, text under Figure 5: consider organizing the text in
  this paragraph to have hanging indents and such.  It will
  make it much more readable.

- S2.2.2, I do not understand the contents of the paragraph
  "The attributes for the second ... should be used."

- S2.3.1, Figure 7:
  The reason is that a func() is different than a func(void) under

- S2.3.1, last paragraph of the section: what would cause
  ipsec_free_pToken() to return non-zero?  About the only thing I
  can think of is if the parameter passed in is null.  I believe
  we can in fact get by with having ipsec_free_pToken() return a
  void, but I will leave it to your good judgement.

- S2.3.2: same comments as S2.3.1 about tying the attributes
  of pToken to abstract-api draft, and having hanging indents
  for readability.

- S2.3.4, the text in first paragraph: I am curious why the
  decision to only support the IPSec APIs on sendmsg() and
  recvmsg()?  I am sure you had a technical reason, but I
  cannot think of any.  It may be a good idea to list the reason
  as a note in the draft.

- S2.3.5: the text under Figure 11 mentions "ipsec_cmp_policy()".
  Did you mean "ipsec_cmp_pToken()" instead?

- S2.3.5: in the text under Figure 11, you may want to mention
  that ipsec_cmp_pToken() returns non-zero if p1 != p2.

- S2.3.6, Figure 12: should the type of "p" not be ipsec_pToken
  only?  "p" is the source of the copy, and as such only a
  pointer to it is required, not a **.  Plus, qualifying it with
  a const will probably not hurt.

Hope that helps!

Thank you.

- vijay
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
2701 Lucent Lane, Rm. 9F-546, Lisle, Illinois 60532 (USA)
Email: vkg@{alcatel-lucent.com,bell-labs.com,acm.org}
WWW:   http://www.alcatel-lucent.com/bell-labs

--- End Message ---