Re: [Dime] Mirja Kühlewind's No Objection on draft-ietf-dime-agent-overload-10: (with COMMENT)
Steve Donovan <srdonovan@usdonovans.com> Wed, 22 March 2017 20:00 UTC
Return-Path: <srdonovan@usdonovans.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A14C129C14 for <dime@ietfa.amsl.com>; Wed, 22 Mar 2017 13:00:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0V2Uy9_Xqoq8 for <dime@ietfa.amsl.com>; Wed, 22 Mar 2017 13:00:27 -0700 (PDT)
Received: from biz131.inmotionhosting.com (biz131.inmotionhosting.com [173.247.247.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8598A129BF7 for <dime@ietf.org>; Wed, 22 Mar 2017 13:00:26 -0700 (PDT)
Received: from cpe-97-99-50-102.tx.res.rr.com ([97.99.50.102]:62356 helo=Steves-MacBook-Air.local) by biz131.inmotionhosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.87) (envelope-from <srdonovan@usdonovans.com>) id 1cqmQc-0045mw-QL for dime@ietf.org; Wed, 22 Mar 2017 13:00:26 -0700
To: dime@ietf.org
References: <148960765886.14225.10614749426778815326.idtracker@ietfa.amsl.com>
From: Steve Donovan <srdonovan@usdonovans.com>
Message-ID: <0b7867f6-4842-ce23-6add-890b4fa0a59d@usdonovans.com>
Date: Wed, 22 Mar 2017 15:00:15 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <148960765886.14225.10614749426778815326.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-OutGoing-Spam-Status: No, score=-0.2
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - biz131.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - usdonovans.com
X-Get-Message-Sender-Via: biz131.inmotionhosting.com: authenticated_id: srdonovan@usdonovans.com
X-Authenticated-Sender: biz131.inmotionhosting.com: srdonovan@usdonovans.com
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/dime/CCLBOJhk3X3mhdBWegnAkrpFX3w>
Subject: Re: [Dime] Mirja Kühlewind's No Objection on draft-ietf-dime-agent-overload-10: (with COMMENT)
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dime/>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2017 20:00:29 -0000
Mirja, Thank you for your review. Please see my comments inline. Regards, Steve On 3/15/17 2:54 PM, Mirja Kühlewind wrote: > Mirja Kühlewind has entered the following ballot position for > draft-ietf-dime-agent-overload-10: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-dime-agent-overload/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > One rather important comment: > While the security considerations section describes a possible attack, it > does not say anything about how to handle this attack and the actually > impact this attack might have. Please add more text! I've added the following: "The impacts of this attack, as well as the mitigation strategies, are the same as outlined in RFC7683. > > And then some mostly editorial high level comments: > All in all, I had a rather hard time reading this document because it > seems on the one hand sightly over-specified and over structured, while > not giving very concrete guidance in some cases. > > E.g. in section 5.2.5; > "In the case that the OCS entry validity duration expires or has a > validity duration of zero ("0"), meaning that if the reporting node > has explicitly signaled the end of the overload condition then > abatement associated with the OCS entry MUST be ended in a > controlled > fashion." > I don't think normative language is needed here because there is no > impact of interoperation. But then is does't explain what "in a > controlled fashion means". So I wouldn't even know how to implement that > MUST correctly. The draft is an extension of RFC7683 and, as such, doesn't always repeat this from that RFC. There is wording in RFC7683 that discusses what a controlled fashion means. > > Another example in section 4: > " In this scenario, when doing abatement on the > PEER report, the reacting node SHOULD take into consideration the > number of messages already throttled by the handling of the HOST/ > REALM report abatement." > How to take that into consideration? And why is this normative? The reacting node is the one doing the abatement on both the HOST/REALM report and the PEER report. As such, it has all of the information it needs to adjust the abatement for the PEER report based on what abatement has already happened based on the HOST/REALM reports. It is normative to ensure similar abatement behavior across all Diameter nodes implementing this mechanism. > > Or here in section 5.2.3: > "When a reacting node receives an OC-OLR AVP with a report type of > peer it MUST determine if the report was generated by the Diameter > peer from which the report was received. > > If a reacting node receives an OC-OLR AVP of type peer and the > SourceID matches the DiameterIdentity of the Diameter peer from > which > the response message was received then the report was generated by a > Diameter peer." > Why don't you just say the following: > "When a reacting node receives an OC-OLR AVP with a report type of > peer it MUST determine that the SourceID matches the DiameterIdentity > of the Diameter peer from which > the response message was received." That would have been another way of specifying the requirement. I'm more comfortable with sticking with what has already been agreed to by the working group. > > Also the indentation used is sometimes confusing. In some cases you > should probably really use real listings with bullet points. > > > _______________________________________________ > DiME mailing list > DiME@ietf.org > https://www.ietf.org/mailman/listinfo/dime
- [Dime] Mirja Kühlewind's No Objection on draft-ie… Mirja Kühlewind
- Re: [Dime] Mirja Kühlewind's No Objection on draf… Steve Donovan