Re: [Dime] Eric Rescorla's No Objection on draft-ietf-dime-rfc4006bis-08: (with COMMENT)

Yuval Lifshitz <yuvalif@yahoo.com> Thu, 24 May 2018 14:47 UTC

Return-Path: <yuvalif@yahoo.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01862127023 for <dime@ietfa.amsl.com>; Thu, 24 May 2018 07:47:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZnZ1Nu4oTxR8 for <dime@ietfa.amsl.com>; Thu, 24 May 2018 07:47:23 -0700 (PDT)
Received: from sonic306-3.consmr.mail.bf2.yahoo.com (sonic306-3.consmr.mail.bf2.yahoo.com [74.6.132.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 372D812E873 for <dime@ietf.org>; Thu, 24 May 2018 07:47:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1527173242; bh=qb6OJe1YYIgQ2PjCChNnPGQZmi6Uy/FjceC2Ai2LgJ4=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From:Subject; b=TzzSAvg6/D2voQWrtd/6/Ur36Pbt6TUsoVfZaxkIaM7JE7PphZJP3ugNMRisvl+f0xgx1iTU746wSsYpaoRd/YF/NjN+8bAtB9AqR5u8XdtmGB7J+YjD0zTTcHd6NYelKXYKiTwICyfnEgkRFf+/e4x89Dvbk/0K3aCWqt05OqseVDX3gvLgg8NnkwYIdNflR5Oac7OC1+6YdomBet5KAFKQNm59gaqzTFtnSwF/VfmjH3aVUeugocnjWWunJKi5UnY5hcswmn168CeeWhFsQSbGBax4a7UhMB0tRr/r1fn+V2wv9Dnmymp/sOzbsnXhfPoDC/ha4mWuF3FfZWVYqg==
X-YMail-OSG: eVnfbVUVM1lN5o4z8JxdJLjrd9EfRqJzQn2.t8LdUaXrboUNOKGdTzfMjbc3uiX k1h6mVozhau8jVjk_wHU53oD95H2_2ddGezQyfRrHhNlVQghvL.ReeBCee_yHYUMyIFPli.7ly4a JGqbNQp8tUzFH6Hmn1EOneXKtrAJcl4DMtuLOxbS7MrtagYxCG3I67nq0r2Y6dpJvZ7TlcQuuImc K1Pgb_6SSiOXJUNaHxJORxsvRliyzKwUamhkJOQVpYLcGaJaplUAcmxZlup6bMdQUDd4K.jZKVhJ 8eXL7xkrGkLcffWn08kcWnh.HxdYvIKcRnqcMz.fte0HJkkKYJNFz8aPBHILVwHlHKhAAhcCwOx0 7F1Mp9zHHKlBMS_aIs3zlG0.USa7d.aNddyIks9imj.Xd3kIhEbl55D4flMJ4JKkT_Kb6_xWBzEt ONR1m.CAWMZMUO64DzrOdPRcwXfb1pt40UKTIRH2TkexzQ2rCEQAnIzkRWxNCV8cUOtfI.WRXq6Z _FkoKH8J_ao8GphLZU9SCakIL5MEiF8HV6DfmJLr3APpsFK02M91pitaqVbyP1T4VShVolrn3AyQ S5xXYAk4k2RKImCOmBaeSXrkiIbF1d5SJkLUEX30DvxhehAZVnso63qWVmjrIsTfn7tbqcbECi0. f4lTTgD.k4wt_fgkchhrdy.6tP1nycw--
Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.bf2.yahoo.com with HTTP; Thu, 24 May 2018 14:47:22 +0000
Date: Thu, 24 May 2018 14:37:18 +0000 (UTC)
From: Yuval Lifshitz <yuvalif@yahoo.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: The IESG <iesg@ietf.org>, dime-chairs@ietf.org, dime@ietf.org, draft-ietf-dime-rfc4006bis@ietf.org
Message-ID: <352182332.4945946.1527172638186@mail.yahoo.com>
In-Reply-To: <CABcZeBO3NSPi+CNKzYm30o=fg430+Bdjfj1EmnqxfEFPqZT8LA@mail.gmail.com>
References: <152713326803.29850.11203075814656303164.idtracker@ietfa.amsl.com> <2012436261.4832236.1527143593730@mail.yahoo.com> <CABcZeBPC8ZUOpVEGwYoM=rgsBCngJs=wGtxt2UFwT_tJEzr1Kg@mail.gmail.com> <1842664888.4936240.1527169987125@mail.yahoo.com> <CABcZeBOsF-jHSdpEkXXEGFnoLPtzURjOsmRmQR91cWBE8PaW5Q@mail.gmail.com> <1337069826.4959599.1527171140082@mail.yahoo.com> <CABcZeBO3NSPi+CNKzYm30o=fg430+Bdjfj1EmnqxfEFPqZT8LA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_4945944_996791147.1527172638177"
X-Mailer: WebService/1.1.11871 YMailNorrin Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36
Archived-At: <https://mailarchive.ietf.org/arch/msg/dime/NJMZJVTuk5xdJu-nWNz5oMmKpFY>
Subject: Re: [Dime] Eric Rescorla's No Objection on draft-ietf-dime-rfc4006bis-08: (with COMMENT)
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dime/>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2018 14:47:26 -0000

 ok. will add AVP to section 1.2
    On Thursday, May 24, 2018, 5:26:47 p.m. GMT+3, Eric Rescorla <ekr@rtfm.com> wrote:  
 
 

On Thu, May 24, 2018 at 7:12 AM, Yuval Lifshitz <yuvalif@yahoo.com> wrote:

 inline
    On Thursday, May 24, 2018, 4:58:44 p.m. GMT+3, Eric Rescorla <ekr@rtfm.com> wrote:  
 
 

On Thu, May 24, 2018 at 6:53 AM, Yuval Lifshitz <yuvalif@yahoo.com> wrote:

 more inline
    On Thursday, May 24, 2018, 4:18:06 p.m. GMT+3, Eric Rescorla <ekr@rtfm.com> wrote:  
 
 

On Wed, May 23, 2018 at 11:33 PM, Yuval Lifshitz <yuvalif@yahoo.com> wrote:

 inline
    On Thursday, May 24, 2018, 6:41:17 a.m. GMT+3, Eric Rescorla <ekr@rtfm.com> wrote:  
 
 Eric Rescorla has entered the following ballot position for
draft-ietf-dime-rfc4006bis-08: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/ statement/discuss-criteria. html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/ doc/draft-ietf-dime- rfc4006bis/



------------------------------ ------------------------------ ----------
COMMENT:
------------------------------ ------------------------------ ----------

Rich version of this review at:
https://mozphab-ietf. devsvcdev.mozaws.net/D3353


I only gave this a light read. Some minor comments below.

COMMENTS
S 1.2.
>        deduction of credit from the end user account when service is
>        completed and refunding of reserved credit that is not used.
>  
>      Diameter Credit-control Server  A Diameter credit-control server acts
>        as a prepaid server, performing real-time rating and credit-
>        control.  It is located in the home domain and is accessed by

a definition of "home domain" would be useful

[yuval] base spec define "home realm" we should probably change to that

S 2.
>      credit-control application.
>  
>      When an end user requests services such as SIP or messaging, the
>      request is typically forwarded to a service element (e.g., SIP Proxy)
>      in the user's home domain.  In some cases it might be possible that
>      the service element in the visited domain can offer services to the

also define visited domain, or at least point to a reference.

[yuval] base spec defined "local realm" for that. will fix

S 3.1.
>                                  [ CC-Correlation-Id ]
>                                  [ User-Equipment-Info ]
>                                  [ User-Equipment-Info-Extension ]
>                                  *[ Proxy-Info ]
>                                  *[ Route-Record ]
>                                  *[ AVP ]

Please expand AVP on first use.

[yuval] it is in the base spec

I'm sure it is, but you should still expand it. 
[yuval] sure we can (it would be a bit awkward though, in the world of "Diameter" it will be like explaining what TCP stands for...)

https://tools.ietf.org/ rfcmarkup?doc=7322#section-3.6
[yuval] in the list, but not marked as "well known". OTOH, that document gives some freedom to the RFC editor. Given that the first couple of occurrences of AVP in the spec are in titles and inside ABNF, there isn't a reasonable place to expand that. If someone tries to read any Diameter application spec, without the base one they would probably run into other issues as well

 Put it in the glossary at the start.
-Ekr





S 4.
>      control client requests credit authorization from the credit-control
>      server prior to allowing any service to be delivered to the end user.
>  
>      In the first model, the credit-control server rates the request,
>      reserves a suitable amount of money from the user's account, and
>      returns the corresponding amount of credit resources.  Note that

Sorry, reserves the balance or the amount reserved?

[yuval] not sure what is not clear?

As I said above, do you return the balance or do you return the amount of credit that has been reserved.
[yuval] return the reserved amount

OK, the text should say it.
[yuval] ok. will rephrase

-Ekr






S 14.
>  
>      Even without any modification to the messages, an adversary can
>      eavesdrop on transactions that contain privacy-sensitive information
>      about the user.  Also, by monitoring the credit-control messages one
>      can collect information about the credit-control server's billing
>      models and business relationships.

I'm having trouble reading these two paragraphs. Are they about what
happens if TLS isn't used?

[yuval] will clarify. see here: https://github.com/ lbertz02/rfc4006bis/issues/51

This doesn't seem dramatically clearer. What sort of an adversary can do that?
[yuval] in some cases e2e security is not possible, this is what this section is addressing, the github issue is to clarify that

-Ekr






______________________________ _________________
DiME mailing list
DiME@ietf.org
https://www.ietf.org/mailman/ listinfo/dime