Re: [Dime] Eric Rescorla's No Objection on draft-ietf-dime-rfc4006bis-08: (with COMMENT)

Yuval Lifshitz <> Thu, 24 May 2018 06:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5B09212D95A for <>; Wed, 23 May 2018 23:43:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7f9hkaYSrh-j for <>; Wed, 23 May 2018 23:43:17 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 19FE112D958 for <>; Wed, 23 May 2018 23:43:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=s2048; t=1527144196; bh=isObVCNipWYhk5vv9bK9buOGw9WKyXpRLih3xu2/Yrg=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From:Subject; b=PM325B/NoAH76gSiZYWwBz4bSUfssPep1O/mBZv9Tnyjk1cqlB3JEvOR2u2XLVTUg7HUVMi8CBP2ebsNcdO81k0ZKlgNFNLQ25KELqaook7m2kO54rdBupEKusWCRRz24xyHEk2WrjGwUu2/scIgkRAlkZsv9rkbg3s4Wd8JOXe1oZJTXLLyfgQkbrOIGMTei+wdO3Dn9Xu0mW/ILLatp7knkAd4sYSQh8RLSaWEpBOqGFq6FoZkDa6QpUBfwIFPCwk+ySOO/JH3GKw+brxpS4IeNlmcwQ/eTks/xvDpUZtbjWxu8d9qNCmD1wCTFKWyb6qVraPDkgD9B2Lx3BKUMQ==
X-YMail-OSG: AjUAeRAVM1kG5JzUIAd6MUTpkDRFOPscYbiPx8I2a85t9jGN6PLb8H.HsKwiEc7 eCK0A5KlKr5J4dxV45c2W1ND11hxTfv9ZjqDEQ7n6uoXMDFxtv6VrER3EmSFP8cW.5KugnRmhdub O3BKmjNicZNjttwBWSmEbMixotFvl9FQQ5loE8MFJYiCY6kHcp3zgncH58X9DswdPN83eDMOrBmK 1wRlfPiEn3HByPiGiR17iq2LRdFl44IrFPVawQIgtXE2lu5X3Z8l1CDmpPW316gkx9s5TaEcd9lV L1khg9Fg3yCW0Xov7bbine3GQ3N8K0cM33yUspzYusenfFPcsFLzWyh0vxUOsRBn1F7c.Ai.bPIp y7LeT0AIpQVipa8yD8hhfmGUh2DLupgXyILAmvMK0ro0D7OodG4eMDp076tbd2TRNNHWnuIHQlu3 h9rEqxZWdI8oEVXlP_SRY2qzrihodbDLGZRiwBodq4N43QL3d3DhwjWtoG1MDIk_JQqPmGcL1tVq q0QrfJeu.TvFUNqZMBF4p9sboWXUYCFe7pYbXn6ZpB_.vnxfgYRLkJOp5TJ9w1Zhvvw6PrTCOeg4 RXtPuxWmpRrYXRfikrkv3isz.fGUio5E1SKrL9qBOKMsW_xGF6IzBJvRzQMCn2RjAPWlojXQL5ju snmqtKV0Tzh_qwlXjAU_4bxeLBrxeSwQuuOJrqTv8NpbMmgnsm2zeyy4-
Received: from by with HTTP; Thu, 24 May 2018 06:43:16 +0000
Date: Thu, 24 May 2018 06:33:13 +0000 (UTC)
From: Yuval Lifshitz <>
To: The IESG <>, Eric Rescorla <>
Message-ID: <>
In-Reply-To: <>
References: <>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_4832235_1427263167.1527143593725"
X-Mailer: WebService/1.1.11871 YMailNorrin Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36
Archived-At: <>
Subject: Re: [Dime] Eric Rescorla's No Objection on draft-ietf-dime-rfc4006bis-08: (with COMMENT)
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 24 May 2018 06:43:19 -0000

    On Thursday, May 24, 2018, 6:41:17 a.m. GMT+3, Eric Rescorla <> wrote:  
 Eric Rescorla has entered the following ballot position for
draft-ietf-dime-rfc4006bis-08: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


Rich version of this review at:

I only gave this a light read. Some minor comments below.

S 1.2.
>        deduction of credit from the end user account when service is
>        completed and refunding of reserved credit that is not used.
>      Diameter Credit-control Server  A Diameter credit-control server acts
>        as a prepaid server, performing real-time rating and credit-
>        control.  It is located in the home domain and is accessed by

a definition of "home domain" would be useful

[yuval] base spec define "home realm" we should probably change to that

S 2.
>      credit-control application.
>      When an end user requests services such as SIP or messaging, the
>      request is typically forwarded to a service element (e.g., SIP Proxy)
>      in the user's home domain.  In some cases it might be possible that
>      the service element in the visited domain can offer services to the

also define visited domain, or at least point to a reference.

[yuval] base spec defined "local realm" for that. will fix

S 3.1.
>                                  [ CC-Correlation-Id ]
>                                  [ User-Equipment-Info ]
>                                  [ User-Equipment-Info-Extension ]
>                                  *[ Proxy-Info ]
>                                  *[ Route-Record ]
>                                  *[ AVP ]

Please expand AVP on first use.

[yuval] it is in the base spec

S 4.
>      control client requests credit authorization from the credit-control
>      server prior to allowing any service to be delivered to the end user.
>      In the first model, the credit-control server rates the request,
>      reserves a suitable amount of money from the user's account, and
>      returns the corresponding amount of credit resources.  Note that

Sorry, reserves the balance or the amount reserved?

[yuval] not sure what is not clear?

S 14.
>      Even without any modification to the messages, an adversary can
>      eavesdrop on transactions that contain privacy-sensitive information
>      about the user.  Also, by monitoring the credit-control messages one
>      can collect information about the credit-control server's billing
>      models and business relationships.

I'm having trouble reading these two paragraphs. Are they about what
happens if TLS isn't used?

[yuval] will clarify. see here:

DiME mailing list