[Dime] draft-ietf-dime-rfc3588bis review (2/3)
Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Sun, 14 September 2008 19:13 UTC
Return-Path: <dime-bounces@ietf.org>
X-Original-To: dime-archive@megatron.ietf.org
Delivered-To: ietfarch-dime-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 623E73A6AE9; Sun, 14 Sep 2008 12:13:33 -0700 (PDT)
X-Original-To: dime@core3.amsl.com
Delivered-To: dime@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2D3993A6A41 for <dime@core3.amsl.com>; Sun, 14 Sep 2008 12:13:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.255
X-Spam-Level:
X-Spam-Status: No, score=-1.255 tagged_above=-999 required=5 tests=[AWL=-0.145, BAYES_05=-1.11]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3db1L1cGIdMZ for <dime@core3.amsl.com>; Sun, 14 Sep 2008 12:13:31 -0700 (PDT)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by core3.amsl.com (Postfix) with SMTP id 7EB663A6AE9 for <dime@ietf.org>; Sun, 14 Sep 2008 12:13:30 -0700 (PDT)
Received: (qmail invoked by alias); 14 Sep 2008 19:13:37 -0000
Received: from 80-186-80-175.elisa-mobile.fi (EHLO [80.186.80.175]) [80.186.80.175] by mail.gmx.net (mp003) with SMTP; 14 Sep 2008 21:13:37 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/WpSI3dPLWfaUeBM14vI7k5nZrW5XemI0ga5NV70 Kvs5ZfzMR/NGfu
Message-ID: <48CD625D.1000605@gmx.net>
Date: Sun, 14 Sep 2008 22:13:33 +0300
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)
MIME-Version: 1.0
To: dime@ietf.org
X-Y-GMX-Trusted: 0
X-FuHaFi: 0.54
Subject: [Dime] draft-ietf-dime-rfc3588bis review (2/3)
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dime-bounces@ietf.org
Errors-To: dime-bounces@ietf.org
Here is the 2nd part of my review: 9.2. Protocol Messages A Diameter node that receives a successful authentication and/or authorization messages from the Home AAA server MUST collect accounting information for the session. s/Home AAA server/Diameter server I wonder why there is this MUST statement here. Why is there MUST regarding the collection of accounting information. The Accounting-Request message is used to transmit the accounting information to the Home AAA server, which MUST reply with the Accounting-Answer message to confirm reception. s/Home AAA server/Diameter server The Accounting-Answer message includes the Result-Code AVP, which MAY indicate that an error was present in the accounting message. A rejected Accounting-Request message MAY cause the user's session to be terminated, depending on the value of the Accounting-Realtime-Required AVP received earlier for the session in question. I would re-write the last sentence to something like: " The value of the Accounting-Realtime-Required AVP received earlier for the session in question may indicate that the user's session has to be terminated when a rejected Accounting-Request message was received. " Each Diameter Accounting protocol message MAY be compressed, in order to reduce network bandwidth usage. If TLS is used to secure the Diameter session, then TLS compression [RFC4346] MAY be used. I wonder why this compression aspect is mentioned as there is nothing in Diameter itself to provide this compression. Compression is provided by TLS for all Diameter messages. 9.3. Accounting Application Extension and Requirements Each Diameter application (e.g., NASREQ, MobileIP), MUST define their Service-Specific AVPs that MUST be present in the Accounting-Request message in a section entitled "Accounting AVPs". I wonder why this is a MUST requirement. The application MUST assume that the AVPs described in this document will be present in all Accounting messages, so only their respective service-specific AVPs need to be defined in this section. s/this section/that section 9.6. Correlation of Accounting Records The Diameter protocol's Session-Id AVP, which is globally unique (see Section 8.8), is used during the authorization phase to identify a particular session. Services that do not require any authorization still use the Session-Id AVP to identify sessions. Why is the authorization exchange mentioned here explicitly. Session-IDs are used throught Diameter and there is nothing specifial about the authorization phase. Accounting messages MAY use a different Session-Id from that sent in authorization messages. Specific applications MAY require different a Session-ID for accounting messages. These two sentences essentially say the same thing. Maybe it would be useful to say when the session ID is different. However, there are certain applications that require multiple accounting sub-sessions. Such applications would send messages with a constant Session-Id AVP, but a different Accounting-Sub-Session-Id AVP. In these cases, correlation is performed using the Session-Id. The last sentence essentially says what the sentence said previously. It is important to note that receiving a STOP_RECORD with no Accounting-Sub-Session-Id AVP when sub-sessions were originally used in the START_RECORD messages implies that all sub-sessions are terminated. Furthermore, there are certain applications where a user receives service from different access devices (e.g., Mobile IPv4), each with their own unique Session-Id. I am not sure is meant with the Mobile IPv4 example here. Is this referring to the case that a user might, as part of their service usage, trigger multiple Diameter exchanges from different Diameter clients, such as from the NAS and also from an application server? In such cases, the Acct-Multi-Session- Id AVP is used for correlation. I would move this sentence after the subsequent paragraph. During authorization, a server that determines that a request is for an existing session SHOULD include the Acct-Multi-Session-Id AVP, which the access device MUST include in all subsequent accounting messages. 10.1. Base Protocol Command AVP Table There are a couple of AVPs in the table that do not appear in any command. I wonder whether it makes sense to actually list them in the table at all. Instead, one could argue that they are rather defined in this document since they are of general usage for applications. 11. IANA Considerations Diameter is not intended as a general purpose protocol, and allocations SHOULD NOT be made for purposes unrelated to authentication, authorization or accounting. I would remove this sentence as we already know that Diameter is used today outside the originally envisioned environment. The following values are allocated. Diameter Common Messages 0 NASREQ 1 [RFC4005] Mobile-IP 2 [RFC4004] Diameter Base Accounting 3 Relay 0xffffffff I would delete the rows for NASREQ and Mobile IP. 14. References Please move [RFC4004], [RFC4005], [RFC4006], [RFC4072], [RFC4740], [RFC4306], [RFC4291] to the informative reference section. [RFC3261] -- delete this reference. You are referencing the updated NAI RFC [RFC4282], instead of [4] Aboba, B. and M. Beadles, "The Network Access Identifier", RFC 2486, January 1999. I guess that this might cause backwards compatibility problems, see draft-korhonen-dime-nai-routing-00.txt. Appendix A. Acknowledgements I believe you should make a split between the acks from RFC 3588 and the acks for the bis version. Additionally, I believe that we should thank the folks from the interops and also the guys in the design team for their feedback. I have some comments regarding the security consideration section but I am going to cover them in a separate mail. _______________________________________________ DiME mailing list DiME@ietf.org https://www.ietf.org/mailman/listinfo/dime
- [Dime] draft-ietf-dime-rfc3588bis review (2/3) Hannes Tschofenig
- Re: [Dime] draft-ietf-dime-rfc3588bis review (2/3) Victor Fajardo