IETF Logo Mail Archive

[Dime] draft-ietf-dime-rfc3588bis review (2/3)

Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Sun, 14 September 2008 19:13 UTC

Return-Path: <dime-bounces@ietf.org>
X-Original-To: dime-archive@megatron.ietf.org
Delivered-To: ietfarch-dime-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 623E73A6AE9; Sun, 14 Sep 2008 12:13:33 -0700 (PDT)
X-Original-To: dime@core3.amsl.com
Delivered-To: dime@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2D3993A6A41 for <dime@core3.amsl.com>; Sun, 14 Sep 2008 12:13:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.255
X-Spam-Level:
X-Spam-Status: No, score=-1.255 tagged_above=-999 required=5 tests=[AWL=-0.145, BAYES_05=-1.11]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3db1L1cGIdMZ for <dime@core3.amsl.com>; Sun, 14 Sep 2008 12:13:31 -0700 (PDT)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by core3.amsl.com (Postfix) with SMTP id 7EB663A6AE9 for <dime@ietf.org>; Sun, 14 Sep 2008 12:13:30 -0700 (PDT)
Received: (qmail invoked by alias); 14 Sep 2008 19:13:37 -0000
Received: from 80-186-80-175.elisa-mobile.fi (EHLO [80.186.80.175]) [80.186.80.175] by mail.gmx.net (mp003) with SMTP; 14 Sep 2008 21:13:37 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/WpSI3dPLWfaUeBM14vI7k5nZrW5XemI0ga5NV70 Kvs5ZfzMR/NGfu
Message-ID: <48CD625D.1000605@gmx.net>
Date: Sun, 14 Sep 2008 22:13:33 +0300
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)
MIME-Version: 1.0
To: dime@ietf.org
X-Y-GMX-Trusted: 0
X-FuHaFi: 0.54
Subject: [Dime] draft-ietf-dime-rfc3588bis review (2/3)
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dime-bounces@ietf.org
Errors-To: dime-bounces@ietf.org

Here is the 2nd part of my review:

9.2.  Protocol Messages

   A Diameter node that receives a successful authentication and/or
   authorization messages from the Home AAA server MUST collect
   accounting information for the session.

s/Home AAA server/Diameter server

I wonder why there is this MUST statement here. Why is there MUST 
regarding the
collection of accounting information.

   The Accounting-Request
   message is used to transmit the accounting information to the Home
   AAA server, which MUST reply with the Accounting-Answer message to
   confirm reception.

s/Home AAA server/Diameter server

   The Accounting-Answer message includes the
   Result-Code AVP, which MAY indicate that an error was present in the
   accounting message.  A rejected Accounting-Request message MAY cause
   the user's session to be terminated, depending on the value of the
   Accounting-Realtime-Required AVP received earlier for the session in
   question.

I would re-write the last sentence to something like:

"
   The value of the
   Accounting-Realtime-Required AVP received earlier for the session in
   question may indicate that the user's session has to be terminated when
   a rejected Accounting-Request message was received.
"   
   

   Each Diameter Accounting protocol message MAY be compressed, in order
   to reduce network bandwidth usage.  If TLS is used to secure the
   Diameter session, then TLS compression [RFC4346] MAY be used.
   
I wonder why this compression aspect is mentioned as there is nothing in 
Diameter itself
to provide this compression. Compression is provided by TLS for all 
Diameter
messages.


9.3.  Accounting Application Extension and Requirements

   Each Diameter application (e.g., NASREQ, MobileIP), MUST define their
   Service-Specific AVPs that MUST be present in the Accounting-Request
   message in a section entitled "Accounting AVPs".

I wonder why this is a MUST requirement.

   The application
   MUST assume that the AVPs described in this document will be present
   in all Accounting messages, so only their respective service-specific
   AVPs need to be defined in this section.
   
s/this section/that section
 
 
 9.6.  Correlation of Accounting Records

   The Diameter protocol's Session-Id AVP, which is globally unique (see
   Section 8.8), is used during the authorization phase to identify a
   particular session.


   Services that do not require any authorization
   still use the Session-Id AVP to identify sessions.


Why is the authorization exchange mentioned here explicitly. Session-IDs 
are used
throught Diameter and there is nothing specifial about the authorization 
phase.


   
   Accounting
   messages MAY use a different Session-Id from that sent in
   authorization messages.  Specific applications MAY require different
   a Session-ID for accounting messages.
   
These two sentences essentially say the same thing. Maybe it would be 
useful to say
 when the session ID is different.
 
 
   However, there are certain applications that require multiple
   accounting sub-sessions.  Such applications would send messages with
   a constant Session-Id AVP, but a different Accounting-Sub-Session-Id
   AVP.  In these cases, correlation is performed using the Session-Id.
   
The last sentence essentially says what the sentence said previously.

   It is important to note that receiving a STOP_RECORD with no
   Accounting-Sub-Session-Id AVP when sub-sessions were originally used
   in the START_RECORD messages implies that all sub-sessions are
   terminated.

   Furthermore, there are certain applications where a user receives
   service from different access devices (e.g., Mobile IPv4), each with
   their own unique Session-Id.

I am not sure is meant with the Mobile IPv4 example here.
Is this referring to the case that a user might, as part of their 
service usage,
trigger multiple Diameter exchanges from different Diameter clients, 
such as from
the NAS and also from an application server?

   In such cases, the Acct-Multi-Session-
   Id AVP is used for correlation.

I would move this sentence after the subsequent paragraph.
 
   During authorization, a server that
   determines that a request is for an existing session SHOULD include
   the Acct-Multi-Session-Id AVP, which the access device MUST include
   in all subsequent accounting messages.

   

10.1.  Base Protocol Command AVP Table


There are a couple of AVPs in the table that do not appear in any command.
I wonder whether it makes sense to actually list them in the table at all.
Instead, one could argue that they are rather defined in this document 
since
they are of general usage for applications.



11.  IANA Considerations

   Diameter is not intended as a general purpose protocol, and
   allocations SHOULD NOT be made for purposes unrelated to
   authentication, authorization or accounting.

I would remove this sentence as we already know that Diameter is used
today outside the originally envisioned environment.


 The
   following values are allocated.

         Diameter Common Messages            0
         NASREQ                              1 [RFC4005]
         Mobile-IP                           2 [RFC4004]
         Diameter Base Accounting            3
         Relay                               0xffffffff
        
I would delete the rows for NASREQ and Mobile IP.



14.  References

Please move  [RFC4004], [RFC4005], [RFC4006], [RFC4072], [RFC4740], 
[RFC4306],
 [RFC4291] to the informative reference section.  
 
 
 [RFC3261] -- delete this reference.

You are referencing the updated NAI RFC [RFC4282], instead of
   [4]   Aboba, B. and M. Beadles, "The Network Access Identifier",
         RFC 2486, January 1999.

I guess that this might cause backwards compatibility problems, see 
draft-korhonen-dime-nai-routing-00.txt.   
 
Appendix A.  Acknowledgements

I believe you should make a split between the acks from RFC 3588 and the 
acks for the bis version.
Additionally, I believe that we should thank the folks from the interops 
and also the guys in the design
team for their feedback.
 


I have some comments regarding the security consideration section but I 
am going to cover them in a separate mail.

_______________________________________________
DiME mailing list
DiME@ietf.org
https://www.ietf.org/mailman/listinfo/dime

v2.23.0 | Report a Bug | By Email