[Dime] FW: DISCUSS and COMMENT: <draft-ietf-dime-capablities-update-06.txt>
"Romascanu, Dan (Dan)" <dromasca@avaya.com> Wed, 20 October 2010 15:17 UTC
Return-Path: <dromasca@avaya.com>
X-Original-To: dime@core3.amsl.com
Delivered-To: dime@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 36CF43A68D5 for <dime@core3.amsl.com>; Wed, 20 Oct 2010 08:17:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.529
X-Spam-Level:
X-Spam-Status: No, score=-102.529 tagged_above=-999 required=5 tests=[AWL=0.070, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lZiAadwCIi39 for <dime@core3.amsl.com>; Wed, 20 Oct 2010 08:17:28 -0700 (PDT)
Received: from co300216-co-outbound.net.avaya.com (co300216-co-outbound.net.avaya.com [198.152.13.100]) by core3.amsl.com (Postfix) with ESMTP id ADDE33A6847 for <dime@ietf.org>; Wed, 20 Oct 2010 08:17:28 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.57,355,1283745600"; d="scan'208";a="243603022"
Received: from unknown (HELO co300216-co-erhwest.avaya.com) ([198.152.7.5]) by co300216-co-outbound.net.avaya.com with ESMTP; 20 Oct 2010 11:19:01 -0400
X-IronPort-AV: E=Sophos;i="4.57,355,1283745600"; d="scan'208";a="528301752"
Received: from unknown (HELO 307622ANEX5.global.avaya.com) ([135.64.140.12]) by co300216-co-erhwest-out.avaya.com with ESMTP; 20 Oct 2010 11:19:01 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 20 Oct 2010 17:18:57 +0200
Message-ID: <EDC652A26FB23C4EB6384A4584434A04026643DC@307622ANEX5.global.avaya.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: DISCUSS and COMMENT: <draft-ietf-dime-capablities-update-06.txt>
Thread-Index: Actv2EE9VIHgCqUWSGePPpcZikDUJQAkdBkw
From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
To: dime@ietf.org
Subject: [Dime] FW: DISCUSS and COMMENT: <draft-ietf-dime-capablities-update-06.txt>
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Oct 2010 15:17:34 -0000
-----Original Message----- From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On Behalf Of Peter Saint-Andre Sent: Tuesday, October 19, 2010 11:53 PM To: iesg@ietf.org Cc: draft-ietf-dime-capablities-update@tools.ietf.org; dime-chairs@tools.ietf.org Subject: DISCUSS and COMMENT: <draft-ietf-dime-capablities-update-06.txt> Discuss: 1. Let me see if I understand this. The basic idea is that any two Diameter nodes can dynamically inform each other when their capabilities have changed, without forcing a reconnection. There are several kinds of capabilities that might change, such as (a) security mechanisms, (b) commands related to a particular application, and (c) the list of applications supported. It seems that several rules apply: (a) do not attempt to dynamically modify a security mechanism that is currently in use, because reconnection is required, (b) send updated commands related to a given application only to those peers which also support that application, and (c) send an updated list of supported applications to all peers [this seems to implicit]. Unfortunately, these rules are not explained very clearly, and certain matters are left unspecified: a. Is it OK to dynamically inform peers about capabilities security mechanisms that are *not* currently in use for that connection? b. When a node receives a Capabilities Update Request (CUR) from a peer, it needs to check if the two entities have any supported applications in common, and if not it SHOULD disconnect the transport connection. Why? Does this behavior protect against some unspecified threat? Does this behavior prevent two entities from exchanging a CUR that updates the list of supported applications (i.e., if they currently have no supported applications in common)? c. Is the Capabilities Update Application limited to informing peers about new/changed capabilities, or does it also assume that based on communication of those new/changed capabilities a peer MAY/SHOULD/MUST take action based on those modified capabilities (e.g., "modifying the security mechanism")? Comment: 1. In Section 4, there is a typo: "Attibute-Value"
- [Dime] FW: DISCUSS and COMMENT: <draft-ietf-dime-… Romascanu, Dan (Dan)