Re: [Dime] Eric Rescorla's No Objection on draft-ietf-dime-rfc4006bis-08: (with COMMENT)

Ben Campbell <ben@nostrum.com> Thu, 24 May 2018 18:57 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FC4012EABE; Thu, 24 May 2018 11:57:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.879
X-Spam-Level:
X-Spam-Status: No, score=-1.879 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tOMHVKz2fivV; Thu, 24 May 2018 11:57:14 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F1861276AF; Thu, 24 May 2018 11:57:14 -0700 (PDT)
Received: from [10.0.1.91] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id w4OIvC0J077610 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 24 May 2018 13:57:13 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.91]
From: Ben Campbell <ben@nostrum.com>
Message-Id: <1C923B71-0BD7-4F8C-BAFF-11E966718756@nostrum.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_A6E750EE-69F8-4B57-B799-A96A60B6CF48"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Date: Thu, 24 May 2018 13:57:11 -0500
In-Reply-To: <CABcZeBOsF-jHSdpEkXXEGFnoLPtzURjOsmRmQR91cWBE8PaW5Q@mail.gmail.com>
Cc: Yuval Lifshitz <yuvalif@yahoo.com>, dime-chairs@ietf.org, dime@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-dime-rfc4006bis@ietf.org
To: Eric Rescorla <ekr@rtfm.com>
References: <152713326803.29850.11203075814656303164.idtracker@ietfa.amsl.com> <2012436261.4832236.1527143593730@mail.yahoo.com> <CABcZeBPC8ZUOpVEGwYoM=rgsBCngJs=wGtxt2UFwT_tJEzr1Kg@mail.gmail.com> <1842664888.4936240.1527169987125@mail.yahoo.com> <CABcZeBOsF-jHSdpEkXXEGFnoLPtzURjOsmRmQR91cWBE8PaW5Q@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dime/mAQJJhZNP9tGfA0g2GOV54ruim0>
Subject: Re: [Dime] Eric Rescorla's No Objection on draft-ietf-dime-rfc4006bis-08: (with COMMENT)
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dime/>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2018 18:57:16 -0000


> On May 24, 2018, at 8:58 AM, Eric Rescorla <ekr@rtfm.com> wrote:
> 
> 
> 
> On Thu, May 24, 2018 at 6:53 AM, Yuval Lifshitz <yuvalif@yahoo.com> wrote:
> more inline
> 
> On Thursday, May 24, 2018, 4:18:06 p.m. GMT+3, Eric Rescorla <ekr@rtfm.com> wrote:
> 
> 
> 
> 
> On Wed, May 23, 2018 at 11:33 PM, Yuval Lifshitz <yuvalif@yahoo.com> wrote:
> inline
> 
> On Thursday, May 24, 2018, 6:41:17 a.m. GMT+3, Eric Rescorla <ekr@rtfm.com> wrote:
> 
> 
> Eric Rescorla has entered the following ballot position for
> draft-ietf-dime-rfc4006bis-08: No Objection
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however..)
> 
> 
> Please refer to https://www.ietf.org/iesg/ statement/discuss-criteria. html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/ doc/draft-ietf-dime- rfc4006bis/
> 
> 
> 
> ------------------------------ ------------------------------ ----------
> COMMENT:
> ------------------------------ ------------------------------ ----------
> 
> Rich version of this review at:
> https://mozphab-ietf. devsvcdev.mozaws.net/D3353
> 
> 
> I only gave this a light read. Some minor comments below.
> 
> COMMENTS
> S 1.2.
> >        deduction of credit from the end user account when service is
> >        completed and refunding of reserved credit that is not used.
> >
> >      Diameter Credit-control Server  A Diameter credit-control server acts
> >        as a prepaid server, performing real-time rating and credit-
> >        control.  It is located in the home domain and is accessed by
> 
> a definition of "home domain" would be useful
> 
> [yuval] base spec define "home realm" we should probably change to that
> 
> S 2.
> >      credit-control application.
> >
> >      When an end user requests services such as SIP or messaging, the
> >      request is typically forwarded to a service element (e.g., SIP Proxy)
> >      in the user's home domain..  In some cases it might be possible that
> >      the service element in the visited domain can offer services to the
> 
> also define visited domain, or at least point to a reference.

> 
> [yuval] base spec defined "local realm" for that. will fix
> 
> S 3.1.
> >                                  [ CC-Correlation-Id ]
> >                                  [ User-Equipment-Info ]
> >                                  [ User-Equipment-Info-Extension ]
> >                                  *[ Proxy-Info ]
> >                                  *[ Route-Record ]
> >                                  *[ AVP ]
> 
> Please expand AVP on first use.
> 
> [yuval] it is in the base spec
> 
> I'm sure it is, but you should still expand it.
> 
> [yuval] sure we can (it would be a bit awkward though, in the world of "Diameter" it will be like explaining what TCP stands for...)
> 
> https://tools.ietf.org/rfcmarkup?doc=7322#section-3.6

Ekr is correct, the Diameter usage of AVP is not marked as “sufficiently well-known to not need to expand” in the abbreviation registry. Not to mention, many people in the real-time media community will also think of it as “audio-visual profile"

> 
> S 4.
> >      control client requests credit authorization from the credit-control
> >      server prior to allowing any service to be delivered to the end user.
> >
> >      In the first model, the credit-control server rates the request,
> >      reserves a suitable amount of money from the user's account, and
> >      returns the corresponding amount of credit resources.  Note that
> 
> Sorry, reserves the balance or the amount reserved?
> 
> [yuval] not sure what is not clear?
> 
> As I said above, do you return the balance or do you return the amount of credit that has been reserved.
> 
> [yuval] return the reserved amount
> 
> OK, the text should say it.
> 
> -Ekr
> 
> 
> 
> 
> 
> S 14.
> >
> >      Even without any modification to the messages, an adversary can
> >      eavesdrop on transactions that contain privacy-sensitive information
> >      about the user.  Also, by monitoring the credit-control messages one
> >      can collect information about the credit-control server's billing
> >      models and business relationships.
> 
> I'm having trouble reading these two paragraphs. Are they about what
> happens if TLS isn't used?
> 
> [yuval] will clarify. see here: https://github.com/ lbertz02/rfc4006bis/issues/51
> 
> This doesn't seem dramatically clearer. What sort of an adversary can do that?
> 
> [yuval] in some cases e2e security is not possible, this is what this section is addressing, the github issue is to clarify that
> 
> -Ekr
> 
> 
> 
> 
> 
> 
> ______________________________ _________________
> DiME mailing list
> DiME@ietf.org
> https://www.ietf.org/mailman/ listinfo/dime
> 
>