Re: [Dime] Alissa Cooper's Discuss on draft-ietf-dime-drmp-05: (with DISCUSS and COMMENT)

Steve Donovan <> Wed, 04 May 2016 16:06 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B2DB012DC8E; Wed, 4 May 2016 09:06:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.139
X-Spam-Status: No, score=-0.139 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_FONT_FACE_BAD=0.981, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2IEYuJzFYub6; Wed, 4 May 2016 09:06:26 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 42E7512DA2E; Wed, 4 May 2016 08:58:21 -0700 (PDT)
Received: from ([]:59914 helo=Steves-MacBook-Air.local) by with esmtpsa (TLSv1.2:DHE-RSA-AES256-SHA:256) (Exim 4.86_1) (envelope-from <>) id 1axzBm-000OAl-15; Wed, 04 May 2016 08:58:20 -0700
To:, Alissa Cooper <>, "" <>
References: <> <8354_1462318968_57293778_8354_15408_1_6B7134B31289DC4FAF731D844122B36E01E4C8AE@OPEXCLILM43.corporate.adroot.infra.ftgroup>
From: Steve Donovan <>
Message-ID: <>
Date: Wed, 04 May 2016 10:58:12 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <8354_1462318968_57293778_8354_15408_1_6B7134B31289DC4FAF731D844122B36E01E4C8AE@OPEXCLILM43.corporate.adroot.infra.ftgroup>
Content-Type: multipart/alternative; boundary="------------010506000406040901070503"
X-OutGoing-Spam-Status: No, score=-0.7
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-Get-Message-Sender-Via: authenticated_id:
Archived-At: <>
Cc: "" <>, "" <>, "" <>
Subject: Re: [Dime] Alissa Cooper's Discuss on draft-ietf-dime-drmp-05: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 04 May 2016 16:06:27 -0000

Responding to both Alissa's comments and Lionel's responses.



On 5/3/16 6:42 PM, wrote:
> Hi Alissa,
> Thank you for your review.
> Please find below some clarifications, waiting for authors feeback.
> Regards,
> Lionel
> Envoyé depuis Surface
> *De :* Alissa Cooper <>
> *Envoyé :* ‎mardi‎ ‎3‎ ‎mai‎ ‎2016 ‎23‎:‎31
> *À :* <>
> *Cc :* 
> <>, Lionel MORAND 
> <>, 
> <>, Lionel MORAND 
> <>, <>
> Alissa Cooper has entered the following ballot position for
> draft-ietf-dime-drmp-05: Discuss
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> Please refer to
> for more information about IESG DISCUSS and COMMENT positions.
> The document, along with other ballot positions, can be found here:
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> (1) Given the two key security threats identified in Section 11 -- that
> authorized nodes can issue requests with artificially high priority in
> order to get better treatment, and that unauthorized intermediaries can
> modify the priorities that senders set -- I don't see how it is
> legitimate to claim that either 5.1 or 5.2 are appropriate use cases for
> DRMP. The spec seems to assume that this mechanism will only be used in
> scenarios where nodes and agents have some out-of-band trust relationship
> established with each other (the shepherd write-up talks about a "trusted
> environment"), but that is certainly not the case in many disaster and
> emergency scenarios. If that really is a limitation on the scope of
> applicability of this mechanism, that should be stated in the document,
> and those use cases should either be removed or modified to explain the
> limitations on their applicability.
> [LM] I think that what is missing is that Diameter is mainly (if not 
> only) used in mobile operator networks. The text makes reference to 
> the RFC7683 where the overoload contgrol mechanism is introduced to 
> solve overload situations in telco networks. This additional mechanism 
> is seen as a complement of this overload control mechanism. Now, if it 
> is understood that it is a mechanism defined for “trusted environment” 
> i.e. mobile networks, the use of priority indications in emergency and 
> disaster scenarios seems legitimate.
SRD> I would state it a little differently, but I agree that there needs 
to be some clarification here.  We intentionally did not specify how 
priorities are set in this document as those priorities need to take 
into account application specific knowledge.  This document is, instead, 
focused on how priority information is transported and used by nodes 
receiving the priority.  The thing that is missing is a statement that 
this mechanism only works when the definition of priority values is done 
in a consistent manner for all applications used by a Diameter network.  
It is my understanding that 3GPP will be defining priorities across its 
set of applications and that this will make sure that one application 
does not improperly take advantage of the mechanism at the expense of 
other applications.  I also expect that 3GPP will factor in the 5.1 and 
5.2 use cases when doing this work.

SRD> This does beg the question of whether or not we need to support 
interworking between multiple "DRMP priority schemes", where one 
Diameter network assumes priority scheme 1 and another assumes priority 
scheme 2 and the two priority schemes were defined completely 
independently.  The 3GPP priority definition would be an example of a 
priority scheme.  The mechanism, as currently defined, does not support 
this use case.

SRD> We could fix this by using a name-space concept similar to that 
used by SIP.  Or we could say that this mechanism only works in a 
trusted environment.  The working group should decide which approach to 

> (2) Section 6 says:
>     "The mechanism for how the agent determines which requests are
>        throttled is implementation dependent and is outside the scope of
>        this document."
> How is a node supposed to determine how to set its priorities if each
> agent makes implementation-specific decisions about what those priorities
> mean? I understood the document to be saying that Diameter applications
> would have to define what he priority levels mean within their own
> contexts, but then I would have expected the interpretation of priorities
> amongst all nodes and agents implementing the same application to be the
> same.
> [LM] I understand. I think that the text should say “The mechanism for 
> how the agent determines which requests are c(candidates) to be 
> throttled”. And, when there are requests to throttle, the priority 
> indication is used to determine “which requests to route first, which 
> requests to throttle and where the request is routed.  For instance, 
> requests with higher  priority might have a lower probability of being 
> throttled. ”.
SRD> I agree with Lionel's suggestion here.
> (3) Section 8 says:
>  "Diameter nodes SHOULD use the PRIORITY_10 priority as this default
> value."
> If the determination of the priority schemes are all
> application-specific, how is it appropriate for this spec to define what
> the default priority should be for all applications? Shouldn't
> applications specify their own defaults?
> [LM] it is needed to take into account that the use of priority 
> indication in Diameter will be optional and that legacy implementation 
> will not include any priority indication in Diameter requests. After 
> discussion, it was decided that requests without priority should be 
> handled as with a priority set to 10. This makes the difference with 
> requests with an explicit lower priorities and other with higher 
> priorities. 10 is used as “average” priority, with the possibility of 
> specific operator policies to use another value.
SRD> As stated by Alexey in a separate email, I don't see the issue with 
a default value.  Alexey and Lionel have explained why, so I won't repeat.
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> Section 11 says: "DRMP gives Diameter nodes the ability to influence
> which requests are throttled during overload scenarios." But the
> information is not limited to use during overload scenarios, and the spec
> specifically allows its use for prioritized routing in absence of
> overload. This should be stated here too.
> [LM] right.
SRD> This is already addressed in the paragraph following the one above:

    The DRMP mechanism can also be used to influence the order in which
    Diameter messages are handled by Diameter nodes.  The above attacks
    have a potentially greater impact in this scenario as the priority
    indication impacts the handling of all requests at all times,
    independent of the overload status of Diameter nodes in the Diameter
> _________________________________________________________________________________________________________________________
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.