IETF Logo Mail Archive

Re: [dispatch] New Version of draft-vanelburg-dispatch-private-network-ind

Shida Schubert <shida@ntt-at.com> Thu, 31 October 2013 15:12 UTC

Return-Path: <shida@ntt-at.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71E9311E8171 for <dispatch@ietfa.amsl.com>; Thu, 31 Oct 2013 08:12:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.765
X-Spam-Level:
X-Spam-Status: No, score=-101.765 tagged_above=-999 required=5 tests=[AWL=-0.833, BAYES_00=-2.599, HTML_MESSAGE=0.001, SARE_HTML_USL_OBFU=1.666, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uOTQvU2gRgoa for <dispatch@ietfa.amsl.com>; Thu, 31 Oct 2013 08:12:32 -0700 (PDT)
Received: from gator4135.hostgator.com (gator4135.hostgator.com [192.185.4.147]) by ietfa.amsl.com (Postfix) with ESMTP id EE95D11E8196 for <dispatch@ietf.org>; Thu, 31 Oct 2013 08:12:31 -0700 (PDT)
Received: from [98.210.227.187] (port=49647 helo=[192.168.1.25]) by gator4135.hostgator.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80) (envelope-from <shida@ntt-at.com>) id 1VbtvB-0005Rc-IA; Thu, 31 Oct 2013 10:12:29 -0500
Content-Type: multipart/alternative; boundary="Apple-Mail=_0B93EA64-DDD3-4097-83FB-E7102EADF90B"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Shida Schubert <shida@ntt-at.com>
In-Reply-To: <CAHBDyN6oH7OYbq2E26Mo_7KOqx6JZ2mz3CWqQRpfoAXsyLb51A@mail.gmail.com>
Date: Thu, 31 Oct 2013 08:12:27 -0700
Message-Id: <5B2B0410-7F09-4C6A-B084-2A0CF1C9347F@ntt-at.com>
References: <20130912005949.3447.42089.idtracker@ietfa.amsl.com> <523124B0.2000305@ntt-at.co.jp> <CAHBDyN6oH7OYbq2E26Mo_7KOqx6JZ2mz3CWqQRpfoAXsyLb51A@mail.gmail.com>
To: Mary Barnes <mary.ietf.barnes@gmail.com>
X-Mailer: Apple Mail (2.1510)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator4135.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ntt-at.com
X-BWhitelist: no
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: ([192.168.1.25]) [98.210.227.187]:49647
X-Source-Auth: shida.schubert+tingle.jp
X-Email-Count: 1
X-Source-Cap: c3NoaWRhO3NzaGlkYTtnYXRvcjQxMzUuaG9zdGdhdG9yLmNvbQ==
Cc: DISPATCH <dispatch@ietf.org>
Subject: Re: [dispatch] New Version of draft-vanelburg-dispatch-private-network-ind
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dispatch>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 15:12:36 -0000

Hi Mary;

 Thanks for the thorough reviews and suggestions. 

 I will prepare a revised draft before and submit the 
draft after the blackout period is cleared  reflecting 
the suggestions and comments you and Paul provided. 

 Many Thanks
  Shida

On Oct 29, 2013, at 7:11 AM, Mary Barnes <mary.ietf.barnes@gmail.com> wrote:

> In reviewing the document in preparation for the PROTO write-up, I have a few comments (minor and nits) that should be addressed prior to the document being progressed.
> 
> Regards,
> Mary.
> 
> Comments:
> ---------------
> 
> - General: domains used in this document must use a reserved domain such as "example.com" and must not use real domains. Thus, all occurrences of ericsson.com need to be changed to example.com
> 
> - Section 1.5.  Bulleted list, first bullet. I would suggest you just leave out the mention of LI.  Emergency services should be a sufficient example.  
> 
> - Section 1.5, last numbered list, item 2.  I had a hard time groking this sentence and had to read several times. I would suggest rewording something like (if I've properly interpreted the intent):
> OLD:
>        Different nodes spanning over different networks may need to be
>        able to act differently on type of traffic, when implicit schemes
>        are used, it would require distribution of such enterprise
>        specific logic over multiple nodes in multiple operators.  That
>        is clearly not a manageable architecture and solution.
> 
> NEW: 
>        Nodes spanning multiple networks often need to have different 
>        behavior depending upon the type of traffic.  When this is done using implicit
>        schemes, enterprise specific logic must be distributed across multiple
>        nodes in multiple operator's networks.  
>        That is clearly not a manageable architecture and solution.
> 
> 
> - Section 1.5, last sentence.  I don't think that statement is sufficient for what this document is doing. I would suggest you change that sentence to something like the following:
> OLD:
>    Given the above background this document will formulate requirements
>    for SIP to support an explicit private network indication.
> 
> NEW: 
>    Based on the background provided, this document formulates requirements
>    for SIP to support an explicit private network indication and defines 
>    a P-header, P-Private-Network-Indication, to support those requirements. 
> 
> 
> - Section 3, next to last paragraph.  I'm not sure what is meant by "the filling out a Spec(T)". I don't see "filling" used as a concept in RFC 3324.  Perhaps, "specifying a Spec(T)" is more consistent with terminology in RFC 3324. 
> 
> - Section 5.  In general, the requirements are not specific consistently - i.e., some use 2119 language and others not and there is not consistent capitalization.  I would suggest the following changes.
> R2:   "The indication from R1 can be inserted by a SIP proxy" -> "The indication from R1 MAY be inserted by a SIP proxy"   
> R3: "The indication from R1 can be removed by a SIP proxy" -> "The indication from R1 MAY be removed by a SIP proxy"
> R6: "must" -> "MUST"
> 
> - Section 6, 2nd paragraph. The "can" in the first sentence should be a "MAY" and the sentence needs to be split into two:
> OLD:
>    A proxy server which handles a message can insert such a P-Private-
>    Network-Indication header field into the message based on
>    authentication of the source of a message, configuration or local
>    policy, and forward it to other proxies in the same administrative
>    domain or proxies in trusted domain to be handled as private network
>    traffic. 
> 
> NEW: 
>    A proxy server which handles a message MAY insert such a P-Private-
>    Network-Indication header field into the message based on
>    authentication of the source of a message, configuration or local
>    policy.  A proxy server MAY forward the message to other proxies in the 
>    same administrative domain or proxies in a trusted 
>    domain to be handled as private network traffic. 
> 
> 
> Section 9.  You should be explicit about the header name in this section.  The text in the first paragraph needs some work.  At a minimum you need to change the "not supposed to" to something more definitive as all security issues arise because someone does something they're not supposed to.   I would suggest at least making the following change:
> OLD:
>    The private network indication defined in this document is to be used
>    in an environment where elements are trusted and where attackers are
>    not supposed to have access to the protocol messages between those
>    elements.  Traffic protection between network elements is sometimes
>    achieved by using IPsec and sometimes by physical protection of the
>    network.  In any case, the environment where the private network
>    indication will be used ensures the integrity and the confidentiality
>    of the contents of this header field.
> NEW:
>    The private network indication defined in this document MUST only be used
>    in an environment where elements are trusted and where attackers are
>    do not have access to the protocol messages between those
>    elements.  Traffic protection between network elements can be
>    achieved by using IPsec and sometimes by physical protection of the
>    network.  In any case, the environment where the private network
>    indication will be used ensures the integrity and the confidentiality
>    of the contents of this header field.
> 
> 
> Nits:
> ------
> - Section 1.1:  "3rd-Generqation" -> 3rd-Generation  
> - The terms "break-in" and "break-out" traffic are used several places in the document, but this term is never defined.  These terms should be defined in Section 3. 
> - Figures should have Titles for readability
> 
> 
> 
> On Wed, Sep 11, 2013 at 9:19 PM, Mayumi Ohsugi <mayumi.ohsugi@ntt-at.co.jp> wrote:
> Hi,
> 
> I have submitted the following draft:
> 
> http://www.ietf.org/internet-drafts/draft-vanelburg-dispatch-private-network-ind-03.txt
> 
> The draft reflects all the comments discussed in DISPATCH list.
> 
> The major changes are as follows:
> 
> - corrected the abstract
> - corrected the term "common domain" to "pre-arranged domain"
> - added 7.1.4 "P-Private-Network-Indication verification"
> - editorial changes
>                                                                                   Regards,
> Mayumi
> _______________________________________________
> dispatch mailing list
> dispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/dispatch
> 
> _______________________________________________
> dispatch mailing list
> dispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/dispatch

v2.23.0 | Report a Bug | By Email