Re: [dispatch] New Version of draft-vanelburg-dispatch-private-network-ind
Shida Schubert <shida@ntt-at.com> Thu, 09 January 2014 06:30 UTC
Return-Path: <shida@ntt-at.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E5C01A8028 for <dispatch@ietfa.amsl.com>; Wed, 8 Jan 2014 22:30:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9gvpEOhjISej for <dispatch@ietfa.amsl.com>; Wed, 8 Jan 2014 22:30:03 -0800 (PST)
Received: from gator4135.hostgator.com (gator4135.hostgator.com [192.185.4.147]) by ietfa.amsl.com (Postfix) with ESMTP id 8DE3F1A1F7A for <dispatch@ietf.org>; Wed, 8 Jan 2014 22:30:03 -0800 (PST)
Received: from [50.184.77.69] (port=59294 helo=[192.168.1.23]) by gator4135.hostgator.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80) (envelope-from <shida@ntt-at.com>) id 1W197p-0003c9-PN; Thu, 09 Jan 2014 00:29:54 -0600
Content-Type: multipart/alternative; boundary="Apple-Mail=_E76C1CD3-1BE4-4798-BC26-1A2FEF699573"
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
From: Shida Schubert <shida@ntt-at.com>
In-Reply-To: <CAHBDyN7yHUd3fLcGHE8BhBJevPSBDRsNhqL+HNjSecVmexL_xg@mail.gmail.com>
Date: Wed, 08 Jan 2014 22:29:49 -0800
Message-Id: <5863E5DF-F01A-44DC-B0E6-74D1763AE178@ntt-at.com>
References: <20130912005949.3447.42089.idtracker@ietfa.amsl.com> <523124B0.2000305@ntt-at.co.jp> <CAHBDyN6oH7OYbq2E26Mo_7KOqx6JZ2mz3CWqQRpfoAXsyLb51A@mail.gmail.com> <CAHBDyN7yHUd3fLcGHE8BhBJevPSBDRsNhqL+HNjSecVmexL_xg@mail.gmail.com>
To: Mary Barnes <mary.ietf.barnes@gmail.com>
X-Mailer: Apple Mail (2.1822)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator4135.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ntt-at.com
X-BWhitelist: no
X-Source-IP: 50.184.77.69
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: ([192.168.1.23]) [50.184.77.69]:59294
X-Source-Auth: shida.schubert+tingle.jp
X-Email-Count: 1
X-Source-Cap: c3NoaWRhO3NzaGlkYTtnYXRvcjQxMzUuaG9zdGdhdG9yLmNvbQ==
Cc: DISPATCH <dispatch@ietf.org>
Subject: Re: [dispatch] New Version of draft-vanelburg-dispatch-private-network-ind
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jan 2014 06:30:09 -0000
Hi Mary; Thanks for reviewing the document again. On Jan 6, 2014, at 3:03 PM, Mary Barnes <mary.ietf.barnes@gmail.com> wrote: > Hi all, > > I have reviewed the revised version and I just a few final comments. > > - Section 1.5, first bullet in the bulleted list: either change "an emergency calls" to "an emergency call" or "emergency calls" > I will fix it with "emergency calls" > - Section 3.6. "require the Specifying a Spec (T)." -> "require specifying a Spec(T)" or "require the specification of a Spec(T)" > I will fix it with "require the specification of a Spec(T)" > - Section 5, I had suggested the the requirements be consistent in usage of 2119 language. One of the requirements (R6) was changed, but R2 and R3 were not. Was there a specific reason not to make those suggested changes? > > R2: "The indication from R1 can be inserted by a SIP proxy" -> "The indication from R1 MAY be inserted by a SIP proxy" > R3: "The indication from R1 can be removed by a SIP proxy" -> "The indication from R1 MAY be removed by a SIP proxy" So I reverted the change after Keith told that the requirements above is not stating a normative behaviour and that he believes "can" is more appropriate. I am okay either way. I will create a version with "MAY". Keith, please provide comments if you have a strong opposition to changing it to "MAY". Thanks! Shida > > Thanks, > Mary. > > > On Tue, Oct 29, 2013 at 9:11 AM, Mary Barnes <mary.ietf.barnes@gmail.com> wrote: > In reviewing the document in preparation for the PROTO write-up, I have a few comments (minor and nits) that should be addressed prior to the document being progressed. > > Regards, > Mary. > > Comments: > --------------- > > - General: domains used in this document must use a reserved domain such as "example.com" and must not use real domains. Thus, all occurrences of ericsson.com need to be changed to example.com > > - Section 1.5. Bulleted list, first bullet. I would suggest you just leave out the mention of LI. Emergency services should be a sufficient example. > > - Section 1.5, last numbered list, item 2. I had a hard time groking this sentence and had to read several times. I would suggest rewording something like (if I've properly interpreted the intent): > OLD: > Different nodes spanning over different networks may need to be > able to act differently on type of traffic, when implicit schemes > are used, it would require distribution of such enterprise > specific logic over multiple nodes in multiple operators. That > is clearly not a manageable architecture and solution. > > NEW: > Nodes spanning multiple networks often need to have different > behavior depending upon the type of traffic. When this is done using implicit > schemes, enterprise specific logic must be distributed across multiple > nodes in multiple operator's networks. > That is clearly not a manageable architecture and solution. > > > - Section 1.5, last sentence. I don't think that statement is sufficient for what this document is doing. I would suggest you change that sentence to something like the following: > OLD: > Given the above background this document will formulate requirements > for SIP to support an explicit private network indication. > > NEW: > Based on the background provided, this document formulates requirements > for SIP to support an explicit private network indication and defines > a P-header, P-Private-Network-Indication, to support those requirements. > > > - Section 3, next to last paragraph. I'm not sure what is meant by "the filling out a Spec(T)". I don't see "filling" used as a concept in RFC 3324. Perhaps, "specifying a Spec(T)" is more consistent with terminology in RFC 3324. > > - Section 5. In general, the requirements are not specific consistently - i.e., some use 2119 language and others not and there is not consistent capitalization. I would suggest the following changes. > R2: "The indication from R1 can be inserted by a SIP proxy" -> "The indication from R1 MAY be inserted by a SIP proxy" > R3: "The indication from R1 can be removed by a SIP proxy" -> "The indication from R1 MAY be removed by a SIP proxy" > R6: "must" -> "MUST" > > - Section 6, 2nd paragraph. The "can" in the first sentence should be a "MAY" and the sentence needs to be split into two: > OLD: > A proxy server which handles a message can insert such a P-Private- > Network-Indication header field into the message based on > authentication of the source of a message, configuration or local > policy, and forward it to other proxies in the same administrative > domain or proxies in trusted domain to be handled as private network > traffic. > > NEW: > A proxy server which handles a message MAY insert such a P-Private- > Network-Indication header field into the message based on > authentication of the source of a message, configuration or local > policy. A proxy server MAY forward the message to other proxies in the > same administrative domain or proxies in a trusted > domain to be handled as private network traffic. > > > > Section 9. You should be explicit about the header name in this section. The text in the first paragraph needs some work. At a minimum you need to change the "not supposed to" to something more definitive as all security issues arise because someone does something they're not supposed to. I would suggest at least making the following change: > OLD: > The private network indication defined in this document is to be used > in an environment where elements are trusted and where attackers are > not supposed to have access to the protocol messages between those > elements. Traffic protection between network elements is sometimes > achieved by using IPsec and sometimes by physical protection of the > network. In any case, the environment where the private network > indication will be used ensures the integrity and the confidentiality > of the contents of this header field. > NEW: > The private network indication defined in this document MUST only be used > in an environment where elements are trusted and where attackers are > do not have access to the protocol messages between those > elements. Traffic protection between network elements can be > achieved by using IPsec and sometimes by physical protection of the > network. In any case, the environment where the private network > indication will be used ensures the integrity and the confidentiality > of the contents of this header field. > > > Nits: > ------ > - Section 1.1: "3rd-Generqation" -> 3rd-Generation > - The terms "break-in" and "break-out" traffic are used several places in the document, but this term is never defined. These terms should be defined in Section 3. > - Figures should have Titles for readability > > > > On Wed, Sep 11, 2013 at 9:19 PM, Mayumi Ohsugi <mayumi.ohsugi@ntt-at.co.jp> wrote: > Hi, > > I have submitted the following draft: > > http://www.ietf.org/internet-drafts/draft-vanelburg-dispatch-private-network-ind-03.txt > > The draft reflects all the comments discussed in DISPATCH list. > > The major changes are as follows: > > - corrected the abstract > - corrected the term "common domain" to "pre-arranged domain" > - added 7.1.4 "P-Private-Network-Indication verification" > - editorial changes > Regards, > Mayumi > _______________________________________________ > dispatch mailing list > dispatch@ietf.org > https://www.ietf.org/mailman/listinfo/dispatch > >
- [dispatch] New Version of draft-vanelburg-dispatc… Mayumi Ohsugi
- Re: [dispatch] New Version of draft-vanelburg-dis… Mary Barnes
- Re: [dispatch] New Version of draft-vanelburg-dis… Paul Kyzivat
- Re: [dispatch] New Version of draft-vanelburg-dis… Mary Barnes
- Re: [dispatch] New Version of draft-vanelburg-dis… Shida Schubert
- Re: [dispatch] New Version of draft-vanelburg-dis… Shida Schubert
- Re: [dispatch] New Version of draft-vanelburg-dis… Mary Barnes
- Re: [dispatch] New Version of draft-vanelburg-dis… Shida Schubert
- Re: [dispatch] New Version of draft-vanelburg-dis… DRAGE, Keith (Keith)
- Re: [dispatch] New Version of draft-vanelburg-dis… Mary Barnes
- Re: [dispatch] New Version of draft-vanelburg-dis… Shida Schubert
- Re: [dispatch] New Version of draft-vanelburg-dis… Mary Barnes