IETF Logo Mail Archive

Re: [dispatch] New Version of draft-vanelburg-dispatch-private-network-ind

Shida Schubert <shida@ntt-at.com> Mon, 13 January 2014 20:32 UTC

Return-Path: <shida@ntt-at.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D76911AE026 for <dispatch@ietfa.amsl.com>; Mon, 13 Jan 2014 12:32:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kypVPK9XhFdl for <dispatch@ietfa.amsl.com>; Mon, 13 Jan 2014 12:32:32 -0800 (PST)
Received: from gator4135.hostgator.com (gator4135.hostgator.com [192.185.4.147]) by ietfa.amsl.com (Postfix) with ESMTP id 2E9A61AE01C for <dispatch@ietf.org>; Mon, 13 Jan 2014 12:32:32 -0800 (PST)
Received: from [208.66.25.2] (port=64252 helo=[192.168.1.23]) by gator4135.hostgator.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80) (envelope-from <shida@ntt-at.com>) id 1W2oBI-0000B2-1l; Mon, 13 Jan 2014 14:32:20 -0600
Content-Type: multipart/alternative; boundary="Apple-Mail=_5257B5F7-0116-4F7D-AEA6-C9182E1FF452"
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
From: Shida Schubert <shida@ntt-at.com>
In-Reply-To: <CAHBDyN7JqzC93U_2rZHeKj=w9tro20zkEKhru9jLkTmqprSD4A@mail.gmail.com>
Date: Mon, 13 Jan 2014 12:32:17 -0800
Message-Id: <ED5D1877-02F1-4ED8-847A-4CDCBF80696C@ntt-at.com>
References: <20130912005949.3447.42089.idtracker@ietfa.amsl.com> <523124B0.2000305@ntt-at.co.jp> <CAHBDyN6oH7OYbq2E26Mo_7KOqx6JZ2mz3CWqQRpfoAXsyLb51A@mail.gmail.com> <CAHBDyN7yHUd3fLcGHE8BhBJevPSBDRsNhqL+HNjSecVmexL_xg@mail.gmail.com> <5863E5DF-F01A-44DC-B0E6-74D1763AE178@ntt-at.com> <949EF20990823C4C85C18D59AA11AD8B100BA1@FR712WXCHMBA11.zeu.alcatel-lucent.com> <CAHBDyN7JqzC93U_2rZHeKj=w9tro20zkEKhru9jLkTmqprSD4A@mail.gmail.com>
To: Mary Barnes <mary.ietf.barnes@gmail.com>
X-Mailer: Apple Mail (2.1822)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator4135.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ntt-at.com
X-BWhitelist: no
X-Source-IP: 208.66.25.2
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: ([192.168.1.23]) [208.66.25.2]:64252
X-Source-Auth: shida.schubert+tingle.jp
X-Email-Count: 1
X-Source-Cap: c3NoaWRhO3NzaGlkYTtnYXRvcjQxMzUuaG9zdGdhdG9yLmNvbQ==
Cc: DISPATCH <dispatch@ietf.org>
Subject: Re: [dispatch] New Version of draft-vanelburg-dispatch-private-network-ind
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jan 2014 20:32:38 -0000

Why don't we just reword it to say 

 "SIP proxy MAY insert the indication from R1" 

 Whether it is a can or MAY what we are ultimately trying to say is that 
proxy MAY insert the indication from R1 right? We are not preventing 
it and I am assuming as a spec, we want to let the implementer know 
that proxy MAY send requests with these values. 

 Regards
  Shida

On Jan 9, 2014, at 7:22 AM, Mary Barnes <mary.ietf.barnes@gmail.com> wrote:

> Then, why are those even requirements?  
> 
> Mary. 
> 
> 
> On Thu, Jan 9, 2014 at 5:05 AM, DRAGE, Keith (Keith) <keith.drage@alcatel-lucent.com> wrote:
> The text from RFC 2119 states:
>  
>  5. MAY   This word, or the adjective "OPTIONAL", mean that an item is
>    truly optional.  One vendor may choose to include the item because a
>    particular marketplace requires it or because the vendor feels that
>    it enhances the product while another vendor may omit the same item.
>    An implementation which does not include a particular option MUST be
>    prepared to interoperate with another implementation which does
>    include the option, though perhaps with reduced functionality. In the
>    same vein an implementation which does include a particular option
>    MUST be prepared to interoperate with another implementation which
>    does not include the option (except, of course, for the feature the
>    option provides.)
> My belief is that we are not defining an option here, and it is certainly not a vendor decision. Further we are not identifying an interoperability issue here.
> We are defining a possibility that a valid implementation can take. 
>  If you go to the procedures you will see both these items are covered with "If <condition> MUST" type sentences. There is no specified optionality.
>  Keith
> From: dispatch [mailto:dispatch-bounces@ietf.org] On Behalf Of Shida Schubert
> Sent: 09 January 2014 06:30
> To: Mary Barnes
> 
> Cc: DISPATCH
> Subject: Re: [dispatch] New Version of draft-vanelburg-dispatch-private-network-ind
> 
> 
> Hi Mary;
> 
>  Thanks for reviewing the document again. 
> 
> On Jan 6, 2014, at 3:03 PM, Mary Barnes <mary.ietf.barnes@gmail.com> wrote:
> 
>> Hi all,
>> 
>> I have reviewed the revised version and I just a few final comments.
>> 
>> - Section 1.5, first bullet in the bulleted list: either change "an emergency calls" to "an emergency call" or "emergency calls"
>> 
> 
>  I will fix it with "emergency calls"
> 
>> - Section 3.6.  "require the Specifying a Spec (T)." -> "require specifying a Spec(T)" or "require the specification of a Spec(T)"
>> 
>  
>  I will fix it with "require the specification of a Spec(T)"
> 
>> - Section 5, I had suggested the the requirements be consistent in usage of 2119 language.  One of the requirements (R6) was changed, but R2 and R3 were not.  Was there a specific reason not to make those suggested changes?   
>> 
>> R2:   "The indication from R1 can be inserted by a SIP proxy" -> "The indication from R1 MAY be inserted by a SIP proxy"   
>> R3: "The indication from R1 can be removed by a SIP proxy" -> "The indication from R1 MAY be removed by a SIP proxy"
> 
>  So I reverted the change after Keith told that the requirements above is not stating 
> a normative behaviour and that he believes "can" is more appropriate. 
> 
>  I am okay either way. 
> 
>  I will create a version with "MAY". 
> 
>  Keith, please provide comments if you have a strong opposition to changing it to "MAY".
> 
>  Thanks! 
>   Shida
> 
>> 
>> Thanks,
>> Mary. 
>> 
>> 
>> On Tue, Oct 29, 2013 at 9:11 AM, Mary Barnes <mary.ietf.barnes@gmail.com> wrote:
>> In reviewing the document in preparation for the PROTO write-up, I have a few comments (minor and nits) that should be addressed prior to the document being progressed.
>> 
>> Regards,
>> Mary.
>> 
>> Comments:
>> ---------------
>> 
>> - General: domains used in this document must use a reserved domain such as "example.com" and must not use real domains. Thus, all occurrences of ericsson.com need to be changed to example.com
>> 
>> - Section 1.5.  Bulleted list, first bullet. I would suggest you just leave out the mention of LI.  Emergency services should be a sufficient example.  
>> 
>> - Section 1.5, last numbered list, item 2.  I had a hard time groking this sentence and had to read several times. I would suggest rewording something like (if I've properly interpreted the intent):
>> OLD:
>>        Different nodes spanning over different networks may need to be
>>        able to act differently on type of traffic, when implicit schemes
>>        are used, it would require distribution of such enterprise
>>        specific logic over multiple nodes in multiple operators.  That
>>        is clearly not a manageable architecture and solution.
>> 
>> NEW: 
>>        Nodes spanning multiple networks often need to have different 
>>        behavior depending upon the type of traffic.  When this is done using implicit
>>        schemes, enterprise specific logic must be distributed across multiple
>>        nodes in multiple operator's networks.  
>>        That is clearly not a manageable architecture and solution.
>> 
>> 
>> - Section 1.5, last sentence.  I don't think that statement is sufficient for what this document is doing. I would suggest you change that sentence to something like the following:
>> OLD:
>>    Given the above background this document will formulate requirements
>>    for SIP to support an explicit private network indication.
>> 
>> NEW: 
>>    Based on the background provided, this document formulates requirements
>>    for SIP to support an explicit private network indication and defines 
>>    a P-header, P-Private-Network-Indication, to support those requirements. 
>> 
>> 
>> - Section 3, next to last paragraph.  I'm not sure what is meant by "the filling out a Spec(T)". I don't see "filling" used as a concept in RFC 3324.  Perhaps, "specifying a Spec(T)" is more consistent with terminology in RFC 3324. 
>> 
>> - Section 5.  In general, the requirements are not specific consistently - i.e., some use 2119 language and others not and there is not consistent capitalization.  I would suggest the following changes.
>> R2:   "The indication from R1 can be inserted by a SIP proxy" -> "The indication from R1 MAY be inserted by a SIP proxy"   
>> R3: "The indication from R1 can be removed by a SIP proxy" -> "The indication from R1 MAY be removed by a SIP proxy"
>> R6: "must" -> "MUST"
>> 
>> - Section 6, 2nd paragraph. The "can" in the first sentence should be a "MAY" and the sentence needs to be split into two:
>> OLD:
>>    A proxy server which handles a message can insert such a P-Private-
>>    Network-Indication header field into the message based on
>>    authentication of the source of a message, configuration or local
>>    policy, and forward it to other proxies in the same administrative
>>    domain or proxies in trusted domain to be handled as private network
>>    traffic. 
>> 
>> NEW: 
>>    A proxy server which handles a message MAY insert such a P-Private-
>>    Network-Indication header field into the message based on
>>    authentication of the source of a message, configuration or local
>>    policy.  A proxy server MAY forward the message to other proxies in the 
>>    same administrative domain or proxies in a trusted 
>>    domain to be handled as private network traffic. 
>> 
>> 
>> 
>> Section 9.  You should be explicit about the header name in this section.  The text in the first paragraph needs some work.  At a minimum you need to change the "not supposed to" to something more definitive as all security issues arise because someone does something they're not supposed to.   I would suggest at least making the following change:
>> OLD:
>>    The private network indication defined in this document is to be used
>>    in an environment where elements are trusted and where attackers are
>>    not supposed to have access to the protocol messages between those
>>    elements.  Traffic protection between network elements is sometimes
>>    achieved by using IPsec and sometimes by physical protection of the
>>    network.  In any case, the environment where the private network
>>    indication will be used ensures the integrity and the confidentiality
>>    of the contents of this header field.
>> NEW:
>>    The private network indication defined in this document MUST only be used
>>    in an environment where elements are trusted and where attackers are
>>    do not have access to the protocol messages between those
>>    elements.  Traffic protection between network elements can be
>>    achieved by using IPsec and sometimes by physical protection of the
>>    network.  In any case, the environment where the private network
>>    indication will be used ensures the integrity and the confidentiality
>>    of the contents of this header field.
>> 
>> 
>> Nits:
>> ------
>> - Section 1.1:  "3rd-Generqation" -> 3rd-Generation  
>> - The terms "break-in" and "break-out" traffic are used several places in the document, but this term is never defined.  These terms should be defined in Section 3. 
>> - Figures should have Titles for readability
>> 
>> 
>> 
>> On Wed, Sep 11, 2013 at 9:19 PM, Mayumi Ohsugi <mayumi.ohsugi@ntt-at.co.jp> wrote:
>> Hi,
>> 
>> I have submitted the following draft:
>> 
>> http://www.ietf.org/internet-drafts/draft-vanelburg-dispatch-private-network-ind-03.txt
>> 
>> The draft reflects all the comments discussed in DISPATCH list.
>> 
>> The major changes are as follows:
>> 
>> - corrected the abstract
>> - corrected the term "common domain" to "pre-arranged domain"
>> - added 7.1.4 "P-Private-Network-Indication verification"
>> - editorial changes
>>                                                                                   Regards,
>> Mayumi
>> _______________________________________________
>> dispatch mailing list
>> dispatch@ietf.org
>> https://www.ietf.org/mailman/listinfo/dispatch
>> 
>> 
> 
>

v2.23.0 | Report a Bug | By Email