Re: [dispatch] New Version of draft-vanelburg-dispatch-private-network-ind
Shida Schubert <shida@ntt-at.com> Mon, 13 January 2014 20:32 UTC
Return-Path: <shida@ntt-at.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D76911AE026 for <dispatch@ietfa.amsl.com>; Mon, 13 Jan 2014 12:32:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kypVPK9XhFdl for <dispatch@ietfa.amsl.com>; Mon, 13 Jan 2014 12:32:32 -0800 (PST)
Received: from gator4135.hostgator.com (gator4135.hostgator.com [192.185.4.147]) by ietfa.amsl.com (Postfix) with ESMTP id 2E9A61AE01C for <dispatch@ietf.org>; Mon, 13 Jan 2014 12:32:32 -0800 (PST)
Received: from [208.66.25.2] (port=64252 helo=[192.168.1.23]) by gator4135.hostgator.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80) (envelope-from <shida@ntt-at.com>) id 1W2oBI-0000B2-1l; Mon, 13 Jan 2014 14:32:20 -0600
Content-Type: multipart/alternative; boundary="Apple-Mail=_5257B5F7-0116-4F7D-AEA6-C9182E1FF452"
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
From: Shida Schubert <shida@ntt-at.com>
In-Reply-To: <CAHBDyN7JqzC93U_2rZHeKj=w9tro20zkEKhru9jLkTmqprSD4A@mail.gmail.com>
Date: Mon, 13 Jan 2014 12:32:17 -0800
Message-Id: <ED5D1877-02F1-4ED8-847A-4CDCBF80696C@ntt-at.com>
References: <20130912005949.3447.42089.idtracker@ietfa.amsl.com> <523124B0.2000305@ntt-at.co.jp> <CAHBDyN6oH7OYbq2E26Mo_7KOqx6JZ2mz3CWqQRpfoAXsyLb51A@mail.gmail.com> <CAHBDyN7yHUd3fLcGHE8BhBJevPSBDRsNhqL+HNjSecVmexL_xg@mail.gmail.com> <5863E5DF-F01A-44DC-B0E6-74D1763AE178@ntt-at.com> <949EF20990823C4C85C18D59AA11AD8B100BA1@FR712WXCHMBA11.zeu.alcatel-lucent.com> <CAHBDyN7JqzC93U_2rZHeKj=w9tro20zkEKhru9jLkTmqprSD4A@mail.gmail.com>
To: Mary Barnes <mary.ietf.barnes@gmail.com>
X-Mailer: Apple Mail (2.1822)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator4135.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ntt-at.com
X-BWhitelist: no
X-Source-IP: 208.66.25.2
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: ([192.168.1.23]) [208.66.25.2]:64252
X-Source-Auth: shida.schubert+tingle.jp
X-Email-Count: 1
X-Source-Cap: c3NoaWRhO3NzaGlkYTtnYXRvcjQxMzUuaG9zdGdhdG9yLmNvbQ==
Cc: DISPATCH <dispatch@ietf.org>
Subject: Re: [dispatch] New Version of draft-vanelburg-dispatch-private-network-ind
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jan 2014 20:32:38 -0000
Why don't we just reword it to say "SIP proxy MAY insert the indication from R1" Whether it is a can or MAY what we are ultimately trying to say is that proxy MAY insert the indication from R1 right? We are not preventing it and I am assuming as a spec, we want to let the implementer know that proxy MAY send requests with these values. Regards Shida On Jan 9, 2014, at 7:22 AM, Mary Barnes <mary.ietf.barnes@gmail.com> wrote: > Then, why are those even requirements? > > Mary. > > > On Thu, Jan 9, 2014 at 5:05 AM, DRAGE, Keith (Keith) <keith.drage@alcatel-lucent.com> wrote: > The text from RFC 2119 states: > > 5. MAY This word, or the adjective "OPTIONAL", mean that an item is > truly optional. One vendor may choose to include the item because a > particular marketplace requires it or because the vendor feels that > it enhances the product while another vendor may omit the same item. > An implementation which does not include a particular option MUST be > prepared to interoperate with another implementation which does > include the option, though perhaps with reduced functionality. In the > same vein an implementation which does include a particular option > MUST be prepared to interoperate with another implementation which > does not include the option (except, of course, for the feature the > option provides.) > My belief is that we are not defining an option here, and it is certainly not a vendor decision. Further we are not identifying an interoperability issue here. > We are defining a possibility that a valid implementation can take. > If you go to the procedures you will see both these items are covered with "If <condition> MUST" type sentences. There is no specified optionality. > Keith > From: dispatch [mailto:dispatch-bounces@ietf.org] On Behalf Of Shida Schubert > Sent: 09 January 2014 06:30 > To: Mary Barnes > > Cc: DISPATCH > Subject: Re: [dispatch] New Version of draft-vanelburg-dispatch-private-network-ind > > > Hi Mary; > > Thanks for reviewing the document again. > > On Jan 6, 2014, at 3:03 PM, Mary Barnes <mary.ietf.barnes@gmail.com> wrote: > >> Hi all, >> >> I have reviewed the revised version and I just a few final comments. >> >> - Section 1.5, first bullet in the bulleted list: either change "an emergency calls" to "an emergency call" or "emergency calls" >> > > I will fix it with "emergency calls" > >> - Section 3.6. "require the Specifying a Spec (T)." -> "require specifying a Spec(T)" or "require the specification of a Spec(T)" >> > > I will fix it with "require the specification of a Spec(T)" > >> - Section 5, I had suggested the the requirements be consistent in usage of 2119 language. One of the requirements (R6) was changed, but R2 and R3 were not. Was there a specific reason not to make those suggested changes? >> >> R2: "The indication from R1 can be inserted by a SIP proxy" -> "The indication from R1 MAY be inserted by a SIP proxy" >> R3: "The indication from R1 can be removed by a SIP proxy" -> "The indication from R1 MAY be removed by a SIP proxy" > > So I reverted the change after Keith told that the requirements above is not stating > a normative behaviour and that he believes "can" is more appropriate. > > I am okay either way. > > I will create a version with "MAY". > > Keith, please provide comments if you have a strong opposition to changing it to "MAY". > > Thanks! > Shida > >> >> Thanks, >> Mary. >> >> >> On Tue, Oct 29, 2013 at 9:11 AM, Mary Barnes <mary.ietf.barnes@gmail.com> wrote: >> In reviewing the document in preparation for the PROTO write-up, I have a few comments (minor and nits) that should be addressed prior to the document being progressed. >> >> Regards, >> Mary. >> >> Comments: >> --------------- >> >> - General: domains used in this document must use a reserved domain such as "example.com" and must not use real domains. Thus, all occurrences of ericsson.com need to be changed to example.com >> >> - Section 1.5. Bulleted list, first bullet. I would suggest you just leave out the mention of LI. Emergency services should be a sufficient example. >> >> - Section 1.5, last numbered list, item 2. I had a hard time groking this sentence and had to read several times. I would suggest rewording something like (if I've properly interpreted the intent): >> OLD: >> Different nodes spanning over different networks may need to be >> able to act differently on type of traffic, when implicit schemes >> are used, it would require distribution of such enterprise >> specific logic over multiple nodes in multiple operators. That >> is clearly not a manageable architecture and solution. >> >> NEW: >> Nodes spanning multiple networks often need to have different >> behavior depending upon the type of traffic. When this is done using implicit >> schemes, enterprise specific logic must be distributed across multiple >> nodes in multiple operator's networks. >> That is clearly not a manageable architecture and solution. >> >> >> - Section 1.5, last sentence. I don't think that statement is sufficient for what this document is doing. I would suggest you change that sentence to something like the following: >> OLD: >> Given the above background this document will formulate requirements >> for SIP to support an explicit private network indication. >> >> NEW: >> Based on the background provided, this document formulates requirements >> for SIP to support an explicit private network indication and defines >> a P-header, P-Private-Network-Indication, to support those requirements. >> >> >> - Section 3, next to last paragraph. I'm not sure what is meant by "the filling out a Spec(T)". I don't see "filling" used as a concept in RFC 3324. Perhaps, "specifying a Spec(T)" is more consistent with terminology in RFC 3324. >> >> - Section 5. In general, the requirements are not specific consistently - i.e., some use 2119 language and others not and there is not consistent capitalization. I would suggest the following changes. >> R2: "The indication from R1 can be inserted by a SIP proxy" -> "The indication from R1 MAY be inserted by a SIP proxy" >> R3: "The indication from R1 can be removed by a SIP proxy" -> "The indication from R1 MAY be removed by a SIP proxy" >> R6: "must" -> "MUST" >> >> - Section 6, 2nd paragraph. The "can" in the first sentence should be a "MAY" and the sentence needs to be split into two: >> OLD: >> A proxy server which handles a message can insert such a P-Private- >> Network-Indication header field into the message based on >> authentication of the source of a message, configuration or local >> policy, and forward it to other proxies in the same administrative >> domain or proxies in trusted domain to be handled as private network >> traffic. >> >> NEW: >> A proxy server which handles a message MAY insert such a P-Private- >> Network-Indication header field into the message based on >> authentication of the source of a message, configuration or local >> policy. A proxy server MAY forward the message to other proxies in the >> same administrative domain or proxies in a trusted >> domain to be handled as private network traffic. >> >> >> >> Section 9. You should be explicit about the header name in this section. The text in the first paragraph needs some work. At a minimum you need to change the "not supposed to" to something more definitive as all security issues arise because someone does something they're not supposed to. I would suggest at least making the following change: >> OLD: >> The private network indication defined in this document is to be used >> in an environment where elements are trusted and where attackers are >> not supposed to have access to the protocol messages between those >> elements. Traffic protection between network elements is sometimes >> achieved by using IPsec and sometimes by physical protection of the >> network. In any case, the environment where the private network >> indication will be used ensures the integrity and the confidentiality >> of the contents of this header field. >> NEW: >> The private network indication defined in this document MUST only be used >> in an environment where elements are trusted and where attackers are >> do not have access to the protocol messages between those >> elements. Traffic protection between network elements can be >> achieved by using IPsec and sometimes by physical protection of the >> network. In any case, the environment where the private network >> indication will be used ensures the integrity and the confidentiality >> of the contents of this header field. >> >> >> Nits: >> ------ >> - Section 1.1: "3rd-Generqation" -> 3rd-Generation >> - The terms "break-in" and "break-out" traffic are used several places in the document, but this term is never defined. These terms should be defined in Section 3. >> - Figures should have Titles for readability >> >> >> >> On Wed, Sep 11, 2013 at 9:19 PM, Mayumi Ohsugi <mayumi.ohsugi@ntt-at.co.jp> wrote: >> Hi, >> >> I have submitted the following draft: >> >> http://www.ietf.org/internet-drafts/draft-vanelburg-dispatch-private-network-ind-03.txt >> >> The draft reflects all the comments discussed in DISPATCH list. >> >> The major changes are as follows: >> >> - corrected the abstract >> - corrected the term "common domain" to "pre-arranged domain" >> - added 7.1.4 "P-Private-Network-Indication verification" >> - editorial changes >> Regards, >> Mayumi >> _______________________________________________ >> dispatch mailing list >> dispatch@ietf.org >> https://www.ietf.org/mailman/listinfo/dispatch >> >> > >
- [dispatch] New Version of draft-vanelburg-dispatc… Mayumi Ohsugi
- Re: [dispatch] New Version of draft-vanelburg-dis… Mary Barnes
- Re: [dispatch] New Version of draft-vanelburg-dis… Paul Kyzivat
- Re: [dispatch] New Version of draft-vanelburg-dis… Mary Barnes
- Re: [dispatch] New Version of draft-vanelburg-dis… Shida Schubert
- Re: [dispatch] New Version of draft-vanelburg-dis… Shida Schubert
- Re: [dispatch] New Version of draft-vanelburg-dis… Mary Barnes
- Re: [dispatch] New Version of draft-vanelburg-dis… Shida Schubert
- Re: [dispatch] New Version of draft-vanelburg-dis… DRAGE, Keith (Keith)
- Re: [dispatch] New Version of draft-vanelburg-dis… Mary Barnes
- Re: [dispatch] New Version of draft-vanelburg-dis… Shida Schubert
- Re: [dispatch] New Version of draft-vanelburg-dis… Mary Barnes