Re: [dispatch] New Version of draft-vanelburg-dispatch-private-network-ind
"DRAGE, Keith (Keith)" <keith.drage@alcatel-lucent.com> Thu, 09 January 2014 11:06 UTC
Return-Path: <keith.drage@alcatel-lucent.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 624E41AE273 for <dispatch@ietfa.amsl.com>; Thu, 9 Jan 2014 03:06:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8EASjEad4z5e for <dispatch@ietfa.amsl.com>; Thu, 9 Jan 2014 03:06:27 -0800 (PST)
Received: from hoemail2.alcatel.com (hoemail2.alcatel.com [192.160.6.149]) by ietfa.amsl.com (Postfix) with ESMTP id 7F9AD1AE262 for <dispatch@ietf.org>; Thu, 9 Jan 2014 03:06:27 -0800 (PST)
Received: from fr712usmtp2.zeu.alcatel-lucent.com (h135-239-2-42.lucent.com [135.239.2.42]) by hoemail2.alcatel.com (8.13.8/IER-o) with ESMTP id s09B6BoF011468 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 9 Jan 2014 05:06:12 -0600 (CST)
Received: from FR711WXCHHUB02.zeu.alcatel-lucent.com (fr711wxchhub02.zeu.alcatel-lucent.com [135.239.2.112]) by fr712usmtp2.zeu.alcatel-lucent.com (GMO) with ESMTP id s09B679Z017447 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 9 Jan 2014 12:06:10 +0100
Received: from FR712WXCHMBA11.zeu.alcatel-lucent.com ([169.254.7.203]) by FR711WXCHHUB02.zeu.alcatel-lucent.com ([135.239.2.112]) with mapi id 14.02.0247.003; Thu, 9 Jan 2014 12:05:46 +0100
From: "DRAGE, Keith (Keith)" <keith.drage@alcatel-lucent.com>
To: Shida Schubert <shida@ntt-at.com>, Mary Barnes <mary.ietf.barnes@gmail.com>
Thread-Topic: [dispatch] New Version of draft-vanelburg-dispatch-private-network-ind
Thread-Index: AQHO1LDOad+HXPRI7U+wBzsQbNSDfpp4rP2AgAOhQoCAAFshYA==
Date: Thu, 09 Jan 2014 11:05:45 +0000
Message-ID: <949EF20990823C4C85C18D59AA11AD8B100BA1@FR712WXCHMBA11.zeu.alcatel-lucent.com>
References: <20130912005949.3447.42089.idtracker@ietfa.amsl.com> <523124B0.2000305@ntt-at.co.jp> <CAHBDyN6oH7OYbq2E26Mo_7KOqx6JZ2mz3CWqQRpfoAXsyLb51A@mail.gmail.com> <CAHBDyN7yHUd3fLcGHE8BhBJevPSBDRsNhqL+HNjSecVmexL_xg@mail.gmail.com> <5863E5DF-F01A-44DC-B0E6-74D1763AE178@ntt-at.com>
In-Reply-To: <5863E5DF-F01A-44DC-B0E6-74D1763AE178@ntt-at.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.239.27.38]
Content-Type: multipart/alternative; boundary="_000_949EF20990823C4C85C18D59AA11AD8B100BA1FR712WXCHMBA11zeu_"
MIME-Version: 1.0
Cc: DISPATCH <dispatch@ietf.org>
Subject: Re: [dispatch] New Version of draft-vanelburg-dispatch-private-network-ind
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jan 2014 11:06:31 -0000
The text from RFC 2119 states: 5. MAY This word, or the adjective "OPTIONAL", mean that an item is truly optional. One vendor may choose to include the item because a particular marketplace requires it or because the vendor feels that it enhances the product while another vendor may omit the same item. An implementation which does not include a particular option MUST be prepared to interoperate with another implementation which does include the option, though perhaps with reduced functionality. In the same vein an implementation which does include a particular option MUST be prepared to interoperate with another implementation which does not include the option (except, of course, for the feature the option provides.) My belief is that we are not defining an option here, and it is certainly not a vendor decision. Further we are not identifying an interoperability issue here. We are defining a possibility that a valid implementation can take. If you go to the procedures you will see both these items are covered with "If <condition> MUST" type sentences. There is no specified optionality. Keith ________________________________ From: dispatch [mailto:dispatch-bounces@ietf.org] On Behalf Of Shida Schubert Sent: 09 January 2014 06:30 To: Mary Barnes Cc: DISPATCH Subject: Re: [dispatch] New Version of draft-vanelburg-dispatch-private-network-ind Hi Mary; Thanks for reviewing the document again. On Jan 6, 2014, at 3:03 PM, Mary Barnes <mary.ietf.barnes@gmail.com<mailto:mary.ietf.barnes@gmail.com>> wrote: Hi all, I have reviewed the revised version and I just a few final comments. - Section 1.5, first bullet in the bulleted list: either change "an emergency calls" to "an emergency call" or "emergency calls" I will fix it with "emergency calls" - Section 3.6. "require the Specifying a Spec (T)." -> "require specifying a Spec(T)" or "require the specification of a Spec(T)" I will fix it with "require the specification of a Spec(T)" - Section 5, I had suggested the the requirements be consistent in usage of 2119 language. One of the requirements (R6) was changed, but R2 and R3 were not. Was there a specific reason not to make those suggested changes? R2: "The indication from R1 can be inserted by a SIP proxy" -> "The indication from R1 MAY be inserted by a SIP proxy" R3: "The indication from R1 can be removed by a SIP proxy" -> "The indication from R1 MAY be removed by a SIP proxy" So I reverted the change after Keith told that the requirements above is not stating a normative behaviour and that he believes "can" is more appropriate. I am okay either way. I will create a version with "MAY". Keith, please provide comments if you have a strong opposition to changing it to "MAY". Thanks! Shida Thanks, Mary. On Tue, Oct 29, 2013 at 9:11 AM, Mary Barnes <mary.ietf.barnes@gmail.com<mailto:mary.ietf.barnes@gmail.com>> wrote: In reviewing the document in preparation for the PROTO write-up, I have a few comments (minor and nits) that should be addressed prior to the document being progressed. Regards, Mary. Comments: --------------- - General: domains used in this document must use a reserved domain such as "example.com<http://example.com/>" and must not use real domains. Thus, all occurrences of ericsson.com<http://ericsson.com/> need to be changed to example.com<http://example.com/> - Section 1.5. Bulleted list, first bullet. I would suggest you just leave out the mention of LI. Emergency services should be a sufficient example. - Section 1.5, last numbered list, item 2. I had a hard time groking this sentence and had to read several times. I would suggest rewording something like (if I've properly interpreted the intent): OLD: Different nodes spanning over different networks may need to be able to act differently on type of traffic, when implicit schemes are used, it would require distribution of such enterprise specific logic over multiple nodes in multiple operators. That is clearly not a manageable architecture and solution. NEW: Nodes spanning multiple networks often need to have different behavior depending upon the type of traffic. When this is done using implicit schemes, enterprise specific logic must be distributed across multiple nodes in multiple operator's networks. That is clearly not a manageable architecture and solution. - Section 1.5, last sentence. I don't think that statement is sufficient for what this document is doing. I would suggest you change that sentence to something like the following: OLD: Given the above background this document will formulate requirements for SIP to support an explicit private network indication. NEW: Based on the background provided, this document formulates requirements for SIP to support an explicit private network indication and defines a P-header, P-Private-Network-Indication, to support those requirements. - Section 3, next to last paragraph. I'm not sure what is meant by "the filling out a Spec(T)". I don't see "filling" used as a concept in RFC 3324. Perhaps, "specifying a Spec(T)" is more consistent with terminology in RFC 3324. - Section 5. In general, the requirements are not specific consistently - i.e., some use 2119 language and others not and there is not consistent capitalization. I would suggest the following changes. R2: "The indication from R1 can be inserted by a SIP proxy" -> "The indication from R1 MAY be inserted by a SIP proxy" R3: "The indication from R1 can be removed by a SIP proxy" -> "The indication from R1 MAY be removed by a SIP proxy" R6: "must" -> "MUST" - Section 6, 2nd paragraph. The "can" in the first sentence should be a "MAY" and the sentence needs to be split into two: OLD: A proxy server which handles a message can insert such a P-Private- Network-Indication header field into the message based on authentication of the source of a message, configuration or local policy, and forward it to other proxies in the same administrative domain or proxies in trusted domain to be handled as private network traffic. NEW: A proxy server which handles a message MAY insert such a P-Private- Network-Indication header field into the message based on authentication of the source of a message, configuration or local policy. A proxy server MAY forward the message to other proxies in the same administrative domain or proxies in a trusted domain to be handled as private network traffic. Section 9. You should be explicit about the header name in this section. The text in the first paragraph needs some work. At a minimum you need to change the "not supposed to" to something more definitive as all security issues arise because someone does something they're not supposed to. I would suggest at least making the following change: OLD: The private network indication defined in this document is to be used in an environment where elements are trusted and where attackers are not supposed to have access to the protocol messages between those elements. Traffic protection between network elements is sometimes achieved by using IPsec and sometimes by physical protection of the network. In any case, the environment where the private network indication will be used ensures the integrity and the confidentiality of the contents of this header field. NEW: The private network indication defined in this document MUST only be used in an environment where elements are trusted and where attackers are do not have access to the protocol messages between those elements. Traffic protection between network elements can be achieved by using IPsec and sometimes by physical protection of the network. In any case, the environment where the private network indication will be used ensures the integrity and the confidentiality of the contents of this header field. Nits: ------ - Section 1.1: "3rd-Generqation" -> 3rd-Generation - The terms "break-in" and "break-out" traffic are used several places in the document, but this term is never defined. These terms should be defined in Section 3. - Figures should have Titles for readability On Wed, Sep 11, 2013 at 9:19 PM, Mayumi Ohsugi <mayumi.ohsugi@ntt-at.co.jp<mailto:mayumi.ohsugi@ntt-at.co.jp>> wrote: Hi, I have submitted the following draft: http://www.ietf.org/internet-drafts/draft-vanelburg-dispatch-private-network-ind-03.txt The draft reflects all the comments discussed in DISPATCH list. The major changes are as follows: - corrected the abstract - corrected the term "common domain" to "pre-arranged domain" - added 7.1.4 "P-Private-Network-Indication verification" - editorial changes Regards, Mayumi _______________________________________________ dispatch mailing list dispatch@ietf.org<mailto:dispatch@ietf.org> https://www.ietf.org/mailman/listinfo/dispatch
- [dispatch] New Version of draft-vanelburg-dispatc… Mayumi Ohsugi
- Re: [dispatch] New Version of draft-vanelburg-dis… Mary Barnes
- Re: [dispatch] New Version of draft-vanelburg-dis… Paul Kyzivat
- Re: [dispatch] New Version of draft-vanelburg-dis… Mary Barnes
- Re: [dispatch] New Version of draft-vanelburg-dis… Shida Schubert
- Re: [dispatch] New Version of draft-vanelburg-dis… Shida Schubert
- Re: [dispatch] New Version of draft-vanelburg-dis… Mary Barnes
- Re: [dispatch] New Version of draft-vanelburg-dis… Shida Schubert
- Re: [dispatch] New Version of draft-vanelburg-dis… DRAGE, Keith (Keith)
- Re: [dispatch] New Version of draft-vanelburg-dis… Mary Barnes
- Re: [dispatch] New Version of draft-vanelburg-dis… Shida Schubert
- Re: [dispatch] New Version of draft-vanelburg-dis… Mary Barnes