IETF Logo Mail Archive

Re: [dispatch] New Version of draft-vanelburg-dispatch-private-network-ind

"DRAGE, Keith (Keith)" <keith.drage@alcatel-lucent.com> Thu, 09 January 2014 11:06 UTC

Return-Path: <keith.drage@alcatel-lucent.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 624E41AE273 for <dispatch@ietfa.amsl.com>; Thu, 9 Jan 2014 03:06:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8EASjEad4z5e for <dispatch@ietfa.amsl.com>; Thu, 9 Jan 2014 03:06:27 -0800 (PST)
Received: from hoemail2.alcatel.com (hoemail2.alcatel.com [192.160.6.149]) by ietfa.amsl.com (Postfix) with ESMTP id 7F9AD1AE262 for <dispatch@ietf.org>; Thu, 9 Jan 2014 03:06:27 -0800 (PST)
Received: from fr712usmtp2.zeu.alcatel-lucent.com (h135-239-2-42.lucent.com [135.239.2.42]) by hoemail2.alcatel.com (8.13.8/IER-o) with ESMTP id s09B6BoF011468 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 9 Jan 2014 05:06:12 -0600 (CST)
Received: from FR711WXCHHUB02.zeu.alcatel-lucent.com (fr711wxchhub02.zeu.alcatel-lucent.com [135.239.2.112]) by fr712usmtp2.zeu.alcatel-lucent.com (GMO) with ESMTP id s09B679Z017447 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 9 Jan 2014 12:06:10 +0100
Received: from FR712WXCHMBA11.zeu.alcatel-lucent.com ([169.254.7.203]) by FR711WXCHHUB02.zeu.alcatel-lucent.com ([135.239.2.112]) with mapi id 14.02.0247.003; Thu, 9 Jan 2014 12:05:46 +0100
From: "DRAGE, Keith (Keith)" <keith.drage@alcatel-lucent.com>
To: Shida Schubert <shida@ntt-at.com>, Mary Barnes <mary.ietf.barnes@gmail.com>
Thread-Topic: [dispatch] New Version of draft-vanelburg-dispatch-private-network-ind
Thread-Index: AQHO1LDOad+HXPRI7U+wBzsQbNSDfpp4rP2AgAOhQoCAAFshYA==
Date: Thu, 09 Jan 2014 11:05:45 +0000
Message-ID: <949EF20990823C4C85C18D59AA11AD8B100BA1@FR712WXCHMBA11.zeu.alcatel-lucent.com>
References: <20130912005949.3447.42089.idtracker@ietfa.amsl.com> <523124B0.2000305@ntt-at.co.jp> <CAHBDyN6oH7OYbq2E26Mo_7KOqx6JZ2mz3CWqQRpfoAXsyLb51A@mail.gmail.com> <CAHBDyN7yHUd3fLcGHE8BhBJevPSBDRsNhqL+HNjSecVmexL_xg@mail.gmail.com> <5863E5DF-F01A-44DC-B0E6-74D1763AE178@ntt-at.com>
In-Reply-To: <5863E5DF-F01A-44DC-B0E6-74D1763AE178@ntt-at.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.239.27.38]
Content-Type: multipart/alternative; boundary="_000_949EF20990823C4C85C18D59AA11AD8B100BA1FR712WXCHMBA11zeu_"
MIME-Version: 1.0
Cc: DISPATCH <dispatch@ietf.org>
Subject: Re: [dispatch] New Version of draft-vanelburg-dispatch-private-network-ind
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jan 2014 11:06:31 -0000

The text from RFC 2119 states:


5. MAY   This word, or the adjective "OPTIONAL", mean that an item is
   truly optional.  One vendor may choose to include the item because a
   particular marketplace requires it or because the vendor feels that
   it enhances the product while another vendor may omit the same item.
   An implementation which does not include a particular option MUST be
   prepared to interoperate with another implementation which does
   include the option, though perhaps with reduced functionality. In the
   same vein an implementation which does include a particular option
   MUST be prepared to interoperate with another implementation which
   does not include the option (except, of course, for the feature the
   option provides.)


My belief is that we are not defining an option here, and it is certainly not a vendor decision. Further we are not identifying an interoperability issue here.

We are defining a possibility that a valid implementation can take.

If you go to the procedures you will see both these items are covered with "If <condition> MUST" type sentences. There is no specified optionality.

Keith

________________________________
From: dispatch [mailto:dispatch-bounces@ietf.org] On Behalf Of Shida Schubert
Sent: 09 January 2014 06:30
To: Mary Barnes
Cc: DISPATCH
Subject: Re: [dispatch] New Version of draft-vanelburg-dispatch-private-network-ind


Hi Mary;

 Thanks for reviewing the document again.

On Jan 6, 2014, at 3:03 PM, Mary Barnes <mary.ietf.barnes@gmail.com<mailto:mary.ietf.barnes@gmail.com>> wrote:

Hi all,

I have reviewed the revised version and I just a few final comments.

- Section 1.5, first bullet in the bulleted list: either change "an emergency calls" to "an emergency call" or "emergency calls"


 I will fix it with "emergency calls"

- Section 3.6.  "require the Specifying a Spec (T)." -> "require specifying a Spec(T)" or "require the specification of a Spec(T)"


 I will fix it with "require the specification of a Spec(T)"

- Section 5, I had suggested the the requirements be consistent in usage of 2119 language.  One of the requirements (R6) was changed, but R2 and R3 were not.  Was there a specific reason not to make those suggested changes?

R2:   "The indication from R1 can be inserted by a SIP proxy" -> "The indication from R1 MAY be inserted by a SIP proxy"
R3: "The indication from R1 can be removed by a SIP proxy" -> "The indication from R1 MAY be removed by a SIP proxy"

 So I reverted the change after Keith told that the requirements above is not stating
a normative behaviour and that he believes "can" is more appropriate.

 I am okay either way.

 I will create a version with "MAY".

 Keith, please provide comments if you have a strong opposition to changing it to "MAY".

 Thanks!
  Shida


Thanks,
Mary.


On Tue, Oct 29, 2013 at 9:11 AM, Mary Barnes <mary.ietf.barnes@gmail.com<mailto:mary.ietf.barnes@gmail.com>> wrote:
In reviewing the document in preparation for the PROTO write-up, I have a few comments (minor and nits) that should be addressed prior to the document being progressed.

Regards,
Mary.

Comments:
---------------

- General: domains used in this document must use a reserved domain such as "example.com<http://example.com/>" and must not use real domains. Thus, all occurrences of ericsson.com<http://ericsson.com/> need to be changed to example.com<http://example.com/>

- Section 1.5.  Bulleted list, first bullet. I would suggest you just leave out the mention of LI.  Emergency services should be a sufficient example.

- Section 1.5, last numbered list, item 2.  I had a hard time groking this sentence and had to read several times. I would suggest rewording something like (if I've properly interpreted the intent):
OLD:

       Different nodes spanning over different networks may need to be
       able to act differently on type of traffic, when implicit schemes
       are used, it would require distribution of such enterprise
       specific logic over multiple nodes in multiple operators.  That
       is clearly not a manageable architecture and solution.

NEW:

       Nodes spanning multiple networks often need to have different

       behavior depending upon the type of traffic.  When this is done using implicit

       schemes, enterprise specific logic must be distributed across multiple

       nodes in multiple operator's networks.

       That is clearly not a manageable architecture and solution.


- Section 1.5, last sentence.  I don't think that statement is sufficient for what this document is doing. I would suggest you change that sentence to something like the following:
OLD:

   Given the above background this document will formulate requirements
   for SIP to support an explicit private network indication.


NEW:

   Based on the background provided, this document formulates requirements
   for SIP to support an explicit private network indication and defines

   a P-header, P-Private-Network-Indication, to support those requirements.



- Section 3, next to last paragraph.  I'm not sure what is meant by "the filling out a Spec(T)". I don't see "filling" used as a concept in RFC 3324.  Perhaps, "specifying a Spec(T)" is more consistent with terminology in RFC 3324.

- Section 5.  In general, the requirements are not specific consistently - i.e., some use 2119 language and others not and there is not consistent capitalization.  I would suggest the following changes.
R2:   "The indication from R1 can be inserted by a SIP proxy" -> "The indication from R1 MAY be inserted by a SIP proxy"
R3: "The indication from R1 can be removed by a SIP proxy" -> "The indication from R1 MAY be removed by a SIP proxy"
R6: "must" -> "MUST"

- Section 6, 2nd paragraph. The "can" in the first sentence should be a "MAY" and the sentence needs to be split into two:
OLD:

   A proxy server which handles a message can insert such a P-Private-
   Network-Indication header field into the message based on
   authentication of the source of a message, configuration or local
   policy, and forward it to other proxies in the same administrative
   domain or proxies in trusted domain to be handled as private network
   traffic.

NEW:

   A proxy server which handles a message MAY insert such a P-Private-
   Network-Indication header field into the message based on
   authentication of the source of a message, configuration or local
   policy.  A proxy server MAY forward the message to other proxies in the

   same administrative domain or proxies in a trusted

   domain to be handled as private network traffic.





Section 9.  You should be explicit about the header name in this section.  The text in the first paragraph needs some work.  At a minimum you need to change the "not supposed to" to something more definitive as all security issues arise because someone does something they're not supposed to.   I would suggest at least making the following change:
OLD:

   The private network indication defined in this document is to be used
   in an environment where elements are trusted and where attackers are
   not supposed to have access to the protocol messages between those
   elements.  Traffic protection between network elements is sometimes
   achieved by using IPsec and sometimes by physical protection of the
   network.  In any case, the environment where the private network
   indication will be used ensures the integrity and the confidentiality
   of the contents of this header field.

NEW:

   The private network indication defined in this document MUST only be used
   in an environment where elements are trusted and where attackers are
   do not have access to the protocol messages between those
   elements.  Traffic protection between network elements can be
   achieved by using IPsec and sometimes by physical protection of the
   network.  In any case, the environment where the private network
   indication will be used ensures the integrity and the confidentiality
   of the contents of this header field.


Nits:
------
- Section 1.1:  "3rd-Generqation" -> 3rd-Generation
- The terms "break-in" and "break-out" traffic are used several places in the document, but this term is never defined.  These terms should be defined in Section 3.
- Figures should have Titles for readability



On Wed, Sep 11, 2013 at 9:19 PM, Mayumi Ohsugi <mayumi.ohsugi@ntt-at.co.jp<mailto:mayumi.ohsugi@ntt-at.co.jp>> wrote:
Hi,

I have submitted the following draft:

http://www.ietf.org/internet-drafts/draft-vanelburg-dispatch-private-network-ind-03.txt

The draft reflects all the comments discussed in DISPATCH list.

The major changes are as follows:

- corrected the abstract
- corrected the term "common domain" to "pre-arranged domain"
- added 7.1.4 "P-Private-Network-Indication verification"
- editorial changes
                                                                                  Regards,
Mayumi
_______________________________________________
dispatch mailing list
dispatch@ietf.org<mailto:dispatch@ietf.org>
https://www.ietf.org/mailman/listinfo/dispatch

v2.23.0 | Report a Bug | By Email