[Ecrit] (114) Comments on ECRIT Reqs ID (part I)
"James M. Polk" <jmpolk@cisco.com> Sun, 15 May 2005 02:09 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DX8Zh-0000tA-PJ; Sat, 14 May 2005 22:09:49 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DX8Zf-0000t1-M9 for ecrit@megatron.ietf.org; Sat, 14 May 2005 22:09:48 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA25272 for <ecrit@ietf.org>; Sat, 14 May 2005 22:09:45 -0400 (EDT)
Received: from sj-iport-3-in.cisco.com ([171.71.176.72] helo=sj-iport-3.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DX8pt-0007ii-59 for ecrit@ietf.org; Sat, 14 May 2005 22:26:34 -0400
Received: from sj-core-5.cisco.com (171.71.177.238) by sj-iport-3.cisco.com with ESMTP; 14 May 2005 19:09:36 -0700
X-IronPort-AV: i="3.93,109,1115017200"; d="scan'208"; a="265330192:sNHT38019024"
Received: from wells.cisco.com (wells.cisco.com [171.71.177.223]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id j4F29YPo011760 for <ecrit@ietf.org>; Sat, 14 May 2005 19:09:35 -0700 (PDT)
Received: from jmpolk-wxp.diablo.cisco.com (sjc-vpn6-455.cisco.com [10.21.121.199]) by wells.cisco.com (8.8.6 (PHNE_14041)/CISCO.SERVER.1.2) with ESMTP id TAA22011 for <ecrit@ietf.org>; Sat, 14 May 2005 19:09:34 -0700 (PDT)
Message-Id: <4.3.2.7.2.20050514210418.02d97ce8@diablo.cisco.com>
X-Sender: jmpolk@diablo.cisco.com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Sat, 14 May 2005 21:09:33 -0500
To: ecrit@ietf.org
From: "James M. Polk" <jmpolk@cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 39821207e2a2cade5c69c89d23fb80ee
Subject: [Ecrit] (114) Comments on ECRIT Reqs ID (part I)
X-BeenThere: ecrit@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: ecrit.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ecrit@ietf.org>
List-Help: <mailto:ecrit-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=subscribe>
Sender: ecrit-bounces@ietf.org
Errors-To: ecrit-bounces@ietf.org
All [*** this is part 1 of a 2 part message to the list - since I received an error posting a message that exceeded 40k, the break between parts is at section 6 of the ID] I reviewed the requirements ID draft-schulzrinne-ecrit-requirements-00.txt for the meeting this coming week, and have a few comments.... ok, 114 comments.... listed.... below.... For those of you attending the interim, I will bring these up there. For those of you not attending the interim, chime in and be heard about this comments. My overall comment to this ID is it is taking on waaaaaay more than the WG charter intended, but I am not surprised. I know a lot of folks want to get specific items addressed here. Some of those items I feel should be addressed elsewhere. Anyway, to the comments - here they are in the order they appear in the doc with one exception, the last one. The last one should be addressed somewhere, and I do not know if it should only be addressed in http://www.ietf.org/internet-drafts/draft-ietf-sipping-location-requirements-02.txt and its next version in the SIP WG. The comments: [note to ID authors - I know this is a group effort, so do not take my use of the word "you" personally] The following is a review of draft-schulzrinne-ecrit-requirements-00 on May 14th, 2005 Comment #1 Section 2 - Terminology - top paragraph "MUSTNOT", "SHALLNOT", "SHOULDNOT" are all 2 words each Comment #2 Section 2 - Terminology - 2nd paragraph "protocols" should be singular Comment #3 Section 2 - Terminology - term When did IAP become AIP? IAP and ISP flowed and should be retained. Comment #4 Section 2 - Terminology - term basic emergency service - should be capitalized Comment #5 Section 2 - Terminology - term "domain" should be renamed "administrative domain" Comment #6 Section 2 - Terminology - term You mention "IPSAP" before defining it, and don't state you will define it below like you do other terms. Some call this an IP-PSAP, not an IPSAP, BTW... Comment #7 Section 2 - Terminology - term emergency caller: The user or user device entity needing sending his/ her location to another entity in the network. "...needing sending..." is poor wording Comment #8 Section 2 - Terminology - term emergency caller: The user or user device entity needing sending his/ her location to another entity in the network. The "emergency caller" is "the individual in distress desiring help". Comment #9 Section 2 - Terminology - term geographic coordinate system - you fail to mention "a defined meridian", which should be added to the definition Comment #10 R2. International: The protocols and protocol extensions developed MUST support regional, political and organizational differences. Motivation: It must be possible for a device or software developed... This "must" in the motivation should be a MUST as it talks normatively Comment #11 R5. Minimum Connectivity: NEED REQUIREMENT HERE Motivation: If there is network connectivity between the emergency caller and the PSAP, and routing information is available, the call should be completed, even if other parts of the network are not reachable. This makes little sense, because if there is connectivity, there is a route, yet the wording seems to believe there might not be (which means there is "no connectivity") Comment #12 R6. Incremental Deployment Emergency calls from IP-based devices MUST be incrementally supported. This wording doesn't make sense; should it be: "R6 Incremental Deployment - incremental deployment of IP-based emergency calling MUST be supported" Comment #13 "R6 Motivation: Any mechanism must be deployable incrementally and work even if not all entities support IP-based emergency calling. For example, User agents conforming to the SIP specification [1], but unaware of this document, must be able to place emergency calls, possibly with restricted functionality." This ID professes that it all about IP e2e connectivity, yet this states it isn't really necessary. Which is it? This motivation, or the wording in the Intro section? Comment #14 R7. Middlebox Reliance: For a transient time the device and the UA MAY use the help of servers (e.g. ESRP) to provide the connectivity to ECC, especially for ECC not yet connected to the Internet. Same as comment to #13 - This ID professes that it all about IP e2e connectivity, yet this states it isn't really necessary. Which is it? This motivation, or the wording in the Intro section? Comment #15 R7 Motivation: Emergency calling mechanisms must support existing emergency call centers based on circuit-switched technology as well as future ECCs that are IP-enabled. This motivation statement clearly contradicts the Intro section (stating this is for IP e2e scenarios). Comment #16 A2. Local: Since many countries have already deployed national emergency identifiers, such as 911 in North America and 112 in large parts of Europe, UAs, proxies and call routers MUST recognize these universal emergency identifiers, but MAY NOT recognize lower level local emergency identifiers, including those such as 999, 122, 133, etc. In addition, these same call routing entities SHOULD recognize emergency identifiers that are used in other jurisdictions I don't understand this one as written, as there are ~60 different numbers around the world, we should list which ones are recommended for support and discuss the list. Primary examples are 115, 116, 117 etc for different emergency services within the same jurisdiction. Comment #17 A2. Local - [Ed. The requirement A2 is really a set of 3 requirements, and needs to have the question answered which is: "what does the term "local" mean?".] Good question... Comment #18 A2 Motivation: The latter requirement is meant to help travelers that may not know the local emergency number and instinctively dial the number they are used to from home. However, it is unlikely that all systems could be programmed to recognize any emergency number used anywhere as some of these numbers are used for non-emergency purposes, in particular extensions and service numbers. What is meant by this last phrase: "... in particular extensions and service numbers." Comment #19 A3. Recognizable: Emergency calls MUST be recognizable by user agents, proxies and other network elements. To prevent fraud, an address identified as an emergency number for call features or authentication override MUST also cause routing to a PSAP. Recommend replacing some of the last sentence with: "...any call recognized as an emergency call MUST be delivered expeditiously to an ECC". Comment #20 A5. Secure configuration: Devices SHOULD be assured of the correctness of the local emergency numbers that are automatically configured. How do you "assure a device" without asserting something that requires a key the remote and local domains understand, as well as the UA understands? Comment #21 A6. Backwards-compatible: Existing devices that predate the specification of emergency call-related protocols and conventions MUST be able reach a PSAP. I've read this above somewhere else in the ID. If a PIDF-LO is required to complete a 911 call, and it isn't present, and the device doesn't support the error messages from draft-ietf-sipping-location-requirements-02.txt, how can this work? I think this can work in residential and SMB scenarios, but I'm not sure about any others. VPNs in those other network types is but one reason for these problems. Comment #22 A7. Common Identifier: User initiated requests using local initiation methods (e.g. 9-1-1) MUST be supported across non-local domains (e.g. foreign countries). This is stated too US-centric. The IETF isn't about a country. This should state that all/most recognizable local emergency numbers will be converted to (perhaps) one SIP user-part for all SIP intermediaries to know to process accordingly. Comment #23 A7 Motivation: While traveling, users must be able to use their familiar "home" emergency identifier. Users should also be able to dial the local emergency number in the country they are visiting. Looking at the range of potential numbers, this will be interesting to meet - including just dialing '0' and meaning an emergency call Comment #24 Section 5 Proxy-inserted: A proxy along the call path inserts the location or location reference. This violates 3261 and draft-ietf-sipping-location-requirements-02.txt Comment #25 L1. Multiple location services: For UA-referenced locations, PSAPs MUST be able to access different location providers. The location provider may be tied to the ASP, AIP or ISP or may be independent of these entities. This may be inside an enterprise, and that should not be underscored or overlooked due to the trust-boundary issues known there Comment #26 L1 Motivation: This requirement avoids that all users have to rely on a single location service provider. This requirement is hard to avoid if there are no traditional national application-layer service providers. I don't understand the first sentence as written, especially since this ID just got done talking about internationalization scope. Comment #27 L2. Civic and Geographic: Where available, both civic (street address) and geographic (longitude/latitude) information SHOULD be provided to the PSAP. This necessitates a PIDF-LO extension to indicate if one was derived from the other. That XML element doesn't exist to my knowledge. Comment #28 L2 Motivation: While geographic coordinate information can usually be translated into civic address location information, "some specific information, such as building number and floor, is more easily provided as civic location information since it does not require a detailed surveying operation". For direct location determination, it may also be easier for the user to check civic location information to assure verity. I don't understand the quoted comment (I put in the quotes BTW) in the first sentence above. Is this suggesting a detailed survey *will* yield the cube number from a GPS coordinate on a non-ground floor? If it won't, it doesn't need to be brought up as motivation. Comment #29 L3. Location source identification: The source of a location data, whether measured, derived (e.g geocoding or reverse geocoding transformation), or manually input, MUST be indicated to the PSAP. How is this not covered by the <method> element in the PIDF-LO, and if so, why is the requirement not just "...the <method> element MUST be present when known"... Comment #30 L3 Motivation: This allows the PSAP to better judge the reliability and accuracy of the data and track down problems. I don't believe the word "judge" is appropriate here, as the PSAPs first need to "learn" (a better word for above) from real world experience what data indicates what results. Down the road, they will then analyze trends and such to determine how best to interpret data. Comment #31 L4. Certifiable: In some cases, the source and generation time of the location object used for call routing and caller location display MUST be verifiable, e.g., by a digital signature. The security requirements describe this in more detail. If my wireline phone has a timestamp of 2002, is that bad/untrusted? I don't believe so. This requirement needs to be adjusted to state this is a function of the <method> the location was derived from. Further, a future document (perhaps years from now) needs to be generated to give recommendations of those functions per <method> value. Comment #32 L5. Multiple locations: Multiple locations MAY be associated with the caller How is this requirement different that L2? If it can be different, then this text needs to state when/how it can be different, yet still be considered good. Comment #33 L5 Motivation: Multiple locations may occur either because the caller has provided more than one civic or geographic (coordinates) location, supplies both civic and geospatial location information, or because different location determination entities make different assessments of the caller's location." There needs to be a requirement stating if there is location information in both formats, and both are depicting the same location (as far as the UA is concerned), they MUST be in the same PIDF-LO; if different - or not sure they are the same location, they need to be in separate PIDF-LOs (typically with different <method> values). Comment #34 L5 Motivation: Multiple locations may occur either because the caller has provided more than one civic or geographic (coordinates) location, supplies both civic and geospatial location information, or because different location determination entities make different assessments of the caller's location." If there are more than one, and they are different, which is trusted to be true? Comment #35 L6. Validation of civic location: It MUST be possible to validate an address prior to its use in an actual emergency call. How is "validate" here in L6 different from "certifiable" in L4? Comment #36 L6. Validation of civic location: It MUST be possible to validate an address prior to its use in an actual emergency call. "... prior to its use in an actual emergency call." should be replaced with: "at any time" only. And...it's an implementation issue when this occurs, so I'm not sure this belongs in the ID. Someone like NENA should be defining this type of requirement. Comment #37 L7. Provide location: Calls using VoIP or subsequent methods MUST supply location with the call. "... with the call" should be replaced with: "...in each Request message (if SIP is used)." Comment #38 L8. Accept two location types: PSAPs shall accept location as civic and/or geo specified. [Ed. Suggest deleting above requirement since it doesn't deal with routing] I disagree with the Ed. Comment because this (as written) limits how many different formats a routing Proxy forwards, and how many formats an ECC has to deal with. The same piece of location information (if in a PIDF-LO) will be used for routing and dispatching. Limiting the number to two here is good. Comment #39 L9. Altitude included with location: All representations of location SHALL include the ability to carry altitude. This requirement does not imply altitude is always used or supplied. Either it does or it doesn't, but "include the ability..." is wishy-washy Comment #40 L10. Preferred datum: The preferred geographic coordinate system for emergency calls SHALL be WGS-84. 2D or 3D? Comment #41 L11. Multiple locations: If multiple locations are provided with a call, it SHOULD be possible to identify the most accurate, current, appropriate location information to be used for routing emergency calls and dispatching emergency responders. Exactly how will this be accomplished, especially by a Proxy? This is fruitless, therefore pointless. L2 should be all that is stated for this type of requirement. Comment #42 L14. Imprecise location: Imprecise location information MUST be available for emergency call routing and location delivery in cases where precise measurement based location determination mechanisms fail. How is "imprecise location" indicated to the PSAP as "imprecise"? If it cannot be, it shouldn't be a requirement. Comment #43 L15. Default identification: PSAPs MUST be made aware when imprecise location information was used to route a call. Same comment here that was to L14 - How is "imprecise location" indicated by the proxy to the PSAP as "imprecise"? If it cannot be, it shouldn't be a requirement. Comment #44 L16. Location Responsibility: Location determination MUST assume a responsible party. This is begging for liability statements to be included every time a location is given to a device, that it should not be used unless the user agrees "not to hold the deliverer responsible" before usage. Comment #45 L17 Motivation: The location information MUST be attributed to a specific point in time. That is, the location used for routing and which is reported to the PSAP call taker, must be the actual location of the caller at the time of making the call. This makes learning/getting/retrieving location a real-time event as the emergency call is being initiated - and this is not practical. If my home wireline phone has a timestamp of 2002, is that bad? Comment #46 L18. Location, Emergency Caller: Location provided with call MUST be associated with an Emergency Caller. Huh? This is to a device, one in which a user might not be logged into. Comment #47 L19 Motivation: Requirement 1 states that a level of authentication and validation for the source of the location is required. This implies the need to for the Emergency Caller to determine the authenticating and validating entity for the emergency services domain in which they reside. That is, it must be possible for an Emergency Caller to discover and utilize an answerable source of location in the access network they are using. The term in the 1st sentence "level" needs to be defined in order to understand if it is met. Level is not currently defined within this ID. Comment #48 L19. Location Domain Availability: Location domain MUST be obtainable by Emergency Caller. Motivation: Requirement 1 states that a level of authentication and validation for the source of the location is required. This implies the need to for the Emergency Caller to determine the authenticating and validating entity for the emergency services domain in which they reside. That is, it must be possible for an Emergency Caller to discover and utilize an answerable source of location in the access network they are using. "Emergency Caller" as used in the 1st sentence - I personally don't care who the authority is, and I doubt most (if any) do outside of this list and some regulators. Comment #49 L19. Location Domain Availability: Location domain MUST be obtainable by Emergency Caller. Motivation: Requirement 1 states that a level of authentication and validation for the source of the location is required. This implies the need to for the Emergency Caller to determine the authenticating and validating entity for the emergency services domain in which they reside. That is, it must be possible for an Emergency Caller to discover and utilize an answerable source of location in the access network they are using. This last sentence isn't clear. Provide an example of me discovering an "answerable source" so I can visualize it. Comment #50 L20. Location Certification: Location provided MUST be certified. This doesn't account for a GPS chip in a PDA or cell phone, therefore this cannot be a MUST. Comment #51 L20 Motivation: The Emergency Caller must be able to establish a session with the access domain authenticating and validating entity to obtain a certified location. The authentication of the location is granted with an expiry time, after which the location within the domain is deemed invalid. "INVALID"? This is starting to look an awful lot like a DHCP lease operation, and we're not building a protocol to do this here. Comment #52 L21. Location and Emergency Caller Identity: It MUST NOT be assumed that Emergency Caller identity provided with location is true identity of Emergency Caller. This contradicts L18 Comment #53 L22. Location Acceptability: Location provided by Emergency Caller MUST be considered acceptable as input to authentication and validation entity. This isn't really clear. Location should be in a certain format, and there is a 'the' missing in the requirement. Comment #54 L22. Location Acceptability: Location provided by Emergency Caller MUST be considered acceptable as input to authentication and validation entity. I see no requirement creating an "authentication and validation entity" which this requirement assumes already exists for every user. Comment #55 L24. Location Query Authorization: The ability to query emergency caller location using a location key MUST be limited to authorized end points. "end points" (which is one word BTW) Should be replaced with: "requests" Comment #56 L24 Motivation: Where the Emergency Caller does not desire the transmission of their location in-band with their call setup, they shall have the option of requesting a unique query key such that only authorized end points may query the location directly from the domain. As stated above: "end points" (which is one word) Should be replaced with: "requests" As "endpoints" implies the actual device has an SA relationship with the database server, which may not be the case, and only the user created an SA from a log-in screen. This is a two level operation. Comment #57 L25. Location Domain Authorization: Location Source entity MUST be authorized within the access domain. This is starting to create an architecture now... and I think this is starting to overstep some bounds of the charter and belongs more in NENA than IETF Comment #58 L26. Endpoint Location: Location MUST be tied to an endpoint within the access domain at the time of an emergency call. GPSs violate this, so this cannot be a MUST - see L27 below L27. Location Sources: Single source of location MUST NOT be assumed. Motivation: To achieve this, the end user device MUST be able to retrieve its current location from the access provider, from the infrastructure, via GPS, ... or as last resort, from the user itself. Comment #59 L28. Location Provided: Endpoint location SHOULD be provided to ECC. This needs to be restated as "if location is provided to the routing proxy, it MUST be provided to the ECC. cheers, James ******************* Truth is not to be argued... it is to be presented. Alas, few *truths* exist without the math. ...all else is a matter of perspective _______________________________________________ Ecrit mailing list Ecrit@ietf.org https://www1.ietf.org/mailman/listinfo/ecrit
- [Ecrit] (114) Comments on ECRIT Reqs ID (part I) James M. Polk