IETF Logo Mail Archive

Re: [Gen-art] Gen-ART Last Call review of draft-korhonen-mip4-service-06

"jouni korhonen" <jouni.nospam@gmail.com> Wed, 03 December 2008 14:16 UTC

Return-Path: <gen-art-bounces@ietf.org>
X-Original-To: gen-art-archive@optimus.ietf.org
Delivered-To: ietfarch-gen-art-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 02A753A688D; Wed, 3 Dec 2008 06:16:35 -0800 (PST)
X-Original-To: gen-art@core3.amsl.com
Delivered-To: gen-art@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1028D3A6A1E for <gen-art@core3.amsl.com>; Tue, 2 Dec 2008 22:50:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZJ6KaSzmvBQl for <gen-art@core3.amsl.com>; Tue, 2 Dec 2008 22:50:20 -0800 (PST)
Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.152]) by core3.amsl.com (Postfix) with ESMTP id 123EE3A699A for <gen-art@ietf.org>; Tue, 2 Dec 2008 22:50:19 -0800 (PST)
Received: by fg-out-1718.google.com with SMTP id d23so2310548fga.41 for <gen-art@ietf.org>; Tue, 02 Dec 2008 22:50:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=RRmoIWJSIVJfEP3uwhEjiwzzVnSXAA59R/3d2tJAAAE=; b=lrlsw9resjocqxt6SUlUdPAo/yanqiHm1TQg35WYDf/rUAUrYE7IbWQQC5C0J0LV+l 9CpD0ZIIwZFxFW5Y/5uyG3dTRQ/Mjqek3l2M3ttkmeQF/cKBpbicWoUdBhsVHcHCCY7B m1q9Fi2LmC4A3V1qruPWw9jshTQGxRZh/6JKE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=P28gEA9o/E5o2BMLV8EcP78WXQYO2Get80uj/XKgZlXVyVU5PKRUU/HmFosXjiqK5P 0pH8zK9GSnwMumm5l8ZHYcIx6YLVcLsLcWumsyxJkwTow/PWGG8B9yORScjMlSKAG10F sUxBqcH1iG+vqLzHX9h+NY1lg2Woyk9fF44q8=
Received: by 10.181.203.11 with SMTP id f11mr4532053bkq.112.1228287014179; Tue, 02 Dec 2008 22:50:14 -0800 (PST)
Received: by 10.223.108.144 with HTTP; Tue, 2 Dec 2008 22:50:13 -0800 (PST)
Message-ID: <3fe59bfe0812022250k3264bb39jc43b2ae8689af62c@mail.gmail.com>
Date: Wed, 03 Dec 2008 08:50:13 +0200
From: jouni korhonen <jouni.nospam@gmail.com>
To: Spencer Dawkins <spencer@wonderhamster.org>
In-Reply-To: <EA1CC945E09A4F71BF15D64495ACAF0C@china.huawei.com>
MIME-Version: 1.0
Content-Disposition: inline
References: <EA1CC945E09A4F71BF15D64495ACAF0C@china.huawei.com>
X-Mailman-Approved-At: Wed, 03 Dec 2008 06:16:34 -0800
Cc: General Area Review Team <gen-art@ietf.org>, ulf.s.nilsson@teliasonera.com, ietf@ietf.org
Subject: Re: [Gen-art] Gen-ART Last Call review of draft-korhonen-mip4-service-06
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: gen-art-bounces@ietf.org
Errors-To: gen-art-bounces@ietf.org

Hi Spencer,

Thanks for the review! See some comments inline.

On Tue, Dec 2, 2008 at 11:18 PM, Spencer Dawkins
<spencer@wonderhamster.org> wrote:
>
> I have been selected as the General Area Review Team (Gen-ART)
> reviewer for this draft (for background on Gen-ART, please see
> http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).
>
> Please resolve these comments along with any other Last Call comments
> you may receive.
>
> Document: draft-korhonen-mip4-service-06
> Reviewer: Spencer Dawkins
> Review Date: 2008-12-02
> IETF LC End Date: 2008-12-24
> IESG Telechat date: (not known)
> Summary: This draft is on the right track for publication as Informational (should it be standards-track, if you're expecting this to be widely deployed? But I'll leave that to the IESG).

I would have nothing against standards track RFC.

>
> I do have comments, especially involving 2119 language.
>
> Comments:
>
> (Can Jouni's e-mail address really be
>  Email: jouni.nospam@gmail.com
> ?)

Yes, this is my valid gmail e-mail address ;)

>
> 1.  Introduction
>
>  This document describes a Service Selection Extension for Mobile IPv4
>  that is intended to assist home agents to make specific service
>  selections for the mobility service subscription during the
>  registration procedure.  The service selection may affect home agent
>  routing decisions, Home Address assignment policies, firewall
>  settings, and security policies.  The Service Selection extension
>  SHOULD be used in every Registration Request that makes a new
>  registration to the home agent.  The Service Selection extension from
>  the Registration Request MAY be echoed back in the Registration
>  Reply.
>
> Spencer: I don't usually see 2119 normative language in the introduction of Internet Drafts... at a minimum, these statements appear before the requirements key words are introduced in section 2. I THINK most of these requirements are restated later in the document anyway, so they could probably be dropped here.

Ok, good point. I'll will remove the 2119 language from the Introduction.


>
>  In absence of a specifically indicated service the home agent MUST
>  act as if the default service, plain Internet access had been
>  requested.  There is no absolute requirement that this default
>  service be allowed to all subscribers, but it is highly RECOMMENDED
>  in order to avoid having normal subscribers employ operator-specific
>  configuration values in order to get basic service.
>
>  Some of the potential use-cases were listed earlier in this section.
>  The general aim is better manageability of services and service
>  provisioning from both operators and service providers point of view.
>  However, it should be understood that there are potential deployment
>  possibilities where selecting a certain service may restrict
>  simultaneous access to other services from an user point of view.
>  For example, services may be located in different administrative
>  domains or external customer networks that practice excessive
>  filtering of inbound and outbound traffic.
>
> Spencer: I wasn't clear on who this understanding is directed to - it almost reads like you're warning users that bad things might happen if you use a specific service, but surely the user specifies the service because an operator requires this?

We had this discussion earlier on RFC5149.. and concerns were raised
whether the Service Selection is a potential tool for enabling walled
gardens etc. Thus this note here was added to emphasize that point.

>
>
> 3.  Service Selection Extension
>
>  At most one Service Selection extension MAY be included in any Mobile
>  IPv4 Registration Request message.  It SHOULD be included at least in
>
> Spencer: seems to be missing a qualifier: "When a non-default service is selected, the Service Selection extension SHOULD be included ..."?
>
> Spencer: If this is qualified, could the SHOULD be a MUST?

Hmm.. right. New text would be:

   At most one Service Selection extension MAY be included in any Mobile
   IPv4 Registration Request message.  When a non-default service is selected,
   the Service Selection extension SHOULD be included at least in
   the Registration Request message that is sent for the initial binding
   registration when the mobile node and the home agent do not have an
   existing binding.  The Service Selection extension MUST be placed in
   the Registration Request message as follows:

>
> Spencer: If it remains as SHOULD, what happens if the Service Selection extension is not included in the initial binding registration, but is included in subsequent binding registrations?

The first RRQ would be treated as the selection of the "default
service". The subsequent RRQs with the service selection would cause
reauthorization & evaluation of the requested service. If the newly
requested service conflicts with the "default service" from the HA
point of view, then an appropriate error is returned and the binding
is dropped.

>
>  the Registration Request message that is sent for the initial binding
>  registration when the mobile node and the home agent do not have an
>  existing binding.  The Service Selection extension MUST be placed in
>  the Registration Request message as follows:
>
>  o  When present the extension MUST appear after the MN-NAI extension,
>     if the MN-NAI is also present in the message
>
>  o  If the extension was added by the mobile node to a Registration
>     Request it MUST appear prior any authentication-enabling
>     extensions [RFC3344][RFC4721]
>
> Spencer (editorial): s/prior/before/ or s/prior/prior to/

Ack.

>
>  o  In the event the foreign agent adds the Service Selection
>     extension to a Registration Request, the extension MUST appear
>     prior to any Foreign-Home authentication-enabling extensions
>     [RFC3344]
>
> 4.1.  Mobile Node Considerations
>
>  A mobile node or its proxy representative MAY include the Service
>  Selection extension into any Registration Request message.  The
>  Service Selection extension can be used with any mobile node
>  identification method.  The extension is used to identify the service
>  to be associated with the mobility session and SHOULD only be
>
> Spencer: this seems to be more restrictive than previous text that allowed the extension to be included in non-initial registration request messages...

Hmm.. earlier text said "..the Service Selection extension SHOULD be
included at least in the Registration Request message that is sent for
the initial binding registration.." I find these equally restricting.

>
>  included into the initial Registration Request message sent to a home
>  agent.  If the mobile node wishes to change the selected service, it
>  is RECOMMENDED that the mobile node de-register the existing binding
>
> Spencer: why RECOMMENDED and not REQUIRED? RECOMMENDED means that home agents must handle the case where the SHOULD isn't observed anyway.

We wanted to leave the possibility of MNs changing the selected
service in fly without tearing down the binding (which would mean
break in the IP connectivity from MIP point of view). Depending on the
policies on the HA and the selected service, the change of the
"selected service" may not cause a change of the HoA. Since this
behavior is tied to deployment time policies and requires out of band
knowledge of the services on the MN, the general recommendation is to
bring the existing service down first.

>
>  with the home agent before proceeding with a binding registration for
>  a different service.  The provisioning of the service identifiers to
>  the mobile node or its proxy representative is out of scope of this
>  specification.
>
> 6.  IANA Considerations
>
>  A new Mobile IPv4 skippable Extension type is required for the
>  following new Extension described in Section 3.  The Extension type
>  must be from the 'skippable Extension' range (128-255):
>
>      Service Selection Extension       is set to TBD
>
>  A new Mobile IPv4 registration denied by home agent error code is
>  required.  The error code must be allocated from the 'Error Codes
>  from the Home Agent' range (128-192):
>
>      SERVICE_AUTHORIZATION_FAILED      is set to TBD
>
> Spencer: (if you revise this draft, you probably want to use "TBD1", "TBD2", etc. so that it's clearer to IANA which "TBD" gets replaced with each allocated value)
>

Good point. I'll fix that.

Cheers,
      Jouni
_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www.ietf.org/mailman/listinfo/gen-art

v2.23.0 | Report a Bug | By Email