[Gen-art] Re: review of draft-ietf-msec-policy-token-sec-05.txt
Brian E Carpenter <brc@zurich.ibm.com> Fri, 20 January 2006 09:58 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Ezt24-0002Jc-Lk; Fri, 20 Jan 2006 04:58:12 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Ezt23-0002JS-9r for gen-art@megatron.ietf.org; Fri, 20 Jan 2006 04:58:11 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA26809 for <gen-art@ietf.org>; Fri, 20 Jan 2006 04:56:43 -0500 (EST)
Received: from mtagate2.uk.ibm.com ([195.212.29.135]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EztAk-0005mp-VM for gen-art@ietf.org; Fri, 20 Jan 2006 05:07:11 -0500
Received: from d12nrmr1607.megacenter.de.ibm.com (d12nrmr1607.megacenter.de.ibm.com [9.149.167.49]) by mtagate2.uk.ibm.com (8.12.10/8.12.10) with ESMTP id k0K9upoM245080 for <gen-art@ietf.org>; Fri, 20 Jan 2006 09:56:57 GMT
Received: from d12av04.megacenter.de.ibm.com (d12av04.megacenter.de.ibm.com [9.149.165.229]) by d12nrmr1607.megacenter.de.ibm.com (8.12.10/NCO/VERS6.8) with ESMTP id k0K9u58Q125870 for <gen-art@ietf.org>; Fri, 20 Jan 2006 10:56:05 +0100
Received: from d12av04.megacenter.de.ibm.com (loopback [127.0.0.1]) by d12av04.megacenter.de.ibm.com (8.12.11/8.13.3) with ESMTP id k0K9u5Cg013681 for <gen-art@ietf.org>; Fri, 20 Jan 2006 10:56:05 +0100
Received: from sihl.zurich.ibm.com (sihl.zurich.ibm.com [9.4.16.232]) by d12av04.megacenter.de.ibm.com (8.12.11/8.12.11) with ESMTP id k0K9u4Ec013617; Fri, 20 Jan 2006 10:56:04 +0100
Received: from zurich.ibm.com (sig-9-145-134-195.de.ibm.com [9.145.134.195]) by sihl.zurich.ibm.com (AIX4.3/8.9.3p2/8.9.3) with ESMTP id KAA38210; Fri, 20 Jan 2006 10:56:03 +0100
Message-ID: <43D0B3AB.5050404@zurich.ibm.com>
Date: Fri, 20 Jan 2006 10:55:55 +0100
From: Brian E Carpenter <brc@zurich.ibm.com>
Organization: IBM
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113
X-Accept-Language: en, fr, de
MIME-Version: 1.0
To: Scott W Brim <sbrim@cisco.com>
References: <43CFAC3D.7060006@cisco.com>
In-Reply-To: <43CFAC3D.7060006@cisco.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 25620135586de10c627e3628c432b04a
Content-Transfer-Encoding: 7bit
Cc: gen-art@ietf.org
Subject: [Gen-art] Re: review of draft-ietf-msec-policy-token-sec-05.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Sender: gen-art-bounces@ietf.org
Errors-To: gen-art-bounces@ietf.org
In the end I made Sam's three points into a DISCUSS and I'm awaiting
feedback.
Brian
Scott W Brim wrote:
> Summary: discuss, particularly adopt most of what Sam said.
>
> I am reading Sam's notes and I disagree with the first part of what he
> says, on flexibility. I spent some time with some pioneers of msec so
> I may be biased but there are only two flexibility mechanisms, applied
> repeatedly. Also the design is for a very constrained multicast
> environment: one-to-many with central registration. Therefore I don't
> believe his comments about flexibility or multicast (as a whole) apply
> here.
>
> On the other hand, everything he says in the middle is powerful
> and blocks it in my mind.
>
> I don't believe he should have abstained, because I believe everything
> listed can be fixed. Why allow for multiple protocols instead of
> GSAKMP? First, perhaps the WG chairs have a good technical answer;
> and if they don't, that can be fixed rather directly.
>
> So it's just a significant discuss, with questions.
>
> Other medium-to-small nits:
>
> "registration provides a list of acceptable registration and
> deregistration policy and mechanisms that may be used to manage
> member-initiated joins and departures from a group. A NULL sequence
> indicates that the group does not support registration and
> deregistration of members. A member MUST be able to support at
> least one set of Registration mechanisms in order to join the group.
> When multiple mechanisms are present, a member MAY use any of the
> listed methods. The list is ordered in terms of Group Owner
> preference. A member MUST choose the highest listed mechanism that
> local policy supports."
>
> First, I assume that a NULL sequence contains nothing -- there isn't a
> sequence element that is an explicit null. If true, then when the
> list is null a member CANNOT support at least one of the mechanisms --
> there aren't any. Prefix that sentence with "if the list is not null
> ...", avoid complaints later.
>
> Second, in the last sentence, change "highest" to something like
> "first listed". Again, avoid ambiguity.
>
> Next paragraph, re "rekey": same comment about "highest".
>
> I don't see anywhere where the group owner is indicated in
> signaling. How is it known? Say so explicitly.
>
> Finally, someone needs to examine the IANA considerations. Aha, I see
> Mr Cotton said something along those lines.
>
>
> Other smaller nits:
>
> "Also, the members may want to verify that the access control rules
> are adequate to protect the data that the member is submitting to
> the group."
>
> editorial: "a member may want".
>
> "tokenInfo provides information about the instance of the Policy
> Token (PT)."
>
> Add something like "see Section 3.1". This sentence as it is makes me
> wonder if that's all they are going to tell me.
>
> swb
>
_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] review of draft-ietf-msec-policy-token-… Scott W Brim
- RE: [Gen-art] review of draft-ietf-msec-policy-to… Dondeti, Lakshminath
- Re: [Gen-art] review of draft-ietf-msec-policy-to… Brian E Carpenter
- Re: [Gen-art] review of draft-ietf-msec-policy-to… Brian E Carpenter
- [Gen-art] Re: review of draft-ietf-msec-policy-to… Brian E Carpenter