[Gen-art] Re: review of draft-ietf-msec-policy-token-sec-05.txt
Brian E Carpenter <brc@zurich.ibm.com> Fri, 20 January 2006 09:58 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Ezt24-0002Jc-Lk; Fri, 20 Jan 2006 04:58:12 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Ezt23-0002JS-9r for gen-art@megatron.ietf.org; Fri, 20 Jan 2006 04:58:11 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA26809 for <gen-art@ietf.org>; Fri, 20 Jan 2006 04:56:43 -0500 (EST)
Received: from mtagate2.uk.ibm.com ([195.212.29.135]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EztAk-0005mp-VM for gen-art@ietf.org; Fri, 20 Jan 2006 05:07:11 -0500
Received: from d12nrmr1607.megacenter.de.ibm.com (d12nrmr1607.megacenter.de.ibm.com [9.149.167.49]) by mtagate2.uk.ibm.com (8.12.10/8.12.10) with ESMTP id k0K9upoM245080 for <gen-art@ietf.org>; Fri, 20 Jan 2006 09:56:57 GMT
Received: from d12av04.megacenter.de.ibm.com (d12av04.megacenter.de.ibm.com [9.149.165.229]) by d12nrmr1607.megacenter.de.ibm.com (8.12.10/NCO/VERS6.8) with ESMTP id k0K9u58Q125870 for <gen-art@ietf.org>; Fri, 20 Jan 2006 10:56:05 +0100
Received: from d12av04.megacenter.de.ibm.com (loopback [127.0.0.1]) by d12av04.megacenter.de.ibm.com (8.12.11/8.13.3) with ESMTP id k0K9u5Cg013681 for <gen-art@ietf.org>; Fri, 20 Jan 2006 10:56:05 +0100
Received: from sihl.zurich.ibm.com (sihl.zurich.ibm.com [9.4.16.232]) by d12av04.megacenter.de.ibm.com (8.12.11/8.12.11) with ESMTP id k0K9u4Ec013617; Fri, 20 Jan 2006 10:56:04 +0100
Received: from zurich.ibm.com (sig-9-145-134-195.de.ibm.com [9.145.134.195]) by sihl.zurich.ibm.com (AIX4.3/8.9.3p2/8.9.3) with ESMTP id KAA38210; Fri, 20 Jan 2006 10:56:03 +0100
Message-ID: <43D0B3AB.5050404@zurich.ibm.com>
Date: Fri, 20 Jan 2006 10:55:55 +0100
From: Brian E Carpenter <brc@zurich.ibm.com>
Organization: IBM
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113
X-Accept-Language: en, fr, de
MIME-Version: 1.0
To: Scott W Brim <sbrim@cisco.com>
References: <43CFAC3D.7060006@cisco.com>
In-Reply-To: <43CFAC3D.7060006@cisco.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 25620135586de10c627e3628c432b04a
Content-Transfer-Encoding: 7bit
Cc: gen-art@ietf.org
Subject: [Gen-art] Re: review of draft-ietf-msec-policy-token-sec-05.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Sender: gen-art-bounces@ietf.org
Errors-To: gen-art-bounces@ietf.org
In the end I made Sam's three points into a DISCUSS and I'm awaiting feedback. Brian Scott W Brim wrote: > Summary: discuss, particularly adopt most of what Sam said. > > I am reading Sam's notes and I disagree with the first part of what he > says, on flexibility. I spent some time with some pioneers of msec so > I may be biased but there are only two flexibility mechanisms, applied > repeatedly. Also the design is for a very constrained multicast > environment: one-to-many with central registration. Therefore I don't > believe his comments about flexibility or multicast (as a whole) apply > here. > > On the other hand, everything he says in the middle is powerful > and blocks it in my mind. > > I don't believe he should have abstained, because I believe everything > listed can be fixed. Why allow for multiple protocols instead of > GSAKMP? First, perhaps the WG chairs have a good technical answer; > and if they don't, that can be fixed rather directly. > > So it's just a significant discuss, with questions. > > Other medium-to-small nits: > > "registration provides a list of acceptable registration and > deregistration policy and mechanisms that may be used to manage > member-initiated joins and departures from a group. A NULL sequence > indicates that the group does not support registration and > deregistration of members. A member MUST be able to support at > least one set of Registration mechanisms in order to join the group. > When multiple mechanisms are present, a member MAY use any of the > listed methods. The list is ordered in terms of Group Owner > preference. A member MUST choose the highest listed mechanism that > local policy supports." > > First, I assume that a NULL sequence contains nothing -- there isn't a > sequence element that is an explicit null. If true, then when the > list is null a member CANNOT support at least one of the mechanisms -- > there aren't any. Prefix that sentence with "if the list is not null > ...", avoid complaints later. > > Second, in the last sentence, change "highest" to something like > "first listed". Again, avoid ambiguity. > > Next paragraph, re "rekey": same comment about "highest". > > I don't see anywhere where the group owner is indicated in > signaling. How is it known? Say so explicitly. > > Finally, someone needs to examine the IANA considerations. Aha, I see > Mr Cotton said something along those lines. > > > Other smaller nits: > > "Also, the members may want to verify that the access control rules > are adequate to protect the data that the member is submitting to > the group." > > editorial: "a member may want". > > "tokenInfo provides information about the instance of the Policy > Token (PT)." > > Add something like "see Section 3.1". This sentence as it is makes me > wonder if that's all they are going to tell me. > > swb > _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] review of draft-ietf-msec-policy-token-… Scott W Brim
- RE: [Gen-art] review of draft-ietf-msec-policy-to… Dondeti, Lakshminath
- Re: [Gen-art] review of draft-ietf-msec-policy-to… Brian E Carpenter
- Re: [Gen-art] review of draft-ietf-msec-policy-to… Brian E Carpenter
- [Gen-art] Re: review of draft-ietf-msec-policy-to… Brian E Carpenter