Re: [Gen-art] Gen-ART review of draft-drage-sipping-rfc3455bis-13
Jari Arkko <jari.arkko@piuha.net> Wed, 09 April 2014 12:41 UTC
Return-Path: <jari.arkko@piuha.net>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 827EE1A019E; Wed, 9 Apr 2014 05:41:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.772
X-Spam-Level:
X-Spam-Status: No, score=-0.772 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RP_MATCHES_RCVD=-0.272] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CsNBC1rT8S4t; Wed, 9 Apr 2014 05:41:07 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by ietfa.amsl.com (Postfix) with ESMTP id A8F401A0136; Wed, 9 Apr 2014 05:41:06 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 5160E2CC48; Wed, 9 Apr 2014 15:41:05 +0300 (EEST)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WghUjvQBw7Oh; Wed, 9 Apr 2014 15:41:04 +0300 (EEST)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2a00:1d50:2::130]) by p130.piuha.net (Postfix) with ESMTP id 3BA752CCBE; Wed, 9 Apr 2014 15:41:04 +0300 (EEST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <CABkgnnVVQCAz=ixeR04rc75Vc-rL2JFQcjT0-hX_UCL-c=FGjQ@mail.gmail.com>
Date: Wed, 09 Apr 2014 14:41:04 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <5F92FD08-1636-48C0-9634-8806E9F577FF@piuha.net>
References: <CABkgnnVVQCAz=ixeR04rc75Vc-rL2JFQcjT0-hX_UCL-c=FGjQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
X-Mailer: Apple Mail (2.1510)
Archived-At: http://mailarchive.ietf.org/arch/msg/gen-art/8LBeOsqEgukGdgb_ASttoD5jEK4
Cc: "gen-art@ietf.org Review Team" <gen-art@ietf.org>, IESG IESG <iesg@ietf.org>, draft-drage-sipping-rfc3455bis.all@tools.ietf.org
Subject: Re: [Gen-art] Gen-ART review of draft-drage-sipping-rfc3455bis-13
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Apr 2014 12:41:10 -0000
Thanks for the review, Martin. Have there been any responses or changes based on your comments? I do not see the document version having changed... Jari On Feb 28, 2014, at 1:43 AM, Martin Thomson <martin.thomson@gmail.com> wrote: > I am the assigned Gen-ART reviewer for this draft. For background on > Gen-ART, please see the FAQ at > > <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. > > Please resolve these comments along with any other Last Call comments > you may receive. > > Document: draft-drage-sipping-rfc3455bis-13 > Reviewer: Martin Thomson > Review Date: 2014-02-27 > IETF LC End Date: 2014-03-14 > IESG Telechat date: (if known) > > Summary: I find it strange that this 3GPP document is being published > on the standards track. But since it's a -bis there is clearly > precedent, and it is otherwise sound. > > Major issues: > > This document doesn't include enough information for me to some of the > headers. For example, there isn't enough information in the document > to allow me to interpret the contents of cgi-3gpp: > cgi-3gpp = "cgi-3gpp" EQUAL (token / quoted-string) > (I pick on P-Access-Network-Info, because I'm somewhat familiar with it.) > > This can probably be addressed by the inclusion of appropriate > normative references. I seem to recall there being a 3GPP TS that > covered at least some of these. > > Minor issues: > > RFC 4244 is now obsolete, see 7044. (related nit: Change log entry #2 > seems quite defensive, unnecessarily so. This document only needs to > define P-Called-Party-ID, and reference History-Info as an alternative > mechanism.) > > Change log entry #5, mentions a shortcoming of 3455 (no registry for > access network types), but the draft does nothing about it. It seems > to be propagating the mistake it notes. > > A lot has happened since RFC 3455 was published. The privacy > considerations around the use of P-Access-Network-Info are unchanged > from their pre-Geopriv form. In particular, I find the UA knowledge > part to be problematic; Geopriv definitions can probably help here. > > S6.1 P-Associated-URI is a powerful linkability vector, which could be > a far more serious privacy leak than the text implies. The following > seems like good advice, but is not sufficient: > > An eavesdropper could possibly collect the list of identities a user > is registered. This can have privacy implications. To mitigate this > problem, this extension SHOULD only be used in a secured environment, > where encryption of SIP messages is provided either end-to-end or > hop-by-hop. > > You also have to trust the other end of the hop with the information. > I think that's implicit, but probably needs to be stated. > > S6.4 This claim sounds false to me: > > However, there > are no security problems resulting from a UA inserting incorrect > information. Networks providing services based on the information > carried in the P-Access-Network-Info header field will therefore need > to trust the UA sending the information. A rogue UA sending false > access network information will do no more harm than to restrict the > user from using certain services. > > Any parameter whereby changing it can cause loss of service is likely > to be true in the inverse. The draft makes no claims that would make > me believe otherwise. > > Nits/editorial comments: > > S1 Having the disclaimer as the first section is a little strange. I > don't know what it is disclaiming yet. > > S1, S3 It looks like a few characters are missing from these sections: > "trust.These", "environment The", "[RFC3455] This" > > The change log contains a lot of normative language. I expected to > see pointers to changes, and maybe some justification, but items > include normative-sounding text and no pointers(7), other contain > pointers and duplicate text (3&4) > > Change log #6 notes the removal of a field; given that this is > extensible, why not just mark the CDMA 2000 item deprecated instead of > removing it? > > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Gen-ART review of draft-drage-sipping-r… Martin Thomson
- Re: [Gen-art] Gen-ART review of draft-drage-sippi… Jari Arkko
- Re: [Gen-art] Gen-ART review of draft-drage-sippi… Martin Thomson
- Re: [Gen-art] Gen-ART review of draft-drage-sippi… R.Jesske
- Re: [Gen-art] Gen-ART review of draft-drage-sippi… Atle Monrad
- Re: [Gen-art] Gen-ART review of draft-drage-sippi… Gonzalo Camarillo
- Re: [Gen-art] Gen-ART review of draft-drage-sippi… Jari Arkko
- Re: [Gen-art] Gen-ART review of draft-drage-sippi… Martin Thomson
- Re: [Gen-art] Gen-ART review of draft-drage-sippi… R.Jesske
- Re: [Gen-art] Gen-ART review of draft-drage-sippi… Jari Arkko