IETF Logo Mail Archive

Re: [Gen-art] Gen-ART review of draft-ietf-dime-e2e-sec-req-04.txt

Christer Holmberg <christer.holmberg@ericsson.com> Fri, 03 June 2016 07:51 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AD9512D0FB for <gen-art@ietfa.amsl.com>; Fri, 3 Jun 2016 00:51:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9HItejVYBqWV for <gen-art@ietfa.amsl.com>; Fri, 3 Jun 2016 00:51:54 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72E8D12D0DE for <gen-art@ietf.org>; Fri, 3 Jun 2016 00:51:54 -0700 (PDT)
X-AuditID: c1b4fb2d-f79936d0000030e4-7f-57513717080b
Received: from ESESSHC002.ericsson.se (Unknown_Domain [153.88.183.24]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id B3.89.12516.71731575; Fri, 3 Jun 2016 09:51:51 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.154]) by ESESSHC002.ericsson.se ([153.88.183.24]) with mapi id 14.03.0294.000; Fri, 3 Jun 2016 09:51:51 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "jouni.nospam@gmail.com" <jouni.nospam@gmail.com>, "gen-art@ietf.org" <gen-art@ietf.org>
Thread-Topic: [Gen-art] Gen-ART review of draft-ietf-dime-e2e-sec-req-04.txt
Thread-Index: AdGobKORkU26nQ5DTHKN5mwC1RYdFQUYcTCAACnLCYA=
Date: Fri, 03 Jun 2016 07:51:49 +0000
Message-ID: <D3771259.9A74%christer.holmberg@ericsson.com>
References: <7594FB04B1934943A5C02806D1A2204B37F96BF6@ESESSMB209.ericsson.se> <046352dd-c670-e488-1101-6c3288211baf@gmail.com>
In-Reply-To: <046352dd-c670-e488-1101-6c3288211baf@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.4.160422
x-originating-ip: [153.88.183.147]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <E4DCD7372BDC81459081D909B1075608@ericsson.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrEIsWRmVeSWpSXmKPExsUyM2K7hK64eWC4QVevpMXsg5+ZLK6++sxi sX9dA5MDs8fOWXfZPZYs+cnk8eXyZ7YA5igum5TUnMyy1CJ9uwSujEnPJAp2KldcvX2VuYHx kFQXIyeHhICJxMuujewQtpjEhXvr2boYuTiEBI4wSnxtucAM4SxmlDjQfoupi5GDg03AQqL7 nzZIg4hAnMScfV+YQGxmgXSJ//+6WUFKhAW8JQ7OK4Uo8ZF4e+YmK4RtJfHj1y8wm0VAReL1 7atgrbxA8bUH97OA2EICDYwS+24ng4zhFLCVeH6WCyTMCHTa91NroDaJS9x6Mp8J4mQBiSV7 zjND2KISLx//AxsvKqAn8eXePEaQMRICShLTtqZBtBpIvD83nxnCtpb49vwtO4StLbFs4Wtm iGsEJU7OfMIygVFiFpJts5C0z0LSPgtJ+ywk7QsYWVcxihanFhfnphsZ66UWZSYXF+fn6eWl lmxiBMbkwS2/dXcwrn7teIhRgINRiYc3YU1AuBBrYllxZe4hRgkOZiUR3mStwHAh3pTEyqrU ovz4otKc1OJDjNIcLErivP4vFcOFBNITS1KzU1MLUotgskwcnFINjL5cHebiGw4te3qx8uZB zZu3JjyN6wj07jdUc19StPnzAsajPVeX5u6pivcs+8ERpbj4cbqN9mP1gswz8739Z/HN++8p 6D499qAGs2ZVTkhD3snAhWcu3bqlpyTfcv1dmtRDGy3fNXcitvIca9s3ldPYlvnCrIdsv7z8 RE99CbpbZM9o27AwRomlOCPRUIu5qDgRAIQxSx/FAgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/ewxnYMkYKYheAPBbA-7XqZK3XTU>
Cc: "draft-ietf-dime-e2e-sec-req.all@tools.ietf.org" <draft-ietf-dime-e2e-sec-req.all@tools.ietf.org>
Subject: Re: [Gen-art] Gen-ART review of draft-ietf-dime-e2e-sec-req-04.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jun 2016 07:51:56 -0000

Hi Jouni,

I am happy with your clarifications and change suggestions.

Thanks!

Regards,

Christer



On 02/06/16 17:58, "Jouni Korhonen" <jouni.nospam@gmail.com> wrote:

>Thanks Christer,
>
>And sorry for not responding earlier.. See my comments inline.
>
>5/7/2016, 7:48 AM, Christer Holmberg kirjoitti:
>>
>>
>> I am the assigned Gen-ART reviewer for this draft. For background on
>> Gen-ART, please see the FAQ at
>> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>
>>
>>
>>
>> Document:       
>>draft-ietf-dime-e2e-sec-req-04
>>
>> Reviewer:                                        Christer Holmberg
>>
>> Review Date:                                7 May2016
>>
>> IETF LC End Date:                        12 April 2016
>>
>> IETF Telechat Date:                    N/A
>>
>> Summary:                                      The document is well
>> written, and almost ready for publication is informational RFC. However,
>> I have a few editorial issues, related to the Introduction, that I ask
>> the authors to address.
>>
>> Major Issues:                                None
>>
>> Minor Issues:                                None
>>
>> Editorial Issues:
>>
>>
>>
>> Q_ABSTRACT_1:
>>
>>
>>
>> The text says that the draft ³discusses² requirements. In my opinion it
>> should say ³defines² or ³specifies².
>
>Ack. "specifies" sounds as a good choice.
>
>>
>> Q_INTRODUCTION_1:
>>
>> Please add references for TLS (for TCP) and DTLS (for SCTP).
>>
>
>Ack.
>
>>
>> Q_INTRODUCTION_2:
>>
>> The text says: ³Šor alternative security mechanisms independent of
>> Diameter (e.g., IPsec) is used.²
>>
>> 2A: I guess it should be ³are used²?
>>
>
>Yes.. the whole sentence IMO reads badly, so I have some overall
>rewording proposals.
>
>OLD:
>    The Diameter base protocol specification [2] offers security
>    protection between neighboring Diameter peers and mandates that peer
>    connections must be protected by TLS (for TCP), DTLS (for SCTP) or
>    alternative security mechanisms independent of Diameter (e.g., IPsec)
>    is used.
>
>NEW:
>    The Diameter base protocol specification [RFC6733] defineds security
>    protection between neighboring Diameter peers. The Diameter
>    mandates that peer connections must be protected by TLS [RFC5246]
>    (for TCP), DTLS [RFC6083] (for SCTP) or using security mechanisms
>    that are independent of Diameter such as IPsec [RFC4301].
>
>> 2B: I am not sure I understand what ³independent of Diameter² means.
>>
>
>It is actually quite direct quotation from base protocol RFC6733 text.
>Basically meaning when using (D)TLS the Diameter node itself has to
>implement/terminate the security, while with IPsec it does not
>necessarily need to do anything (e.g., when site-to-site IPsec is in
>place).
>
>
>>
>> Q_INTRODUCTION_3:
>>
>> The text talks about security between non-neighbour nodes, while the
>> draft name includes ³e2e². However, when reading Section 4,
>> non-neighbour does not necessarily mean end-to-end. I think it would be
>> good to explicitly clarify that in the Introduction.
>>
>
>Ok. This terminology issue was brought up also in two other review
>afair. I would actually propose rewording the document name, since that
>seems to be the only place where "e2e" is really misplaced and the
>document name is goofy in any case.
>
>OLD:
>Diameter AVP Level Security End-to-End Security: Scenarios and
>                               Requirements
>NEW:
>AVP Level Security for Non-neighboring Diameter Nodes: Scenarios and
>                               Requirements
>
>and also..
>
>OLD:
>Diameter End-to-End Security
>
>NEW:
>Diameter AVP Level Security
>
>>
>> Q_INTRODUCTION_4:
>>
>> The text says: ³This document collects requirements for developing a
>> solution to protect Diameter AVPs.²
>>
>> 2A: It needs to be clear that it¹s about protecting AVPs between
>> non-neighbour nodes.
>>
>
>Ok.
>
>> 2B: Instead of ³collect², please use the same terminology as in the
>> Abstract.
>
>Ok. That will be 'specifies' then.
>
>> Q_INTRODUCTION_5:
>>
>>               Please enhance AVP on first occurrence. Currently it¹s not
>> done until Section 3.
>>
>
>Ack.
>
>Thanks,
>	Jouni
>
>>
>> _______________________________________________
>> Gen-art mailing list
>> Gen-art@ietf.org
>> https://www.ietf.org/mailman/listinfo/gen-art
>>

v2.20.3 | Report a Bug | By Email