Re: [Gen-art] Gen-ART review of draft-ietf-dime-e2e-sec-req-04.txt
Jouni Korhonen <jouni.nospam@gmail.com> Thu, 02 June 2016 14:58 UTC
Return-Path: <jouni.nospam@gmail.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6166B12D1B2 for <gen-art@ietfa.amsl.com>; Thu, 2 Jun 2016 07:58:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r2Rr5NSYDJ8P for <gen-art@ietfa.amsl.com>; Thu, 2 Jun 2016 07:58:17 -0700 (PDT)
Received: from mail-pf0-x231.google.com (mail-pf0-x231.google.com [IPv6:2607:f8b0:400e:c00::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 026DC12D555 for <gen-art@ietf.org>; Thu, 2 Jun 2016 07:58:12 -0700 (PDT)
Received: by mail-pf0-x231.google.com with SMTP id b124so32300836pfb.0 for <gen-art@ietf.org>; Thu, 02 Jun 2016 07:58:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=reply-to:subject:references:to:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=cMBv1RFc0I0z4cCEFBPN62zZvacK4YA7HoIOfXuTvgc=; b=Igdh43kcxbfMwMz5we4MJom/9AACdIfKPj3eUp6LVUUfcl0XYRchivJyTDVcYv6cr1 aY6UGcs8Z6Ehf6S/Alw8tBWQHsN2m7bBl+IFLrBa1dU+j0OSoAr3u5mNw18MBCt1etY5 P6qv9VjId7DPOrAcdBdT/3xNKvXn2a5+hAJsTKQCE8Cffldq8HDlj+8CLJgkyaNSt3TT Cq/NbApYSh3Cqz0FMQauhY67ixoNV06Of1v+XuwKW6FWdPL5jUutX/87wgaT+LEf8/r1 CE52Q0A1tAwaJRC1iHmNPMLwMsCR/cFUI7yVgNIVoCBFQ4B8EO48xhl9Q4/M0P/4t4Tx LBtg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:reply-to:subject:references:to:cc:from :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=cMBv1RFc0I0z4cCEFBPN62zZvacK4YA7HoIOfXuTvgc=; b=genm5U12azIsgEOQ5A2yIxUJxCBKhW4g47G45/MXa2eG2g/RJko4v2wGigRq3xyntk eeg/gRTm7vhde5pmFWZjwkGeUa7hYe4sC83G2fHSin7IStJ579S0qkpGRIs4e6AyQfV7 rtqBm87CW7WiAq/pgY8TuN3Qp4piPSkL3QPTrFuAA1SPrz+LXdwgcsKVDeeMRJxNsjkD nF4EVKbydbITL6uCFUvstkbwC+FT9qNBrvQW1TL9jHeOh+AdgaSsyuDkH8ybv3792TRe vV5M9h6Z+ARnS6A7xAAe/ezGuuVO9tPjlPnBymuOItJcvMxmH1RtQGPdQ0i0+EVE3acG fJGg==
X-Gm-Message-State: ALyK8tKEBiTYA6Y2NMtvdELQ3Gb/cnMGGRHPnWCLorr1SWAbH8JpZsm6TqB0dMUzYq9blg==
X-Received: by 10.98.102.154 with SMTP id s26mr5346510pfj.41.1464879491484; Thu, 02 Jun 2016 07:58:11 -0700 (PDT)
Received: from [10.16.65.15] ([216.31.219.19]) by smtp.googlemail.com with ESMTPSA id p4sm70942652pac.1.2016.06.02.07.58.10 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 02 Jun 2016 07:58:10 -0700 (PDT)
References: <7594FB04B1934943A5C02806D1A2204B37F96BF6@ESESSMB209.ericsson.se>
To: Christer Holmberg <christer.holmberg@ericsson.com>, "gen-art@ietf.org" <gen-art@ietf.org>
From: Jouni Korhonen <jouni.nospam@gmail.com>
Message-ID: <046352dd-c670-e488-1101-6c3288211baf@gmail.com>
Date: Thu, 02 Jun 2016 07:58:07 -0700
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0
MIME-Version: 1.0
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B37F96BF6@ESESSMB209.ericsson.se>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/mTO7Hv_hXKpWoQtDboOtSsrTANE>
Cc: "draft-ietf-dime-e2e-sec-req.all@tools.ietf.org" <draft-ietf-dime-e2e-sec-req.all@tools.ietf.org>
Subject: Re: [Gen-art] Gen-ART review of draft-ietf-dime-e2e-sec-req-04.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: jouni.nospam@gmail.com
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jun 2016 14:58:19 -0000
Thanks Christer,
And sorry for not responding earlier.. See my comments inline.
5/7/2016, 7:48 AM, Christer Holmberg kirjoitti:
>
>
> I am the assigned Gen-ART reviewer for this draft. For background on
> Gen-ART, please see the FAQ at
> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>
>
>
>
> Document: draft-ietf-dime-e2e-sec-req-04
>
> Reviewer: Christer Holmberg
>
> Review Date: 7 May2016
>
> IETF LC End Date: 12 April 2016
>
> IETF Telechat Date: N/A
>
> Summary: The document is well
> written, and almost ready for publication is informational RFC. However,
> I have a few editorial issues, related to the Introduction, that I ask
> the authors to address.
>
> Major Issues: None
>
> Minor Issues: None
>
> Editorial Issues:
>
>
>
> Q_ABSTRACT_1:
>
>
>
> The text says that the draft “discusses” requirements. In my opinion it
> should say “defines” or “specifies”.
Ack. "specifies" sounds as a good choice.
>
> Q_INTRODUCTION_1:
>
> Please add references for TLS (for TCP) and DTLS (for SCTP).
>
Ack.
>
> Q_INTRODUCTION_2:
>
> The text says: “…or alternative security mechanisms independent of
> Diameter (e.g., IPsec) is used.”
>
> 2A: I guess it should be “are used”?
>
Yes.. the whole sentence IMO reads badly, so I have some overall
rewording proposals.
OLD:
The Diameter base protocol specification [2] offers security
protection between neighboring Diameter peers and mandates that peer
connections must be protected by TLS (for TCP), DTLS (for SCTP) or
alternative security mechanisms independent of Diameter (e.g., IPsec)
is used.
NEW:
The Diameter base protocol specification [RFC6733] defineds security
protection between neighboring Diameter peers. The Diameter
mandates that peer connections must be protected by TLS [RFC5246]
(for TCP), DTLS [RFC6083] (for SCTP) or using security mechanisms
that are independent of Diameter such as IPsec [RFC4301].
> 2B: I am not sure I understand what “independent of Diameter” means.
>
It is actually quite direct quotation from base protocol RFC6733 text.
Basically meaning when using (D)TLS the Diameter node itself has to
implement/terminate the security, while with IPsec it does not
necessarily need to do anything (e.g., when site-to-site IPsec is in
place).
>
> Q_INTRODUCTION_3:
>
> The text talks about security between non-neighbour nodes, while the
> draft name includes “e2e”. However, when reading Section 4,
> non-neighbour does not necessarily mean end-to-end. I think it would be
> good to explicitly clarify that in the Introduction.
>
Ok. This terminology issue was brought up also in two other review
afair. I would actually propose rewording the document name, since that
seems to be the only place where "e2e" is really misplaced and the
document name is goofy in any case.
OLD:
Diameter AVP Level Security End-to-End Security: Scenarios and
Requirements
NEW:
AVP Level Security for Non-neighboring Diameter Nodes: Scenarios and
Requirements
and also..
OLD:
Diameter End-to-End Security
NEW:
Diameter AVP Level Security
>
> Q_INTRODUCTION_4:
>
> The text says: “This document collects requirements for developing a
> solution to protect Diameter AVPs.”
>
> 2A: It needs to be clear that it’s about protecting AVPs between
> non-neighbour nodes.
>
Ok.
> 2B: Instead of “collect”, please use the same terminology as in the
> Abstract.
Ok. That will be 'specifies' then.
> Q_INTRODUCTION_5:
>
> Please enhance AVP on first occurrence. Currently it’s not
> done until Section 3.
>
Ack.
Thanks,
Jouni
>
> _______________________________________________
> Gen-art mailing list
> Gen-art@ietf.org
> https://www.ietf.org/mailman/listinfo/gen-art
>
- [Gen-art] Gen-ART review of draft-ietf-dime-e2e-s… Christer Holmberg
- Re: [Gen-art] Gen-ART review of draft-ietf-dime-e… Jari Arkko
- Re: [Gen-art] Gen-ART review of draft-ietf-dime-e… Jouni
- Re: [Gen-art] Gen-ART review of draft-ietf-dime-e… Jouni Korhonen
- Re: [Gen-art] Gen-ART review of draft-ietf-dime-e… Christer Holmberg