[Insipid] Pre-WGLC INSIPID Session-ID Review Comments
"Adam Gensler (agensler)" <agensler@cisco.com> Wed, 30 July 2014 18:05 UTC
Return-Path: <agensler@cisco.com>
X-Original-To: insipid@ietfa.amsl.com
Delivered-To: insipid@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CD151A0195 for <insipid@ietfa.amsl.com>; Wed, 30 Jul 2014 11:05:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.502
X-Spam-Level:
X-Spam-Status: No, score=-14.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RPUkBfvAXnH6 for <insipid@ietfa.amsl.com>; Wed, 30 Jul 2014 11:05:45 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 137661A01C5 for <insipid@ietf.org>; Wed, 30 Jul 2014 11:05:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5307; q=dns/txt; s=iport; t=1406743545; x=1407953145; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=jmEX8c8PfUNOPmFLRiwt1vcawfMXRzrOUL8o4nxUqHg=; b=grBcVX2Fr8TckHmlhNR4mss1hwlJ8nJQ+Jfpj8B8711D2JsJ6T6TPRwv 51TxWqTqZQogi54gkbB2JX2+9IcWWrtqJbwdibAtkTLMFtASsK01j0pz6 fnNDNHlO0ukys3drps0okmLhKsN3VjsEcLA8SgWxZeZUxSI1cFCoxqjFi g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AkUFAIIy2VOtJA2D/2dsb2JhbABZAYMNUlcEywqIXBZ3hAo6LiMBPkInBBOIQg2ZEKcIF4l/ih4Flz6EJoFSkwGDSWyBAyQe
X-IronPort-AV: E=Sophos;i="5.01,765,1400025600"; d="scan'208";a="343945439"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by rcdn-iport-3.cisco.com with ESMTP; 30 Jul 2014 18:05:44 +0000
Received: from xhc-rcd-x06.cisco.com (xhc-rcd-x06.cisco.com [173.37.183.80]) by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s6UI5iSk013191 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <insipid@ietf.org>; Wed, 30 Jul 2014 18:05:44 GMT
Received: from xmb-aln-x05.cisco.com ([169.254.11.10]) by xhc-rcd-x06.cisco.com ([173.37.183.80]) with mapi id 14.03.0123.003; Wed, 30 Jul 2014 13:05:43 -0500
From: "Adam Gensler (agensler)" <agensler@cisco.com>
To: "insipid@ietf.org" <insipid@ietf.org>
Thread-Topic: Pre-WGLC INSIPID Session-ID Review Comments
Thread-Index: AQHPrCDhKQ90DAn8HkiQQ2+H7MoUsw==
Date: Wed, 30 Jul 2014 18:05:42 +0000
Message-ID: <CFFEAC5D.3ACA%agensler@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.3.140616
x-originating-ip: [10.150.34.115]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <6FC00588511A1E45A90BB56A45B7ECBB@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/insipid/uIeIFyRvJstTtRw0ENEP_DrOPiE
X-Mailman-Approved-At: Wed, 30 Jul 2014 11:09:12 -0700
Subject: [Insipid] Pre-WGLC INSIPID Session-ID Review Comments
X-BeenThere: insipid@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SIP Session-ID discussion list <insipid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/insipid>, <mailto:insipid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/insipid/>
List-Post: <mailto:insipid@ietf.org>
List-Help: <mailto:insipid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/insipid>, <mailto:insipid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2014 18:05:48 -0000
Hi all, I've reviewed the INSIPID Session-ID draft located here: http://tools.ietf.org/html/draft-ietf-insipid-session-id I have a few comments/questions, listed below in no particular order: --- 4.1. Constructing the Session Identifier "To satisfy the requirement that no user or device information be conveyed, endpoints SHOULD generate version 4 (random) or version 5 (SHA-1) UUIDs." "Intermediaries that insert a Session-ID header into a SIP message on behalf of a sending User Agent MUST utilize version 5 UUIDs to ensure that UUIDs for the communication session are consistently generated." Comment: What's the rational behind allowing two different types of UUID generation in the first paragraph, then mandating a kind in the second paragraph? It seems that mandating version 5 UUIDs would provide two benefits. First, it would ensure the UUIDs are consistently generated in all scenarios, and second, it would be inline with the security guidelines spelled out in section 11. --- --- 7. Processing by Intermediaries "When intermediaries transmits a 100 (Trying) provisional responseand when the UUID of the destination UA is unknown, the intermediary MUST place the one known UUID in the "remote-uuid" field and set the "local-uuid" field to the null UUID value. When an intermediary transmits any other provisional response and when the UUID of the destination UA is unknown, the intermediary MUST place the one known UUID in the "remote-uuid" field and MAY set the "local-uuid" field to a locally created UUID value or the null UUID value. Comment: What's the rational behind the difference in behavior between the 100 and other 1xx responses? --- --- 9.6. Cascading Conference Bridge Support for the Session ID General Comment: I'll admit to not being well versed in cascading MCU setups. Are multiple MCUs linked together always from the top down? Or, is it possible that a downstream MCU may link upstream, thereby potentially causing a race condition of Session-ID indication via simultaneous isfocus-INVITEs between two MCUs? --- --- 9.4 Single Focus Conferencing Comment: This example shows reINVITEs being sent to change the UUID from the temporary, IVR-connected session, to the UUID of the conference. Is a SIP UPDATE/200OK exchange also a possibility for updating the UUID? If so, the validity of using an UPDATE to reflect changes in the UUID should be specifically mentioned. --- --- General Comment: The opening introduction discusses the challenges of end-to-end session IDs in multi-protocol environments. Are any provisions given for inter-working this draft with something like H.323? If not, is there specific guidance worth providing for intermediate devices that interwork between multiple protocols (CUCM/CUBE)? General Comment: How does this draft mesh with SIP OPTIONS ping/keepalive functionality? Should a Session-ID be included there? General Comment: The Webex specific example seems out of place and product specific. What's the generally accepted rule in regard to mentioning specific products in an RFC? --- --- 7. Processing by Intermediaries "Devices that initiate communication sessions following the procedures for third party call control MUST fabricate a UUID value that will be utilized only temporarily. Once the responding endpoint provides a UUID value in a response message, the temporary value MUST be discarded and replaced with the endpoint-provided UUID value. Refer to the third-party call control example for an illustration." **snip** "If a SIP intermediary initiates a dialog between two UAs in a 3PCC scenario, the SIP request in the initial INVITE will have a non-null "local-uuid" value; call this temporary UUID X. The request will still have a null "remote-uuid" value; call this value N. The SIP server MUST be transaction stateful. The UUID pair in the INVITE will be {X,N}. A non-redirected or rejected response will have a UUID pair {A,X}. This transaction stateful, dialog initiating SIP server MUST replace its own UUID, i.e., X, with a null UUID (i.e., {A,N}) as expected by other UAS" Comment: These paragraphs both seem to be describing 3PCC scenarios, but are separated in this section by three paragraphs not talking about 3PCC. Would it be beneficial to move this paragraphs closer together? --- --- 6. Endpoint Behavior "It is also possible to for the UA to receive a "remote-uuid" value that does not match the UA's assigned UUID for the session." Comment: Typo - "...is also possible to for the UA to..." --- --- 7. Processing by Intermediaries "When intermediaries transmits a 100 (Trying) provisional responseand when the UUID of the destination UA is unknown" Comment: Typo - "...provisional responseand when the..." --- --- 9.6. Cascading Conference Bridge Support for the Session ID "The one MCU that generates the UUID informs one or several MCUs of this common UUID, and they inform downstream MCUs of this common UUID each will be using for this one conference, or" Comment: Truncated sentence? "...this one conference, or" --- Any input and/or feedback on the above would be great. Best regards, Adam --- Adam Gensler agensler@cisco.com
- [Insipid] Pre-WGLC INSIPID Session-ID Review Comm… Adam Gensler (agensler)
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Gonzalo Salgueiro (gsalguei)
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Paul E. Jones
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … R.Jesske
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Paul E. Jones
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Adam Gensler (agensler)
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Christer Holmberg
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Paul E. Jones
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Christer Holmberg
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … James Polk
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Paul E. Jones
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Christer Holmberg
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Paul E. Jones
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Paul E. Jones
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Christer Holmberg
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Christer Holmberg
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Paul E. Jones
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Christer Holmberg
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Paul E. Jones
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Christer Holmberg