Re: [Insipid] WG Last Call: draft-ietf-insipid-logme-reqs

Paul Kyzivat <pkyzivat@alum.mit.edu> Thu, 01 September 2016 18:47 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: insipid@ietfa.amsl.com
Delivered-To: insipid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44BFC12D5D3 for <insipid@ietfa.amsl.com>; Thu, 1 Sep 2016 11:47:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.935
X-Spam-Level:
X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8WeMa0Qo3n1P for <insipid@ietfa.amsl.com>; Thu, 1 Sep 2016 11:47:06 -0700 (PDT)
Received: from resqmta-po-04v.sys.comcast.net (resqmta-po-04v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49E8812D5B7 for <insipid@ietf.org>; Thu, 1 Sep 2016 11:47:06 -0700 (PDT)
Received: from resomta-po-02v.sys.comcast.net ([96.114.154.226]) by resqmta-po-04v.sys.comcast.net with SMTP id fX0ebw0vuGkXBfX0zbWqr8; Thu, 01 Sep 2016 18:47:05 +0000
Received: from Paul-Kyzivats-MacBook-Pro.local ([73.218.51.154]) by resomta-po-02v.sys.comcast.net with SMTP id fX0zbbkmSGTNZfX0zbZZ14; Thu, 01 Sep 2016 18:47:05 +0000
To: insipid@ietf.org
References: <4C52DDE4-07CF-4F5F-8DB7-8CEB51119A6A@cisco.com> <A0B5C7D9-0C0B-4072-8782-8AABFAD1FF2E@cisco.com>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <9fc02fda-7b26-5bc5-7a2f-ff10e5b43880@alum.mit.edu>
Date: Thu, 1 Sep 2016 14:47:03 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <A0B5C7D9-0C0B-4072-8782-8AABFAD1FF2E@cisco.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-CMAE-Envelope: MS4wfP6d1g7M+Abd5lOmO29M9qH1rZtfaBDGWdQ/HIKIUunMFObWy0yLP+SauicB8lrC2ThhCkk5+Z/fiU7O/QGNfuDzmDdSSOTHOU8nkcCUdD3xPAdtTE+9 IE3/WzKZiTB41bRYRLk14js2kck9M2/I/VL1gGlCWcQb/z7PY1KXyAd4/hNgVeLX+F+hbLFi1U+sRg==
Archived-At: <https://mailarchive.ietf.org/arch/msg/insipid/yKENtmX9_runROfN10nh83k8oAY>
Subject: Re: [Insipid] WG Last Call: draft-ietf-insipid-logme-reqs
X-BeenThere: insipid@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SIP Session-ID discussion list <insipid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/insipid>, <mailto:insipid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/insipid/>
List-Post: <mailto:insipid@ietf.org>
List-Help: <mailto:insipid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/insipid>, <mailto:insipid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Sep 2016 18:47:07 -0000

Here are some comments on the document:

* Section 4:

I'm not clear of the intent of this section. It doesn't seem to include 
requirements, yet it has normative statements. It reads more like a 
mechanism.

I think this section should be rewritten. Perhaps as a set of 
assumptions/prerequisites for the environment where you are seeking a 
solution.

* Section 5:

I think the requirements in this section are a bit mixed up. Some are 
requirements that are to be met by a log-me *mechanism*. Others seem to 
be requirements that should be levied by a log-me mechanism on those who 
are implementing the mechanism. These are both useful things, but they 
are different. Perhaps they should be in two separate lists.

* REQ2

This talks about "network boundaries". I think more definition is needed 
to clarify exactly what constitutes a network boundary and what the 
impediments are for something to cross it. (Perhaps by referencing RFC7092.)

* REQ3 (and section 6.1)

Do you have a particular definition of "trust domain" in mind? Again, I 
think some sort of definition is needed.

Also, more discussion of motivation for removing at trust domains is 
needed. IMO there is often little motivation for removing the marking on 
*exit* from a trust domain, and in fact good reason for not doing so. 
OTOH, there may indeed be good reason for removing from a request that 
is *entering* a trust domain. (And some might want to remove the 
indicator on exit in order to ensure that neighbors *aren't* aware they 
are debugging.)

* REQ6/7

Do you really mean *proxy*? I suspect you really mean *intermediary*, 
including both proxies and B2BUAs?

	Thanks,
	Paul