IETF Logo Mail Archive

Re: [NSIS] AD review comments of draft-ietf-nsis-qos-nslp-16

Jukka Manner <jukka.manner@tkk.fi> Wed, 07 October 2009 20:53 UTC

Return-Path: <jukka.manner@tkk.fi>
X-Original-To: nsis@core3.amsl.com
Delivered-To: nsis@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7C87E28C0F0 for <nsis@core3.amsl.com>; Wed, 7 Oct 2009 13:53:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.592
X-Spam-Level:
X-Spam-Status: No, score=-4.592 tagged_above=-999 required=5 tests=[AWL=2.007, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fOlWWpZ0vPwk for <nsis@core3.amsl.com>; Wed, 7 Oct 2009 13:53:21 -0700 (PDT)
Received: from smtp-4.hut.fi (smtp-4.hut.fi [130.233.228.94]) by core3.amsl.com (Postfix) with ESMTP id 34A2B3A6914 for <nsis@ietf.org>; Wed, 7 Oct 2009 13:53:20 -0700 (PDT)
Received: from localhost (katosiko.hut.fi [130.233.228.115]) by smtp-4.hut.fi (8.13.6/8.12.10) with ESMTP id n97KsxF2030250; Wed, 7 Oct 2009 23:54:59 +0300
Received: from smtp-4.hut.fi ([130.233.228.94]) by localhost (katosiko.hut.fi [130.233.228.115]) (amavisd-new, port 10024) with LMTP id 11322-47-2; Wed, 7 Oct 2009 23:54:59 +0300 (EEST)
Received: from smtp.netlab.hut.fi (luuri.netlab.hut.fi [130.233.154.177]) by smtp-4.hut.fi (8.13.6/8.12.10) with ESMTP id n97Kr2JI029647; Wed, 7 Oct 2009 23:53:02 +0300
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.netlab.hut.fi (Postfix) with ESMTP id BAE5C1E1CD; Wed, 7 Oct 2009 23:53:02 +0300 (EEST)
X-Virus-Scanned: by amavisd-new at luuri.netlab.hut.fi
Received: from smtp.netlab.hut.fi ([127.0.0.1]) by localhost (luuri.netlab.hut.fi [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Mmu-f0-MEXeY; Wed, 7 Oct 2009 23:52:58 +0300 (EEST)
Received: from mailsrv.netlab.hut.fi (mailsrv.netlab.hut.fi [130.233.154.190]) by smtp.netlab.hut.fi (Postfix) with ESMTP id 08BD61E1CF; Wed, 7 Oct 2009 23:52:51 +0300 (EEST)
Received: from [192.168.0.156] (a91-154-4-72.elisa-laajakaista.fi [91.154.4.72]) by mailsrv.netlab.hut.fi (Postfix) with ESMTP id BC65E120050; Wed, 7 Oct 2009 23:52:50 +0300 (EEST)
Message-ID: <4ACCFF63.1000808@tkk.fi>
Date: Wed, 07 Oct 2009 23:51:47 +0300
From: Jukka Manner <jukka.manner@tkk.fi>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
References: <21741_1254405419_ZZ0KQU00DKH9EYBC.00_4AC4B492.6070005@ericsson.com>
In-Reply-To: <21741_1254405419_ZZ0KQU00DKH9EYBC.00_4AC4B492.6070005@ericsson.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-TKK-Virus-Scanned: by amavisd-new-2.1.2-hutcc at katosiko.hut.fi
Cc: draft-ietf-nsis-qos-nslp@tools.ietf.org, NSIS <nsis@ietf.org>
Subject: Re: [NSIS] AD review comments of draft-ietf-nsis-qos-nslp-16
X-BeenThere: nsis@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Next Steps in Signaling <nsis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nsis>
List-Post: <mailto:nsis@ietf.org>
List-Help: <mailto:nsis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2009 20:53:22 -0000

Hi Magnus, thank you for the review.

I'll try to answer from my part, haven't talked to the co-authors, yet.

cheers,
Jukka

Magnus Westerlund wrote:
> Hi,
> 
> I have finally completed my AD review of the QoS NSLP and QSPEC
> documents. QSPEC will be dealt in a separate email. But here are my
> questions and comments.
> 
> A. Section 3.1.2: Please expand DSCP on its first usage.

Ack.

> 
> B. Section 3.1.3 contains a reference to draft-manner-nsis-nslp-auth.
> This is an informational reference. But I do wonder about the security
> solution and its need to carry authentication information. No, I don't
> want to make this a normative reference. But I do wonder how the WG
> plans to present the lack of even one fully specified security solution,
> even if this is going for experimental.

Good question. This item is not on our charter but me, Martin and Hannes
have worked on the topic sometime ago. Do you see we should add the user
authentication and authorization e.g. as an experimental extension to
the current NSLPs? The work is there, we could seek to finish it asap.

> 
> C. Section 3.2.12.1: How long does it take to detect that a new down
> stream peer exist, or that truncation has happened?

I believe this is a GIST functionality and parameter, and can be
configured differently depending on the deployment.

> 
> D. Section 4.6, page 35, second paragraph. It is not clear to me how (1)
> can be guaranteed to arrive prior to (2), or if both message are sent
> width bound to the other one?

I'll pass this to Georgios, he is the prime designer here, I believe. :)

> 
> E. Section 4.7.1, page 39:
> "Note that the egress should use a timer, with a
>    preconfigured value, that can be used to synchronise the arrival of
>    both messages, i.e., the end-to-end RESERVE message and the local
>    RESERVE' message."
> 
> I can't understand this "using a timer for synchronization" in this
> sentence.

I'll pass this to Georgios, too. :)

> 
> F. Section 5.1.2.1: "If the session of this message is bound to another
> session, then the RESERVE message SHOULD include the SESSION_ID of that
> other session in a BOUND_SESSION_ID object."
> 
> Why a SHOULD here. Please explain when you could or should break the SHOULD.

I don't actually know why only a SHOULD, this probably ought to be a 
MUST. If there is a binding, it must be indicated.

> 
> G. Section 5.1.2.2:
> "A QUERY message
>    MAY contain a second QSPEC object."
>      QUERY = COMMON_HEADER
>               [ RII ][ *BOUND_SESSION_ID ]
>               [ PACKET_CLASSIFIER ] [ INFO_SPEC ] QSPEC
> 
> The BNF seem to not allow for a second QSPEC object.

Roland already answered this, we'll fix it.

> 
> H. Section 5.1.3:
> "The remaining bits marked 'r' are reserved." There are no definition of
> the meaning of reserved bits. I assume SHALL be set to 0, SHALL be
> ignored on reception?

Yes, clearly this statement is missing, will add.

> 
> I. Section 5.1.3.5:
>   "The method-specific classifier data is two bytes long and consists of
>    a set of flags:
> 
>     0                   1                   2                   3
>     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>    |X|Y|P|T|F|S|A|B|                      Reserved                  |
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"
> 
> This seems to be 4 bytes, and not 2.

Yes. :)

> 
> J. Section 5.1.3.6
> "   Offset: The byte in the object at which the QNE found the error.
>    When this field is set to "0", the complete object is included."
> 
> I don't get these two sentences to match. First sentence says this is a
> pointer to where the error is. Second sentence indicates that the object
> has been truncated upto the given offset. Please clarify.

This means that either (1) there is the full object ("0") or (2) from 
"offset" upto the end of the object (not from beginning upto offset), 
where the problematic part starts at "offset". I'll clarify this.

> 
> K. Section 5.3.6:
>  "
>    A SESSION_ID_LIST is carried in RESERVE messages.  It is used in two
>    cases, to refresh or two tear down the indicated sessions. "
> 
> Second "two" should be a "to"?

Yes. :)

> 
> L. Section 6. Please update reference to RFC 5226.

Ack.

> 
> M. Section 7. "The protocol mechanisms s in this
>    document try to minimize exhaustion attacks against these resources
>    when performing authentication and authorization for QoS resources."
> 
> Is the lone "s" after mechanisms intended?

Surely not. :)

v2.23.0 | Report a Bug | By Email