[NSIS] RE: New version of NSIS Req submitted
john.loughney@nokia.com Fri, 15 August 2003 12:13 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA25578 for <nsis-archive@odin.ietf.org>; Fri, 15 Aug 2003 08:13:32 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19ndS4-0008DD-Hb for nsis-archive@odin.ietf.org; Fri, 15 Aug 2003 08:13:05 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h7FCD4bm031563 for nsis-archive@odin.ietf.org; Fri, 15 Aug 2003 08:13:04 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19ndS0-0008Cy-N1; Fri, 15 Aug 2003 08:13:00 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19ndRX-00089v-Sg for nsis@optimus.ietf.org; Fri, 15 Aug 2003 08:12:31 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA25558 for <nsis@ietf.org>; Fri, 15 Aug 2003 08:12:28 -0400 (EDT)
From: john.loughney@nokia.com
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19ndRW-0002Ac-00 for nsis@ietf.org; Fri, 15 Aug 2003 08:12:30 -0400
Received: from mgw-x1.nokia.com ([131.228.20.21]) by ietf-mx with esmtp (Exim 4.12) id 19ndRV-0002AZ-00 for nsis@ietf.org; Fri, 15 Aug 2003 08:12:30 -0400
Received: from esvir01nok.ntc.nokia.com (esvir01nokt.ntc.nokia.com [172.21.143.33]) by mgw-x1.nokia.com (Switch-2.2.6/Switch-2.2.6) with ESMTP id h7FCCSB16670 for <nsis@ietf.org>; Fri, 15 Aug 2003 15:12:28 +0300 (EET DST)
Received: from esebh001.NOE.Nokia.com (unverified) by esvir01nok.ntc.nokia.com (Content Technologies SMTPRS 4.2.5) with ESMTP id <T641292eba3ac158f21082@esvir01nok.ntc.nokia.com>; Fri, 15 Aug 2003 15:12:28 +0300
Received: from esebe005.NOE.Nokia.com ([172.21.138.45]) by esebh001.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6139); Fri, 15 Aug 2003 15:12:27 +0300
Received: from esebe023.NOE.Nokia.com ([172.21.138.115]) by esebe005.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6139); Fri, 15 Aug 2003 15:12:27 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 15 Aug 2003 15:12:24 +0300
Message-ID: <DADF50F5EC506B41A0F375ABEB32063658F2C9@esebe023.ntc.nokia.com>
Thread-Topic: New version of Req submitted
Thread-Index: AcNgtRgFqDxWz7LMTSel/BPHJiRubQCcR8FA
To: brunner@ccrle.nec.de, mankin@isi.edu
Cc: nsis@ietf.org, harald@alvestrand.no, smb@research.att.com
X-OriginalArrivalTime: 15 Aug 2003 12:12:27.0179 (UTC) FILETIME=[7E1617B0:01C36326]
Content-Transfer-Encoding: quoted-printable
Subject: [NSIS] RE: New version of NSIS Req submitted
Sender: nsis-admin@ietf.org
Errors-To: nsis-admin@ietf.org
X-BeenThere: nsis@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=unsubscribe>
List-Id: Next Steps in Signaling <nsis.ietf.org>
List-Post: <mailto:nsis@ietf.org>
List-Help: <mailto:nsis-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Hi Marcus, Thanks for updating the document. I hope the text changes are sufficient for Harald & Steve. Allison, as long as there are no objects, can the updated document be considered at the next IESG call? thanks, John > -----Original Message----- > From: ext Marcus Brunner [mailto:brunner@ccrle.nec.de] > Sent: 12 August, 2003 12:33 > To: Loughney John (NRC/Helsinki); Allison Mankin > Cc: nsis@ietf.org; Harald Tveit Alvestrand; Steve Bellovin > Subject: New version of Req submitted > > > John, Allison, > > I have a new version of the requirements submitted > (draft-ietf-nsis-req-09.txt). The comments from Harald and > Steve have been > addressed (see below for the difference between the 08 and 09 > of the draft. > > Marcus > > Section 5 (Harald's comment #1) > > OLD > > 5 Requirements > > This section defines more detailed requirements for a > signaling solution, > respecting the framework, scoping assumptions, and > terminology considered > earlier. The requirements are in subsections, grouped roughly > according to > general technical aspects: architecture and design goals, > topology issues, > parameters, performance, security, information, and flexibility. > > Two general (and potentially contradictory) goals for the > solution are that > it should be applicable in a very wide range of scenarios, > and at the same > time lightweight in implementation complexity and resource > consumption > requirements in NSIS Entities. One approach to this is that > the solution > could deal with certain requirements via modular components or > capabilities, which are optional to implement or use in > individual nodes. > > In order to prioritize the various requirements we informally define > different 'parts of the network'. In the different parts of > the network a > particular requirement might have a different priority. > > The parts of the networks we differentiate are the > host-to-first router, > the access network, and the core network. The host to first > router part > includes all the layer 2 technologies to access to the > Internet. This part > of the division is especially informal and may incorporate > several access > segments. In many cases, there is an application and/or user > running on the > host initiating signaling. The access network can be > characterized by low > capacity links, medium speed IP processing capabilities, and it might > consist of a complete layer 2 network as well. The core network > characteristics include high-speed forwarding capacities and > inter-domain > issues. These divisions between network types are not strict > and do not > appear in all networks, but where they do exist they may influence > signaling requirements and will be highlighted as necessary. > > NEW > > 5 Requirements > > This section defines more detailed requirements for a > signaling solution, > respecting the framework, scoping assumptions, and > terminology considered > earlier. The requirements are in subsections, grouped roughly > according to > general technical aspects: architecture and design goals, > topology issues, > parameters, performance, security, information, and flexibility. > > Two general (and potentially contradictory) goals for the > solution are that > it should be applicable in a very wide range of scenarios, > and at the same > time lightweight in implementation complexity and resource > consumption > requirements in NSIS Entities. We use the terms 'access' and 'core' > informally in the discussion of some particular requirements > to refer to > deployment conditions where particular protocol attributes, > especially > performance characteristics, have special importance. Specifically, > 'access' refers to lower capacity networks and fewer users > and sessions. > 'Core' refers to high capacity networks with a large number > of users and > sessions. > > One approach to this is that the solution could deal with certain > requirements via modular components or capabilities, which > are optional to > implement or use in individual nodes. > > ==================================================== > Req 5.5.1 Scalability (Harald's comment #2) > > NEW added the following paragraph at the end of req 5.5.1 > > Specifically, NSIS MUST work in Internet scale deployments, > where the use > of signaling by hosts becomes universal. Note that requirement 5.2.4 > requires the functionality of transparently signal through > networks without > interpretation. Additionally, requirement 5.6.1 lists the > capability to > aggregate. Furthermore, requirement 5.5.4 states that NSIS > should be able > to constrain the load on devices. Basically, the performance of the > signaling MUST degrade gracefully rather than catastrophically under > overload conditions. > > ============================ > section 3, last paragraph (Steve Bellovin comment #1) > > OLD > 5. We can see the network at the level of domains/subdomains > rather than > individual routers (except in the special case that the > domain contains one > link). Domains are assumed to be administrative entities, so security > requirements apply to the signaling between them. > > NEW > 5. We can see the network at the level of domains/subdomains > rather than > individual routers (except in the special case that the > domain contains one > link). Domains are assumed to be administrative entities. So security > requirements might apply differently for the signaling > between the domains > and within a domain. Both cases we deal with in this document. > > ============================ > Requirement 5.7.8 (Steve Bellovin comment #2) > > OLD > > 5.7.8 Confidentiality of signaling messages > > Based on the signaling information exchanged between nodes > participating in > the signaling protocol an adversary may learn both the > identities and the > content of the signaling messages. To prevent this from happening, > confidentiality of the signaling message in a hop-by-hop > manner MAY be > provided. Note that the protection can be provided on a > hop-by-hop basis > for most message payloads since it is required that entities > which actively > participating in the signaling protocol must be able to read > and eventually > modify the content of the signaling messages. > > NEW > > 5.7.8 Confidentiality of signaling messages > > Based on the signaling information exchanged between nodes > participating in > the signaling protocol an adversary may learn both the > identities and the > content of the signaling messages. Since the ability to > listen to signaling > channels is a major guide to what data channels are interesting ones. > > To prevent this from happening, confidentiality of the > signaling message in > a hop-by-hop manner SHOULD be provided. Note that most > messages must be > protected on a hop-by-hop basis, since entities, which > actively participate > in the signaling protocol, must be able to read and > eventually modify the > signaling messages. > > > -------------------------------------- > Marcus Brunner > Network Laboratories > NEC Europe Ltd. > > E-Mail: brunner@ccrle.nec.de > WWW: http://www.ccrle.nec.de/ > Phone: +49 (0) 6221 905 11 29 > Mobile: +49 (0) 163 275 17 43 > personal home page: http://www.brubers.org/marcus > > > > > _______________________________________________ nsis mailing list nsis@ietf.org https://www1.ietf.org/mailman/listinfo/nsis
- [NSIS] RE: New version of NSIS Req submitted john.loughney