IETF Logo Mail Archive

Re: [P2PSIP] Review of draft-ietf-p2psip-sip-06

Marc Petit-Huguenin <petithug@acm.org> Mon, 14 November 2011 18:11 UTC

Return-Path: <petithug@acm.org>
X-Original-To: p2psip@ietfa.amsl.com
Delivered-To: p2psip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D05021F8E10 for <p2psip@ietfa.amsl.com>; Mon, 14 Nov 2011 10:11:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.622
X-Spam-Level:
X-Spam-Status: No, score=-102.622 tagged_above=-999 required=5 tests=[AWL=-0.022, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RKU7LtyLTX7n for <p2psip@ietfa.amsl.com>; Mon, 14 Nov 2011 10:11:11 -0800 (PST)
Received: from implementers.org (implementers.org [IPv6:2604:3400:dc1:41:216:3eff:fe5b:8240]) by ietfa.amsl.com (Postfix) with ESMTP id E312321F8E0A for <p2psip@ietf.org>; Mon, 14 Nov 2011 10:11:10 -0800 (PST)
Received: from [IPv6:2001:df8:0:64:ca0a:a9ff:fe2e:a4f6] (unknown [IPv6:2001:df8:0:64:ca0a:a9ff:fe2e:a4f6]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client CN "petithug", Issuer "implementers.org" (verified OK)) by implementers.org (Postfix) with ESMTPS id E2F8720371 for <p2psip@ietf.org>; Mon, 14 Nov 2011 18:01:31 +0000 (UTC)
Message-ID: <4EC159BA.5020909@acm.org>
Date: Tue, 15 Nov 2011 02:11:06 +0800
From: Marc Petit-Huguenin <petithug@acm.org>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.23) Gecko/20111010 Icedove/3.1.15
MIME-Version: 1.0
To: P2PSIP Mailing List <p2psip@ietf.org>
References: <4E49B882.7060001@acm.org>
In-Reply-To: <4E49B882.7060001@acm.org>
X-Enigmail-Version: 1.1.2
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: Re: [P2PSIP] Review of draft-ietf-p2psip-sip-06
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Nov 2011 18:11:12 -0000

No response to this review, but I have an additional comment on this draft:

11. Section 3

"Note that these rules permit Alice to forward calls to Bob without
 his permission.  However, they do not permit Alice to forward Bob's
 calls to her."

One way to allow Alice to forward Bob's calls to her (or someone else) in a
secure way is to use the access control policy defined in
draft-knauf-p2psip-share.  With -sip-06, only the owner of the certificate can
store a SIP-REGISTRATION, that we can represent like this:

Resource     Kind   Node-ID       URI              signer
bob@c.com------1--->0x12345678--->sip:bob@m.com    bob@c.com

What Share can bring here is the possibility to have an authorized third-party
modifying the SIP registration:

Resource     Kind   Node-ID       URI              signer
bob@c.com----1001-->0x12345678--->sip:bob@c.com    bob@c.com

Resource     Kind   Index        ACL                     signer
bob@c.com-----18--->0x56780001-->bob@c.com   1001 true   bob@c.com
bob@c.com-----18--->0x56780002-->alice@c.com 1001 false  bob@c.com

Here Bob (the boss) delegates to Alice (his assistant[1]) the right to modify
its registration, so Alice can now change it:

Resource     Kind   Node-ID       URI              signer
bob@c.com----1001-->0x12345678--->sip:alice@m.com  alice@c.com

One problem is that we cannot reuse the Kind 1 (SIP), because it is already
bound to USER-NODE-MATCH, so we have to create a new kind (1001) that is bound
to USER-CHAIN-ACL.  Unfortunately I do not see an easy solution to use the
original Kind (1) with USER-CHAIN-ACL.

I would suggest to add an informative reference to draft-p2psip-knauf-share, and
to add a similar example in an appendix.


[1] For the record, the example I sent to the Share authors had Alice as the
boss, and Bob as her assistant, but I had to invert the example to match the
text in -sip.

On 08/16/2011 08:23 AM, Marc Petit-Huguenin wrote:
> 1. Section 3: SipRegistration structure
> 
> I would suggest to use "SipRegistration Resource Record" instead, to match the
> terminology in -concepts.
> 
> Same thing for SipRegistration PDU in the same section.
> 
> 
> 2. Section 3: 1st paragraph
> 
> s/This uses the SIP-REGISTRATION Kind-ID/This uses the SIP-REGISTRATION Kind/
> 
> 
> 3. Section 3: opaque contact_prefs<0..2^16-1>;
> 
> The format of the contact_prefs field is not described.  Is it RFC 3840 or RFC
> 2533 (better in my opinion) or something else?
> 
> 
> 4. Section 3: Destination destination_list<0..2^16-1>;
> 
> I think it would be better to have a list of destination_list instead, to be
> able to register different paths to the destination.  This could be useful if a
> node decides to register as a client to multiple peers, using the procedure in
> the second bullet of section 3.2.1 of -base.
> 
> 
> 5. Section 3, second bullet of last list.
> 
> It says that the storing peer must check that "[t]he certificate contains a
> Node-ID that is the same as the dictionary key it is being stored at.", which is
> not exactly true when the certificate contains multiple Node-ID.  It would be
> better to say:
> 
> "The Node-ID of the signer is the same as the dictionary key it is being stored at."
> 
> 
> 6. Section 4, first item in list
> 
> "Check to see if the domain part of the AOR matches the domain name of an
> overlay of which he is a member."
> 
> The way I understand this sentence, the "sip:petithug@implementers.org" AOR
> matches an overlay named "overlay.implementers.org".  Was that the intent of
> this rule, or was the intent that the "sip:petithug@implementers.org" AOR only
> matches the "implementers.org" overlay?
> 
> 
> 7. Section 5.
> 
> "If certificate-based authentication is in use, the responding peer MUST present
> a certificate with a Node-ID matching the terminal entry in the route list."
> 
> If this sentence is about the AppAttach itself (and not about the connection
> created by the AppAttach), isn't that rule already part of -base?
> 
> 
> 8. Section 6. Second sentence.
> 
> I do not understand what this sentence means.
> 
> 
> 9. Section 8.1. "In this section we discuss security issues that are likely to
> be relevant to any usage of RELOAD."
> 
> There is no security issues discussed in section 8.1.
> 
> 
> 10. Section 9
> 
> Please change "TBD" by the code point that was already assigned (1, I think), so
> early implementations can do interoperability testing.
> 
> 
> Nits
> ====
> 
> - Abstract
> 
> s/(RELOAD),/(RELOAD)./
> 
> - Section 2
> 
> s/consiered/considered/
> 

-- 
Marc Petit-Huguenin
Personal email: marc@petit-huguenin.org
Professional email: petithug@acm.org
Blog: http://blog.marc.petit-huguenin.org

v2.23.0 | Report a Bug | By Email