Re: [P2PSIP] AD evaluation: draft-ietf-p2psip-share-07
"Thomas C. Schmidt" <t.schmidt@haw-hamburg.de> Fri, 15 January 2016 08:50 UTC
Return-Path: <t.schmidt@haw-hamburg.de>
X-Original-To: p2psip@ietfa.amsl.com
Delivered-To: p2psip@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA8B11A8A07 for <p2psip@ietfa.amsl.com>; Fri, 15 Jan 2016 00:50:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EZ_5HRZfw58e for <p2psip@ietfa.amsl.com>; Fri, 15 Jan 2016 00:50:01 -0800 (PST)
Received: from mx3.haw-public.haw-hamburg.de (mx3.haw-public.haw-hamburg.de [141.22.6.2]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18D101A89B4 for <p2psip@ietf.org>; Fri, 15 Jan 2016 00:50:00 -0800 (PST)
X-IronPort-AV: E=Sophos;i="5.22,298,1449529200"; d="scan'208";a="27164624"
Received: from post.haw-hamburg.de (HELO HUB01.mailcluster.haw-hamburg.de) ([141.22.24.50]) by mail3.is.haw-hamburg.de with ESMTP/TLS/AES256-SHA; 15 Jan 2016 09:49:59 +0100
Received: from CAS03.mailcluster.haw-hamburg.de (2002:8d16:183e::8d16:183e) by HUB01.mailcluster.haw-hamburg.de (2002:8d16:1832::8d16:1832) with Microsoft SMTP Server (TLS) id 14.3.248.2; Fri, 15 Jan 2016 09:49:58 +0100
Received: from [141.22.28.186] (141.22.250.35) by haw-mailer.haw-hamburg.de (141.22.24.62) with Microsoft SMTP Server (TLS) id 14.3.248.2; Fri, 15 Jan 2016 09:49:58 +0100
To: Alissa Cooper <alissa@cooperw.in>, P2PSIP WG <p2psip@ietf.org>
References: <e41784d379854608bb9a6e027848cee3@HUB01.mailcluster.haw-hamburg.de>
From: "Thomas C. Schmidt" <t.schmidt@haw-hamburg.de>
Message-ID: <5698B2AA.7060008@haw-hamburg.de>
Date: Fri, 15 Jan 2016 09:49:46 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <e41784d379854608bb9a6e027848cee3@HUB01.mailcluster.haw-hamburg.de>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Originating-IP: [141.22.250.35]
Archived-At: <http://mailarchive.ietf.org/arch/msg/p2psip/j9CiQNHz_IwPhaObcTMPKucsBUI>
Subject: Re: [P2PSIP] AD evaluation: draft-ietf-p2psip-share-07
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/p2psip/>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jan 2016 08:50:04 -0000
Dear Alissa, many thanks for your detailed feedback. We'll address the comments shortly and be back. Best, Thomas On 15.01.2016 00:03, Alissa Cooper wrote: > I have reviewed this document in preparation for IETF last call. I have > a number of comments and questions that need to be resolved before last > call can be initiated. I’ve also included some nits below that should be > resolved together with last call comments. > > Given the nature of this document, I’d like for the shepherd to request > an early SECDIR review after the comments below have been resolved so > that the authors and WG can receive security feedback before the > document progresses to IESG evaluation. > > > == Substantive comments and questions == > > = Section 3.1 = > > I think this section requires clarification. > > How is the index value supposed to be initialized? Is it supposed to be > chosen at random or set to 0 (or 1, as in the figure)? > > I don’t understand how this mechanism relates to how SSRCs are chosen. > In fact RFC 3550 doesn’t specify a particular algorithm to use, but > merely provides one example. Furthermore, I don’t see how the collision > probably for the array index value, which selects the least significant > three bytes from a cryptographically random Node-Id that must be 16 > bytes or longer, would be the same as for a randomly chosen 32-bit > integer. Could you explain? > > = Section 5 = > > Are variable resource names expected to be UTF-8 strings? I think > somewhere in this section the internationalization expectations for > these strings need to be specified. > > = Section 5.3 = > > (1) > I think this section needs to specify normative requirements on the > pattern construction to avoid duplicative or substring names as > described in 5.1 > > (2) > "Configurations in this overlay document MUST adhere in syntax and > semantic of names as defined by the context of use. For example, syntax > restrictions apply when using P2PSIP[I-D.ietf-p2psip-sip], while a more > general naming is feasible in plain RELOAD." > > I don’t understand what the normative requirement is here or why it is > needed. How is “the context of use” defined? Shouldn’t it be up to the > specific protocol documents to define the required syntax and semantics > for specific usages (e.g., the way draft-ietf-p2psip-sip does)? > > (3) > "In the absence of a <variable-resource-names> element for a Kind using > the USER-CHAIN-ACL access policy (see Section 6.6 > <https://tools.ietf.org/html/draft-ietf-p2psip-share-07#section-6.6>), > implementors SHOULD assume this default value." > > Why is this SHOULD and not MUST? Shouldn’t implementations > conservatively assume that variable names are not allowed unless > explicitly specified? > > (4) > "If no pattern is defined for a Kind or the "enable" attribute is false, > allowable Resource Names are restricted to the username of the signer > for Shared Resource.” > > I think this needs to account for an error condition where the pattern > does not meet the pattern construction requirements, e.g.: > > ""If no pattern is defined for a Kind, if the "enable" attribute is > false, or if the regular expression does not meet the requirements > specified in this section, the allowable Resource Names are restricted > to the username of the signer for Shared Resource.” > > = Section 6.2 = > > For privacy reasons, wouldn’t it be better to overwrite every entry in a > subtree when the root of the subtree gets overwritten? Otherwise the > list of users who were given write access may remain long after their > access has been revoked. > > = Section 6.3 = > > How strings are to be compared (e.g., as binary objects or whatever it > is) needs to be normatively specified. > > It is confusing to use normative language only in step 5 here. I would > suggest either normatively defining each action or not using SHALL here. > > = Section 6.6 = > > "Otherwise, the value MUST be written if the certificate of the signer > contains a username that matches to one of the variable resource name > pattern (c.f. Section 5 > <https://tools.ietf.org/html/draft-ietf-p2psip-share-07#section-5>) > specified in the configuration document" > > It seems to me that matching the pattern is not sufficient — isn’t it > the case that both the user and domain portions of the user name in the > certificate need to match the user and domain name portions present in > the resource name? In general, the document seems to be missing > discussion of the implications of having the user name and the resource > name diverge. I think this affects every operation that involves > comparing the two (or the Resource-Id, right?). > > I’m also unclear about why policy for allowing access to shared > resources is being strictly coupled with policy for allowing variable > resource names. Might there be cases where it makes sense to authorize > one but not the other? > > = Section 8.2 = > > This section misses the threat of a misbehaving peer who is delegated > write access — that seems like an important case to cover. > > = Section 8.3 = > > By “publicly readable” do you mean “readable by any node in the > overlay”? Admission to the overlay would still be access controlled, > correct? > > = Section 9.2 = > > What is the significance of 17, other than that it is in the unassigned > range? > > > == Nits == > > = Section 1 = > > The reference to I-D.ietf-p2psip-disco should be removed given that the > document is several years old and not expected to advance as far as I know. > > s/from one authorized to another (previously unauthorized) user/from one > authorized user to another (previously unauthorized) user/ > > = Section 2 = > > s/the peer-to-peer SIP concepts draft [I-D.ietf-p2psip-concepts > <https://tools.ietf.org/html/draft-ietf-p2psip-share-07#ref-I-D.ietf-p2psip-concepts>]/[I-D.ietf-p2psip-concepts > <https://tools.ietf.org/html/draft-ietf-p2psip-share-07#ref-I-D.ietf-p2psip-concepts>]/ > > = Section 3.1 = > > s/Append an 8 bit long short individual index value/Append an 8-bit > individual index value/ > > = Section 4.1 = > > s/an Access Control including/an Access Control List including/ > > = Section 5.1 = > > Same comment about I-D.ietf-p2psip-disco > <https://tools.ietf.org/html/draft-ietf-p2psip-share-07#ref-I-D.ietf-p2psip-disco> as > in Section 1. > > > > -- Prof. Dr. Thomas C. Schmidt ° Hamburg University of Applied Sciences Berliner Tor 7 ° ° Dept. Informatik, Internet Technologies Group 20099 Hamburg, Germany ° ° http://www.haw-hamburg.de/inet Fon: +49-40-42875-8452 ° ° http://www.informatik.haw-hamburg.de/~schmidt Fax: +49-40-42875-8409 °
- [P2PSIP] AD evaluation: draft-ietf-p2psip-share-07 Alissa Cooper
- Re: [P2PSIP] AD evaluation: draft-ietf-p2psip-sha… Thomas C. Schmidt
- Re: [P2PSIP] AD evaluation: draft-ietf-p2psip-sha… Alissa Cooper
- Re: [P2PSIP] AD evaluation: draft-ietf-p2psip-sha… Thomas C. Schmidt
- Re: [P2PSIP] AD evaluation: draft-ietf-p2psip-sha… Thomas C. Schmidt
- Re: [P2PSIP] AD evaluation: draft-ietf-p2psip-sha… Alissa Cooper
- Re: [P2PSIP] AD evaluation: draft-ietf-p2psip-sha… Alissa Cooper