Re: [P2PSIP] WGLC for draft-ietf-p2psip-sip-13
Roland Bless <roland.bless@kit.edu> Fri, 05 September 2014 23:46 UTC
Return-Path: <roland.bless@kit.edu>
X-Original-To: p2psip@ietfa.amsl.com
Delivered-To: p2psip@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FD2B1A0650 for <p2psip@ietfa.amsl.com>; Fri, 5 Sep 2014 16:46:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.951
X-Spam-Level:
X-Spam-Status: No, score=-1.951 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EqFFhkBL37Mw for <p2psip@ietfa.amsl.com>; Fri, 5 Sep 2014 16:46:26 -0700 (PDT)
Received: from iramx2.ira.uni-karlsruhe.de (iramx2.ira.uni-karlsruhe.de [141.3.10.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C298F1A0648 for <p2psip@ietf.org>; Fri, 5 Sep 2014 16:46:25 -0700 (PDT)
Received: from i72vorta.tm.uni-karlsruhe.de ([141.3.71.26] helo=vorta.tm.kit.edu) by iramx2.ira.uni-karlsruhe.de with esmtp port 25 iface 141.3.10.81 id 1XQ3CR-0000in-7O; Sat, 06 Sep 2014 01:45:51 +0200
Received: from [IPv6:::1] (localhost [127.0.0.1]) by vorta.tm.kit.edu (Postfix) with ESMTPS id 97F95A800AA; Sat, 6 Sep 2014 01:46:19 +0200 (CEST)
Message-ID: <540A4B4B.1060406@kit.edu>
Date: Sat, 06 Sep 2014 01:46:19 +0200
From: Roland Bless <roland.bless@kit.edu>
Organization: Institute of Telematics, Karlsruhe Institute of Technology (KIT)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060111 Thunderbird/1.5 Mnenhy/0.7.3.0
MIME-Version: 1.0
To: cjbc@it.uc3m.es, p2psip@ietf.org
References: <1406307002.10492.15.camel@acorde.it.uc3m.es>
In-Reply-To: <1406307002.10492.15.camel@acorde.it.uc3m.es>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-ATIS-AV: ClamAV (iramx2.ira.uni-karlsruhe.de)
X-ATIS-Timestamp: iramx2.ira.uni-karlsruhe.de 1409960751.
Archived-At: http://mailarchive.ietf.org/arch/msg/p2psip/mGA-wdoR0W2vkBnw1CuuX7q6KfM
Cc: p2psip-chairs@tools.ietf.org
Subject: Re: [P2PSIP] WGLC for draft-ietf-p2psip-sip-13
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/p2psip/>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Sep 2014 23:46:29 -0000
Hi, > The WGLC will be open till the 8th of September, so we have time enough > even there is August in the middle. We kindly ask the WG to review the > document and provide comments. That was a good decision due to vacation time in August:-) I carefully read the document and didn't find any real show stoppers, but IMHO the document would benefit from some clarifications as indicated below. Major: - Normally a SIP registration times out after some period (usually given in the REGISTER message) I guess that the mechanism is replaced in P2PSIP by the lifetime parameter in the StoredData. If this is the case I'd like to see it mentioned explicitly. - It is unclear how SIP and SIPS should be realized, because AppAttach only allows to create DTLS/UDP or TLS/TCP connections (cf. OverlayLinkType in IceCandidate). "Once the AppAttach succeeds, the peer sends plain or (D)TLS encrypted SIP messages over the connection as in normal SIP." Sending "plain" (I guess non-secured) SIP message is not possible if AppAttach doesn't allow for UDP-only connections. - I guess that the destination list should contain only NodeIDs, or are ResourceIds and OpaqueIDs also permitted? If not, then the calling/initiating peer should check that condition and some action must be defined if the destination list is non-conforming (maybe discard this destination list) - The Draft should clearly specify how to map AORs to Resource-IDs as required by RFC6940, sec. 5.2: o Define how the Resource Name is used to form the Resource-ID where each Kind is stored. I guess that the AOR is mapped by using the overlay hash function after stripping the scheme (like sip:, sips:) from it. But that should be defined explicitly. Minor: Sec. 1: - Several different notations like 'Node-ID "1234"', Node-ID 1234 or ID 1234 are used in this section. Sec. 2: OLD: include the scheme (e.g sip:) as the AOR needs to match the NEW: include the scheme (e.g. sip:) as the AOR needs to match the Sec. 3.3: o A Store is permitted only for AORs with domain names that fall into the namespaces supported by the RELOAD overlay instance. and then Before issuing a Store request to the overlay, any peer SHOULD verify that the AOR of the request is a valid Resource Name with respect to its domain name and the namespaces defined in the overlay configuration document (see Section 3.4). the first formulation suggests that the latter quotation should use rather MUST than SHOULD (the Storing Peer MUST also verify this). Before a Store is permitted, the storing peer MUST check that: o The AOR of the request is a valid Resource Name with respect to the namespaces defined in the overlay configuration document. What would be the proper reaction if this condition is not fulfilled? I guess a StoreAns with Error_Forbidden, but that could/should also be mentioned. Sec. 5.1: the responding peer MUST present a certificate with a Node-ID matching the terminal entry in the route list. route list wasn't introduced before and I guess destination list would be the right term here. Moreover, what is the reaction if there is a certificate mismatch, i.e., the Node-ID doesn't match the one in the certificate? Should the connection be torn down? Sec. 5.2: typo OLD: that want to assure maintanance of sessions individually need to NEW: that want to assure maintenance of sessions individually need to Sec. 6: GRUUs in RELOAD are constructed by embedding a base64-encoded destination list in the gr URI parameter of the GRUU. I guess that the destination list is encoded in the same way as described in section 6.3.2.2. of RFC 6940. Simply a list of Destination entries without any preceding length field?! Sec. 7: sip_registration_route a destination list which can be used to reach the user's peer. if there are any restrictions like only Node-IDs allowed or the last entry must be a Node-ID, no Resource-IDs allowed, that could be mentioned here, too. Sec. 8: What about destination lists that contain back and forth routes like 1234 5678 1234 5678 1234 4444 5678 1234 7777? This may be used for traffic amplification as mentioned in sec. 13.6.5. of the RELOAD spec. Therefore, an additional check at the StoreReq receiving node may be useful, even if destination lists are checked by RELOAD. Regards, Roland
- [P2PSIP] WGLC for draft-ietf-p2psip-sip-13 Carlos Jesús Bernardos Cano
- Re: [P2PSIP] WGLC for draft-ietf-p2psip-sip-13 Marc Petit-Huguenin
- Re: [P2PSIP] WGLC for draft-ietf-p2psip-sip-13 Roland Bless
- Re: [P2PSIP] WGLC for draft-ietf-p2psip-sip-13 Thomas C. Schmidt
- Re: [P2PSIP] WGLC for draft-ietf-p2psip-sip-13 Carlos Jesús Bernardos Cano
- Re: [P2PSIP] WGLC for draft-ietf-p2psip-sip-13 Thomas C. Schmidt
- Re: [P2PSIP] WGLC for draft-ietf-p2psip-sip-13 Carlos Jesús Bernardos Cano
- Re: [P2PSIP] WGLC for draft-ietf-p2psip-sip-13 Thomas C. Schmidt