Re: [P2PSIP] WGLC for draft-ietf-p2psip-sip-13

Roland Bless <roland.bless@kit.edu> Fri, 05 September 2014 23:46 UTC

Return-Path: <roland.bless@kit.edu>
X-Original-To: p2psip@ietfa.amsl.com
Delivered-To: p2psip@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FD2B1A0650 for <p2psip@ietfa.amsl.com>; Fri, 5 Sep 2014 16:46:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.951
X-Spam-Level:
X-Spam-Status: No, score=-1.951 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EqFFhkBL37Mw for <p2psip@ietfa.amsl.com>; Fri, 5 Sep 2014 16:46:26 -0700 (PDT)
Received: from iramx2.ira.uni-karlsruhe.de (iramx2.ira.uni-karlsruhe.de [141.3.10.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C298F1A0648 for <p2psip@ietf.org>; Fri, 5 Sep 2014 16:46:25 -0700 (PDT)
Received: from i72vorta.tm.uni-karlsruhe.de ([141.3.71.26] helo=vorta.tm.kit.edu) by iramx2.ira.uni-karlsruhe.de with esmtp port 25 iface 141.3.10.81 id 1XQ3CR-0000in-7O; Sat, 06 Sep 2014 01:45:51 +0200
Received: from [IPv6:::1] (localhost [127.0.0.1]) by vorta.tm.kit.edu (Postfix) with ESMTPS id 97F95A800AA; Sat, 6 Sep 2014 01:46:19 +0200 (CEST)
Message-ID: <540A4B4B.1060406@kit.edu>
Date: Sat, 06 Sep 2014 01:46:19 +0200
From: Roland Bless <roland.bless@kit.edu>
Organization: Institute of Telematics, Karlsruhe Institute of Technology (KIT)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060111 Thunderbird/1.5 Mnenhy/0.7.3.0
MIME-Version: 1.0
To: cjbc@it.uc3m.es, p2psip@ietf.org
References: <1406307002.10492.15.camel@acorde.it.uc3m.es>
In-Reply-To: <1406307002.10492.15.camel@acorde.it.uc3m.es>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-ATIS-AV: ClamAV (iramx2.ira.uni-karlsruhe.de)
X-ATIS-Timestamp: iramx2.ira.uni-karlsruhe.de 1409960751.
Archived-At: http://mailarchive.ietf.org/arch/msg/p2psip/mGA-wdoR0W2vkBnw1CuuX7q6KfM
Cc: p2psip-chairs@tools.ietf.org
Subject: Re: [P2PSIP] WGLC for draft-ietf-p2psip-sip-13
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/p2psip/>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Sep 2014 23:46:29 -0000

Hi,

> The WGLC will be open till the 8th of September, so we have time enough
> even there is August in the middle. We kindly ask the WG to review the
> document and provide comments.

That was a good decision due to vacation time in August:-)

I carefully read the document and didn't find any real show stoppers,
but IMHO the document would benefit from some clarifications
as indicated below.

Major:
- Normally a SIP registration times out after some period
  (usually given in the REGISTER message)
  I guess that the mechanism is replaced in P2PSIP by the
  lifetime parameter in the StoredData. If this is the case
  I'd like to see it mentioned explicitly.

- It is unclear how SIP and SIPS should be realized, because
  AppAttach only allows to create DTLS/UDP or TLS/TCP connections
  (cf. OverlayLinkType in IceCandidate).
  "Once the AppAttach succeeds, the peer sends plain or (D)TLS encrypted
  SIP messages over the connection as in normal SIP."
  Sending "plain" (I guess non-secured) SIP message is not possible
  if AppAttach doesn't allow for UDP-only connections.

- I guess that the destination list should contain only
  NodeIDs, or are ResourceIds and OpaqueIDs also permitted?
  If not, then the calling/initiating peer should check
  that condition and some action must be defined if the
  destination list is non-conforming (maybe discard
  this destination list)

- The Draft should clearly specify how to map AORs
  to Resource-IDs as required by RFC6940, sec. 5.2:
   o  Define how the Resource Name is used to form the Resource-ID where
      each Kind is stored.
  I guess that the AOR is mapped by using the overlay hash function
  after stripping the scheme (like sip:, sips:) from it. But that
  should be defined explicitly.

Minor:
Sec. 1:
- Several different notations like 'Node-ID "1234"', Node-ID 1234
  or ID 1234 are used in this section.

Sec. 2:
OLD:    include the scheme (e.g sip:) as the AOR needs to match the
NEW:    include the scheme (e.g. sip:) as the AOR needs to match the

Sec. 3.3:

   o  A Store is permitted only for AORs with domain names that fall
      into the namespaces supported by the RELOAD overlay instance.

   and then

   Before issuing a Store request to the overlay, any peer SHOULD verify
   that the AOR of the request is a valid Resource Name with respect to
   its domain name and the namespaces defined in the overlay
   configuration document (see Section 3.4).

the first formulation suggests that the latter quotation should use
rather MUST than SHOULD (the Storing Peer MUST also verify this).

   Before a Store is permitted, the storing peer MUST check that:

   o  The AOR of the request is a valid Resource Name with respect to
      the namespaces defined in the overlay configuration document.

What would be the proper reaction if this condition is not fulfilled?
I guess a StoreAns with Error_Forbidden, but that could/should also be
mentioned.

Sec. 5.1:

   the responding peer MUST present a certificate with a Node-ID
   matching the terminal entry in the route list.

route list wasn't introduced before and I guess destination list
would be the right term here. Moreover, what is the reaction if
there is a certificate mismatch, i.e., the Node-ID doesn't match
the one in the certificate? Should the connection be torn down?

Sec. 5.2:
typo
OLD:   that want to assure maintanance of sessions individually need to
NEW:   that want to assure maintenance of sessions individually need to

Sec. 6:
   GRUUs in RELOAD are constructed by embedding a
   base64-encoded destination list in the gr URI parameter of the GRUU.

I guess that the destination list is encoded in the same way as
described in section  6.3.2.2. of RFC 6940. Simply a list of
Destination entries without any preceding length field?!

Sec. 7:


   sip_registration_route

      a destination list which can be used to reach the user's peer.

if there are any restrictions like only Node-IDs allowed or the
last entry must be a Node-ID, no Resource-IDs allowed, that could
be mentioned here, too.

Sec. 8:

What about destination lists that contain back and forth routes
like 1234 5678 1234 5678 1234 4444 5678 1234 7777?
This may be used for traffic amplification as mentioned in
sec. 13.6.5. of the RELOAD spec. Therefore, an additional
check at the StoreReq receiving node may be useful, even
if destination lists are checked by RELOAD.

Regards,
 Roland