Re: [P2PSIP] Ben Campbell's Yes on draft-ietf-p2psip-sip-20: (with COMMENT)

"Ben Campbell" <ben@nostrum.com> Thu, 21 April 2016 02:51 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: p2psip@ietfa.amsl.com
Delivered-To: p2psip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E369D12E91A; Wed, 20 Apr 2016 19:51:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.896
X-Spam-Level:
X-Spam-Status: No, score=-2.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.996] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TCrmblyesd9p; Wed, 20 Apr 2016 19:51:32 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0990812E3E3; Wed, 20 Apr 2016 19:51:32 -0700 (PDT)
Received: from [10.0.1.18] (cpe-70-119-246-39.tx.res.rr.com [70.119.246.39]) (authenticated bits=0) by nostrum.com (8.15.2/8.14.9) with ESMTPSA id u3L2pQ04044173 (version=TLSv1 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 20 Apr 2016 21:51:27 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-70-119-246-39.tx.res.rr.com [70.119.246.39] claimed to be [10.0.1.18]
From: "Ben Campbell" <ben@nostrum.com>
To: "Thomas C. Schmidt" <t.schmidt@haw-hamburg.de>
Date: Wed, 20 Apr 2016 21:51:26 -0500
Message-ID: <FF13568B-7FAC-4BAD-911A-86D63C00FF0D@nostrum.com>
In-Reply-To: <5717501E.6060603@haw-hamburg.de>
References: <844de935e98d4674952705d289db2341@HUB02.mailcluster.haw-hamburg.de> <5717501E.6060603@haw-hamburg.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.4r5234)
Archived-At: <http://mailarchive.ietf.org/arch/msg/p2psip/rc6rLJXSVNc_Ea0M8xkUdaysoPo>
Cc: "p2psip-chairs@ietf.org" <p2psip-chairs@ietf.org>, "draft-ietf-p2psip-sip@ietf.org" <draft-ietf-p2psip-sip@ietf.org>, The IESG <iesg@ietf.org>, "p2psip@ietf.org" <p2psip@ietf.org>
Subject: Re: [P2PSIP] Ben Campbell's Yes on draft-ietf-p2psip-sip-20: (with COMMENT)
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/p2psip/>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Apr 2016 02:51:35 -0000

Hi, thanks for the response. Also see inline; I will remove sections 
that do not seem to need further discussion.

On 20 Apr 2016, at 4:47, Thomas C. Schmidt wrote:

> Hi Ben,
>
>> Substantive:
>>
>> - Figure 1: It might be helpful to show the R-URI in the INVITE.
>>
>
> Mhmm, not sure. This would IMO break the storytelling which focuses on 
> the interplay of RELOAD and remaining protocol operations.
>

That's your choice to make, but part of the reason I mentioned it was 
because I thought that very interplay was unclear, especially around the 
idea of schemeless AoRs. Should I assume the SIP INVITE is normal SIP, 
and prefixes the AoR with "sip:", "sips", etc in the r-uri?

[...]

>
>> - 3.3, 7th paragraph from end: "any peer SHOULD verify
>>     that the AOR of the request is a valid Resource Name with respect 
>> to
>>     its domain name "
>> How does that differ from the MUST in the first bullet, below?
>
> One peer is the requester (the SHOULD), the other peer is the storing 
> peer (the MUST). The storing peer is the entity that persists an entry 
> in the overlay and MUST check and ensure its consistency.

The distinction in the text is subtle. Maybe this is a bit of RELOAD 
terminology that I missed, but is the "storing peer" different than the 
"peer that issues a Store request to the overlay"?

>
>> Also, does
>> SIP over reload support phone numbers? If so, it would be good to 
>> include
>> some discussion about how phone numbers fit into the domain scheme. 
>> If
>> no, then please say so explicitly.
>>
>
> This is basically the question whether AORs containing telephone 
> numbers correspond to valid rfc822Name in X509v3 certificates, which I 
> suppose they do.
>
> We've added to the first para of Section 1:
>
>    This document defines a SIP Usage of RELOAD that allows SIP 
> [RFC3261]
>    user agents (UAs) to establish peer-to-peer SIP (or SIPS) sessions
>    without the requirement for permanent proxy or registration 
> servers,
>    e.g., a fully distributed telephony service. This service 
> transparently
>    supports SIP addressing including telephone numbers.
>

I think it may be more complicated than that. Phone numbers do not 
typically have domains. So more to the point, does this support TEL 
URIs? I think the answer is probably no, and that phone numbers are 
probably only supported by having AoRs where the local part of the 
coincidentally looks like a phone number.

This brings up another question that may already be answered, but if it, 
I don't remember. Are URI parameters allowed? (e.g. does 
"sip:+1234567890@example.com;user=phone" map to 
"+1234567890@example.com"?

This all probably doesn't matter as long as we are talking about reload 
AoRs, but it may matter if reload UAs need to interact with legacy SIP.


>> -3.3, 3rd and 4th paragraph from end:
>> What certificate? (Probably covered in RELOAD, but a comment here 
>> would
>> be helpful.)
>>
>
> That's the basic RELOAD certificates from the enrollment server. It 
> has been introduced already in the terminology Section 2.

Let me rephrase the question: A certificate that represents what? The 
user associated with the AoR?

>
>> - 3.4, first paragraph:
>> The "MAY" looks like a statement of fact. I suggest "might"
>>
>
> This very section describes how to restrict the overlay domains - in 
> this sense, the MAY is a statement about the protocol (distr. system) 
> mechanism and should be a MAY, I suppose. It is a precise operational 
> option.

A 2119 "MAY" usually represents an implementation choice. I don't think 
that's what we are talking about here. To illustrate the point, would it 
be reasonable for implementors to write software that did not allow the 
overlay to restrict domain names?

>
>> - 3.4, fourth paragraph:
>> That seems to say that "enable=false" means the restrictions are 
>> enabled.
>> Is that the intent?
>>
>
> What is intended:
>
>  If a <domain-restrictions> element is present, then these 
> restrictions apply. Further rules can be enabled. Without further 
> rules (or inconsistent parameters), domain names are restricted to 
> those that that match the domain name of the overlay.

I went back and re-read the section several times. I _think_ it means 
the following:

- If an <domain-restriction> element without "enable=true" exists, then 
the domains are limited to the overlay's own domain.
- If <domain-restriction> is present with enable=true. then the child 
<pattern> elements define the restrictions.

This seems to me to be an odd design choice, and i think implementers 
are going to get confused about the meaning of "enable". It also leaves 
open the possibility of having "enable=true" but know <pattern> 
elements. The text does not seem to define meaning for that situation. 
If I had to guess, I would guess that means the same as when 
enable=false.

So, does "enable" really mean anything beyond "check for pattern 
elements"?

>
>> - 4.1, 2nd and 3rd paragraphs from end:
>> Does that mean normal SIP procedures should be used if no overlay is
>> found for the domain, or that normal SIP procedures can be used 
>> instead
>> of checking for other overlays?
>>
>
> Normative language has been taken out here following a comment of 
> Spencer.
> The described case is "you query the wrong overlay, so we give some 
> hints on what else
> you could do".

Do you mean that the language in version 19 is a result of Spencer's 
comment, or that the next version will be different due to a comment 
from Spencer?


>
>> What about the case where the domain is supported by the overlay, but 
>> the
>> AOR is not found? Should the caller check for other overlays, or 
>> switch
>> to standard SIP?
>>
>
> That's the point "AOR domain is hosted in overlay?" - if the AOR is 
> not present, the requester may search for other contacts supporting 
> this domain name.

I'm not sure I understand your answer. Imagine I have a user agent that 
can do SIP over Reload, and also normal SIP. Someone hands me a business 
card with "sips:thomas@example.com". I am attached to an overlay that 
claims to support "example.com". I look for "thomas@example.com".com", but 
don't find it. (Perhaps my overlay has been misconfigured to think it 
supports "example.com".) Would it make sense for me to then try to send 
an INVITE to sips:thomas@example.com using normal SIP processing? (That 
is, outside of the overlay?)

Along these lines, did I miss guidance about making sure an overlay 
doesn't hijack other people's domains? (I see 8.2.3 talks about AoR 
misuse by an attacker, I think this is different. Maybe the enrollment 
service prevents that?
>
>> - 5.1, 2nd paragraph:

[...[

>
>> What are "client links"?
>>
>
> Client links are RELOAD-defined links from clients (not member of the 
> overlay) to the overlay.
>

I understand what a reload "client" is. I don't find the term "client 
link" in 6940. I assume from your answer you mean link in the "network 
connection" sense and not something along the lines of a "hypertext 
link".

[...]


>
>> - 6, first paragraph: "Globally Routable User Agent URIs (GRUUs)
>> [RFC5627] have been
>>     designed to allow direct routing without the indirection of a SIP
>>     proxy function. "
>> That’s not really true. 5627  section 3.4 talks about using the 
>> proxy to
>> dereference a gruu.
>>
>
> O.K., let's rephrase like this:
>
>    Globally Routable User Agent URIs (GRUUs) [RFC5627] have been
>    designed to allow direct routing to a specific UA instance
>    without the need for dereferencing by a domain-specific SIP
>    proxy function.
>
> That should hit the key of GRUUs.

That's still not correct. GRUUs have nothing to do with "direct 
routing". Now, it's entirely possible that being correct here isn't 
important. But I would suggest language more like:

   "... have been designed to allow SIP requests to be addressed to a 
specific UA instance."

>
>> - 8.1, first paragraph: "Hence no
>>     extra burden is introduced for RELOAD peers beyond loads already
>>     present in the base protocol."
>> What about from when a caller chooses to switch to conventional SIP 
>> to
>> reach a callee with a domain not supported by the overlay?
>>
>
> Not sure I understand: a caller using conventional SIP would not ask 
> for assistance by RELOAD peers??

If a reload user agent has the ability to redirect to classical SIP, 
does that "import" security considerations from classical SIP?

>
>> Editorial:
>>
>> - IDNits has some comments marking code blocks. The data structure in 
>> 3.2
>> seems to qualify.
>>
>> -2 : It would have been useful to mention that you are intentionally
>> dropping the AoR schemes back at the first AoR example.
>> Otherwise SIP people are going to be confused until they find the 
>> comment
>> 5 pages in.
>>
>
> This is already mentioned in the Terminology Section 2.

My comment is _about_ section 2 :-) My point is, section _1_ talks about 
AoRs of the form of "bob@dht.example.com".com". A SIP person reading this 
will be immediately confused, and think that this is not a valid SIP 
AoR. They won't learn that this is intentional until several pages 
later.

>
>> - 4.2, step 3:
>> What is an "external AoR"?
>>
>
> Those that are not associated to members of the overlay.
>

It would be helpful to say that, either here or in the terms section.