Re: [secdir] secdir review of draft-forte-lost-extensions-06.txt
Carl Wallace <carl@redhoundsoftware.com> Tue, 09 August 2011 16:54 UTC
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CB2B21F8634; Tue, 9 Aug 2011 09:54:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.288
X-Spam-Level:
X-Spam-Status: No, score=-3.288 tagged_above=-999 required=5 tests=[AWL=-0.312, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uOlorQo3EZk8; Tue, 9 Aug 2011 09:54:47 -0700 (PDT)
Received: from mail-pz0-f45.google.com (mail-pz0-f45.google.com [209.85.210.45]) by ietfa.amsl.com (Postfix) with ESMTP id 67B5321F8610; Tue, 9 Aug 2011 09:54:47 -0700 (PDT)
Received: by pzk33 with SMTP id 33so475086pzk.18 for <multiple recipients>; Tue, 09 Aug 2011 09:55:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.142.166.11 with SMTP id o11mr6679389wfe.170.1312908916246; Tue, 09 Aug 2011 09:55:16 -0700 (PDT)
Received: by 10.143.30.17 with HTTP; Tue, 9 Aug 2011 09:55:16 -0700 (PDT)
X-Originating-IP: [67.242.104.93]
In-Reply-To: <CA66D032.486B%forte@att.com>
References: <CA619C69.83D2%carl@redhoundsoftware.com> <CA66D032.486B%forte@att.com>
Date: Tue, 09 Aug 2011 12:55:16 -0400
Message-ID: <CAGNP4BnJRg4M2+Ja74yUBA9b=BSf7hObTFDS2feBfDX038-96w@mail.gmail.com>
From: Carl Wallace <carl@redhoundsoftware.com>
To: "Andrea G. Forte" <forte@att.com>
Content-Type: multipart/alternative; boundary="000e0cd2e3289348bf04aa156d4d"
Cc: draft-forte-lost-extensions.all@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-forte-lost-extensions-06.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2011 16:54:48 -0000
A few responses are inline. Generally your responses are fine but I think including your thoughts in the draft would be helpful. On Tue, Aug 9, 2011 at 12:33 PM, Andrea G. Forte <forte@att.com> wrote: > <snip> > > > > > >The draft does not discuss error handling at all. Some types of errors > >associated with the extensions do not seem to fit into the errors > >described in RFC 5222. For example, could a server return an error when a > >requested area was too large for a query? Is the server allowed to place > >its own limits less than a client requests? These concerns may not arise > >in > >the 5222 context, where non-overlapping service regions are a mitigation. > > > [AGF] > I am not convinced we need additional error messages. > Generally speaking, I do not think the draft should limit what the server > can do with its content. Given a large area, a server could decide to > return the highest rated POIs only, or perhaps a fixed subset, or all of > them. I do not think that we can classify such behaviors as LoST errors. > These seem to be policy issues rather than errors. > > [CW] It doesn't seem necessarily true to me that the extensions do not introduce new error conditions, but highlighting the expectation that a server can adjust a request in order to provide service would be helpful. Does there need to be some means for the server to indicate to the client that there may be some additional related responses that can't be retrieved using the provided request? If not, it seems like there may be some blind spots for some queries. > > > >Given the commercial focus of the draft, the potential for stale > >information to be returned by a server seems high and probably worth a > >mention. For example, a pizza service may have closed. > > > [AGF] > This draft addresses extensions to the protocol used to convey information > about location-based services. The way this information is maintained is > out of scope. > Similarly, for emergency services, if the boundaries of a PSAP change they > have to be updated in the DB used by the LoST server. The way these are > updated is not in the scope of RFC5222. > > [CW] My point was the information is likely more volatile in the commercial context and noting this is worthwhile since the issues probably does not arise (at least as frequently) in the RFC 5222 context. As with the others, it seems worth noting somewhere even if the way the update is performed is out of scope. > <snip> >
- [secdir] secdir review of draft-forte-lost-extens… Carl Wallace
- Re: [secdir] secdir review of draft-forte-lost-ex… Carl Wallace
- Re: [secdir] secdir review of draft-forte-lost-ex… Andrea G. Forte