IETF Logo Mail Archive

[sipcore] AD Evaluation of draft-ietf-sipcore-reason-q850-loc-04

Ben Campbell <ben@nostrum.com> Fri, 30 November 2018 04:59 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1F52126C7E; Thu, 29 Nov 2018 20:59:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.88
X-Spam-Level:
X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1LTFmWUFWr-f; Thu, 29 Nov 2018 20:59:23 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CD5E127AC2; Thu, 29 Nov 2018 20:59:20 -0800 (PST)
Received: from [172.20.10.2] (mobile-166-137-219-138.mycingular.net [166.137.219.138]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id wAU4xIBS045024 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 29 Nov 2018 22:59:19 -0600 (CST) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host mobile-166-137-219-138.mycingular.net [166.137.219.138] claimed to be [172.20.10.2]
From: Ben Campbell <ben@nostrum.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_C0C8E037-5A85-4F14-A94C-3EA32107A64F"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 12.1 \(3445.101.1\))
Message-Id: <34AC90DD-12D6-4F34-B2A0-A1BB4D66A701@nostrum.com>
Date: Thu, 29 Nov 2018 22:57:09 -0600
Cc: sipcore@ietf.org, sipcore-chairs@ietf.org
To: draft-ietf-sipcore-reason-q850-loc.all@ietf.org
X-Mailer: Apple Mail (2.3445.101.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/2bLdrSCmgS80B1IYaQ_-Ovx1W8M>
Subject: [sipcore] AD Evaluation of draft-ietf-sipcore-reason-q850-loc-04
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2018 04:59:26 -0000

Hi,

This is my AD evaluation of draft-ietf-sipcore-reason-q850-loc-04. I have some substantive and editorial comments that I would like to resolve prior to IETF last call.

Thanks!

Ben.
--------------------------

*** Substantive Comments ***

§3: “open to be used by any other network”
That would really mean “any other network that includes ISUP interworking gateways and uses Q.850 reason codes”, right?

§4:
- Figure 1: Is it possible the Q.850 location code list will ever change? if so, how will this list stay in sync? 3326 just referenced Q.850 for the reason codes; can this do the same?

- “Thus other values are not within the scope of this document.”
I’m not sure what that means. Are non-listed values forbidden? Undefined? Are they defined in _other_ documents?

- "Depending on the direction the UAC or UAS shall include the location...”
I’m not sure what that means. Does it mean “Depending on whether the message is a request or a response”?

Also, is that “shall” intended as normative?  (I suggest it not, since I assume inserting the location is optional.) Would it make sense to just say “... the UAC or UAS includes the location...”?

§6 and §7:

Unfortunately, RFC 3326 contains no privacy considerations at all, so we really can’t say that this doesn’t change them. The expectation for privacy considerations has changed since that RFC was published. I think this document does need to describe any privacy considerations that  the combination of a Q.850 reason code and location might have.

For example, can an intermediary learn anything about the end user behavior by examining them that it couldn’t learn otherwise? The answer might well be “no”, but the draft should explain the reasoning behind that.

Similarly unfortunately, the security considerations in RFC 3326 did not address ISUP interworking. Could an attacker do anything destructive or useful to the attacker by monitoring or tampering with Q.850 location information in a SIP message?

§9.1: The Header Fields Parameter sub registry also needs the “Predetermined Values” and “Reference” column filled in . I assume those values are “Yes”, and “RFCXXXX” (with XXXX replaced with the assigned RFC number), respectively.


*** Editorial Comments ***

- Header: The Updates field should just say “Updates: 3326”.

- Abstract: Please mention the update in the abstract.

§1:
- Please add a sentence of two to explain what “reason of release” means. (Should that be “reason for release”?) I know that’s in 3326--it doesn’t need detail here, but it needs enough for people to realize what you are talking about.

- 2nd sentence: The antecedent of “It” is ambiguous.

- “does specify” -> “specifies”

- The last sentence seems like a non sequitur, since this is the first mention of location. Perhaps the previous sentence could say''..., but not the Q.850 location information.

- The draft needs to elaborate on the what Q.850 represents. Otherwise, reviewers are going to assume location in the geolocation sense, and get really worried about privacy issues.

§2: Please use the new boilerplate from RFC8174, unless there is a specific reason not to.

§4:
- 2nd paragraph: s/“The mechanism employed”/“This specification “

- The second sentence has redundant Q.850 citations.

-2nd to last paragraph, "This approach is only valid in cases when the ISUP [Q.850] ocation is available.” I suspect “invalid” should be “possible” or something to that effect.

- last paragraph, “in other cases the location, if present, MUST be ignored”: I suggest “Other values MUST be ignored if present."

§5:
- First paragraph:
s/“... set up... ”/ “...sent...”
s/“... set to 1 meaning ...”/“... set to 1, meaning ..."

v2.23.0 | Report a Bug | By Email