Re: [sipcore] AD review: draft-ietf-sipcore-keep-08

Robert Sparks <rjsparks@nostrum.com> Mon, 29 November 2010 16:11 UTC

Return-Path: <rjsparks@nostrum.com>
X-Original-To: sipcore@core3.amsl.com
Delivered-To: sipcore@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 892C128C0EF for <sipcore@core3.amsl.com>; Mon, 29 Nov 2010 08:11:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.842
X-Spam-Level:
X-Spam-Status: No, score=-100.842 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FR_3TAG_3TAG=1.758, SPF_PASS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ePfMm6fY8K1x for <sipcore@core3.amsl.com>; Mon, 29 Nov 2010 08:11:02 -0800 (PST)
Received: from nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by core3.amsl.com (Postfix) with ESMTP id EA8233A6BCC for <sipcore@ietf.org>; Mon, 29 Nov 2010 08:11:00 -0800 (PST)
Received: from dn3-177.estacado.net (vicuna-alt.estacado.net [75.53.54.121]) (authenticated bits=0) by nostrum.com (8.14.3/8.14.3) with ESMTP id oATGC6MA062506 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 29 Nov 2010 10:12:07 -0600 (CST) (envelope-from rjsparks@nostrum.com)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset=us-ascii
From: Robert Sparks <rjsparks@nostrum.com>
In-Reply-To: <224F5CB1ECAB2C45BC64065AFD0339650406B5FC94@ESESSCMS0356.eemea.ericsson.se>
Date: Mon, 29 Nov 2010 10:12:05 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <A735E2E0-5661-4234-ADB2-378114412876@nostrum.com>
References: <4892E0CC-52C7-4422-A5DA-C6A7553A4053@nostrum.com> <224F5CB1ECAB2C45BC64065AFD0339650406B5FC94@ESESSCMS0356.eemea.ericsson.se>
To: Christer Holmberg <christer.holmberg@ericsson.com>
X-Mailer: Apple Mail (2.1082)
Received-SPF: pass (nostrum.com: 75.53.54.121 is authenticated by a trusted mechanism)
Cc: SIPCORE <sipcore@ietf.org>
Subject: Re: [sipcore] AD review: draft-ietf-sipcore-keep-08
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Nov 2010 16:11:03 -0000

On Nov 24, 2010, at 1:19 PM, Christer Holmberg wrote:

> 
> Hi Robert,
> 
> Comments inline ([CHH])
> 
>> Summary: Revised ID needed
>> 
>> The text needs to be adjusted to reflect the security issue I 
>> called out in a separate message to the list today.
>> During that adjustment, there are a few other places to 
>> consider making changes:
> 
> [CHH] See other thread.
> 
> ------
> 
>> * Section 4.4, second paragraph "The parameter can contain" 
>> is confusing - it could be read to imply that the parameter 
>> can contain other things as well. I suggest rewriting this 
>> sentence as "The parameter value, if present, represents a 
>> recommended keep-alive frequency..."
> 
> [CHH] Done.
> 
> "The parameter value, if present and with a value other than zero, represents a recommended keep-alive frequency, given in seconds."
> 
> 
> -------
> 
>> * The document talks about invoking keep for INVITE initiated 
>> dialogs, but not about SUBSCRIBE initiated dialogs. Was it the 
>> intent to not allow the use of the mechanism for SUBSCRIBE initiated 
>> dialogs?
> 
> [CHH] The intent was to allow it for INVITE initiaded dialogs.
> 
> I can't remember any technical reasons why keep could not be applied also to SUB dialogs. Nobody has ever requested it, however.
> 
> 
> -------
> 
>> * Section 4.4 talks about normative server behavior for using 
>> this mechanism with INVITE initiated dialogs.
>> where is the companion set of normative requirements for 
>> using the mechanism to keep alive a REGISTRATION
>> flow?
> 
> [CHH] The 2nd paragraph is the generic rule, which covers both INVITE and REGISTER.
> 
> The 3rd paragraph is an addition that covers the case where multiple responses are sent to a request, which is INVITE specific.
> 
> But, maybe to make it more clear, and based on your comment on section 5 (see further down), I could rewrite the 3rd paragraph:
> 
> "There might be multiple responses to an INVITE request.
> When a SIP entity indicates willingness to receive keep-alives in a
> response to an INVITE request, it MUST add a parameter value to the 
> "keep" parameter in at least one reliable response to the request. The SIP entity MAY
> add identical parameter values  to the "keep" parameters in other responses to the
> same request.  The SIP entity MUST NOT add different parameter value to the "keep" 
> parameters in responses to the same request. The SIP entity SHOULD indicate 
> the willingness to receive keep-alives as soon as possible."

This text is better, but it uncovers another issue. For these keep-alives associated with
a dialog, you need to adjust the text to reflect responses _in that dialog_. In the presence
of forking, you may have multiple 183s from different branches (or multiple 200 OKs from
different branches. If the keep-alive activity is intended to be associated with the dialogs
(which is what I think the text is currently trying to do), you need to adjust to note that the
element needs to include its keep value as early as possible on each dialog, and note that
the keep-alive messages will be sent reflecting each dialog that was set up.

An alternative is to negotiate one keepalive stream per 5-tuple, using a reference count
(you stop when the last dialog using the 5-tuple terminates), but that seems pretty error-prone.

> 
> 
> The same editorial change would also be done in section 3:
> 
> ""keep" parameter: A SIP Via header field parameter that a SIP entity
> can insert in its Via header field of a request to explicitly
> indicate willingness to send keep-alives towards its adjacent
> downstream SIP entity.  A SIP entity can add a parameter value to 
> the "keep" parameter in a response to explicitly indicate willingness to 
> receive keep-alives from its adjacent upstream SIP entity."
> 
> ------- 
> 
>> *  In several places, the document refers to an element 
>> inspecting "its" Via header. This is imprecise and will
>> lead to arguments among implementers. I suggest 
>> explicitly calling out "the topmost Via header field value"
>> and being very specific about when you are talking about a 
>> message being received or a message being sent.
> 
> [CHH] I will look into that.
> 
> -------
> 
>> * In section 5's fourth paragraph, it would help avoid 
>> confusion  to say "adds a value the a 'keep' parameter to
>> indicate willingness" instead of "uses the 'keep' parameter...".
> 
> [CHH] Done.
> 
> "If a SIP entity that adds a parameter value to the "keep" parameter, in order to indicate willingness to receive keep-alives, also inserts..."
> 
> -------
> 
>> *In the last sentence of Section 5 - what value is "without 
>> forcing entities to re-write the value of Flow-Timer header 
>> field" adding? I suggest deleting the phrase.
> 
> [CHH] Done.
> 
> -------
> 
>> * Section 6's first paragraph says "Entities that want to 
>> reuse connections MUST use a another mechanism".
>> (Note the spurious 'a'). Why is this a 2119 MUST? I 
>> suggest saying "would need to" instead.
> 
> [CHH] Done. 
> 
> The reason behind the "MUST" was to clearly indicate that keep as such is not a connection reuse mechanism.

That's an incorrect use of the 2119 term. 
I can't test implementation of that requirement - there's no way to account for it in an interoperability report, and there's
no good reference to what an implementer would need to read in order to satisfy the requirement. You are really just
trying to say this mechanism doesn't provide connection reuse. Just say that.


> 
> -------
> 
>> * The first sentence in 7.4 would be better if it said Figure 
>> 3 instead of "The figure". The end of the first
>> paragraph has a spurious period.
> 
> [CHH] Done.
> 
> -------
> 
>> * All of the examples showing Via header fields use a 
>> shorthand, pseudo-code style representation of the
>> header field format. It would be good to explicitly note 
>> that in the document. It would be better to provide
>> one example that was syntactically correct.
> 
> [CHH] I assume you mean that, instead of "Via:UAC" and "Via:P1" I would use something like "Via:uac.operator.com" and "Via:p1.operator.com"?
> 
> Personally I think it's more clear to use pseudo-style (as the example is not supposed to be teach-yourself-SIP), but I can change according to your suggestion.
I'll respond to this through your followup message.

> 
> -------
> 
>> * In Section 10's section paragraph. I suggest that you be 
>> explicit that you are talking about hop-by-hop
>> integrity protection (calling out TLS or DTLS), to avoid 
>> confusion with end-to-end integrity protection
>> mechanisms (S/MIME) which will not help this case.
> 
> [CHH] I suggest the follwoing change (<new></new>):
> 
> "Unless SIP messages are integrity protected <new>hop-by-hop (e.g. using TLS or DTLS)</new>, 
> a man-in-the-middle can modify Via header fields...."
> 
> -------
> 
>> * In section 10's third paragraph, you call out "(at high 
>> rates)". This is potentially misleading - the rates
>> are at the highest somewhere just under once a second. I 
>> suggest replacing "(at high rates)" with
>> "(up to approximately once a second)".
> 
> [CHH] Done.
> 
> -------
> 
> Thank You for reviewing the document!
> 
> Regards,
> 
> Christer