Re: [sipcore] AD review: draft-ietf-sipcore-event-rate-control-03

[<krisztian.kiss@nokia.com>]

Hi,

Inline:

-----Original Message-----
From: ext Robert Sparks [mailto:rjsparks@nostrum.com] 
Sent: 2010. július 13. 14:33
To: Kiss Krisztian (Nokia-CD/MtView)
Cc: sipcore@ietf.org
Subject: Re: [sipcore] AD review: draft-ietf-sipcore-event-rate-control-03

inline:

On Jul 12, 2010, at 7:13 PM, krisztian.kiss@nokia.com wrote:

> Hi Robert,
> 
> I submitted the -04 version today addressing your comments: http://www.ietf.org/id/draft-ietf-sipcore-event-rate-control-04.txt 
> 
> Please find my answers in-line with [KK]:
> 
> -----Original Message-----
> From: sipcore-bounces@ietf.org [mailto:sipcore-bounces@ietf.org] On Behalf Of ext Robert Sparks
> Sent: 2010. június 10. 13:14
> To: SIPCORE
> Subject: [sipcore] AD review: draft-ietf-sipcore-event-rate-control-03
> 
> Summary: This draft has a few adjustments that are needed before moving it into IETF Last Call.
> 
> Major question:
> 
> Why isn't this an Update to 3265? 
> 
> [KK] It's an extension to 3265. Implementations of 3265 not interested in rate control don't need to implement it. If people think it's an essential part of event-notifications, we could make it as an update of 3265. Any recommendations?

We have a separate thread going for this one.

> 
> Is there text here that prevents a subscriber
> from generating Event headers in 200 OKs to NOTIFYs mid-subscription (when he
> didn't probe for support using the SUBSCRIBE?) How would they know the request
> got honored?  The possibility of running into implementations that break should
> be called out.  
> 
> [KK] I added text in -04 to address this: 
> Section 4.1: "If the Event header field of the SUBSCRIBE request did not include the "min-interval" parameter, the subscriber MUST NOT include an initial value of the "min-interval" Event header field parameter in a 200-class response to the NOTIFY request." 
> Section 4.2: "If the Event header field of the SUBSCRIBE request did not include the "min-interval" parameter, the notifier MUST ignore an initial value of the "min-interval" Event header field parameter in a 200-class response to the NOTIFY request, if present."
> ...and similar text covering max-interval and average-interval mechanisms.

So, which SUBSCRIBE? I think you mean the most recent SUBSCRIBE request received on this dialog (and not just the initial SUBSCRIBE)?

[KK2] Yes, I mean the most recent SUBSCRIBE. 

> 
> 4.2 indicates the subscriber only gets a "hint" about support
> for rate-control in the notifier - is the condition it describes really only a
> hint?
> 
> [KK] Replaced "serves as a hint" with "indicates".
> 
> In several places, the notifier is given permission to adjust an interval based
> on local policy.  The document should be explicit about allowing the adjustment
> in any direction (increasing or decreasing) since there are so many other uses
> of intervals in SIP and SIP Events that allow adjustment only in one direction.
> A few places I noted when reading the document were the Note in REQ7, 4.3 4th
> paragraph, 5.2 paragraph 3, 6.2 paragraph 3.
> 
> [KK] I spelled out the possibility of increasing and decreasing at all of these sections you referenced.
> 
> The last paragraph of section 3.6 claims "exactly the same properties" except
> for being generated constrained to a schedule. Can you clarify which properties
> you mean? Many properties of the notifications beside their timing are clearly
> different (for instance, you may miss state transitions).
> 
> [KK] I just deleted that sentence, there was no real added value in it.
> 
> The security considerations section deserves more text: 
> * What is the forward reference from section 3.4 supposed to be pointing to?
> 
> [KK] Deleted.
> 
> * Call out the implications on a Notifier having to store/aggregate partial state
> 
> [KK] I added a reference to the security considerations listed in RFC 5263 (partial notifications).
> 
> * Note that the Event header (particularly in 200 OKs) is not integrity protected. 
>  This would allow anything that could modify the message in flight (or an 
>  eavesdropper that could race a 200 OK in) to suppress (or flood) notifications 
>  without the subscriber seeing what caused it.
> 
> [KK] I added a new paragraph on this:
> "RFC 3265 [RFC3265] recommends the integrity protection of the Event header field of SUBSCRIBE requests. Implementations of this extension SHOULD also provide integrity protection for the Event header field included in the 200-class response to the NOTIFY request."

I would still call out the attacks that are possible when it isn't integrity protected.

[KK2] OK, will add text in -05 version.

> The assertion that applying rate limiting and compression together results in
> savings as good as the sum of applying them independently should be supported
> or adjusted. I think it's sufficient to say they can be applied together.
> 
> [KK] OK, so no changes needed, right?

No, not OK. I think you misunderstood my comment.

You should either add text justifying the claim, or change the text. I propose above to change the text
to simply say they can be applied together and not make an unsupported claim about the savings being as
good as the sum of applying them together.

[KK2] I see what you mean now. I will remove the "compound savings are as good as the sum of applying each one alone" part of the sentence.

Cheers,
Krisztian