[sipcore] AD Review: draft-ietf-sipcore-locparam

Adam Roach <adam@nostrum.com> Mon, 13 January 2020 23:31 UTC

Return-Path: <adam@nostrum.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BB6B120128; Mon, 13 Jan 2020 15:31:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.404
X-Spam-Level:
X-Spam-Status: No, score=-1.404 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, KHOP_HELO_FCRDNS=0.276, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 48BlEKoCWmDC; Mon, 13 Jan 2020 15:31:49 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BEBE1200E3; Mon, 13 Jan 2020 15:31:49 -0800 (PST)
Received: from Svantevit.local (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id 00DNVkH3087148 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 13 Jan 2020 17:31:48 -0600 (CST) (envelope-from adam@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1578958308; bh=eXxTUJjjVe60buFqFHkuJzwwd4oo3ObZGEPtcTCnTy8=; h=From:Subject:To:Cc:Date; b=D0Lt1tgnwaOklRZkjf2ubmrtYafKiurZjt4XigJymuRwa7aZMSuKCsvEHOUfKsk3u TbxwKDeEko/0DanX8qCdH3LX9EHenpJhR4GcQILJyAgh+JdbZTxOZZxO+1jdhPxD6Y v8/0qdcXdUFwKZsIEo4ypGRq8RYZeoFB1H6mo+0w=
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be Svantevit.local
From: Adam Roach <adam@nostrum.com>
To: draft-ietf-sipcore-locparam.all@ietf.org
Cc: "'SIPCORE'" <sipcore@ietf.org>
Message-ID: <fa9fde28-8366-3b05-cbf7-69623b2f8b08@nostrum.com>
Date: Mon, 13 Jan 2020 17:31:41 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/mmN_2ldrKDkRtzW9iH_EocTkSuY>
Subject: [sipcore] AD Review: draft-ietf-sipcore-locparam
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jan 2020 23:31:50 -0000

This is my AD review of draft-ietf-sipcore-locparam. Thanks for the work
that went into creating this document. I find no serious issues, and will
be requesting IETF last call momentarily.

I have included a small number of editorial suggestions below. Please
treat them the same as you would any other IETF last call comments.


---------------------------------------------------------------------------

§1:

>    These solutions don't preclude the use of UE provided location but

Nit: "UE-provided"

>    "loc-src"."How the entity adding the locationValue to the header

Nit: extra quotation mark before "How"

---------------------------------------------------------------------------

§3:

>     All of them allow the UE to provide location information, however,

Nit: "...information; however..."

---------------------------------------------------------------------------

§3:

>    The "loc-src" parameter adds the location source generating the
>    locationValue to increase the trustworthiness of the location
>    information.

Given that this mechanism doesn't add any authentication mechanisms,
I expect that this assertion will raise some eyebrows with the
security folks. From a security perspective, the information appears
to be exactly as trustworthy as it is without this mechanism.

I recommend that this sentence be struck, or changed to something more
along the lines of: "...to allow recipients to make informed decisions
about which of multiple values to use."

---------------------------------------------------------------------------

§7:

>    As already stated in [RFC6442] securing the location hop- by-hop,

Nit: "stated in [RFC6442], securing..."

Nit: "...hop-by-hop..."

>     between the domains.  If such trust domain is not given it is

Nit: "...is not given, it is..."

---------------------------------------------------------------------------