[Sipping] Minor and editorial comments on draft-iab-nat-traversal-considerations-00
Philip Matthews <matthews@nimcatnetworks.com> Tue, 15 March 2005 23:30 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA03718 for <sipping-web-archive@ietf.org>; Tue, 15 Mar 2005 18:30:47 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DBLYr-0000AV-7K for sipping-web-archive@ietf.org; Tue, 15 Mar 2005 18:34:53 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DBLQn-0006mB-Ta; Tue, 15 Mar 2005 18:26:33 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DBLQn-0006m6-0W for sipping@megatron.ietf.org; Tue, 15 Mar 2005 18:26:33 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA03221 for <sipping@ietf.org>; Tue, 15 Mar 2005 18:26:30 -0500 (EST)
Received: from 209-87-230-250.storm.ca ([209.87.230.250] helo=mail.nimcat.corp) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DBLUh-0008Ro-Tm for sipping@ietf.org; Tue, 15 Mar 2005 18:30:36 -0500
Received: from [192.168.1.205] (ibm1 [192.168.1.205] (may be forged)) by mail.nimcat.corp (8.12.8/8.12.8) with ESMTP id j2FNQGfm020870; Tue, 15 Mar 2005 18:26:17 -0500
Message-ID: <42377099.40007@nimcatnetworks.com>
Date: Tue, 15 Mar 2005 18:32:41 -0500
From: Philip Matthews <matthews@nimcatnetworks.com>
Organization: Nimcat Networks
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Jonathan Rosenberg <jdrosen@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.2 (/)
X-Scan-Signature: b132cb3ed2d4be2017585bf6859e1ede
Content-Transfer-Encoding: 7bit
Cc: sipping@ietf.org
Subject: [Sipping] Minor and editorial comments on draft-iab-nat-traversal-considerations-00
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Sender: sipping-bounces@ietf.org
Errors-To: sipping-bounces@ietf.org
X-Spam-Score: 0.2 (/)
X-Scan-Signature: b22590c27682ace61775ee7b453b40d3
Content-Transfer-Encoding: 7bit
http://www.ietf.org/internet-drafts/draft-iab-nat-traversal-considerations-00.txt Jonathan: Here are some minor and editorial comments on this document. In a separate e-mail message, I will post my one major comment. - Philip MINOR COMMENTS *) The terminology and discussion in this document is mostly oriented towards client-server applications. However, on close reading, it seems that much of the discussion is also applicable to peer-to-peer applications. (For example, Figure 1 does show a line between clients, so reading "peer" for "client" makes it applicable to peer-to-peer work). It would be nice if the terminology and discussion could be changed slightly to make this wider applicability more obvious. *) In a number of places, this document uses the term "Service Provider". To me the term "Service Provider" in an IETF document is a synonym for "Internet Service Provider", and in the context of this draft I automatically think of the ISP that is providing a client with access to the Internet. However, the document seems to use the term "Service Provider" to mean the organization that controls the servers shown in Figure 1. I suggest the document just say "the organization controlling the servers" and shorten this to "server manager" where necessary. *) Mostly the document says "the NAT" or "a NAT" to mean a box, but at times it says just "NAT" to mean the technology. I suggest the document uses "NAT" to mean the box, and "Network Address Translation" to refer to the technology. *) [Section 3.2] The long discussion of TURN in comparison to the very short discussion of STUN and Teredo seems odd and out-of-place. A one-sentence description of TURN with a reference would seem more appropriate. *) [Section 3.3] In the description of an SBC, you may wish to clarify that an SBC looks at addresses and ports in the received IP/TCP/UDP header rather than the addresses and ports in the SIP message headers. *) [Section 3.3] The document says "... making the SIP network look more like a pure client/server network". Rather than what? I believe you mean "... rather than a pure peer-to-peer SIP network". If so, I suggest you should either explain why this is interested or important, or just drop the entire comment altogether. *) [Section 3.6] Could you give examples of protocols engineered to traverse NATs? *) [Section 4.1.1] "... IP addresses or domain names ... are exactly the parts of the message that are the most critical to protect." I don't agree that these are the most critical to protect in every case. For example, if I am worried about protecting my SIP call, personally I would first encrypt the media stream, and only then would I try to ensure the media stream went to the right place. And similarly with e-mail. I suggest you simply delete the words "... the most ...". *) [Section 4.1.1] You may wish to mention the problem of a message being delivered to the wrong host. For example, section 2.4 of draft-ford-behave-app-00 gives an example of this, and I suspect that examples of how NATs can misroute packets in certain race conditions can also be constructed. These are not really attacks, but they have a similar effect. *) [Section 4.1.1] It would be nice to see a justification for the statements in the last paragraph of this section. *) [Section 4.1.2] I found the discussion in paragraphs 3 onward difficult to follow. First of all, it took me a while to understand that the references to "... these attacks ..." in various paragraphs are all referring back to the attacks documented in RFC 3489. Second, since I had not read this RFC, the discussion was very cryptic. To make this document more self-contained, I suggest you give a brief summary of these attacks. *) [Section 4.3] This section talks about the visibility that a service provider has into problems. But users and the administrator of the network behind the NAT also want visibility into problems! This is especially true for peer-to-peer applications, but is also true for client-server applications. (I suspect that simply removing references to "service provider" would make much of the discussion in this section more general.) EDITORIAL COMMENTS *) [Section 1, 3rd PP] "... selection of general technique ...". Missing "a". *) [Section 1, 4th PP] "... a matching outbound communications ...". Remove the "s". *) [Section 2, first PP after Figure 1] "... is shown in Figure 1 In this model, ...". Missing ".". *) [Section 3.1, first PP] "RFC ... defines an Application Layer Gateway as ... translation agents ...". Singular/plural mismatch. *) [Section 4.1.1, 1st PP] "... assumes uniquess ...". Misspelled "uniqueness". *) [Section 4.1.1, Eavesdropping PP] "the attacker can modify ... to point to themselves". Singular/plural mismatch. *) [Section 4.1.1, Service Disruption PP] "... this will likely disrupt operation of the protocol, ...". Suggest inserting "the" before "operation". *) [Section 4.1.1, Service Disruption PP] "... the client receives no service.". Suggest rewording as "... the client does not receive any service". *) [Section 4.1.1, 2nd PP on page 10] "... as opposed to in the clients ...". Suggest inserting the word "residing" between "to" and "in". *) [Section 4.1.2, 1st PP] "... another class of attacks are possible depending on the way in which the traversal technique ...". Suggest replacing with "... another class of attacks depend on the way the traversal technique ..." *) [Section 4.4, 3rd PP] "... less brittle. service providers ...". Missing initial capital letter. _______________________________________________ Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@cs.columbia.edu for questions on current sip Use sip@ietf.org for new developments of core SIP
- [Sipping] Minor and editorial comments on draft-i… Philip Matthews