Re: [Sipping] Working Group Last Call -- draft-ietf-sipping-nai-reqs
Jonathan Rosenberg <jdrosen@dynamicsoft.com> Fri, 31 May 2002 19:38 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA00158 for <sipping-archive@odin.ietf.org>; Fri, 31 May 2002 15:38:19 -0400 (EDT)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id PAA29815 for sipping-archive@odin.ietf.org; Fri, 31 May 2002 15:38:47 -0400 (EDT)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id PAA28470; Fri, 31 May 2002 15:16:03 -0400 (EDT)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id PAA28440 for <sipping@ns.ietf.org>; Fri, 31 May 2002 15:16:01 -0400 (EDT)
Received: from mail3.dynamicsoft.com ([63.113.44.69]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA28018 for <sipping@ietf.org>; Fri, 31 May 2002 15:15:33 -0400 (EDT)
Received: from dynamicsoft.com ([63.113.46.54]) by mail3.dynamicsoft.com (8.12.1/8.12.1) with ESMTP id g4VJGoYH028702; Fri, 31 May 2002 15:16:50 -0400 (EDT)
Message-ID: <3CF7CBC1.BE268E21@dynamicsoft.com>
Date: Fri, 31 May 2002 15:15:13 -0400
From: Jonathan Rosenberg <jdrosen@dynamicsoft.com>
Organization: dynamicsoft
X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Dean Willis <dwillis@dynamicsoft.com>
CC: sipping@ietf.org, Mark Watson <mwatson@nortelnetworks.com>, rohan@cisco.com, "Jon Peterson (jon.peterson@NeuStar.com)" <jon.peterson@neustar.biz>, brian.rosen@marconi.com
Subject: Re: [Sipping] Working Group Last Call -- draft-ietf-sipping-nai-reqs
References: <00d301c20688$158a76b0$1d036e3f@TXDWILLIS2>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Content-Transfer-Encoding: 8bit
Sender: sipping-admin@ietf.org
Errors-To: sipping-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: SIPPING Working Group (applications of SIP) <sipping.ietf.org>
X-BeenThere: sipping@ietf.org
Content-Transfer-Encoding: 8bit
Comments: > An Identity, for the purposes of this draft, is a URI, and optionally > a Display Name. The URI MUST be meaningful to the domain identified > in the URI when used as a SIP Request-URI. This is a vague definition. What is meaningful? That it routes to the user? That it is resolvable based on draft-ietf-sip-srv? Also, the text explicitly mentions a domain in the URI, which would rule out a tel URL. Is that intentional? I doubt it, given that tel URL is mentioned later on? > A Network Asserted Identity is an identity derived by a SIP network > entity as a result of an authentication process. I think this is a slippery definition when the identity is a tel URL. When an NAI contains a tel URL, does that imply that the trust domain owns that number, and has validated through digest, for example, that the user is the one that was given the number by the trust domain? Or, does it imply that the trust domain might not own the number (for example, its my home phone number), and they have authenticated that I'm jdrosen@example.com, but know that my home phone number is tel:XXX as a result of some administrative process? BIG difference. > It shall be possible for a UA to provide a preferred identity to the > network intermediary, which MAY be used to inform the generation of > the Network Asserted Identity according to the policies of the Trust > Domain. s/shall/SHALL > If a node, A, within the Trust Domain, is trusted by a node, B, > outside the Trust Domain, then it shall be possible for A to securely > send a Network Asserted Identity to B. I'd like to temper this with the qualifier "if allowed by the privacy policies of the user that has been identified, and the trust domain". The following two requirements (on hints) appear to be inconsistent: > It shall be possible for a UA to provide a preferred identity to the > network intermediary, which MAY be used to inform the generation of > the Network Asserted Identity according to the policies of the Trust > Domain. and: > Each party shall have at most one Network Asserted Identity. Perhaps you mean that a message can't carry more than one identity, even though the user may have more than one? In any case, you need strong language above, like "Each party SHOULD NOT have more than one NAI" > The means by which any privacy requirements in respect of the Network > Asserted Identity are determined are outside the scope of this draft. "in respect" doesn't seem to belong in the sentence above. > It shall be possible to indicate that a Network Asserted Identity is > subject to a privacy requirement which prevents it being passed to > other users. possible for whom to indicate to whom where? I assume you mean "It MUST be possible for the orignator of a message to indicate to the trusted domain that its network asserted identity is subject to a privacy requirement which prevents it from being passed to entities outside of the trust domain". Note that I have explicitly used MUST strength, and explicitly not limited the scope to users. > It shall be possible to indicate that the user has requested that the > Network Asserted Identity be not passed to other users. If there is some subtle difference between this and the previous one I have missed it. > Note that æanonymityÆ requests from users or subscribers may well > require functionality in addition to the above handling of Network > Asserted Identities. Such additional functionality is out of the > scope of this document. I know what you mean, but an example would be helpful. > 8. Next steps > > It is has been agreed to adopt draft-jennings-sipping-nai-00 [2] as a > working group item to implement the requirements of this draft. This section should be removed in preparation for going to RFC. > The requirements in this draft are NOT intended to result in a > mechanism with general applicability between arbitrary hosts on the > Internet. "NOT" is not an rfc2119 term, and SHOULD NOT be capitalized. > Such devices may be hosts on the Internet. To my knowledge, all things we talk about in the sip and sipping groups are hosts on the internet, so this is a zero entropy statement. some additional comments: you need to explicitly define spec(T). You never actually state that spec(T) is a specification compliant to the requirements in this document, and you need to. A picture illustrating the relationships would be great. Here is what I had in mind: Please view in a fixed-width font such as Courier. +------+ | | | F | | | +------+ x ..............................x......... . x . . +------+ +------+ . +------+ . | | | | . | | . | A | | B |-----.----| E | . | | | | . | | . +------+ +------+ . +------+ . \\ / . . \\ +------+ // . . \\ | | // . . \ | C |/ . . | | . . +------+ . . | Trust Domain. ........................................ | | | +------+ | | | D | | | +------+ xxxxxx Insecure connection ------ Secure connection ...... . .All boxes within the dotted line ......are part of the same trust domain With statements like: * A, B and C are part of the same trust domain * A trusts C, but A does not trust B * since E knows that B is inside of the trust domain, E trusts B, but B does not trust E * B does not trust F, F does not trust B Otherwise, looks pretty good. Formatting is odd, and there were random characters in there that didn't seem to display properly. -Jonathan R. Dean Willis wrote: > > We need to do a very fast last call on the network-asserted-identity > requirements draft. > > Please submit final comments to the list and draft editor IMMEDIATELY. > > Draft available from: > > http://www.softarmor.com/sipping/drafts/draft-ietf-sipping-nai-reqs-01.t > xt > http://www.ietf.org/internet-drafts/draft-ietf-sipping-nai-reqs-01.txt > > -- > Dean > > _______________________________________________ > Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping > This list is for NEW development of the application of SIP > Use sip-implementors@cs.columbia.edu for questions on current sip > Use sip@ietf.org for new developments of core SIP -- Jonathan D. Rosenberg, Ph.D. 72 Eagle Rock Avenue Chief Scientist First Floor dynamicsoft East Hanover, NJ 07936 jdrosen@dynamicsoft.com FAX: (973) 952-5050 http://www.jdrosen.net PH: (973) 952-5000 http://www.dynamicsoft.com _______________________________________________ Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@cs.columbia.edu for questions on current sip Use sip@ietf.org for new developments of core SIP
- [Sipping] Working Group Last Call -- draft-ietf-s… Dean Willis
- Re: [Sipping] Working Group Last Call -- draft-ie… Jonathan Rosenberg
- RE: [Sipping] Working Group Last Call -- draft-ie… Dean Willis
- Re: [Sipping] Working Group Last Call -- draft-ie… Rohan Mahy
- Re: [Sipping] Working Group Last Call -- draft-ie… Jonathan Rosenberg
- Re: [Sipping] Working Group Last Call -- draft-ie… Michael Hammer
- Re: [Sipping] Working Group Last Call -- draft-ie… Jonathan Rosenberg