Re: [Stox] Comments on stox-chat-09

Peter Saint-Andre - &yet <peter@andyet.net> Thu, 12 February 2015 03:35 UTC

Return-Path: <peter@andyet.net>
X-Original-To: stox@ietfa.amsl.com
Delivered-To: stox@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E1861A1EEC for <stox@ietfa.amsl.com>; Wed, 11 Feb 2015 19:35:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tY1wgPAiVJWu for <stox@ietfa.amsl.com>; Wed, 11 Feb 2015 19:35:36 -0800 (PST)
Received: from mail-ig0-f174.google.com (mail-ig0-f174.google.com [209.85.213.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9951D1A1BED for <stox@ietf.org>; Wed, 11 Feb 2015 19:35:36 -0800 (PST)
Received: by mail-ig0-f174.google.com with SMTP id b16so1251467igk.1 for <stox@ietf.org>; Wed, 11 Feb 2015 19:35:36 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=hatISataf0LqVhbhBcxlLqzy8bNNYBicqExx7HH0wWA=; b=fuQuYkQyFcxpCTh9eMwNapGikGjrY3F8jtWLMb0ofwGgKKurTVC48o96b/tmew7mDb dC9fMtdTbU2px4/nMdQMM9tIeNvu1ambxoPTkzk1A/gB9UW68mtKXVijO/IPzNK8MNI7 3Fy5fWowC45l0AD6q9icLCMvCXXWAY+Y7tSV5Nke3jcSWqp9PsA04rD1rqppbD0ZYXhy UhzCefQTH2m9r0Edvugv1hBtnggmjGZOSxNFMw8vAKNeLxq8AiQFWMDfijMTaXrrzmeJ eQlN5rw9f8CimsMPrB9o8sjzwuxy+u4vjXFIOH3mFph/8H00E2IECWUEh823R7dGetSy 16aw==
X-Gm-Message-State: ALoCoQkSWrhMD8ke0BIZTegzSd0LwR1g84dMOOeiPOVyll4agBWBSJ9xk77ABw/Jvou525LKwaAu
X-Received: by 10.50.39.112 with SMTP id o16mr1522395igk.0.1423712136049; Wed, 11 Feb 2015 19:35:36 -0800 (PST)
Received: from aither.local (c-73-34-202-214.hsd1.co.comcast.net. [73.34.202.214]) by mx.google.com with ESMTPSA id a125sm1679363ioa.40.2015.02.11.19.35.34 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 Feb 2015 19:35:35 -0800 (PST)
Message-ID: <54DC1F86.6020709@andyet.net>
Date: Wed, 11 Feb 2015 20:35:34 -0700
From: Peter Saint-Andre - &yet <peter@andyet.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Ben Campbell <ben@nostrum.com>, Alissa Cooper <alissa@cooperw.in>
References: <10EF4B6B-A78E-4714-8E0F-84B985456266@nostrum.com>
In-Reply-To: <10EF4B6B-A78E-4714-8E0F-84B985456266@nostrum.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/stox/uaAiVZod5GiCmhj4JYUrWXGYECg>
Cc: stox@ietf.org
Subject: Re: [Stox] Comments on stox-chat-09
X-BeenThere: stox@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SIP-TO-XMPP Working Group discussion list <stox.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stox>, <mailto:stox-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stox/>
List-Post: <mailto:stox@ietf.org>
List-Help: <mailto:stox-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stox>, <mailto:stox-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Feb 2015 03:35:41 -0000

On 2/9/15 3:59 PM, Ben Campbell wrote:
> (Resending to include STOX list) (No hats yet)
>
> Hi Peter and Alissa,
>
> I've looked over draft-ietf-stox-chat-09. It looks mostly good, but
> there are still a few issues.
>
> Thanks!
>
> /Ben
>
> ----------------------------
>
> MSRP Failure-Report headers:
>
> The examples assume the MSRP Failure-Report header field is set to
> no. It's missing from the first SEND, but explicitly set to no in the
> rest. The responses to SEND requests are left off throughout. This is
> allowed, but non-default behavior for MSRP. If the intent is to set
> Failure-Report: no, it would be good to say a few words about it. If
> the intent is to leave that to the implementation, then I would
> expect the examples to follow the defaults.

As I see it:

Because the XMPP message receipts specification (XEP-0184) does not 
support failure reports, there is no mapping for the MSRP Failure-Report 
header field and gateways SHOULD set that header field to "no".

> SIP Response From/To:
>
> The SIP responses swap the From and To from the associated requests.
> This is not correct, To and From of a SIP response matches the To and
> From of the original request. (More to the point, the To and From in
> a response do not change to indicate the direction of the response
> message.) I note that the groupchat draft had this issue at one
> point, but it's been fixed.

Noted. Will fix.

> Session Termination
>
> I would like to see a little more prominent discussion about when the
> XMPP side might terminate a session. It's mentioned in the
> "Composing" section, but that seems to bury an important concept. I
> note both primary examples show the SIP side terminating the
> session--it would be nice to see one of those examples let the XMPP
> side do it.  (Is the "gone" composing state the only way this would
> happen?)

There is no concept of an explicit messaging session in RFC 6121: the 
conversation just trails off. The "gone" state is the only way to 
indicate that the session is over, but that's not defined in RFC 6121.

> SIP CSeq:
>
> CSeq is missing from most SIP requests, except oddly for BYE
> requests.

Are you saying that CSeq is typically not included in SIP requests (even 
in dialogs) per the specs, or that we have mistakenly left them off 
here? I think the latter, but I want to make sure.

> (And note that the CSeq of a BYE, sent by the peer that
> initiated the INVITE, would never be "1")

True.

> Security Considerations, last sentence:
>
> The text non-normatively "suggests" the use of RFC3862 for end-to-end
> protection. That seems to want to have it both ways (non-normative
> and recommended) . I suggest either making that normative, or
> reducing the strength to say RFC3862 could be used for this purpose.
> (I realize we do this all the time with "ought to", but it seems like
> we need a sharper line for something like e2e crypto.)

See previous reply about the -im document.

Peter

-- 
Peter Saint-Andre
https://andyet.com/