RE: [midcom] Comments on protocol evaluation draft

From daemon@optimus.ietf.org Thu Aug 1 12:55:19 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA07006 for ; Thu, 1 Aug 2002 12:55:19 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id MAA09421 for midcom-archive@odin.ietf.org; Thu, 1 Aug 2002 12:56:28 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id MAA09316; Thu, 1 Aug 2002 12:51:50 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id MAA09287 for ; Thu, 1 Aug 2002 12:51:48 -0400 (EDT) Received: from zrc2s0jx.nortelnetworks.com (zrc2s0jx.nortelnetworks.com [47.103.122.112]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA06847 for ; Thu, 1 Aug 2002 12:50:38 -0400 (EDT) Received: from zrc2c011.us.nortel.com (zrc2c011.us.nortel.com [47.103.120.51]) by zrc2s0jx.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g71GpOD15583; Thu, 1 Aug 2002 11:51:24 -0500 (CDT) Received: by zrc2c011.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Thu, 1 Aug 2002 11:51:10 -0500 Message-ID: <1B54FA3A2709D51195C800508BF9386A05A7C7F6@zrc2c000.us.nortel.com> From: "Mary Barnes" To: "'James_Renkel@3com.com'" , midcom Subject: RE: [midcom] Comments on protocol evaluation draft Date: Thu, 1 Aug 2002 11:51:10 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C2397B.A33EAEB0" Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C2397B.A33EAEB0 Content-Type: text/plain; charset="iso-8859-1" Jim, Thanks for your comments. I've delayed replying to your email in the hopes that this would generate some additional discussion, but since there has been no responses, and the deadline for feedback on the document is tomorrow (Friday, August 2nd), I thought I would respond with a somewhat constructive suggestion on how to allay some of your concerns. I have some specific responses that I've embedded below, as indicated by [MB], as well as a general proposal to add some specific text to the Overview section describing the intent of Section 3 as follows: Regards, Mary H. Barnes mbarnes@nortelnetworks.com 972-684-5432 Wireless 817-703-4806 -----Original Message----- From: James_Renkel@3com.com [mailto:James_Renkel@3com.com] Sent: Wednesday, July 31, 2002 2:36 PM To: midcom Subject: [midcom] Comments on protocol evaluation draft Middlebox experts, Overall, I think this work is great. Mary Barnes should be complimented and thanked for pulling this together. While I have a few small issues with the facts or claims in Sections 1 and 2, my real concern is with Section 3. The concern is not so much with the facts presented there, but with the way they might be interpreted *as presented there*. What the MIDCOM WG has tried to do in this protocol evaluation, and I think largely succeeded in doing, is to compare the frameworks and capabilities of a number of protocols to the MIDCOM requirements and framework (Many of the MIDCOM requirements addressed the matching of MIDCOM and protocol framework elements.). If you look at this on a MIDCOM requirement by requirement (and / or framework element by framework element basis) against the framework elements and protocol capabilities of a single protocol, there are a number of possibilities: - The protocol's framework elements and protocol capabilities match exactly (or extremely close to exactly) the MIDCOM requirement or framework element. GREAT! This is what we were looking and hoping for. - The protocol does not have any framework elements or protocol capabilities that address the MIDCOM requirement or framework element. Not so great, but, again, this is what we were looking (but not hoping) for. - The protocol's framework elements and protocol capabilities somewhat match the MIDCOM requirement or framework element. Here's where I start to have some problems. Where the match is not exact, there's two possibilities (or a combination of them): - In the individual protocol evaluation, a proposal is made to modify or extend the protocol's mandatory framework elements or protocol capabilities, or to modify optional framework elements or protocol capabilities, to match the MIDCOM requirement or framework element. From our perspective, this is good, but it may not be so good to other users of the protocol. If the protocol is single purpose with few users at this time and no guarantee of forward compatibility (e.g., RSIP), modifying the protocol ain't so bad. But if the protocol has other purposes, many users, or the guarantee of forward compatibility, this may not be so good (The implications of "other purposes" and "many users" is hopefully obvious. I'll return to the issue of guaranteed forward compatibility below.). Also, extending the protocol with optional framework elements and capabilities is probably not bad. [MB] My view would be that P+ and P should be used to distinguish between the things that could impact other users of the protocol. For example, extensions that are inline with the general intent of the original protocol, that don't cause any compatibility problems with existing uses of that protocol should be P+. However, if the extensions would impact existing users (i.e. the changes required for MIDCOM also require changes to other users of the protocol), then it should only be a P at the most. [/MB] - Alternately or in combination, a proposal is made to "think about the MIDCOM requirement or framework element in a different way" so that the match is exact or almost so. I think there's quite a bit of this going on in the protocol evaluations. Taken individually, if the proposed change in thinking is not large, this might not be bad. Taken together, if the sum of all such changed thinking for a protocol is not large, this may also be not bad. [MB] My view would be that at most these cases can only be P at most, and perhaps some of them should be Fs. I do agree that some of the evaluations erred on the liberal side. [/MB] But, if taken together the sum of all such proposals for a given protocol is large, then essentially this says that the MIDCOM framework or requirements would need some rather extensive revision to match the protocol's framework and capabilities. That's probably bad. [MB] I still think that the categories of P+ versus P helps from this perspective. [/MB] For both of the above alternatives, the protocol would have been scored as partially matching the MIDCOM requirements. But the distinction between the two alternatives is lost in the scoring, so that the count of the partial matches can not be easily evaluated as being overall good or overall bad. [MB] Per my comments above, I think the intent was for there to be a clear distinction between P and P+ for this purpose. Can you point out some of the specific ones for which you see this problem? I believe that we should all be in agreement on the P+'s. Whether some of the Ps should really be Fs is another point for discussion. [/MB] I didn't go through the exercise (and maybe I should) of marking each partial requirements match as one or the other of the above and counting the number of each alternative for each protocol, but my gut feeling is that we may have a problem here. [MB] Please do go through this exercise. P+ should all clearly be things that don't break other users. [/MB] Returning to the issue of guaranteed forward compatibility, if the proposal is to modify or extend mandatory framework elements or protocol capabilities, or to modify optional elements or capabilities, then all other users of the protocol, or its modified optional elements and capabilities, would have to support the changes that were made to the protocol for MIDCOM. Depending on the size of these changes, this may not be acceptable to the protocols other users. And we probably shouldn't consider these types of changes without those users buying into them. Again, I didn't specifically count the applicable scorings here and maybe I should have, but in this case I don't really think we have much of a problem. Another issue that I have with the whole evaluation is that it did not consider the impact of a protocol's mandatory framework elements and protocol capabilities that are *not* required by MIDCOM. The problem here is that middleboxes and agents / applications may have to support these even though they're not used. If the protocol has another simultaneous use in the middlebox or agent / application, then the impact is not so bad, in fact there may be no impact at all. But if the use of the protocol is its first use in the middlebox or agent / application, then I think we have to seriously consider this potential problem. This problem relates to, but is not exclusive to, library and source code reuse, which in general is desirable. But if the library or source code has a lot of unused capabilities, and the MIDCOM implementer can't (afford to) remove them, then this will place an unnecessary cost on implementations. [MB] I do think that the Diameter evaluation did bring forth this issue, but certainly there was no specific requirement, so it's not captured in the T/P+/P/F totals. However, it is brought out in the textual summary. I do think that some of this is brought out with the proposed changes I posted to the list for the SNMP, MEGACO and COPS descriptions in section 1. [/MB] I have no idea how to evaluate this in advance, but I have a gut feeling we may have a *real* problem here. I am certainly open to ideas on how to evaluate this in advance. But maybe we'll just have to wait for specific protocol proposals to be able to see through this issue. [MB] I don't think your alone in having some concerns about the process that the WG is using, however, per my proposal above, this document is just one piece of information that goes into the overall Protocol decision. This needs to be considered along with the semantic analysis which is underway. We had this discussion right after IETF-53, and the decision was that this document could be worked in parallel with the semantic analysis, but I think there was general agreement that the semantic analysis was an equally (and for some folks) more important part of the overall protocol decision process. [/MB] So, overall, I think the evaluation is good, but I have some issues with how the facts presented, especially the summary counts, may be interpreted. [MB] Per my comments above, the document should be explicit about P+ versus P any specific concerns should be raised. As a minimum, I'm proposing to add the text described above to ensure that the intent of Section 3 is clear. Comments expected and welcome. Jim _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom ------_=_NextPart_001_01C2397B.A33EAEB0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: [midcom] Comments on protocol evaluation draft

Jim,

Thanks for your comments. I've delayed replying = to your email in the hopes that this would generate some additional = discussion, but since there has been no responses, and the deadline for = feedback on the document is tomorrow (Friday, August 2nd), I thought I = would respond with a somewhat constructive suggestion on how to allay = some of your concerns. I have some specific responses that I've = embedded below, as indicated by [MB], as well as a general proposal to = add some specific text to the Overview section describing the intent of = Section 3 as follows:

Regards,
Mary H. Barnes
mbarnes@nortelnetworks.com
972-684-5432
Wireless 817-703-4806

-----Original Message-----
From: James_Renkel@3com.com [mailto:James_Renkel@3com.com]<= /FONT>
Sent: Wednesday, July 31, 2002 2:36 PM
To: midcom
Subject: [midcom] Comments on protocol evaluation = draft

Middlebox experts,

Overall, I think this work is great. Mary Barnes = should be complimented
and thanked for pulling this together.

While I have a few small issues with the facts or = claims in Sections
1 and 2, my real concern is with Section 3. The = concern is not so much
with the facts presented there, but with the way = they might be
interpreted *as presented there*.

What the MIDCOM WG has tried to do in this protocol = evaluation, and I
think largely succeeded in doing, is to compare the = frameworks and
capabilities of a number of protocols to the MIDCOM = requirements and
framework (Many of the MIDCOM requirements addressed = the matching of
MIDCOM and protocol framework elements.). If you = look at this on a MIDCOM
requirement by requirement (and / or framework = element by framework
element basis) against the framework elements and = protocol capabilities
of a single protocol, there are a number of = possibilities:

- The protocol's framework elements and protocol = capabilities match
exactly (or extremely close to exactly) the MIDCOM = requirement or
framework element. GREAT! This is what we were = looking and hoping for.

- The protocol does not have any framework elements = or protocol
capabilities that address the MIDCOM requirement or = framework element.
Not so great, but, again, this is what we were = looking (but not hoping)
for.

- The protocol's framework elements and protocol = capabilities somewhat
match the MIDCOM requirement or framework element. = Here's where I start
to have some problems.

Where the match is not exact, there's two = possibilities (or a
combination of them):

- In the individual protocol evaluation, a proposal = is made to modify
or extend the protocol's mandatory framework = elements or protocol
capabilities, or to modify optional framework = elements or protocol
capabilities, to match the MIDCOM requirement or = framework element.
From our perspective, this is good, but it may not = be so good to other
users of the protocol. If the protocol is single = purpose with few users
at this time and no guarantee of forward = compatibility (e.g., RSIP),
modifying the protocol ain't so bad. But if the = protocol has other
purposes, many users, or the guarantee of forward = compatibility, this
may not be so good (The implications of "other = purposes" and "many
users" is hopefully obvious. I'll return to the = issue of guaranteed
forward compatibility below.). Also, extending the = protocol with
optional framework elements and capabilities is = probably not bad.

[MB] My view would be that P+ and P should be used to = distinguish between the things that could impact other users of the = protocol. For example, extensions that are inline with the general = intent of the original protocol, that don't cause any compatibility = problems with existing uses of that protocol should be P+. = However, if the extensions would impact existing users (i.e. the = changes required for MIDCOM also require changes to other users of the = protocol), then it should only be a P at the most.

[/MB]

- Alternately or in combination, a proposal is made = to "think about the
MIDCOM requirement or framework element in a = different way" so that the
match is exact or almost so. I think there's quite a = bit of this going
on in the protocol evaluations. Taken individually, = if the proposed
change in thinking is not large, this might not be = bad. Taken together,
if the sum of all such changed thinking for a = protocol is not large,
this may also be not bad.

[MB] My view would be that at most these cases can = only be P at most, and perhaps some of them should be Fs. I do = agree that some of the evaluations erred on the liberal side. =

[/MB]

But, if taken together the sum of all such proposals = for a given
protocol is large, then essentially this says that = the MIDCOM framework
or requirements would need some rather extensive = revision to match the
protocol's framework and capabilities. That's = probably bad.
[MB] I still think that the categories of P+ versus = P helps from this perspective. [/MB]

For both of the above alternatives, the protocol = would have been scored
as partially matching the MIDCOM requirements. But = the distinction
between the two alternatives is lost in the scoring, = so that the count of
the partial matches can not be easily evaluated as = being overall good or
overall bad.

[MB] Per my comments above, I think the intent was = for there to be a clear distinction between P and P+ for this = purpose. Can you point out some of the specific ones for which = you see this problem? I believe that we should all be in = agreement on the P+'s. Whether some of the Ps should really be Fs = is another point for discussion.

[/MB]

I didn't go through the exercise (and maybe I should) = of marking each
partial requirements match as one or the other of = the above and
counting the number of each alternative for each = protocol, but my gut
feeling is that we may have a problem here.
[MB] Please do go through this exercise. P+ should = all clearly be things that don't break other users.
[/MB]

Returning to the issue of guaranteed forward = compatibility, if the
proposal is to modify or extend mandatory framework = elements or protocol
capabilities, or to modify optional elements or = capabilities, then all
other users of the protocol, or its modified = optional elements and
capabilities, would have to support the changes that = were made to the
protocol for MIDCOM. Depending on the size of these = changes, this may
not be acceptable to the protocols other users. And = we probably
shouldn't consider these types of changes without = those users buying
into them. Again, I didn't specifically count the = applicable scorings
here and maybe I should have, but in this case I = don't really think we
have much of a problem.

Another issue that I have with the whole evaluation = is that it did not
consider the impact of a protocol's mandatory = framework elements and
protocol capabilities that are *not* required by = MIDCOM. The problem
here is that middleboxes and agents / applications = may have to support
these even though they're not used. If the protocol = has another
simultaneous use in the middlebox or agent / = application, then the
impact is not so bad, in fact there may be no impact = at all. But if
the use of the protocol is its first use in the = middlebox or agent /
application, then I think we have to seriously = consider this potential
problem. This problem relates to, but is not = exclusive to, library and
source code reuse, which in general is desirable. = But if the library or
source code has a lot of unused capabilities, and = the MIDCOM implementer
can't (afford to) remove them, then this will place = an unnecessary cost
on implementations.

[MB] I do think that the Diameter evaluation did = bring forth this issue, but certainly there was no specific = requirement, so it's not captured in the T/P+/P/F totals. However, it = is brought out in the textual summary. I do think that some of = this is brought out with the proposed changes I posted to the list for = the SNMP, MEGACO and COPS descriptions in section 1.

[/MB]

I have no idea how to evaluate this in advance, but I = have a gut feeling
we may have a *real* problem here. I am certainly = open to ideas on how
to evaluate this in advance. But maybe we'll just = have to wait for
specific protocol proposals to be able to see = through this issue.

[MB] I don't think your alone in having some concerns = about the process that the WG is using, however, per my proposal above, = this document is just one piece of information that goes into the = overall Protocol decision. This needs to be considered along with = the semantic analysis which is underway. We had this discussion = right after IETF-53, and the decision was that this document could be = worked in parallel with the semantic analysis, but I think there was = general agreement that the semantic analysis was an equally (and for = some folks) more important part of the overall protocol decision = process.

[/MB]

So, overall, I think the evaluation is good, but I = have some issues with
how the facts presented, especially the summary = counts, may be
interpreted.

[MB] Per my comments above, the document should be = explicit about P+ versus P any specific concerns should be = raised. As a minimum, I'm proposing to add the text described = above to ensure that the intent of Section 3 is clear.

Comments expected and welcome.

Jim

_______________________________________________
midcom mailing list
midcom@ietf.org
https://www1.ietf.org/mailman/listinfo/midcom

------_=_NextPart_001_01C2397B.A33EAEB0-- _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Thu Aug 1 13:05:12 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA07490 for ; Thu, 1 Aug 2002 13:05:12 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id NAA10518 for midcom-archive@odin.ietf.org; Thu, 1 Aug 2002 13:06:22 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA10021; Thu, 1 Aug 2002 13:00:30 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA09921 for ; Thu, 1 Aug 2002 13:00:24 -0400 (EDT) Received: from zrc2s0jx.nortelnetworks.com (zrc2s0jx.nortelnetworks.com [47.103.122.112]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA07227 for ; Thu, 1 Aug 2002 12:59:14 -0400 (EDT) Received: from zrc2c011.us.nortel.com (zrc2c011.us.nortel.com [47.103.120.51]) by zrc2s0jx.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g71GxvD20470; Thu, 1 Aug 2002 11:59:57 -0500 (CDT) Received: by zrc2c011.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Thu, 1 Aug 2002 11:59:43 -0500 Message-ID: <1B54FA3A2709D51195C800508BF9386A05A7C7F7@zrc2c000.us.nortel.com> From: "Mary Barnes" To: "'James_Renkel@3com.com'" , "'midcom'" Subject: RE: [midcom] Comments on protocol evaluation draft Date: Thu, 1 Aug 2002 11:59:41 -0500 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Hi all, Sorry, I hit SEND too soon, before I had added the proposed text (and converted to Plain text): "Section 3 provides a summary of the evaluation. A numerical breakdown of the applicability of the requirements, to the each of the protocols, for the following categories is provided: Fully met, Partially met through the use of extensions, Partially met through other changes to the protocol, or Failing to be met. This summary is not meant to provide a conclusive statement of the suitability of the protocols, but rather to provide information to be considered as input to the protocol decision process." Mary. -----Original Message----- From: Barnes, Mary [NGC:B602:EXCH] Sent: Thursday, August 01, 2002 11:51 AM To: 'James_Renkel@3com.com'; midcom Subject: RE: [midcom] Comments on protocol evaluation draft Jim, Thanks for your comments. I've delayed replying to your email in the hopes that this would generate some additional discussion, but since there has been no responses, and the deadline for feedback on the document is tomorrow (Friday, August 2nd), I thought I would respond with a somewhat constructive suggestion on how to allay some of your concerns. I have some specific responses that I've embedded below, as indicated by [MB], as well as a general proposal to add some specific text to the Overview section describing the intent of Section 3 as follows: Regards, Mary H. Barnes mbarnes@nortelnetworks.com 972-684-5432 Wireless 817-703-4806 -----Original Message----- From: James_Renkel@3com.com [mailto:James_Renkel@3com.com] Sent: Wednesday, July 31, 2002 2:36 PM To: midcom Subject: [midcom] Comments on protocol evaluation draft Middlebox experts, Overall, I think this work is great. Mary Barnes should be complimented and thanked for pulling this together. While I have a few small issues with the facts or claims in Sections 1 and 2, my real concern is with Section 3. The concern is not so much with the facts presented there, but with the way they might be interpreted *as presented there*. What the MIDCOM WG has tried to do in this protocol evaluation, and I think largely succeeded in doing, is to compare the frameworks and capabilities of a number of protocols to the MIDCOM requirements and framework (Many of the MIDCOM requirements addressed the matching of MIDCOM and protocol framework elements.). If you look at this on a MIDCOM requirement by requirement (and / or framework element by framework element basis) against the framework elements and protocol capabilities of a single protocol, there are a number of possibilities: - The protocol's framework elements and protocol capabilities match exactly (or extremely close to exactly) the MIDCOM requirement or framework element. GREAT! This is what we were looking and hoping for. - The protocol does not have any framework elements or protocol capabilities that address the MIDCOM requirement or framework element. Not so great, but, again, this is what we were looking (but not hoping) for. - The protocol's framework elements and protocol capabilities somewhat match the MIDCOM requirement or framework element. Here's where I start to have some problems. Where the match is not exact, there's two possibilities (or a combination of them): - In the individual protocol evaluation, a proposal is made to modify or extend the protocol's mandatory framework elements or protocol capabilities, or to modify optional framework elements or protocol capabilities, to match the MIDCOM requirement or framework element. From our perspective, this is good, but it may not be so good to other users of the protocol. If the protocol is single purpose with few users at this time and no guarantee of forward compatibility (e.g., RSIP), modifying the protocol ain't so bad. But if the protocol has other purposes, many users, or the guarantee of forward compatibility, this may not be so good (The implications of "other purposes" and "many users" is hopefully obvious. I'll return to the issue of guaranteed forward compatibility below.). Also, extending the protocol with optional framework elements and capabilities is probably not bad. [MB] My view would be that P+ and P should be used to distinguish between the things that could impact other users of the protocol. For example, extensions that are inline with the general intent of the original protocol, that don't cause any compatibility problems with existing uses of that protocol should be P+. However, if the extensions would impact existing users (i.e. the changes required for MIDCOM also require changes to other users of the protocol), then it should only be a P at the most. [/MB] - Alternately or in combination, a proposal is made to "think about the MIDCOM requirement or framework element in a different way" so that the match is exact or almost so. I think there's quite a bit of this going on in the protocol evaluations. Taken individually, if the proposed change in thinking is not large, this might not be bad. Taken together, if the sum of all such changed thinking for a protocol is not large, this may also be not bad. [MB] My view would be that at most these cases can only be P at most, and perhaps some of them should be Fs. I do agree that some of the evaluations erred on the liberal side. [/MB] But, if taken together the sum of all such proposals for a given protocol is large, then essentially this says that the MIDCOM framework or requirements would need some rather extensive revision to match the protocol's framework and capabilities. That's probably bad. [MB] I still think that the categories of P+ versus P helps from this perspective. [/MB] For both of the above alternatives, the protocol would have been scored as partially matching the MIDCOM requirements. But the distinction between the two alternatives is lost in the scoring, so that the count of the partial matches can not be easily evaluated as being overall good or overall bad. [MB] Per my comments above, I think the intent was for there to be a clear distinction between P and P+ for this purpose. Can you point out some of the specific ones for which you see this problem? I believe that we should all be in agreement on the P+'s. Whether some of the Ps should really be Fs is another point for discussion. [/MB] I didn't go through the exercise (and maybe I should) of marking each partial requirements match as one or the other of the above and counting the number of each alternative for each protocol, but my gut feeling is that we may have a problem here. [MB] Please do go through this exercise. P+ should all clearly be things that don't break other users. [/MB] Returning to the issue of guaranteed forward compatibility, if the proposal is to modify or extend mandatory framework elements or protocol capabilities, or to modify optional elements or capabilities, then all other users of the protocol, or its modified optional elements and capabilities, would have to support the changes that were made to the protocol for MIDCOM. Depending on the size of these changes, this may not be acceptable to the protocols other users. And we probably shouldn't consider these types of changes without those users buying into them. Again, I didn't specifically count the applicable scorings here and maybe I should have, but in this case I don't really think we have much of a problem. Another issue that I have with the whole evaluation is that it did not consider the impact of a protocol's mandatory framework elements and protocol capabilities that are *not* required by MIDCOM. The problem here is that middleboxes and agents / applications may have to support these even though they're not used. If the protocol has another simultaneous use in the middlebox or agent / application, then the impact is not so bad, in fact there may be no impact at all. But if the use of the protocol is its first use in the middlebox or agent / application, then I think we have to seriously consider this potential problem. This problem relates to, but is not exclusive to, library and source code reuse, which in general is desirable. But if the library or source code has a lot of unused capabilities, and the MIDCOM implementer can't (afford to) remove them, then this will place an unnecessary cost on implementations. [MB] I do think that the Diameter evaluation did bring forth this issue, but certainly there was no specific requirement, so it's not captured in the T/P+/P/F totals. However, it is brought out in the textual summary. I do think that some of this is brought out with the proposed changes I posted to the list for the SNMP, MEGACO and COPS descriptions in section 1. [/MB] I have no idea how to evaluate this in advance, but I have a gut feeling we may have a *real* problem here. I am certainly open to ideas on how to evaluate this in advance. But maybe we'll just have to wait for specific protocol proposals to be able to see through this issue. [MB] I don't think your alone in having some concerns about the process that the WG is using, however, per my proposal above, this document is just one piece of information that goes into the overall Protocol decision. This needs to be considered along with the semantic analysis which is underway. We had this discussion right after IETF-53, and the decision was that this document could be worked in parallel with the semantic analysis, but I think there was general agreement that the semantic analysis was an equally (and for some folks) more important part of the overall protocol decision process. [/MB] So, overall, I think the evaluation is good, but I have some issues with how the facts presented, especially the summary counts, may be interpreted. [MB] Per my comments above, the document should be explicit about P+ versus P any specific concerns should be raised. As a minimum, I'm proposing to add the text described above to ensure that the intent of Section 3 is clear. Comments expected and welcome. Jim _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@ns.ietf.org Fri Aug 2 01:04:18 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA29218 for ; Fri, 2 Aug 2002 01:04:18 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id BAA14758 for midcom-archive@odin.ietf.org; Fri, 2 Aug 2002 01:05:29 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id AAA13009; Fri, 2 Aug 2002 00:45:32 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id AAA12978 for ; Fri, 2 Aug 2002 00:45:30 -0400 (EDT) Received: from topaz.3com.com (topaz.3com.com [192.156.136.158]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA28702 for ; Fri, 2 Aug 2002 00:44:19 -0400 (EDT) From: James_Renkel@3com.com Received: from opal.3com.com (opal.3com.com [139.87.50.117]) by topaz.3com.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g724jVa07144 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified NO); Thu, 1 Aug 2002 21:45:31 -0700 (PDT) Received: from hqsmtp01.3com.com (hqsmtp01.ops.3com.com [139.87.49.79]) by opal.3com.com (Switch-2.2.1/Switch-2.2.0) with ESMTP id g724jQ221015; Thu, 1 Aug 2002 21:45:26 -0700 (PDT) Subject: RE: [midcom] Comments on protocol evaluation draft To: "Mary Barnes" Cc: "'midcom'" Date: Thu, 1 Aug 2002 23:45:12 -0500 Message-ID: MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.12 (www dot roaringpenguin dot com slash mimedefang) Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Mary (and other middlebox experts), Thank you much for your reply. The clarification of the grading system is especially useful. I had a lot of trouble understanding it before, but I think I got it now. Here's what I now understand the grades to mean: T - Compliance to the requirement with the protocol as is P+ - Compliance to the requirement with an extension to the protocol P - Compliance to the requirement with a change, or an extension that impacts existing users of the protocol F - No compliance (even with extension of the protocol???) Some observations on this: - Since all the protocols are extensible and extensions can generally be made, one way or another, to be backward compatible, I'm surprised that we have any P's of F's. :-) - We seem to have lost the concept of how large an extension needs to be made to add a "thing" to the protocol. Is the protocol close to the requirement and just needs a little extension? Or does the protocol have nothing to offer and the thing has to be added completely? I originally thought that was the idea behind the the T, P and F grades ("How much do ya have to change the protocol to satify the requirement? None, a little, and a lot, respectively"), but I guess we evolved from that, assuming that was the original intention. As you suggested, I went back and looked for what I thought were incon- sistencies in P+ and P grades. Once I got started digging, what I wound up doing was quickly reviewing all the scores for consistency with the grading system as I now understand it and the summary information for each protocol's compliance with each requirement as given in the protocol evaluation I-D (BTW, I used the -02 version of the I-D, without any of the changes that have been discussed since it was published.). The grading inconsistencies that I saw fell into 4 categories: 1. The requirement compliance text for the protocol basically said "This can be done with an extension to this protocol" and the grade was a T, instead of a P+ as I believe it should be. I included the closely related "The protocol does not preclude this extension from being made." in this category. 2. The requirement compliance text for the protocol says the protocol has something here but extension is required and can be made with no impact, but graded it as a P instead of a P+. 3. The requirement compliance text for the protocol says the protocol has nothing here but the necessary extension can be made without impact, and graded it as an F instead of a P+. 4. The requirement compliance text for the protocol says the protocol has nothing here but if ya use TLS or IPsec or whatever for security ya get everything, and graded it as a T. In the last case, I'm not sure what the right score is, but I would suggest at most P+, to distinguish these from protocols that have the right thing here without resorting to TLS or IPsec or whatever for security, which I think should get a T grade. (For consistency, I considered grades of F (Honestly given, in my opinion, but I could be wrong.) but the requirement could be fulfilled with TLS or IPsec or whatever for security, hence now graded P+ for consistency, as instances of this case also.) I also found a few other what I believe to be inconsistencies, at least based on the scoring system as I now understand it. Call this category 5. I list the inconsistencies I found at the end of this message, but here's some statistics. Take 'em for whatever ya think they're worth. Out of a total of 135 scores (27 requirements times 5 protocols) I found what I thought were 31 inconsistencies. That's just less than 23%. The number of inconsistencies by category by protocol are: Category SNMP RSIP MEGACO DIAMETER COPS Total -------- ---- ---- ------ -------- ---- ----- 1 1 0 3 3 1 8 2 0 2 0 1 0 3 3 0 4 0 0 0 4 4 0 5 4 5 0 14 5 0 2 0 0 0 2 -- -- -- -- -- -- Total 1 13 7 9 1 31 The resulting adjustments in protocols scores are: Protocol T P+ P F -------- --- --- --- --- SNMP - 1 + 1 RSIP + 2 +10 - 3 - 9 MEGACO - 7 + 7 DIAMETER - 8 + 9 - 1 COPS - 1 + 1 --- --- --- --- Total -15 +28 - 4 - 9 And the resulting protocol scores are: Protocol T P+ P F Total -------- --- --- --- --- ----- SNMP 18 9 0 0 27 RSIP 14 13 0 0 27 MEGACO 13 11 2 1 27 DIAMETER 13 13 1 0 27 COPS 19 6 1 1 27 --- --- --- --- --- Total 77 52 4 2 135 This was done real quick, so there's probably still stuff not right, but now, at least to me, the numbers better match the general feeling I get when reading the I-D. Comments expected and welcome. Jim ================ Inconsistencies I found in the MIDCOM protocol evaluation grades (This was composed with tab stops every 8 characters.) Score Require- ------------------- Inconsistency ment Protocol Was Should be Category -------- -------- --- --------- -------- 2.1.2 RSIP P T 5 2.1.8 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.2.1 RSIP P+ T 5 2.2.2 SNMP T P+ 1 RSIP P P+ 2 MEGACO T P+ 1 DIAMETER T P+ 1 2.2.3 RSIP P P+ 3 2.2.4 MEGACO T P+ 1 DIAMETER T P+ 1 2,2,6 DIAMETER T P+ 1 COPS T P+ 1 2.2.7 RSIP F P+ 3 DIAMETER T P+ 1 2.2.8 RSIP P P+ 2 MEGACO T P+ 1 2.2.9 RSIP F P+ 3 2.2.11 RSIP F P+ 3 2.3.1 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.3.2 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.3.3 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.3.4 RSIP F P+ 4 DIAMETER T P+ 4 _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Fri Aug 2 10:03:27 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA20304 for ; Fri, 2 Aug 2002 10:03:27 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id KAA15930 for midcom-archive@odin.ietf.org; Fri, 2 Aug 2002 10:04:35 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id KAA15851; Fri, 2 Aug 2002 10:02:27 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id KAA15820 for ; Fri, 2 Aug 2002 10:02:25 -0400 (EDT) Received: from zcars04f.ca.nortel.com (zcars04f.nortelnetworks.com [47.129.242.57]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA20247 for ; Fri, 2 Aug 2002 10:01:16 -0400 (EDT) Received: from zcard309.ca.nortel.com (zcard309.ca.nortel.com [47.129.242.69]) by zcars04f.ca.nortel.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g72E0m703945; Fri, 2 Aug 2002 10:00:48 -0400 (EDT) Received: by zcard309.ca.nortel.com with Internet Mail Service (5.5.2653.19) id ; Fri, 2 Aug 2002 10:00:49 -0400 Message-ID: <4D79C746863DD51197690002A52CDA0001E8A740@zcard0kc.ca.nortel.com> From: "Tom-PT Taylor" To: "'James_Renkel@3com.com'" , "Mary Barnes" Cc: "'midcom'" Subject: RE: [midcom] Comments on protocol evaluation draft Date: Fri, 2 Aug 2002 10:00:47 -0400 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org From my point of view you raise two issues I cannot leave unanswered. The first has to do with P+ extensions and your first scoring inconsistency, the second with security. I confess that the need for protocol extensions poses a logical issue: how to treat this need when it affects multiple categories of response. On the one hand, I think it is over-stating things to simply score 1 against each category that depends on the extension. On the other, it is certainly true that, whether you are defining a new MIB, a new DIAMETER application, or a new Megaco package, you imply the need for extra code in both the Agent and the Middlebox above that supplied by the base protocol implementation. I myself would propose adding an evaluation category that specifies the increment to the base protocol implied by its use for MIDCOM. Leaving that aside, any protocol that fails to meet one of the MIDCOM requirements is probably beyond our consideration. On the security issue: you dismiss too quickly those protocols that rely on lower layers for their necessary degree of security. The RFCs specifying these protocols have security sections. The protocol security architecture in each case was arrived at by considering the specific threats that had to be countered in the protocol's domain of application. An architecture that relies on lower layer security is perfectly valid if that meets the requirements for that protocol. What we do have to think about is whether the threats are different for the MIDCOM application from those considered when the candidate protocol was being designed. If so, the security architecture for that protocol may have to be modified to fit MIDCOM application. But the security section of the MIDCOM requirements document reflects the results of the MIDCOM threat analysis. Thus if our candidate protocols, including their specified security architectures, can meet these requirements in a practical way, they must be scored as passing those requirements. -----Original Message----- From: James_Renkel@3com.com [mailto:James_Renkel@3com.com] Sent: Friday, August 02, 2002 12:45 AM To: Barnes, Mary [NGC:B602:EXCH] Cc: 'midcom' Subject: RE: [midcom] Comments on protocol evaluation draft Mary (and other middlebox experts), Thank you much for your reply. The clarification of the grading system is especially useful. I had a lot of trouble understanding it before, but I think I got it now. Here's what I now understand the grades to mean: T - Compliance to the requirement with the protocol as is P+ - Compliance to the requirement with an extension to the protocol P - Compliance to the requirement with a change, or an extension that impacts existing users of the protocol F - No compliance (even with extension of the protocol???) Some observations on this: - Since all the protocols are extensible and extensions can generally be made, one way or another, to be backward compatible, I'm surprised that we have any P's of F's. :-) - We seem to have lost the concept of how large an extension needs to be made to add a "thing" to the protocol. Is the protocol close to the requirement and just needs a little extension? Or does the protocol have nothing to offer and the thing has to be added completely? I originally thought that was the idea behind the the T, P and F grades ("How much do ya have to change the protocol to satify the requirement? None, a little, and a lot, respectively"), but I guess we evolved from that, assuming that was the original intention. As you suggested, I went back and looked for what I thought were incon- sistencies in P+ and P grades. Once I got started digging, what I wound up doing was quickly reviewing all the scores for consistency with the grading system as I now understand it and the summary information for each protocol's compliance with each requirement as given in the protocol evaluation I-D (BTW, I used the -02 version of the I-D, without any of the changes that have been discussed since it was published.). The grading inconsistencies that I saw fell into 4 categories: 1. The requirement compliance text for the protocol basically said "This can be done with an extension to this protocol" and the grade was a T, instead of a P+ as I believe it should be. I included the closely related "The protocol does not preclude this extension from being made." in this category. 2. The requirement compliance text for the protocol says the protocol has something here but extension is required and can be made with no impact, but graded it as a P instead of a P+. 3. The requirement compliance text for the protocol says the protocol has nothing here but the necessary extension can be made without impact, and graded it as an F instead of a P+. 4. The requirement compliance text for the protocol says the protocol has nothing here but if ya use TLS or IPsec or whatever for security ya get everything, and graded it as a T. In the last case, I'm not sure what the right score is, but I would suggest at most P+, to distinguish these from protocols that have the right thing here without resorting to TLS or IPsec or whatever for security, which I think should get a T grade. (For consistency, I considered grades of F (Honestly given, in my opinion, but I could be wrong.) but the requirement could be fulfilled with TLS or IPsec or whatever for security, hence now graded P+ for consistency, as instances of this case also.) I also found a few other what I believe to be inconsistencies, at least based on the scoring system as I now understand it. Call this category 5. I list the inconsistencies I found at the end of this message, but here's some statistics. Take 'em for whatever ya think they're worth. Out of a total of 135 scores (27 requirements times 5 protocols) I found what I thought were 31 inconsistencies. That's just less than 23%. The number of inconsistencies by category by protocol are: Category SNMP RSIP MEGACO DIAMETER COPS Total -------- ---- ---- ------ -------- ---- ----- 1 1 0 3 3 1 8 2 0 2 0 1 0 3 3 0 4 0 0 0 4 4 0 5 4 5 0 14 5 0 2 0 0 0 2 -- -- -- -- -- -- Total 1 13 7 9 1 31 The resulting adjustments in protocols scores are: Protocol T P+ P F -------- --- --- --- --- SNMP - 1 + 1 RSIP + 2 +10 - 3 - 9 MEGACO - 7 + 7 DIAMETER - 8 + 9 - 1 COPS - 1 + 1 --- --- --- --- Total -15 +28 - 4 - 9 And the resulting protocol scores are: Protocol T P+ P F Total -------- --- --- --- --- ----- SNMP 18 9 0 0 27 RSIP 14 13 0 0 27 MEGACO 13 11 2 1 27 DIAMETER 13 13 1 0 27 COPS 19 6 1 1 27 --- --- --- --- --- Total 77 52 4 2 135 This was done real quick, so there's probably still stuff not right, but now, at least to me, the numbers better match the general feeling I get when reading the I-D. Comments expected and welcome. Jim ================ Inconsistencies I found in the MIDCOM protocol evaluation grades (This was composed with tab stops every 8 characters.) Score Require- ------------------- Inconsistency ment Protocol Was Should be Category -------- -------- --- --------- -------- 2.1.2 RSIP P T 5 2.1.8 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.2.1 RSIP P+ T 5 2.2.2 SNMP T P+ 1 RSIP P P+ 2 MEGACO T P+ 1 DIAMETER T P+ 1 2.2.3 RSIP P P+ 3 2.2.4 MEGACO T P+ 1 DIAMETER T P+ 1 2,2,6 DIAMETER T P+ 1 COPS T P+ 1 2.2.7 RSIP F P+ 3 DIAMETER T P+ 1 2.2.8 RSIP P P+ 2 MEGACO T P+ 1 2.2.9 RSIP F P+ 3 2.2.11 RSIP F P+ 3 2.3.1 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.3.2 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.3.3 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.3.4 RSIP F P+ 4 DIAMETER T P+ 4 _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Fri Aug 2 10:49:29 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA22422 for ; Fri, 2 Aug 2002 10:49:29 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id KAA18211 for midcom-archive@odin.ietf.org; Fri, 2 Aug 2002 10:50:38 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id KAA18164; Fri, 2 Aug 2002 10:49:03 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id KAA18137 for ; Fri, 2 Aug 2002 10:49:01 -0400 (EDT) Received: from zrc2s0jx.nortelnetworks.com (zrc2s0jx.nortelnetworks.com [47.103.122.112]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA22389 for ; Fri, 2 Aug 2002 10:47:52 -0400 (EDT) Received: from zrc2c011.us.nortel.com (zrc2c011.us.nortel.com [47.103.120.51]) by zrc2s0jx.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g72EmdH19736; Fri, 2 Aug 2002 09:48:39 -0500 (CDT) Received: by zrc2c011.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Fri, 2 Aug 2002 09:48:25 -0500 Message-ID: <1B54FA3A2709D51195C800508BF9386A05A7C805@zrc2c000.us.nortel.com> From: "Mary Barnes" To: "Tom-PT Taylor" , "'James_Renkel@3com.com'" Cc: "'midcom'" Subject: Proposed changes to RSIP evaluation (was RE: [midcom] Comments on protocol evaluation draft Date: Fri, 2 Aug 2002 09:48:23 -0500 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Jim et al, I've not thoroughly reviewed all the proposed changes in detail, but will do so shortly, but I also did want to respond to the Category 4 to which Tom also responded wrt security. We have already discussed and resolved this concern per email discussions based on the -01 version. Refer to: http://www.ietf.org/mail-archive/working-groups/midcom/current/msg02397.html Now, you're also proposing that RSIP be "upgraded" for the security ones that you had scored as Failing to meet compliancy in your analysis. Based upon the text currently in section 2.1.8, 2.3.1, which also applies to 2.3.2-2.3.4, I don't have a problem changing those to Ps. The P+ category would only apply if these changes could be made to RSIP as a natural extension of the protocol with no impact to current users of that protocol (i.e. current users don't make use of the information, and wouldn't be bothered by it being in the messages). There are a many other RSIP scores, many of which were derived from your original analysis, that you're also now proposing changes for: 2.1.2 - The text for this one clearly states that an extension is required. 2.2.1 - The text currently supports the P+ score. 2.2.2 - I think a P+ needs additional text to substantiate that this would be a compatible extension of the protocol (OR we need some text upfront in the RSIP overview describing the extensibility mechanisms defined by RSIP) 2.2.3 - ditto 2.2.7 - I can't quite see how this goes from F to P+; you'll need to provide more text or clarification. 2.2.8 - I think a P+ needs additional text to substantiate that this would be a compatible extension of the protocol 2.2.9 - I don't have a problem with changing this to P. Again, P+ would require additional text to substantiate that this would be a compatible extension of the protocol. 2.2.11 -ditto Upon another quick glance, I think many of the proposed changes for the other protocols are bringing forth issues with other "scores" that we have already discussed (e.g. 2.2.2 for Megaco) Certainly, if there is overwhelming support for your changes, then they can be done, but we've got to have more than one person supporting the change for something that we have previously discussed and I certainly thought had reached concensus on. I won't be responding to each of these that we've already discussed, you can search the email archives, where each has been addressed in a separate email thread. Again, I haven't looked at each in detail, and you may indeed have found some changes which are valid, so I will post separately each of those which I would agree to change provided there is WG concensus (i.e. no negative responses to my proposals). Regards, Mary. -----Original Message----- From: Taylor, Tom-PT [CAR:B602:EXCH] Sent: Friday, August 02, 2002 9:01 AM To: 'James_Renkel@3com.com'; Barnes, Mary [NGC:B602:EXCH] Cc: 'midcom' Subject: RE: [midcom] Comments on protocol evaluation draft From my point of view you raise two issues I cannot leave unanswered. The first has to do with P+ extensions and your first scoring inconsistency, the second with security. I confess that the need for protocol extensions poses a logical issue: how to treat this need when it affects multiple categories of response. On the one hand, I think it is over-stating things to simply score 1 against each category that depends on the extension. On the other, it is certainly true that, whether you are defining a new MIB, a new DIAMETER application, or a new Megaco package, you imply the need for extra code in both the Agent and the Middlebox above that supplied by the base protocol implementation. I myself would propose adding an evaluation category that specifies the increment to the base protocol implied by its use for MIDCOM. Leaving that aside, any protocol that fails to meet one of the MIDCOM requirements is probably beyond our consideration. On the security issue: you dismiss too quickly those protocols that rely on lower layers for their necessary degree of security. The RFCs specifying these protocols have security sections. The protocol security architecture in each case was arrived at by considering the specific threats that had to be countered in the protocol's domain of application. An architecture that relies on lower layer security is perfectly valid if that meets the requirements for that protocol. What we do have to think about is whether the threats are different for the MIDCOM application from those considered when the candidate protocol was being designed. If so, the security architecture for that protocol may have to be modified to fit MIDCOM application. But the security section of the MIDCOM requirements document reflects the results of the MIDCOM threat analysis. Thus if our candidate protocols, including their specified security architectures, can meet these requirements in a practical way, they must be scored as passing those requirements. -----Original Message----- From: James_Renkel@3com.com [mailto:James_Renkel@3com.com] Sent: Friday, August 02, 2002 12:45 AM To: Barnes, Mary [NGC:B602:EXCH] Cc: 'midcom' Subject: RE: [midcom] Comments on protocol evaluation draft Mary (and other middlebox experts), Thank you much for your reply. The clarification of the grading system is especially useful. I had a lot of trouble understanding it before, but I think I got it now. Here's what I now understand the grades to mean: T - Compliance to the requirement with the protocol as is P+ - Compliance to the requirement with an extension to the protocol P - Compliance to the requirement with a change, or an extension that impacts existing users of the protocol F - No compliance (even with extension of the protocol???) Some observations on this: - Since all the protocols are extensible and extensions can generally be made, one way or another, to be backward compatible, I'm surprised that we have any P's of F's. :-) - We seem to have lost the concept of how large an extension needs to be made to add a "thing" to the protocol. Is the protocol close to the requirement and just needs a little extension? Or does the protocol have nothing to offer and the thing has to be added completely? I originally thought that was the idea behind the the T, P and F grades ("How much do ya have to change the protocol to satify the requirement? None, a little, and a lot, respectively"), but I guess we evolved from that, assuming that was the original intention. As you suggested, I went back and looked for what I thought were incon- sistencies in P+ and P grades. Once I got started digging, what I wound up doing was quickly reviewing all the scores for consistency with the grading system as I now understand it and the summary information for each protocol's compliance with each requirement as given in the protocol evaluation I-D (BTW, I used the -02 version of the I-D, without any of the changes that have been discussed since it was published.). The grading inconsistencies that I saw fell into 4 categories: 1. The requirement compliance text for the protocol basically said "This can be done with an extension to this protocol" and the grade was a T, instead of a P+ as I believe it should be. I included the closely related "The protocol does not preclude this extension from being made." in this category. 2. The requirement compliance text for the protocol says the protocol has something here but extension is required and can be made with no impact, but graded it as a P instead of a P+. 3. The requirement compliance text for the protocol says the protocol has nothing here but the necessary extension can be made without impact, and graded it as an F instead of a P+. 4. The requirement compliance text for the protocol says the protocol has nothing here but if ya use TLS or IPsec or whatever for security ya get everything, and graded it as a T. In the last case, I'm not sure what the right score is, but I would suggest at most P+, to distinguish these from protocols that have the right thing here without resorting to TLS or IPsec or whatever for security, which I think should get a T grade. (For consistency, I considered grades of F (Honestly given, in my opinion, but I could be wrong.) but the requirement could be fulfilled with TLS or IPsec or whatever for security, hence now graded P+ for consistency, as instances of this case also.) I also found a few other what I believe to be inconsistencies, at least based on the scoring system as I now understand it. Call this category 5. I list the inconsistencies I found at the end of this message, but here's some statistics. Take 'em for whatever ya think they're worth. Out of a total of 135 scores (27 requirements times 5 protocols) I found what I thought were 31 inconsistencies. That's just less than 23%. The number of inconsistencies by category by protocol are: Category SNMP RSIP MEGACO DIAMETER COPS Total -------- ---- ---- ------ -------- ---- ----- 1 1 0 3 3 1 8 2 0 2 0 1 0 3 3 0 4 0 0 0 4 4 0 5 4 5 0 14 5 0 2 0 0 0 2 -- -- -- -- -- -- Total 1 13 7 9 1 31 The resulting adjustments in protocols scores are: Protocol T P+ P F -------- --- --- --- --- SNMP - 1 + 1 RSIP + 2 +10 - 3 - 9 MEGACO - 7 + 7 DIAMETER - 8 + 9 - 1 COPS - 1 + 1 --- --- --- --- Total -15 +28 - 4 - 9 And the resulting protocol scores are: Protocol T P+ P F Total -------- --- --- --- --- ----- SNMP 18 9 0 0 27 RSIP 14 13 0 0 27 MEGACO 13 11 2 1 27 DIAMETER 13 13 1 0 27 COPS 19 6 1 1 27 --- --- --- --- --- Total 77 52 4 2 135 This was done real quick, so there's probably still stuff not right, but now, at least to me, the numbers better match the general feeling I get when reading the I-D. Comments expected and welcome. Jim ================ Inconsistencies I found in the MIDCOM protocol evaluation grades (This was composed with tab stops every 8 characters.) Score Require- ------------------- Inconsistency ment Protocol Was Should be Category -------- -------- --- --------- -------- 2.1.2 RSIP P T 5 2.1.8 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.2.1 RSIP P+ T 5 2.2.2 SNMP T P+ 1 RSIP P P+ 2 MEGACO T P+ 1 DIAMETER T P+ 1 2.2.3 RSIP P P+ 3 2.2.4 MEGACO T P+ 1 DIAMETER T P+ 1 2,2,6 DIAMETER T P+ 1 COPS T P+ 1 2.2.7 RSIP F P+ 3 DIAMETER T P+ 1 2.2.8 RSIP P P+ 2 MEGACO T P+ 1 2.2.9 RSIP F P+ 3 2.2.11 RSIP F P+ 3 2.3.1 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.3.2 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.3.3 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.3.4 RSIP F P+ 4 DIAMETER T P+ 4 _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Fri Aug 2 11:33:59 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA23927 for ; Fri, 2 Aug 2002 11:33:59 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id LAA21215 for midcom-archive@odin.ietf.org; Fri, 2 Aug 2002 11:35:08 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id LAA21150; Fri, 2 Aug 2002 11:33:15 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id LAA21070 for ; Fri, 2 Aug 2002 11:33:11 -0400 (EDT) Received: from zcars04f.ca.nortel.com (zcars04f.nortelnetworks.com [47.129.242.57]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA23888 for ; Fri, 2 Aug 2002 11:32:01 -0400 (EDT) Received: from zcard309.ca.nortel.com (zcard309.ca.nortel.com [47.129.242.69]) by zcars04f.ca.nortel.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g72FWZ711796 for ; Fri, 2 Aug 2002 11:32:35 -0400 (EDT) Received: by zcard309.ca.nortel.com with Internet Mail Service (5.5.2653.19) id ; Fri, 2 Aug 2002 11:32:36 -0400 Message-ID: <4D79C746863DD51197690002A52CDA0001E8A742@zcard0kc.ca.nortel.com> From: "Tom-PT Taylor" To: "'midcom@ietf.org'" Date: Fri, 2 Aug 2002 11:32:35 -0400 X-Mailer: Internet Mail Service (5.5.2653.19) Subject: [midcom] Semantics Of "Session" Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org In the discussion at Yokohama, I gained the impression that people's understanding of the MIDCOM session varied. It did appear from our discussion of rule takeover and rule lifetime that policy rules are created within sessions, but there is no reason for the Middlebox to remember in what session a given rule was created. Is there any semantic content to a MIDCOM session, then, except as a policy context for the Middlebox to use when evaluating requests from the Agent? Tom Taylor taylor@nortelnetworks.com Ph. +1 613 736 0961 (ESN 396 1490) _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Fri Aug 2 11:50:26 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA24387 for ; Fri, 2 Aug 2002 11:50:26 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id LAA21940 for midcom-archive@odin.ietf.org; Fri, 2 Aug 2002 11:51:35 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id LAA21791; Fri, 2 Aug 2002 11:46:54 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id LAA21760 for ; Fri, 2 Aug 2002 11:46:52 -0400 (EDT) Received: from sj-msg-core-2.cisco.com (sj-msg-core-2.cisco.com [171.69.24.11]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA24256 for ; Fri, 2 Aug 2002 11:45:42 -0400 (EDT) Received: from airborne.cisco.com (IDENT:mirapoint@airborne.cisco.com [171.71.154.32]) by sj-msg-core-2.cisco.com (8.12.2/8.12.2) with ESMTP id g72FkMhI024750 for ; Fri, 2 Aug 2002 08:46:22 -0700 (PDT) Received: from localhost.localdomain (ssh-rtp-1.cisco.com [161.44.11.166]) by airborne.cisco.com (Mirapoint) with ESMTP id ABO12891; Fri, 2 Aug 2002 08:46:07 -0700 (PDT) Received: by localhost.localdomain (Postfix, from userid 500) id BB511E6789; Fri, 2 Aug 2002 11:46:05 -0400 (EDT) Date: Fri, 2 Aug 2002 11:46:05 -0400 From: Scott Brim To: "'midcom@ietf.org'" Subject: Re: [midcom] Semantics Of "Session" Message-ID: <20020802114605.K1465@localhost.localdomain> Mail-Followup-To: Scott Brim , "'midcom@ietf.org'" References: <4D79C746863DD51197690002A52CDA0001E8A742@zcard0kc.ca.nortel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <4D79C746863DD51197690002A52CDA0001E8A742@zcard0kc.ca.nortel.com>; from taylor@nortelnetworks.com on Fri, Aug 02, 2002 at 11:32:35AM -0400 Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org On Fri, Aug 02, 2002 11:32:35AM -0400, Tom-PT Taylor allegedly wrote: > In the discussion at Yokohama, I gained the impression that people's > understanding of the MIDCOM session varied. It did appear from our > discussion of rule takeover and rule lifetime that policy rules are created > within sessions, but there is no reason for the Middlebox to remember in > what session a given rule was created. > > Is there any semantic content to a MIDCOM session, then, except as a policy > context for the Middlebox to use when evaluating requests from the Agent? During your presentation, and occasionally in others, I would ask myself "what's a session?". There are no semantics that need a session concept. However there needs to be shared state on both ends, including a cookie which can be assigned to rules and used arbitrarily. We can conceive of uses for it today (like 'I'm done with everything with cookie xyzzy'), and there may be more in the future. _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Fri Aug 2 12:03:08 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA24946 for ; Fri, 2 Aug 2002 12:03:08 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id MAA23556 for midcom-archive@odin.ietf.org; Fri, 2 Aug 2002 12:04:17 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id MAA23478; Fri, 2 Aug 2002 12:02:51 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id MAA23450 for ; Fri, 2 Aug 2002 12:02:50 -0400 (EDT) Received: from zctfs063.nortelnetworks.com (zctfs063.nortelnetworks.com [47.164.128.120]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA24905 for ; Fri, 2 Aug 2002 12:01:40 -0400 (EDT) Received: from zctfc040.europe.nortel.com (zctfc040.europe.nortel.com [47.164.129.95]) by zctfs063.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g72G2G019394 for ; Fri, 2 Aug 2002 18:02:16 +0200 (MEST) Received: by zctfc040.europe.nortel.com with Internet Mail Service (5.5.2653.19) id <350WMFSW>; Fri, 2 Aug 2002 18:02:15 +0200 Message-ID: From: "Cedric Aoun" To: "Mary Barnes" , "'midcom@ietf.org'" Subject: RE: [midcom] MIDCOM Protocol Evaluation - Proposed changes to SNM P - Section 1 .1.1 Date: Fri, 2 Aug 2002 18:02:15 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C23A3D.F81617EE" Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C23A3D.F81617EE Content-Type: text/plain; charset="iso-8859-1" Mary, I think you should also add that for reliability purposes SNMP is not applicable. SNMPv2 provides reliability of notifications sent from the MB (i.e the SNMP agent) by using INFORM instead of TRAPs as they are not acked. Basically all I'm saying is that for all needs, SNMPv3 is required to meet the current compliancy statements. Cedric -----Original Message----- From: Barnes, Mary [NGC:B602:EXCH] Sent: 26 July 2002 22:53 To: 'midcom@ietf.org' Subject: [midcom] MIDCOM Protocol Evaluation - Proposed changes to SNMP - Section 1 .1.1 Hi all, This is the change that I propose to make to Section 1.1.1, with regards to clarifying the applicability of SNMP as the MIDCOM protocol. Old Text (from draft-ietf-midcom-protocol-eval-02.txt): "The primary advantages of SNMP compared to other protocols evaluated are that it is a mature, well understood protocol currently deployed in various scenarios. In addition, mature toolsets are available for SNMP managers and agents. SNMP is mainly used for monitoring rather than for configuring network nodes, however, thus reducing its applicability to MIDCOM." Proposed New Text: "The primary advantages of SNMP are that it is a mature, well understood protocol currently deployed in various scenarios, with mature toolsets available for SNMP managers and agents. However, several other factors also affect SNMP's applicability as the MIDCOM protocol: - SNMP is mainly used for monitoring rather than for configuring network nodes, and - SNMPv3 is required in order to meet the security requirements." *************** Although comments on the overall document will be accepted through August 2nd, I would like to request that feedback on this proposed change be provided by 6PM CST Tuesday (30 July) so that we can address any concerns prior to the 2nd; with no response meaning that the proposed text is OK. *************** Regards, Mary H. Barnes mbarnes@nortelnetworks.com 972-684-5432 Wireless 817-703-4806 _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom ------_=_NextPart_001_01C23A3D.F81617EE Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: [midcom] MIDCOM Protocol Evaluation - Proposed changes to = SNMP - Section 1 .1.1

Mary,
I think you should also add that for reliability = purposes SNMP is not applicable.
SNMPv2 provides reliability of notifications sent = from the MB (i.e the SNMP agent) by using INFORM instead of TRAPs as = they are not acked.

Basically all I'm saying is that for all needs, = SNMPv3 is required to meet the current compliancy statements.
Cedric

-----Original Message-----
From: Barnes, Mary [NGC:B602:EXCH]
Sent: 26 July 2002 22:53
To: 'midcom@ietf.org'
Subject: [midcom] MIDCOM Protocol Evaluation - = Proposed changes to SNMP
- Section 1 .1.1

Hi all,

This is the change that I propose to make to Section = 1.1.1, with regards to
clarifying the applicability of SNMP as the MIDCOM = protocol.

Old Text (from = draft-ietf-midcom-protocol-eval-02.txt):

"The primary advantages of SNMP compared to = other protocols evaluated are
that it is a mature, well understood protocol = currently deployed in various
scenarios. In addition, mature toolsets are = available for SNMP managers and
agents. SNMP is mainly used for monitoring rather = than for configuring
network nodes, however, thus reducing its = applicability to MIDCOM."

Proposed New Text:

"The primary advantages of SNMP are that it is a = mature, well understood
protocol currently deployed in various scenarios, = with mature toolsets
available for SNMP managers and agents. However, = several other factors also
affect SNMP's applicability as the MIDCOM = protocol:
- SNMP is mainly used for monitoring rather than for = configuring network
nodes, and
- SNMPv3 is required in order to meet the security = requirements."

***************
Although comments on the overall document will be = accepted through August
2nd, I would like to request that feedback on this = proposed change be
provided by 6PM CST Tuesday (30 July) so that we can = address any concerns
prior to the 2nd; with no response meaning that the = proposed text is OK.
***************

Regards,
Mary H. Barnes
mbarnes@nortelnetworks.com
972-684-5432
Wireless 817-703-4806

_______________________________________________
midcom mailing list
midcom@ietf.org
https://www1.ietf.org/mailman/listinfo/midcom

------_=_NextPart_001_01C23A3D.F81617EE-- _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Fri Aug 2 12:03:30 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA24982 for ; Fri, 2 Aug 2002 12:03:30 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id MAA23586 for midcom-archive@odin.ietf.org; Fri, 2 Aug 2002 12:04:39 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id MAA23532; Fri, 2 Aug 2002 12:03:36 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id MAA23497 for ; Fri, 2 Aug 2002 12:03:34 -0400 (EDT) Received: from mail2.microsoft.com (mail2.microsoft.com [131.107.3.124]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA24935 for ; Fri, 2 Aug 2002 12:02:25 -0400 (EDT) Received: from INET-VRS-02.redmond.corp.microsoft.com ([157.54.8.110]) by mail2.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Fri, 2 Aug 2002 09:03:04 -0700 Received: from 157.54.8.109 by INET-VRS-02.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Fri, 02 Aug 2002 09:03:04 -0700 Received: from red-imc-04.redmond.corp.microsoft.com ([157.54.2.168]) by inet-hub-02.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.2966); Fri, 2 Aug 2002 09:03:04 -0700 Received: from win-imc-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.39]) by red-imc-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.2966); Fri, 2 Aug 2002 09:03:03 -0700 Received: from win-msg-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.134]) by win-imc-01.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3604.0); Fri, 2 Aug 2002 09:03:08 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: [midcom] Semantics Of "Session" Date: Fri, 2 Aug 2002 09:03:01 -0700 Message-ID: Thread-Topic: [midcom] Semantics Of "Session" Thread-Index: AcI6O+eeLZF19GR7QuG+R7W4EGITygAAbKCg From: "Christian Huitema" To: "Scott Brim" , X-OriginalArrivalTime: 02 Aug 2002 16:03:08.0404 (UTC) FILETIME=[17F3EB40:01C23A3E] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by optimus.ietf.org id MAA23498 Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Content-Transfer-Encoding: 8bit > From: Scott Brim [mailto:swb@employees.org] > On Fri, Aug 02, 2002 11:32:35AM -0400, Tom-PT Taylor allegedly wrote: > > Is there any semantic content to a MIDCOM session, then, > except as a policy > > context for the Middlebox to use when evaluating requests > from the Agent? > > During your presentation, and occasionally in others, I would > ask myself > "what's a session?". There are no semantics that need a session > concept. However there needs to be shared state on both > ends, including > a cookie which can be assigned to rules and used arbitrarily. We can > conceive of uses for it today (like 'I'm done with everything with > cookie xyzzy'), and there may be more in the future. I don't think we need any concept of a midcom session, and specifically any concept tying the state of the "session" to the validity of rules installed in the meddlebox. A session might be useful as a form of transport & security shortcut, i.e. authenticate the requestor once per session instead of once per transaction, but that is about the only thing that is really needed. Specifically, an agent must be able to install a rule that is supposed to be valid for some lifetime, go off the network, and be confident that the rule is operative. -- Christian Huitema _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Fri Aug 2 13:21:31 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA27567 for ; Fri, 2 Aug 2002 13:21:31 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id NAA27008 for midcom-archive@odin.ietf.org; Fri, 2 Aug 2002 13:22:41 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA26955; Fri, 2 Aug 2002 13:21:11 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA26926 for ; Fri, 2 Aug 2002 13:21:09 -0400 (EDT) Received: from zctfs063.nortelnetworks.com (zctfs063.nortelnetworks.com [47.164.128.120]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA27450 for ; Fri, 2 Aug 2002 13:19:58 -0400 (EDT) Received: from zctfc040.europe.nortel.com (zctfc040.europe.nortel.com [47.164.129.95]) by zctfs063.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g72HKG021687; Fri, 2 Aug 2002 19:20:16 +0200 (MEST) Received: by zctfc040.europe.nortel.com with Internet Mail Service (5.5.2653.19) id <350WMF7H>; Fri, 2 Aug 2002 19:20:14 +0200 Message-ID: From: "Cedric Aoun" To: "'Christian Huitema'" , Scott Brim , midcom@ietf.org Subject: RE: [midcom] Semantics Of "Session" Date: Fri, 2 Aug 2002 19:20:15 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C23A48.DD52AA16" Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C23A48.DD52AA16 Content-Type: text/plain; charset="iso-8859-1" I still remember our bar BOF and small meeting that we had in London last year in August, we're we all rejected the notion of a "session" as it meant zillions of things. we all agreed that the notion of session was more a notion of an association relation based on trust and no more (i.e. it is an SA or something similar). The establishment of the association starts with the authorization policy provisioning matching the authorized agents. This should be augmented by having an SA between the Middlebox and the Midcom agent. I agree with Christian, the protocol semantics should not include any form of session information. Cedric -----Original Message----- From: Christian Huitema [mailto:huitema@windows.microsoft.com] Sent: 02 August 2002 18:03 To: Scott Brim; midcom@ietf.org Subject: RE: [midcom] Semantics Of "Session" > From: Scott Brim [mailto:swb@employees.org] > On Fri, Aug 02, 2002 11:32:35AM -0400, Tom-PT Taylor allegedly wrote: > > Is there any semantic content to a MIDCOM session, then, > except as a policy > > context for the Middlebox to use when evaluating requests > from the Agent? > > During your presentation, and occasionally in others, I would > ask myself > "what's a session?". There are no semantics that need a session > concept. However there needs to be shared state on both > ends, including > a cookie which can be assigned to rules and used arbitrarily. We can > conceive of uses for it today (like 'I'm done with everything with > cookie xyzzy'), and there may be more in the future. I don't think we need any concept of a midcom session, and specifically any concept tying the state of the "session" to the validity of rules installed in the meddlebox. A session might be useful as a form of transport & security shortcut, i.e. authenticate the requestor once per session instead of once per transaction, but that is about the only thing that is really needed. Specifically, an agent must be able to install a rule that is supposed to be valid for some lifetime, go off the network, and be confident that the rule is operative. -- Christian Huitema _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom ------_=_NextPart_001_01C23A48.DD52AA16 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: [midcom] Semantics Of "Session"

I still remember our bar BOF and small meeting that = we had in London last year in August, we're we all rejected the notion = of a "session" as it meant zillions of things. we all agreed = that the notion of session was more a notion of an association relation = based on trust and no more (i.e. it is an SA or something = similar).

The establishment of the association starts with the = authorization policy provisioning matching the authorized agents. This = should be augmented by having an SA between the Middlebox and the = Midcom agent.

I agree with Christian, the protocol semantics should = not include any form of session information.
Cedric

-----Original Message-----
From: Christian Huitema [mailto:huitema@windows.mic= rosoft.com]
Sent: 02 August 2002 18:03
To: Scott Brim; midcom@ietf.org
Subject: RE: [midcom] Semantics Of = "Session"

> From: Scott Brim [mailto:swb@employees.org]
> On Fri, Aug 02, 2002 11:32:35AM -0400, Tom-PT = Taylor allegedly wrote:
> > Is there any semantic content to a MIDCOM = session, then,
> except as a policy
> > context for the Middlebox to use when = evaluating requests
> from the Agent?
>
> During your presentation, and occasionally in = others, I would
> ask myself
> "what's a session?". There are = no semantics that need a session
> concept. However there needs to be shared = state on both
> ends, including
> a cookie which can be assigned to rules and = used arbitrarily. We can
> conceive of uses for it today (like 'I'm done = with everything with
> cookie xyzzy'), and there may be more in the = future.

I don't think we need any concept of a midcom = session, and specifically
any concept tying the state of the = "session" to the validity of rules
installed in the meddlebox. A session might be = useful as a form of
transport & security shortcut, i.e. authenticate = the requestor once per
session instead of once per transaction, but that is = about the only
thing that is really needed. Specifically, an agent = must be able to
install a rule that is supposed to be valid for some = lifetime, go off
the network, and be confident that the rule is = operative.

-- Christian Huitema

_______________________________________________
midcom mailing list
midcom@ietf.org
https://www1.ietf.org/mailman/listinfo/midcom

------_=_NextPart_001_01C23A48.DD52AA16-- _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Fri Aug 2 13:32:21 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA27902 for ; Fri, 2 Aug 2002 13:32:21 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id NAA28142 for midcom-archive@odin.ietf.org; Fri, 2 Aug 2002 13:33:31 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA28107; Fri, 2 Aug 2002 13:32:27 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA28079 for ; Fri, 2 Aug 2002 13:32:25 -0400 (EDT) Received: from zcars04f.ca.nortel.com (zcars04f.nortelnetworks.com [47.129.242.57]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA27866 for ; Fri, 2 Aug 2002 13:31:15 -0400 (EDT) Received: from zcard309.ca.nortel.com (zcard309.ca.nortel.com [47.129.242.69]) by zcars04f.ca.nortel.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g72HVo719415; Fri, 2 Aug 2002 13:31:51 -0400 (EDT) Received: by zcard309.ca.nortel.com with Internet Mail Service (5.5.2653.19) id ; Fri, 2 Aug 2002 13:31:50 -0400 Message-ID: <4D79C746863DD51197690002A52CDA0001E8A744@zcard0kc.ca.nortel.com> From: "Tom-PT Taylor" To: "Cedric Aoun" , "'Christian Huitema'" , Scott Brim , midcom@ietf.org Subject: RE: [midcom] Semantics Of "Session" Date: Fri, 2 Aug 2002 13:31:48 -0400 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Just on your very last point, you go beyond Christian. The framework shows very clearly a formal start of session and end of session exchange. I see no choice but to indicate such exchanges at the semantic level, however they are realized in practice. But we can omit the session identifier from all other information exchanges. -----Original Message----- From: Aoun, Cedric [GOLF:MA01:EXCH] Sent: Friday, August 02, 2002 1:20 PM To: 'Christian Huitema'; Scott Brim; midcom@ietf.org Subject: RE: [midcom] Semantics Of "Session" I still remember our bar BOF and small meeting that we had in London last year in August, we're we all rejected the notion of a "session" as it meant zillions of things. we all agreed that the notion of session was more a notion of an association relation based on trust and no more (i.e. it is an SA or something similar). The establishment of the association starts with the authorization policy provisioning matching the authorized agents. This should be augmented by having an SA between the Middlebox and the Midcom agent. I agree with Christian, the protocol semantics should not include any form of session information. Cedric -----Original Message----- From: Christian Huitema [mailto:huitema@windows.microsoft.com] Sent: 02 August 2002 18:03 To: Scott Brim; midcom@ietf.org Subject: RE: [midcom] Semantics Of "Session" > From: Scott Brim [mailto:swb@employees.org] > On Fri, Aug 02, 2002 11:32:35AM -0400, Tom-PT Taylor allegedly wrote: > > Is there any semantic content to a MIDCOM session, then, > except as a policy > > context for the Middlebox to use when evaluating requests > from the Agent? > > During your presentation, and occasionally in others, I would > ask myself > "what's a session?". There are no semantics that need a session > concept. However there needs to be shared state on both > ends, including > a cookie which can be assigned to rules and used arbitrarily. We can > conceive of uses for it today (like 'I'm done with everything with > cookie xyzzy'), and there may be more in the future. I don't think we need any concept of a midcom session, and specifically any concept tying the state of the "session" to the validity of rules installed in the meddlebox. A session might be useful as a form of transport & security shortcut, i.e. authenticate the requestor once per session instead of once per transaction, but that is about the only thing that is really needed. Specifically, an agent must be able to install a rule that is supposed to be valid for some lifetime, go off the network, and be confident that the rule is operative. -- Christian Huitema _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Fri Aug 2 13:41:13 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA28173 for ; Fri, 2 Aug 2002 13:41:12 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id NAA28619 for midcom-archive@odin.ietf.org; Fri, 2 Aug 2002 13:42:23 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA28580; Fri, 2 Aug 2002 13:40:53 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA28545 for ; Fri, 2 Aug 2002 13:40:51 -0400 (EDT) Received: from sj-msg-core-4.cisco.com (sj-msg-core-4.cisco.com [171.71.163.54]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA28140 for ; Fri, 2 Aug 2002 13:39:40 -0400 (EDT) Received: from airborne.cisco.com (IDENT:mirapoint@airborne.cisco.com [171.71.154.32]) by sj-msg-core-4.cisco.com (8.12.2/8.12.2) with ESMTP id g72HeK6I029645 for ; Fri, 2 Aug 2002 10:40:20 -0700 (PDT) Received: from localhost.localdomain (ssh-rtp-1.cisco.com [161.44.11.166]) by airborne.cisco.com (Mirapoint) with ESMTP id ABO14508; Fri, 2 Aug 2002 10:40:06 -0700 (PDT) Received: by localhost.localdomain (Postfix, from userid 500) id 5F6D3E6789; Fri, 2 Aug 2002 13:40:04 -0400 (EDT) Date: Fri, 2 Aug 2002 13:40:04 -0400 From: Scott Brim To: midcom@ietf.org Subject: Re: [midcom] Semantics Of "Session" Message-ID: <20020802134004.O1465@localhost.localdomain> Mail-Followup-To: Scott Brim , midcom@ietf.org References: <4D79C746863DD51197690002A52CDA0001E8A744@zcard0kc.ca.nortel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <4D79C746863DD51197690002A52CDA0001E8A744@zcard0kc.ca.nortel.com>; from taylor@nortelnetworks.com on Fri, Aug 02, 2002 at 01:31:48PM -0400 Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org On Fri, Aug 02, 2002 01:31:48PM -0400, Tom-PT Taylor allegedly wrote: > > Just on your very last point, you go beyond Christian. The framework shows > very clearly a formal start of session and end of session exchange. I see > no choice but to indicate such exchanges at the semantic level, however they > are realized in practice. But we can omit the session identifier from all > other information exchanges. The Framework was not completely finished imho. There were several ideas in it which hadn't been completely cleaned up. Personally I didn't push for doing so because I thought the requirements were more important, the framework was non-normative, and we wanted to get to the actual protocol. So I would not take the Framework as gospel. Personally I like the "session" identifier, but I wouldn't call it that. ...Scott > -----Original Message----- > From: Aoun, Cedric [GOLF:MA01:EXCH] > Sent: Friday, August 02, 2002 1:20 PM > To: 'Christian Huitema'; Scott Brim; midcom@ietf.org > Subject: RE: [midcom] Semantics Of "Session" > > > I still remember our bar BOF and small meeting that we had in London last > year in August, we're we all rejected the notion of a "session" as it meant > zillions of things. we all agreed that the notion of session was more a > notion of an association relation based on trust and no more (i.e. it is an > SA or something similar). > The establishment of the association starts with the authorization policy > provisioning matching the authorized agents. This should be augmented by > having an SA between the Middlebox and the Midcom agent. > I agree with Christian, the protocol semantics should not include any form > of session information. > Cedric > -----Original Message----- > From: Christian Huitema [mailto:huitema@windows.microsoft.com] > Sent: 02 August 2002 18:03 > To: Scott Brim; midcom@ietf.org > Subject: RE: [midcom] Semantics Of "Session" > > > > From: Scott Brim [mailto:swb@employees.org] > > On Fri, Aug 02, 2002 11:32:35AM -0400, Tom-PT Taylor allegedly wrote: > > > Is there any semantic content to a MIDCOM session, then, > > except as a policy > > > context for the Middlebox to use when evaluating requests > > from the Agent? > > > > During your presentation, and occasionally in others, I would > > ask myself > > "what's a session?". There are no semantics that need a session > > concept. However there needs to be shared state on both > > ends, including > > a cookie which can be assigned to rules and used arbitrarily. We can > > conceive of uses for it today (like 'I'm done with everything with > > cookie xyzzy'), and there may be more in the future. > I don't think we need any concept of a midcom session, and specifically > any concept tying the state of the "session" to the validity of rules > installed in the meddlebox. A session might be useful as a form of > transport & security shortcut, i.e. authenticate the requestor once per > session instead of once per transaction, but that is about the only > thing that is really needed. Specifically, an agent must be able to > install a rule that is supposed to be valid for some lifetime, go off > the network, and be confident that the rule is operative. > -- Christian Huitema > _______________________________________________ > midcom mailing list > midcom@ietf.org > https://www1.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Fri Aug 2 13:57:59 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA28861 for ; Fri, 2 Aug 2002 13:57:59 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id NAA29375 for midcom-archive@odin.ietf.org; Fri, 2 Aug 2002 13:59:09 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA29343; Fri, 2 Aug 2002 13:57:57 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA29267 for ; Fri, 2 Aug 2002 13:57:53 -0400 (EDT) Received: from zctfs063.nortelnetworks.com (zctfs063.nortelnetworks.com [47.164.128.120]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA28798 for ; Fri, 2 Aug 2002 13:56:41 -0400 (EDT) Received: from zctfc040.europe.nortel.com (zctfc040.europe.nortel.com [47.164.129.95]) by zctfs063.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g72HvJ022116; Fri, 2 Aug 2002 19:57:19 +0200 (MEST) Received: by zctfc040.europe.nortel.com with Internet Mail Service (5.5.2653.19) id <350WMF89>; Fri, 2 Aug 2002 19:57:17 +0200 Message-ID: From: "Cedric Aoun" To: "'Scott Brim'" , midcom@ietf.org Subject: RE: [midcom] Semantics Of "Session" Date: Fri, 2 Aug 2002 19:57:19 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C23A4E.0AEE2216" Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C23A4E.0AEE2216 Content-Type: text/plain; charset="iso-8859-1" I think that the requirement is to be able to have a handoff of policy rules. It is sufficient to have the association of policy rules with the MIDCOM agent that installed them. When the handoff happens another authorized Midcom agent could have ownership of the policy rules, we are discussing what should be the common identifier of all these policy rules (installed by the failed-over agent), the MIDCOM agent ID of the failed-over agent should be sufficient. Don't you agree? Cedric -----Original Message----- From: Scott Brim [mailto:swb@employees.org] Sent: 02 August 2002 19:40 To: midcom@ietf.org Subject: Re: [midcom] Semantics Of "Session" On Fri, Aug 02, 2002 01:31:48PM -0400, Tom-PT Taylor allegedly wrote: > > Just on your very last point, you go beyond Christian. The framework shows > very clearly a formal start of session and end of session exchange. I see > no choice but to indicate such exchanges at the semantic level, however they > are realized in practice. But we can omit the session identifier from all > other information exchanges. The Framework was not completely finished imho. There were several ideas in it which hadn't been completely cleaned up. Personally I didn't push for doing so because I thought the requirements were more important, the framework was non-normative, and we wanted to get to the actual protocol. So I would not take the Framework as gospel. Personally I like the "session" identifier, but I wouldn't call it that. ...Scott > -----Original Message----- > From: Aoun, Cedric [GOLF:MA01:EXCH] > Sent: Friday, August 02, 2002 1:20 PM > To: 'Christian Huitema'; Scott Brim; midcom@ietf.org > Subject: RE: [midcom] Semantics Of "Session" > > > I still remember our bar BOF and small meeting that we had in London last > year in August, we're we all rejected the notion of a "session" as it meant > zillions of things. we all agreed that the notion of session was more a > notion of an association relation based on trust and no more (i.e. it is an > SA or something similar). > The establishment of the association starts with the authorization policy > provisioning matching the authorized agents. This should be augmented by > having an SA between the Middlebox and the Midcom agent. > I agree with Christian, the protocol semantics should not include any form > of session information. > Cedric > -----Original Message----- > From: Christian Huitema [mailto:huitema@windows.microsoft.com] > Sent: 02 August 2002 18:03 > To: Scott Brim; midcom@ietf.org > Subject: RE: [midcom] Semantics Of "Session" > > > > From: Scott Brim [mailto:swb@employees.org] > > On Fri, Aug 02, 2002 11:32:35AM -0400, Tom-PT Taylor allegedly wrote: > > > Is there any semantic content to a MIDCOM session, then, > > except as a policy > > > context for the Middlebox to use when evaluating requests > > from the Agent? > > > > During your presentation, and occasionally in others, I would > > ask myself > > "what's a session?". There are no semantics that need a session > > concept. However there needs to be shared state on both > > ends, including > > a cookie which can be assigned to rules and used arbitrarily. We can > > conceive of uses for it today (like 'I'm done with everything with > > cookie xyzzy'), and there may be more in the future. > I don't think we need any concept of a midcom session, and specifically > any concept tying the state of the "session" to the validity of rules > installed in the meddlebox. A session might be useful as a form of > transport & security shortcut, i.e. authenticate the requestor once per > session instead of once per transaction, but that is about the only > thing that is really needed. Specifically, an agent must be able to > install a rule that is supposed to be valid for some lifetime, go off > the network, and be confident that the rule is operative. > -- Christian Huitema > _______________________________________________ > midcom mailing list > midcom@ietf.org > https://www1.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom ------_=_NextPart_001_01C23A4E.0AEE2216 Content-Type: text/html; charset="iso-8859-1" RE: [midcom] Semantics Of "Session"

I think that the requirement is to be able to have a handoff of
policy rules. It is sufficient to have the association of policy rules
with the MIDCOM agent that installed them.
When the handoff happens another authorized Midcom agent could have ownership
of the policy rules, we are discussing what should be the common identifier of
all these policy rules (installed by the failed-over agent), the MIDCOM agent ID
of the failed-over agent should be sufficient. Don't you agree?
Cedric

-----Original Message-----
From: Scott Brim [mailto:swb@employees.org]
Sent: 02 August 2002 19:40
To: midcom@ietf.org
Subject: Re: [midcom] Semantics Of "Session"

On Fri, Aug 02, 2002 01:31:48PM -0400, Tom-PT Taylor allegedly wrote:
>
> Just on your very last point, you go beyond Christian. The framework shows
> very clearly a formal start of session and end of session exchange. I see
> no choice but to indicate such exchanges at the semantic level, however they
> are realized in practice. But we can omit the session identifier from all
> other information exchanges.

The Framework was not completely finished imho. There were several
ideas in it which hadn't been completely cleaned up. Personally I
didn't push for doing so because I thought the requirements were more
important, the framework was non-normative, and we wanted to get to the
actual protocol. So I would not take the Framework as gospel.

Personally I like the "session" identifier, but I wouldn't call it that.

...Scott

> -----Original Message-----
> From: Aoun, Cedric [GOLF:MA01:EXCH]
> Sent: Friday, August 02, 2002 1:20 PM
> To: 'Christian Huitema'; Scott Brim; midcom@ietf.org
> Subject: RE: [midcom] Semantics Of "Session"
>
>
> I still remember our bar BOF and small meeting that we had in London last
> year in August, we're we all rejected the notion of a "session" as it meant
> zillions of things. we all agreed that the notion of session was more a
> notion of an association relation based on trust and no more (i.e. it is an
> SA or something similar).
> The establishment of the association starts with the authorization policy
> provisioning matching the authorized agents. This should be augmented by
> having an SA between the Middlebox and the Midcom agent.
> I agree with Christian, the protocol semantics should not include any form
> of session information.
> Cedric
> -----Original Message-----
> From: Christian Huitema [mailto:huitema@windows.microsoft.com]
> Sent: 02 August 2002 18:03
> To: Scott Brim; midcom@ietf.org
> Subject: RE: [midcom] Semantics Of "Session"
>
>
> > From: Scott Brim [mailto:swb@employees.org]
> > On Fri, Aug 02, 2002 11:32:35AM -0400, Tom-PT Taylor allegedly wrote:
> > > Is there any semantic content to a MIDCOM session, then,
> > except as a policy
> > > context for the Middlebox to use when evaluating requests
> > from the Agent?
> >
> > During your presentation, and occasionally in others, I would
> > ask myself
> > "what's a session?". There are no semantics that need a session
> > concept. However there needs to be shared state on both
> > ends, including
> > a cookie which can be assigned to rules and used arbitrarily. We can
> > conceive of uses for it today (like 'I'm done with everything with
> > cookie xyzzy'), and there may be more in the future.
> I don't think we need any concept of a midcom session, and specifically
> any concept tying the state of the "session" to the validity of rules
> installed in the meddlebox. A session might be useful as a form of
> transport & security shortcut, i.e. authenticate the requestor once per
> session instead of once per transaction, but that is about the only
> thing that is really needed. Specifically, an agent must be able to
> install a rule that is supposed to be valid for some lifetime, go off
> the network, and be confident that the rule is operative.
> -- Christian Huitema
> _______________________________________________
> midcom mailing list
> midcom@ietf.org
> https://www1.ietf.org/mailman/listinfo/midcom

_______________________________________________
midcom mailing list
midcom@ietf.org
https://www1.ietf.org/mailman/listinfo/midcom

------_=_NextPart_001_01C23A4E.0AEE2216-- _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Fri Aug 2 14:10:28 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA29277 for ; Fri, 2 Aug 2002 14:10:28 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id OAA00618 for midcom-archive@odin.ietf.org; Fri, 2 Aug 2002 14:11:38 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id OAA00578; Fri, 2 Aug 2002 14:10:29 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id OAA00541 for ; Fri, 2 Aug 2002 14:10:28 -0400 (EDT) Received: from zcars04f.ca.nortel.com (zcars04f.nortelnetworks.com [47.129.242.57]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA29243 for ; Fri, 2 Aug 2002 14:09:17 -0400 (EDT) Received: from zcard309.ca.nortel.com (zcard309.ca.nortel.com [47.129.242.69]) by zcars04f.ca.nortel.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g72I9t722225; Fri, 2 Aug 2002 14:09:56 -0400 (EDT) Received: by zcard309.ca.nortel.com with Internet Mail Service (5.5.2653.19) id ; Fri, 2 Aug 2002 14:09:55 -0400 Message-ID: <4D79C746863DD51197690002A52CDA0001E8A745@zcard0kc.ca.nortel.com> From: "Tom-PT Taylor" To: "Cedric Aoun" , "'Scott Brim'" , midcom@ietf.org Subject: RE: [midcom] Semantics Of "Session" Date: Fri, 2 Aug 2002 14:09:55 -0400 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org When we discussed handoff, or rather, takeover, we agreed we certainly needed the capability. I know Jonathan argued that takeover should be on a per-rule basis, so rules should have globally unique identifiers to make this easy. I had the feeling others accepted this. -----Original Message----- From: Aoun, Cedric [GOLF:MA01:EXCH] Sent: Friday, August 02, 2002 1:57 PM To: 'Scott Brim'; midcom@ietf.org Subject: RE: [midcom] Semantics Of "Session" I think that the requirement is to be able to have a handoff of policy rules. It is sufficient to have the association of policy rules with the MIDCOM agent that installed them. When the handoff happens another authorized Midcom agent could have ownership of the policy rules, we are discussing what should be the common identifier of all these policy rules (installed by the failed-over agent), the MIDCOM agent ID of the failed-over agent should be sufficient. Don't you agree? Cedric -----Original Message----- From: Scott Brim [mailto:swb@employees.org] Sent: 02 August 2002 19:40 To: midcom@ietf.org Subject: Re: [midcom] Semantics Of "Session" On Fri, Aug 02, 2002 01:31:48PM -0400, Tom-PT Taylor allegedly wrote: > > Just on your very last point, you go beyond Christian. The framework shows > very clearly a formal start of session and end of session exchange. I see > no choice but to indicate such exchanges at the semantic level, however they > are realized in practice. But we can omit the session identifier from all > other information exchanges. The Framework was not completely finished imho. There were several ideas in it which hadn't been completely cleaned up. Personally I didn't push for doing so because I thought the requirements were more important, the framework was non-normative, and we wanted to get to the actual protocol. So I would not take the Framework as gospel. Personally I like the "session" identifier, but I wouldn't call it that. ...Scott > -----Original Message----- > From: Aoun, Cedric [GOLF:MA01:EXCH] > Sent: Friday, August 02, 2002 1:20 PM > To: 'Christian Huitema'; Scott Brim; midcom@ietf.org > Subject: RE: [midcom] Semantics Of "Session" > > > I still remember our bar BOF and small meeting that we had in London last > year in August, we're we all rejected the notion of a "session" as it meant > zillions of things. we all agreed that the notion of session was more a > notion of an association relation based on trust and no more (i.e. it is an > SA or something similar). > The establishment of the association starts with the authorization policy > provisioning matching the authorized agents. This should be augmented by > having an SA between the Middlebox and the Midcom agent. > I agree with Christian, the protocol semantics should not include any form > of session information. > Cedric > -----Original Message----- > From: Christian Huitema [mailto:huitema@windows.microsoft.com] > Sent: 02 August 2002 18:03 > To: Scott Brim; midcom@ietf.org > Subject: RE: [midcom] Semantics Of "Session" > > > > From: Scott Brim [mailto:swb@employees.org] > > On Fri, Aug 02, 2002 11:32:35AM -0400, Tom-PT Taylor allegedly wrote: > > > Is there any semantic content to a MIDCOM session, then, > > except as a policy > > > context for the Middlebox to use when evaluating requests > > from the Agent? > > > > During your presentation, and occasionally in others, I would > > ask myself > > "what's a session?". There are no semantics that need a session > > concept. However there needs to be shared state on both > > ends, including > > a cookie which can be assigned to rules and used arbitrarily. We can > > conceive of uses for it today (like 'I'm done with everything with > > cookie xyzzy'), and there may be more in the future. > I don't think we need any concept of a midcom session, and specifically > any concept tying the state of the "session" to the validity of rules > installed in the meddlebox. A session might be useful as a form of > transport & security shortcut, i.e. authenticate the requestor once per > session instead of once per transaction, but that is about the only > thing that is really needed. Specifically, an agent must be able to > install a rule that is supposed to be valid for some lifetime, go off > the network, and be confident that the rule is operative. > -- Christian Huitema > _______________________________________________ > midcom mailing list > midcom@ietf.org > https://www1.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Fri Aug 2 20:14:14 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA12352 for ; Fri, 2 Aug 2002 20:14:14 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id UAA17547 for midcom-archive@odin.ietf.org; Fri, 2 Aug 2002 20:15:24 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id UAA17526; Fri, 2 Aug 2002 20:14:14 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id UAA17497 for ; Fri, 2 Aug 2002 20:14:13 -0400 (EDT) Received: from zrc2s0jx.nortelnetworks.com (zrc2s0jx.nortelnetworks.com [47.103.122.112]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA12342 for ; Fri, 2 Aug 2002 20:13:02 -0400 (EDT) Received: from zrc2c011.us.nortel.com (zrc2c011.us.nortel.com [47.103.120.51]) by zrc2s0jx.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g730DtH14925; Fri, 2 Aug 2002 19:13:55 -0500 (CDT) Received: by zrc2c011.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Fri, 2 Aug 2002 19:13:41 -0500 Message-ID: <1B54FA3A2709D51195C800508BF9386A05A7C80D@zrc2c000.us.nortel.com> From: "Mary Barnes" To: "'James_Renkel@3com.com'" Cc: "'midcom'" Subject: RE: [midcom] Comments on protocol evaluation draft Date: Fri, 2 Aug 2002 19:13:40 -0500 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Hi Jim, I did finally complete a more detailed review of your suggested changes, and I think you've interpreted text, which I've understood to describe how the requirement is met by the specific protocol, to mean that extensions are required to support that functionality and I don't think that's the case for: 2.2.2 SNMP 2.2.4 Megaco 2.2.4 Diameter 2.2.6 Diameter 2.2.6 COPS I think this same applies to 2.2.7 for Diameter, but I think this needs to be reworded as a positive statement, rather than it's current negative form. I'll post the proposed text separately. I think you may have a valid point for 2.2.8 Megaco. I'll start a separate thread on that one. For 2.1.8, Diameter is currently a P and per my email last week, I will be changing this to a P+, so we're also in agreement on what that one should be. This along with my email response this morning should provide complete feedback on how I propose to handle each of your suggested changes. Thanks, Mary. -----Original Message----- From: James_Renkel@3com.com [mailto:James_Renkel@3com.com] Sent: Thursday, August 01, 2002 11:45 PM To: Barnes, Mary [NGC:B602:EXCH] Cc: 'midcom' Subject: RE: [midcom] Comments on protocol evaluation draft Mary (and other middlebox experts), Thank you much for your reply. The clarification of the grading system is especially useful. I had a lot of trouble understanding it before, but I think I got it now. Here's what I now understand the grades to mean: T - Compliance to the requirement with the protocol as is P+ - Compliance to the requirement with an extension to the protocol P - Compliance to the requirement with a change, or an extension that impacts existing users of the protocol F - No compliance (even with extension of the protocol???) Some observations on this: - Since all the protocols are extensible and extensions can generally be made, one way or another, to be backward compatible, I'm surprised that we have any P's of F's. :-) - We seem to have lost the concept of how large an extension needs to be made to add a "thing" to the protocol. Is the protocol close to the requirement and just needs a little extension? Or does the protocol have nothing to offer and the thing has to be added completely? I originally thought that was the idea behind the the T, P and F grades ("How much do ya have to change the protocol to satify the requirement? None, a little, and a lot, respectively"), but I guess we evolved from that, assuming that was the original intention. As you suggested, I went back and looked for what I thought were incon- sistencies in P+ and P grades. Once I got started digging, what I wound up doing was quickly reviewing all the scores for consistency with the grading system as I now understand it and the summary information for each protocol's compliance with each requirement as given in the protocol evaluation I-D (BTW, I used the -02 version of the I-D, without any of the changes that have been discussed since it was published.). The grading inconsistencies that I saw fell into 4 categories: 1. The requirement compliance text for the protocol basically said "This can be done with an extension to this protocol" and the grade was a T, instead of a P+ as I believe it should be. I included the closely related "The protocol does not preclude this extension from being made." in this category. 2. The requirement compliance text for the protocol says the protocol has something here but extension is required and can be made with no impact, but graded it as a P instead of a P+. 3. The requirement compliance text for the protocol says the protocol has nothing here but the necessary extension can be made without impact, and graded it as an F instead of a P+. 4. The requirement compliance text for the protocol says the protocol has nothing here but if ya use TLS or IPsec or whatever for security ya get everything, and graded it as a T. In the last case, I'm not sure what the right score is, but I would suggest at most P+, to distinguish these from protocols that have the right thing here without resorting to TLS or IPsec or whatever for security, which I think should get a T grade. (For consistency, I considered grades of F (Honestly given, in my opinion, but I could be wrong.) but the requirement could be fulfilled with TLS or IPsec or whatever for security, hence now graded P+ for consistency, as instances of this case also.) I also found a few other what I believe to be inconsistencies, at least based on the scoring system as I now understand it. Call this category 5. I list the inconsistencies I found at the end of this message, but here's some statistics. Take 'em for whatever ya think they're worth. Out of a total of 135 scores (27 requirements times 5 protocols) I found what I thought were 31 inconsistencies. That's just less than 23%. The number of inconsistencies by category by protocol are: Category SNMP RSIP MEGACO DIAMETER COPS Total -------- ---- ---- ------ -------- ---- ----- 1 1 0 3 3 1 8 2 0 2 0 1 0 3 3 0 4 0 0 0 4 4 0 5 4 5 0 14 5 0 2 0 0 0 2 -- -- -- -- -- -- Total 1 13 7 9 1 31 The resulting adjustments in protocols scores are: Protocol T P+ P F -------- --- --- --- --- SNMP - 1 + 1 RSIP + 2 +10 - 3 - 9 MEGACO - 7 + 7 DIAMETER - 8 + 9 - 1 COPS - 1 + 1 --- --- --- --- Total -15 +28 - 4 - 9 And the resulting protocol scores are: Protocol T P+ P F Total -------- --- --- --- --- ----- SNMP 18 9 0 0 27 RSIP 14 13 0 0 27 MEGACO 13 11 2 1 27 DIAMETER 13 13 1 0 27 COPS 19 6 1 1 27 --- --- --- --- --- Total 77 52 4 2 135 This was done real quick, so there's probably still stuff not right, but now, at least to me, the numbers better match the general feeling I get when reading the I-D. Comments expected and welcome. Jim ================ Inconsistencies I found in the MIDCOM protocol evaluation grades (This was composed with tab stops every 8 characters.) Score Require- ------------------- Inconsistency ment Protocol Was Should be Category -------- -------- --- --------- -------- 2.1.2 RSIP P T 5 2.1.8 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.2.1 RSIP P+ T 5 2.2.2 SNMP T P+ 1 RSIP P P+ 2 MEGACO T P+ 1 DIAMETER T P+ 1 2.2.3 RSIP P P+ 3 2.2.4 MEGACO T P+ 1 DIAMETER T P+ 1 2,2,6 DIAMETER T P+ 1 COPS T P+ 1 2.2.7 RSIP F P+ 3 DIAMETER T P+ 1 2.2.8 RSIP P P+ 2 MEGACO T P+ 1 2.2.9 RSIP F P+ 3 2.2.11 RSIP F P+ 3 2.3.1 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.3.2 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.3.3 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.3.4 RSIP F P+ 4 DIAMETER T P+ 4 _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Fri Aug 2 20:21:18 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA12454 for ; Fri, 2 Aug 2002 20:21:18 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id UAA17746 for midcom-archive@odin.ietf.org; Fri, 2 Aug 2002 20:22:28 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id UAA17696; Fri, 2 Aug 2002 20:21:32 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id UAA17669 for ; Fri, 2 Aug 2002 20:21:31 -0400 (EDT) Received: from zrc2s0jx.nortelnetworks.com (zrc2s0jx.nortelnetworks.com [47.103.122.112]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA12422 for ; Fri, 2 Aug 2002 20:20:20 -0400 (EDT) Received: from zrc2c011.us.nortel.com (zrc2c011.us.nortel.com [47.103.120.51]) by zrc2s0jx.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g730LFH15163 for ; Fri, 2 Aug 2002 19:21:15 -0500 (CDT) Received: by zrc2c011.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Fri, 2 Aug 2002 19:21:01 -0500 Message-ID: <1B54FA3A2709D51195C800508BF9386A05A7C80E@zrc2c000.us.nortel.com> From: "Mary Barnes" To: "'midcom'" Date: Fri, 2 Aug 2002 19:21:01 -0500 X-Mailer: Internet Mail Service (5.5.2653.19) Subject: [midcom] Protocol eval: 2.2.7 Diameter - Proposal to reword text for clari fication of Full Compliancy Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Hi all, Per my email response to Jim, to clarify that Diameter does meet this reqiurement, I'm proposing to change the Diameter description in 2.2.7 from: "The Diameter protocol as currently defined offers no impediment such an operation." To: "The Diameter protocol, as currently defined, would allow multiple agents to operate on the same ruleset." I would like feedback (positive and/or negative) on this proposed change by COB Monday, August 5th. Regards, Mary H. Barnes mbarnes@nortelnetworks.com 972-684-5432 Wireless 817-703-4806 _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Fri Aug 2 20:37:30 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA12814 for ; Fri, 2 Aug 2002 20:37:30 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id UAA18528 for midcom-archive@odin.ietf.org; Fri, 2 Aug 2002 20:38:40 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id UAA18503; Fri, 2 Aug 2002 20:37:47 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id UAA18475 for ; Fri, 2 Aug 2002 20:37:46 -0400 (EDT) Received: from zrc2s0jx.nortelnetworks.com (zrc2s0jx.nortelnetworks.com [47.103.122.112]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA12786 for ; Fri, 2 Aug 2002 20:36:35 -0400 (EDT) Received: from zrc2c011.us.nortel.com (zrc2c011.us.nortel.com [47.103.120.51]) by zrc2s0jx.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g730bTH15540 for ; Fri, 2 Aug 2002 19:37:29 -0500 (CDT) Received: by zrc2c011.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Fri, 2 Aug 2002 19:37:15 -0500 Message-ID: <1B54FA3A2709D51195C800508BF9386A05A7C80F@zrc2c000.us.nortel.com> From: "Mary Barnes" To: "'midcom'" Cc: "Cedric Aoun" , "Sanjoy Sen" , "Tom-PT Taylor" Date: Fri, 2 Aug 2002 19:37:14 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C23A85.E9DF92C0" Subject: [midcom] Protocol eval: 2.2.8 - Megaco - Question as to whether "Transport of filtering rules" is fully supported in current protocol Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C23A85.E9DF92C0 Content-Type: text/plain; charset="iso-8859-1" Hi all, Per my email response to Jim, I think this may be a valid proposal to change Megaco from "T" to "P+" for requirement 2.2.8 - Transport of Filtering rules. What do the Megaco experts think on this one (I could not find any previous discussion of this)? I would like feedback (positive and/or negative) on this proposed change by COB Monday, August 5th. Regards, Mary H. Barnes mbarnes@nortelnetworks.com 972-684-5432 Wireless 817-703-4806 ------_=_NextPart_001_01C23A85.E9DF92C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Protocol eval: 2.2.8 - Megaco - Question as to whether = "Transport of filtering rules" is fully supported in current = protocol

Hi all,

Per my email response to Jim, I think this may be a = valid proposal to change Megaco from "T" to "P+" = for requirement 2.2.8 - Transport of Filtering rules.

What do the Megaco experts think on this one (I could = not find any previous discussion of this)?

I would like feedback (positive and/or negative) on = this proposed change by
COB Monday, August 5th.

Regards,
Mary H. Barnes
mbarnes@nortelnetworks.com
972-684-5432
Wireless 817-703-4806

------_=_NextPart_001_01C23A85.E9DF92C0-- _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Fri Aug 2 20:41:16 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA12886 for ; Fri, 2 Aug 2002 20:41:16 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id UAA18663 for midcom-archive@odin.ietf.org; Fri, 2 Aug 2002 20:42:26 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id UAA18630; Fri, 2 Aug 2002 20:41:34 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id UAA18603 for ; Fri, 2 Aug 2002 20:41:33 -0400 (EDT) Received: from zrc2s0jx.nortelnetworks.com (zrc2s0jx.nortelnetworks.com [47.103.122.112]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA12871 for ; Fri, 2 Aug 2002 20:40:22 -0400 (EDT) Received: from zrc2c011.us.nortel.com (zrc2c011.us.nortel.com [47.103.120.51]) by zrc2s0jx.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g730fHH15597 for ; Fri, 2 Aug 2002 19:41:17 -0500 (CDT) Received: by zrc2c011.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Fri, 2 Aug 2002 19:41:03 -0500 Message-ID: <1B54FA3A2709D51195C800508BF9386A05A7C810@zrc2c000.us.nortel.com> From: "Mary Barnes" To: "Cedric Aoun" , "'midcom@ietf.org'" Subject: RE: [midcom] MIDCOM Protocol Evaluation - Proposed changes to SNM P - Section 1 .1.1 Date: Fri, 2 Aug 2002 19:41:02 -0500 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Cedric, I agree, I propose to change the text as follows: "The primary advantages of SNMP are that it is a mature, well understood protocol currently deployed in various scenarios, with mature toolsets available for SNMP managers and agents. However, several other factors also affect SNMP's applicability as the MIDCOM protocol: - SNMP is mainly used for monitoring rather than for configuring network nodes, and - SNMPv3 is required in order to meet the reliability and security related requirements." Thanks, Mary. -----Original Message----- From: Aoun, Cedric [GOLF:MA01:EXCH] Sent: Friday, August 02, 2002 11:02 AM To: Barnes, Mary [NGC:B602:EXCH]; 'midcom@ietf.org' Subject: RE: [midcom] MIDCOM Protocol Evaluation - Proposed changes to SNMP - Section 1 .1.1 Mary, I think you should also add that for reliability purposes SNMP is not applicable. SNMPv2 provides reliability of notifications sent from the MB (i.e the SNMP agent) by using INFORM instead of TRAPs as they are not acked. Basically all I'm saying is that for all needs, SNMPv3 is required to meet the current compliancy statements. Cedric -----Original Message----- From: Barnes, Mary [NGC:B602:EXCH] Sent: 26 July 2002 22:53 To: 'midcom@ietf.org' Subject: [midcom] MIDCOM Protocol Evaluation - Proposed changes to SNMP - Section 1 .1.1 Hi all, This is the change that I propose to make to Section 1.1.1, with regards to clarifying the applicability of SNMP as the MIDCOM protocol. Old Text (from draft-ietf-midcom-protocol-eval-02.txt): "The primary advantages of SNMP compared to other protocols evaluated are that it is a mature, well understood protocol currently deployed in various scenarios. In addition, mature toolsets are available for SNMP managers and agents. SNMP is mainly used for monitoring rather than for configuring network nodes, however, thus reducing its applicability to MIDCOM." Proposed New Text: "The primary advantages of SNMP are that it is a mature, well understood protocol currently deployed in various scenarios, with mature toolsets available for SNMP managers and agents. However, several other factors also affect SNMP's applicability as the MIDCOM protocol: - SNMP is mainly used for monitoring rather than for configuring network nodes, and - SNMPv3 is required in order to meet the security requirements." *************** Although comments on the overall document will be accepted through August 2nd, I would like to request that feedback on this proposed change be provided by 6PM CST Tuesday (30 July) so that we can address any concerns prior to the 2nd; with no response meaning that the proposed text is OK. *************** Regards, Mary H. Barnes mbarnes@nortelnetworks.com 972-684-5432 Wireless 817-703-4806 _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Fri Aug 2 21:02:49 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA13311 for ; Fri, 2 Aug 2002 21:02:49 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id VAA19576 for midcom-archive@odin.ietf.org; Fri, 2 Aug 2002 21:03:59 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id VAA19454; Fri, 2 Aug 2002 21:03:00 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id VAA19382 for ; Fri, 2 Aug 2002 21:02:57 -0400 (EDT) Received: from zrc2s0jx.nortelnetworks.com (zrc2s0jx.nortelnetworks.com [47.103.122.112]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA13244 for ; Fri, 2 Aug 2002 21:01:46 -0400 (EDT) Received: from zrc2c011.us.nortel.com (zrc2c011.us.nortel.com [47.103.120.51]) by zrc2s0jx.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g7312NH16948; Fri, 2 Aug 2002 20:02:23 -0500 (CDT) Received: by zrc2c011.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Fri, 2 Aug 2002 20:02:09 -0500 Message-ID: <1B54FA3A2709D51195C800508BF9386A05A7C811@zrc2c000.us.nortel.com> From: "Mary Barnes" To: "'James_Renkel@3com.com'" Cc: "'midcom'" Subject: Deadline of Aug. 5th (was RE: Proposed changes to RSIP evaluation (was RE: [midcom] Comments on protocol evaluation draft Date: Fri, 2 Aug 2002 20:02:08 -0500 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Hi Jim, Just one final "process" note; I missed putting a deadline for your feedback. If you plan on proposing additional new text which would be required for some of your proposed changes, I would need that text by COB Monday, August 5th, so that we have a day or so to discuss on the list prior to me making the final edits. If you could post each individual requirement in separate emails to the list, that will facilitate my tracking of resolution of the discussion. The Subject line should be similar to the following: Protocol eval: Section x.y.z - Thanks, Mary. -----Original Message----- From: Barnes, Mary [NGC:B602:EXCH] Sent: Friday, August 02, 2002 9:48 AM To: Taylor, Tom-PT [CAR:B602:EXCH]; 'James_Renkel@3com.com' Cc: 'midcom' Subject: Proposed changes to RSIP evaluation (was RE: [midcom] Comments on protocol evaluation draft Jim et al, I've not thoroughly reviewed all the proposed changes in detail, but will do so shortly, but I also did want to respond to the Category 4 to which Tom also responded wrt security. We have already discussed and resolved this concern per email discussions based on the -01 version. Refer to: http://www.ietf.org/mail-archive/working-groups/midcom/current/msg02397.html Now, you're also proposing that RSIP be "upgraded" for the security ones that you had scored as Failing to meet compliancy in your analysis. Based upon the text currently in section 2.1.8, 2.3.1, which also applies to 2.3.2-2.3.4, I don't have a problem changing those to Ps. The P+ category would only apply if these changes could be made to RSIP as a natural extension of the protocol with no impact to current users of that protocol (i.e. current users don't make use of the information, and wouldn't be bothered by it being in the messages). There are a many other RSIP scores, many of which were derived from your original analysis, that you're also now proposing changes for: 2.1.2 - The text for this one clearly states that an extension is required. 2.2.1 - The text currently supports the P+ score. 2.2.2 - I think a P+ needs additional text to substantiate that this would be a compatible extension of the protocol (OR we need some text upfront in the RSIP overview describing the extensibility mechanisms defined by RSIP) 2.2.3 - ditto 2.2.7 - I can't quite see how this goes from F to P+; you'll need to provide more text or clarification. 2.2.8 - I think a P+ needs additional text to substantiate that this would be a compatible extension of the protocol 2.2.9 - I don't have a problem with changing this to P. Again, P+ would require additional text to substantiate that this would be a compatible extension of the protocol. 2.2.11 -ditto Upon another quick glance, I think many of the proposed changes for the other protocols are bringing forth issues with other "scores" that we have already discussed (e.g. 2.2.2 for Megaco) Certainly, if there is overwhelming support for your changes, then they can be done, but we've got to have more than one person supporting the change for something that we have previously discussed and I certainly thought had reached concensus on. I won't be responding to each of these that we've already discussed, you can search the email archives, where each has been addressed in a separate email thread. Again, I haven't looked at each in detail, and you may indeed have found some changes which are valid, so I will post separately each of those which I would agree to change provided there is WG concensus (i.e. no negative responses to my proposals). Regards, Mary. -----Original Message----- From: Taylor, Tom-PT [CAR:B602:EXCH] Sent: Friday, August 02, 2002 9:01 AM To: 'James_Renkel@3com.com'; Barnes, Mary [NGC:B602:EXCH] Cc: 'midcom' Subject: RE: [midcom] Comments on protocol evaluation draft From my point of view you raise two issues I cannot leave unanswered. The first has to do with P+ extensions and your first scoring inconsistency, the second with security. I confess that the need for protocol extensions poses a logical issue: how to treat this need when it affects multiple categories of response. On the one hand, I think it is over-stating things to simply score 1 against each category that depends on the extension. On the other, it is certainly true that, whether you are defining a new MIB, a new DIAMETER application, or a new Megaco package, you imply the need for extra code in both the Agent and the Middlebox above that supplied by the base protocol implementation. I myself would propose adding an evaluation category that specifies the increment to the base protocol implied by its use for MIDCOM. Leaving that aside, any protocol that fails to meet one of the MIDCOM requirements is probably beyond our consideration. On the security issue: you dismiss too quickly those protocols that rely on lower layers for their necessary degree of security. The RFCs specifying these protocols have security sections. The protocol security architecture in each case was arrived at by considering the specific threats that had to be countered in the protocol's domain of application. An architecture that relies on lower layer security is perfectly valid if that meets the requirements for that protocol. What we do have to think about is whether the threats are different for the MIDCOM application from those considered when the candidate protocol was being designed. If so, the security architecture for that protocol may have to be modified to fit MIDCOM application. But the security section of the MIDCOM requirements document reflects the results of the MIDCOM threat analysis. Thus if our candidate protocols, including their specified security architectures, can meet these requirements in a practical way, they must be scored as passing those requirements. -----Original Message----- From: James_Renkel@3com.com [mailto:James_Renkel@3com.com] Sent: Friday, August 02, 2002 12:45 AM To: Barnes, Mary [NGC:B602:EXCH] Cc: 'midcom' Subject: RE: [midcom] Comments on protocol evaluation draft Mary (and other middlebox experts), Thank you much for your reply. The clarification of the grading system is especially useful. I had a lot of trouble understanding it before, but I think I got it now. Here's what I now understand the grades to mean: T - Compliance to the requirement with the protocol as is P+ - Compliance to the requirement with an extension to the protocol P - Compliance to the requirement with a change, or an extension that impacts existing users of the protocol F - No compliance (even with extension of the protocol???) Some observations on this: - Since all the protocols are extensible and extensions can generally be made, one way or another, to be backward compatible, I'm surprised that we have any P's of F's. :-) - We seem to have lost the concept of how large an extension needs to be made to add a "thing" to the protocol. Is the protocol close to the requirement and just needs a little extension? Or does the protocol have nothing to offer and the thing has to be added completely? I originally thought that was the idea behind the the T, P and F grades ("How much do ya have to change the protocol to satify the requirement? None, a little, and a lot, respectively"), but I guess we evolved from that, assuming that was the original intention. As you suggested, I went back and looked for what I thought were incon- sistencies in P+ and P grades. Once I got started digging, what I wound up doing was quickly reviewing all the scores for consistency with the grading system as I now understand it and the summary information for each protocol's compliance with each requirement as given in the protocol evaluation I-D (BTW, I used the -02 version of the I-D, without any of the changes that have been discussed since it was published.). The grading inconsistencies that I saw fell into 4 categories: 1. The requirement compliance text for the protocol basically said "This can be done with an extension to this protocol" and the grade was a T, instead of a P+ as I believe it should be. I included the closely related "The protocol does not preclude this extension from being made." in this category. 2. The requirement compliance text for the protocol says the protocol has something here but extension is required and can be made with no impact, but graded it as a P instead of a P+. 3. The requirement compliance text for the protocol says the protocol has nothing here but the necessary extension can be made without impact, and graded it as an F instead of a P+. 4. The requirement compliance text for the protocol says the protocol has nothing here but if ya use TLS or IPsec or whatever for security ya get everything, and graded it as a T. In the last case, I'm not sure what the right score is, but I would suggest at most P+, to distinguish these from protocols that have the right thing here without resorting to TLS or IPsec or whatever for security, which I think should get a T grade. (For consistency, I considered grades of F (Honestly given, in my opinion, but I could be wrong.) but the requirement could be fulfilled with TLS or IPsec or whatever for security, hence now graded P+ for consistency, as instances of this case also.) I also found a few other what I believe to be inconsistencies, at least based on the scoring system as I now understand it. Call this category 5. I list the inconsistencies I found at the end of this message, but here's some statistics. Take 'em for whatever ya think they're worth. Out of a total of 135 scores (27 requirements times 5 protocols) I found what I thought were 31 inconsistencies. That's just less than 23%. The number of inconsistencies by category by protocol are: Category SNMP RSIP MEGACO DIAMETER COPS Total -------- ---- ---- ------ -------- ---- ----- 1 1 0 3 3 1 8 2 0 2 0 1 0 3 3 0 4 0 0 0 4 4 0 5 4 5 0 14 5 0 2 0 0 0 2 -- -- -- -- -- -- Total 1 13 7 9 1 31 The resulting adjustments in protocols scores are: Protocol T P+ P F -------- --- --- --- --- SNMP - 1 + 1 RSIP + 2 +10 - 3 - 9 MEGACO - 7 + 7 DIAMETER - 8 + 9 - 1 COPS - 1 + 1 --- --- --- --- Total -15 +28 - 4 - 9 And the resulting protocol scores are: Protocol T P+ P F Total -------- --- --- --- --- ----- SNMP 18 9 0 0 27 RSIP 14 13 0 0 27 MEGACO 13 11 2 1 27 DIAMETER 13 13 1 0 27 COPS 19 6 1 1 27 --- --- --- --- --- Total 77 52 4 2 135 This was done real quick, so there's probably still stuff not right, but now, at least to me, the numbers better match the general feeling I get when reading the I-D. Comments expected and welcome. Jim ================ Inconsistencies I found in the MIDCOM protocol evaluation grades (This was composed with tab stops every 8 characters.) Score Require- ------------------- Inconsistency ment Protocol Was Should be Category -------- -------- --- --------- -------- 2.1.2 RSIP P T 5 2.1.8 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.2.1 RSIP P+ T 5 2.2.2 SNMP T P+ 1 RSIP P P+ 2 MEGACO T P+ 1 DIAMETER T P+ 1 2.2.3 RSIP P P+ 3 2.2.4 MEGACO T P+ 1 DIAMETER T P+ 1 2,2,6 DIAMETER T P+ 1 COPS T P+ 1 2.2.7 RSIP F P+ 3 DIAMETER T P+ 1 2.2.8 RSIP P P+ 2 MEGACO T P+ 1 2.2.9 RSIP F P+ 3 2.2.11 RSIP F P+ 3 2.3.1 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.3.2 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.3.3 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.3.4 RSIP F P+ 4 DIAMETER T P+ 4 _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Fri Aug 2 21:54:27 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA14872 for ; Fri, 2 Aug 2002 21:54:27 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id VAA20786 for midcom-archive@odin.ietf.org; Fri, 2 Aug 2002 21:55:38 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id VAA20724; Fri, 2 Aug 2002 21:51:32 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id VAA20695 for ; Fri, 2 Aug 2002 21:51:31 -0400 (EDT) Received: from zcars04e.ca.nortel.com (zcars04e.nortelnetworks.com [47.129.242.56]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA14691 for ; Fri, 2 Aug 2002 21:50:19 -0400 (EDT) Received: from zcard309.ca.nortel.com (zcard309.ca.nortel.com [47.129.242.69]) by zcars04e.ca.nortel.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g731oxQ23381 for ; Fri, 2 Aug 2002 21:50:59 -0400 (EDT) Received: by zcard309.ca.nortel.com with Internet Mail Service (5.5.2653.19) id ; Fri, 2 Aug 2002 21:50:59 -0400 Message-ID: <4D79C746863DD51197690002A52CDA0001E8A74B@zcard0kc.ca.nortel.com> From: "Tom-PT Taylor" To: "Mary Barnes" , "'midcom'" Cc: "Cedric Aoun" , "Sanjoy Sen" Date: Fri, 2 Aug 2002 21:50:59 -0400 X-Mailer: Internet Mail Service (5.5.2653.19) Subject: [midcom] RE: Protocol eval: 2.2.8 - Megaco - Question as to whether "Trans port of filtering rules" is fully supported in current protocol Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Transport of filtering rules in Megaco definitely requires the definition and implementation of a new property, so you could put P+ there. But as I said earlier, we have the problem of assigning the appropriate weight to the requirement to implement an extension to the protocol. -----Original Message----- From: Barnes, Mary [NGC:B602:EXCH] Sent: Friday, August 02, 2002 8:37 PM To: 'midcom' Cc: Aoun, Cedric [GOLF:MA01:EXCH]; Sen, Sanjoy [NGC:B677:EXCH]; Taylor, Tom-PT [CAR:B602:EXCH] Subject: Protocol eval: 2.2.8 - Megaco - Question as to whether "Transport of filtering rules" is fully supported in current protocol Hi all, Per my email response to Jim, I think this may be a valid proposal to change Megaco from "T" to "P+" for requirement 2.2.8 - Transport of Filtering rules. What do the Megaco experts think on this one (I could not find any previous discussion of this)? I would like feedback (positive and/or negative) on this proposed change by COB Monday, August 5th. Regards, Mary H. Barnes mbarnes@nortelnetworks.com 972-684-5432 Wireless 817-703-4806 _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Sun Aug 4 23:43:58 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA20547 for ; Sun, 4 Aug 2002 23:43:58 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id XAA25892 for midcom-archive@odin.ietf.org; Sun, 4 Aug 2002 23:45:08 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id XAA25849; Sun, 4 Aug 2002 23:42:11 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id XAA25818 for ; Sun, 4 Aug 2002 23:42:09 -0400 (EDT) Received: from topaz.3com.com (topaz.3com.com [192.156.136.158]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA20460 for ; Sun, 4 Aug 2002 23:40:57 -0400 (EDT) From: James_Renkel@3com.com Received: from opal.3com.com (opal.3com.com [139.87.50.117]) by topaz.3com.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g753g9a13720 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified NO) for ; Sun, 4 Aug 2002 20:42:10 -0700 (PDT) Received: from hqsmtp01.3com.com (hqsmtp01.ops.3com.com [139.87.49.79]) by opal.3com.com (Switch-2.2.1/Switch-2.2.0) with ESMTP id g753g4K24221 for ; Sun, 4 Aug 2002 20:42:04 -0700 (PDT) Subject: Re: Proposed changes to RSIP evaluation (was RE: [midcom] Comments on protocol evaluation draft To: "'midcom'" Date: Sun, 4 Aug 2002 22:41:51 -0500 Message-ID: MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.12 (www dot roaringpenguin dot com slash mimedefang) Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Mary (and other middlebox experts), I'll respond to your RSIP specific comments in this e-mail, and address general comments separately. My response here assumes the use of the 4 grade grading system that has been agreed to. On 08/02/2002, at 09.48.23 A.M., Mary Barnes wrote, in part: > > Now, you're also proposing that RSIP be "upgraded" for the security > onesthat you had scored as Failing to meet compliancy in your analysis. > Based upon the text currently in section 2.1.8, 2.3.1, which also > applies to 2.3.2-2.3.4, I don't have a problem changing those to Ps. > MEGACO and DIAMETER do not have "native" support for capabilities satisfying these requirements, they depend on operation over, e.g., TLS or IPsec to satisfy them, and they were scored a T. RSIP is no different: no native support; but the cappability can be added by operating over TLS or IPsec; so, it too should be scored a T. All I'm asking for here is consistency of scoring for all the protocols. Additionally, the "native" communications between hosts and RSIP gateways is over tunnels for the data connections. Although not explicitly stated, the preferred operation of the control channel is over that same tunnel. If that tunnel is IPsec, then the control channel is secured. At least with RSIP, the tunnel is already there. At to replacement for the RSIP portions of the text following requirements 2.1.8, and 2.3.1 through 2.3.4, I would suggest: RSIP does not have "native" support for this capability, but the capability can be obtained by operating RSIP over TLS or IPsec. > > The P+ category would only apply if these changes could be made to > RSIP as a natural extension of the protocol with no impact to current > users of that protocol (i.e. current users don't make use of the > information, and wouldn't be bothered by it being in the messages). > If the score for these requirements is not to be T, then .... The first value found in every RSIP message is the version of the protocol being used. RSIP as currently defined is version 1. RSIP, as extended to support the MIDCOM requirements would be version 2. When a host initiates communications with an RSIP gateway / middlebox (The host sends a REGISTER-REQUEST message, and the RSIP gateway / middlebox responds with a REGISTER-RESPONSE if the registration is successful, else an ERROR-RESPONSE.), the host and the RSIP gateway / middlebox would negotiate the version of the RSIP protocol to be used for the session, assuming it is established successfully. I'll give the strongest, most restrictive, least "friendly" version of this negotiation; weaker, less restrictive, more "friendly" versions may be possible. 1. The host sends the REGISTER-REQUEST indicating the version of the protocol that it wishes to use for the session; initially this would presumably be the latest, greatest version of RSIP that it supports; but if it is discovered that that version is not also supported by the RSIP gateway / middlebox, then a lesser version could subsequently be tried; if there is no lesser version supported by the host, then the host and the RSIP gateway / middlebox support no versions in common, and useful communications between them is impossible; 2. If the RSIP gateway / middlebox also supports that version, it continues with processing the request and returns either a REGISTER- RESPONSE or an ERROR-RESPONSE as approriate to the request, but in either case the response's version parameter indicates the version proposed by the host; since the host and RSIP gateway / middlebox both support the same version of RSIP, further useful communication between them is possible. 3. If the RSIP gateway / midldebox does not support the version proposed by the host, it responds with an ERROR-RESPONSE, whose error parameter is set to 106: UNSUPPORTED_RSIP_VERSION and whose version parameter would indicate the greatest version of RSIP less than the proposed version that the RSIP gateway / middlebox *does* support, and the host may try that version or a lesser version that the host supports; if the RSIP gateway / middlebox does not support any version of the protocol less than that proposed, it responds indicating the greatest version it *does* support, indicating that useful communications between them is impossible. This is the traditional "negotiate down" version negotiation scheme. With this scheme the host and the RSIP gateway / middlebox find the greatest version of the protocol that they both support. The implications of this for protocol (re)design are, in the extreme, that each version can be completely different from all other versions so long as the version negotiation mechansims is preserved. Now I would never propose doing that in the extreme, I would try to make new versions as backward compatible as possible on a message by message, parameter by parameter basis. But if ya had to, a new version could be radically different from previous version and still technically be backward compatible. Fortunately, in the case of the adapting RSIP to the MIDCOM requirements, I believe all the extensions are rather natural backward compatible extensions, nothing radical. > > 2.1.2 - The text for this one clearly states that an extension is > required. > This may be a fine point, but the *RSIP framework and semantics* would require an extension, the *protocol* itself would not (BTW, that's what the text for the RSIP evaluation of the requirement says: " ... the RSIP *architecure* could be extended ..." [Emphasis added.]). The extension would be the explicit removal of an unstated (and usually unimplemented!) restriction that an RSIP request must come from the host whose communications would be affected by the request. Or looking at it another way, a given installation's policy may be that RSIP requests must come from the host that is affected. RSIP permits that policy to be enforced, but it also, through it's silent on the matter, allows the opposite policy. I could certainly envision both of these policies with MODCOM, also. So either way ya look at it, the RSIP documentation should be clarified, but no change to the protocol is required. I, being the hard grader that I am and wanting to give the most information on and insight into RSIP as possible, graded this a P. But with the grading system as I now understand it, and for consistency with the way the other protocols were graded, I think that this should be a T. If replacement text is necessary, I would suggest: RSIP allows a client to simultaneously have RSIP sessions with multiple RSIP gateways. > > 2.2.1 - The text currently supports the P+ score. > I scored this a T, which was subsequently lowered to P+, presumably based on the explanation I gave. But if you look carefully at the text I gave, it desribes how the extension mechanism might be used in a number of different ways: defining new messages, parameters, and parameter values; extending existing messages with additional parameters and parameter values, which may be either new or existing; defining a new version number if appropriate. But no backward compatible extension *to the extension mechanism itself* is needed. If an extension to the extension mechanism were needed, then the score should be P+ or P, depending on if the extension to the extension mechanism were backward compatible or not. But since it's not even needed, the score should revert to a T. Additionally, I believe if you compare the facts on extensibility of RSIP to the extensibilities of the other protocols, you would find them the same, although they didn't go into as great a level of detail, and they were scored a T. Perhaps if more specifics were given for the other protocols as were for RSIP, they would also be scored a P or P+. :-) Again, what I'm really looking for here is consistency: with the grading system; and across the protocols. > > 2.2.2 - I think a P+ needs additional text to substantiate that this > would be a compatible extension of the protocol (OR we need some text > upfront in the RSIP overview describing the extensibility mechanisms > defined by RSIP) > 2.2.3 - ditto > Since, in recent semantics discussions, I believe we have agreed that the only ruleset action needed is permit, the statement in the text may be true as it stands. If it is desirable to include some kind of parameter that indicates the type of middlebox being manipulated (NATter, firewall, VPN tunnel switch, etc.), that certainly can added, and in a completely backward compatible way. As I read the text for SNMP and COPS, they seem to imply that they already have this parameter, and therefore deserve a T (But more on this later.). The MEGACO text says multiple middlebox types can be supported when you define the middlebox package for MEGACO, and is scored a T. But an extension to MEGACO (i.e., one or more new packages) is required, so I think this ought to be a P+ (presumably it can be done with backward compatibility). The DIAMETER text says an extension is necessary, and is scored a P, now presumably a P+. But if ya look at the MIDCOM requirements (I'm looking at the -05 draft.), it says under requirement 2.2.2: This states that a the protocol must support rules and actions for a variety of types of middleboxes. According to this as I read it, just having a parameter that distinguishes among types of middleboxes isn't suffucient, ya gotta have rules and actions already defined in the protocol to justify a T score. I don't think this is the case for any of the protocols (Although RSIP probably comes the closest: it does have the notion of rules defined; not actions, but they may not be needed anymore.), so I think the T scores for SNMP and COPS should also be P+. Again, I'm looking for consistency here. All require extension, so all should be graded the same, and I think that's a P+. If the question had simply been "Can ya already distinguish between multiple middlebox types?", then the T scores for SNMP and COPS would be justified. As to 2.2.3, ruleset groups, they can be added compatibly by adding a ruleset identifier parameter to the appropriate RSIP request and response messages. If new operations on rulesets are required beyond those provided by the existing RSIP requests and responses, they can be added compatibly. As to a fuller explanation of the RSIP extension mechanism, I believe that text is already there under requirement 2.2.1. If necessary, maybe that should be moved to the overview (Or a pointer from the overview to the 2.2.1 text could be added.). If we need a fuller or different explanation, let me know and I'll provide it. > > 2.2.7 - I can't quite see how this goes from F to P+; you'll need to > provide more text or clarification. > RSIP ASSIGN_RESPONSEs to successful ASSIGN_REQUESTs include a bindID parameter that uniquely identifies the binding (read "ruleset"). The bindID is specified in subsequent requests, e.g., EXTEND_REQUEST to extend the lease time of a binding, to identify the binding to which the request is to apply. I believe the RSIP specification intended, though never explicitly stated, that further requests on a binding be restricted to the to the host that created the binding; although once again, one might say that that is a matter of installation policy. To clearly satisfy the MIDCOM requirements, the RSIP semantics would be explicitly extended to permit any authorized host to request operations on a binding. As to text to use in the evaluation document, I would suggest: RSIP does not explicitly either permit or preclude an operation on a binding being requested by a host other that the host that created the binding. The RSIP semantics would need to be explicitly extended to permit any authorized host to request operations on a binding. No change to the protocol would be required. BTW, since the "The diameter protocol as currently defined offers no impediment [to] such an operation." and is scored a T, maybe either RSIP should be scored a T or DIAMETER should also be scored a P+? > > 2.2.8 - I think a P+ needs additional text to substantiate that this > would be a compatible extension of the protocol > RSIP would add a new optional enumeration parameter called transportProtocol to the ASSIGN_REQUESTs. If specified, the binding created would apply only to the use of the bound addresses / ports by the specified transport protocol. If not specified, the binding would apply to all use of the bound addresses / ports by any transport protocol, thus maintaining backward compatibility with the current definition of RSIP. BTW, MEGACO is scored a T on this requirement for a package that isn't yet defined. :-( > > 2.2.9 - I don't have a problem with changing this to P. Again, P+ would > require additional text to substantiate that this would be a compatible > extension of the protocol. > 2.2.11 -ditto > RSIP would add a new optional boolean parameter called portOddity to the ASSIGN_REQUESTs. If specified as TRUE, the remote port number of the binding created would have the same oddity as the local port. If not specified (or specified as FALSE), the remote port's oddity is independent of the loacl port's oddity, thus maintaining backward compatibility with the current definition of RSIP. BTW, MEGACO is again scored a T on this requirement for a package that isn't yet defined. :-( Overlapping rulesets may have gone away with recent semantics discussions, but ... RSIP would add a new optional boolean parameter called overlapOK to the ASSIGN_REQUESTs. If specified as TRUE, the binding created may overlap with another existing binding. If not specified (or specified as FALSE), the binding will only be created to not overlap with an existing binding, thus maintaining backward compatibility with the current definition of RSIP. For this requirement, I believe MEGACO was correctly scored as a P+. Whew! I think that addresses all of Mary's response. Commented expected and welcome. Jim _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Sun Aug 4 23:51:59 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA20830 for ; Sun, 4 Aug 2002 23:51:59 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id XAA26240 for midcom-archive@odin.ietf.org; Sun, 4 Aug 2002 23:53:10 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id XAA26144; Sun, 4 Aug 2002 23:51:23 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id XAA26116 for ; Sun, 4 Aug 2002 23:51:21 -0400 (EDT) Received: from topaz.3com.com (topaz.3com.com [192.156.136.158]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA20804 for ; Sun, 4 Aug 2002 23:50:09 -0400 (EDT) From: James_Renkel@3com.com Received: from opal.3com.com (opal.3com.com [139.87.50.117]) by topaz.3com.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g753pKa15156 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified NO); Sun, 4 Aug 2002 20:51:21 -0700 (PDT) Received: from hqsmtp01.3com.com (hqsmtp01.ops.3com.com [139.87.49.79]) by opal.3com.com (Switch-2.2.1/Switch-2.2.0) with ESMTP id g753pFK24727; Sun, 4 Aug 2002 20:51:16 -0700 (PDT) Subject: Re: Deadline of Aug. 5th (was RE: Proposed changes to RSIP evaluation (was RE: [midcom] Comments on protocol evaluation draft To: "Mary Barnes" Cc: "'midcom'" Date: Sun, 4 Aug 2002 22:51:02 -0500 Message-ID: MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.12 (www dot roaringpenguin dot com slash mimedefang) Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Mary, Before I saw your last two messages, I sent a single e-mail responding to your first e-mail. I'm travelling tomorrow, but I expect to arrive early enough at my destination that I can respond to the last two e-mails by, say, midnight tomorrow. Jim "Mary Barnes" on 08/02/2002 08:02:08 PM Sent by: "Mary Barnes" To: James Renkel/MW/US/3Com cc: "'midcom'" Subject: Deadline of Aug. 5th (was RE: Proposed changes to RSIP evaluation (was RE: [midcom] Comments on protocol evaluation draft Hi Jim, Just one final "process" note; I missed putting a deadline for your feedback. If you plan on proposing additional new text which would be required for some of your proposed changes, I would need that text by COB Monday, August 5th, so that we have a day or so to discuss on the list prior to me making the final edits. If you could post each individual requirement in separate emails to the list, that will facilitate my tracking of resolution of the discussion. The Subject line should be similar to the following: Protocol eval: Section x.y.z - Thanks, Mary. -----Original Message----- From: Barnes, Mary [NGC:B602:EXCH] Sent: Friday, August 02, 2002 9:48 AM To: Taylor, Tom-PT [CAR:B602:EXCH]; 'James_Renkel@3com.com' Cc: 'midcom' Subject: Proposed changes to RSIP evaluation (was RE: [midcom] Comments on protocol evaluation draft Jim et al, I've not thoroughly reviewed all the proposed changes in detail, but will do so shortly, but I also did want to respond to the Category 4 to which Tom also responded wrt security. We have already discussed and resolved this concern per email discussions based on the -01 version. Refer to: http://www.ietf.org/mail-archive/working-groups/midcom/current/msg02397.html Now, you're also proposing that RSIP be "upgraded" for the security ones that you had scored as Failing to meet compliancy in your analysis. Based upon the text currently in section 2.1.8, 2.3.1, which also applies to 2.3.2-2.3.4, I don't have a problem changing those to Ps. The P+ category would only apply if these changes could be made to RSIP as a natural extension of the protocol with no impact to current users of that protocol (i.e. current users don't make use of the information, and wouldn't be bothered by it being in the messages). There are a many other RSIP scores, many of which were derived from your original analysis, that you're also now proposing changes for: 2.1.2 - The text for this one clearly states that an extension is required. 2.2.1 - The text currently supports the P+ score. 2.2.2 - I think a P+ needs additional text to substantiate that this would be a compatible extension of the protocol (OR we need some text upfront in the RSIP overview describing the extensibility mechanisms defined by RSIP) 2.2.3 - ditto 2.2.7 - I can't quite see how this goes from F to P+; you'll need to provide more text or clarification. 2.2.8 - I think a P+ needs additional text to substantiate that this would be a compatible extension of the protocol 2.2.9 - I don't have a problem with changing this to P. Again, P+ would require additional text to substantiate that this would be a compatible extension of the protocol. 2.2.11 -ditto Upon another quick glance, I think many of the proposed changes for the other protocols are bringing forth issues with other "scores" that we have already discussed (e.g. 2.2.2 for Megaco) Certainly, if there is overwhelming support for your changes, then they can be done, but we've got to have more than one person supporting the change for something that we have previously discussed and I certainly thought had reached concensus on. I won't be responding to each of these that we've already discussed, you can search the email archives, where each has been addressed in a separate email thread. Again, I haven't looked at each in detail, and you may indeed have found some changes which are valid, so I will post separately each of those which I would agree to change provided there is WG concensus (i.e. no negative responses to my proposals). Regards, Mary. -----Original Message----- From: Taylor, Tom-PT [CAR:B602:EXCH] Sent: Friday, August 02, 2002 9:01 AM To: 'James_Renkel@3com.com'; Barnes, Mary [NGC:B602:EXCH] Cc: 'midcom' Subject: RE: [midcom] Comments on protocol evaluation draft From my point of view you raise two issues I cannot leave unanswered. The first has to do with P+ extensions and your first scoring inconsistency, the second with security. I confess that the need for protocol extensions poses a logical issue: how to treat this need when it affects multiple categories of response. On the one hand, I think it is over-stating things to simply score 1 against each category that depends on the extension. On the other, it is certainly true that, whether you are defining a new MIB, a new DIAMETER application, or a new Megaco package, you imply the need for extra code in both the Agent and the Middlebox above that supplied by the base protocol implementation. I myself would propose adding an evaluation category that specifies the increment to the base protocol implied by its use for MIDCOM. Leaving that aside, any protocol that fails to meet one of the MIDCOM requirements is probably beyond our consideration. On the security issue: you dismiss too quickly those protocols that rely on lower layers for their necessary degree of security. The RFCs specifying these protocols have security sections. The protocol security architecture in each case was arrived at by considering the specific threats that had to be countered in the protocol's domain of application. An architecture that relies on lower layer security is perfectly valid if that meets the requirements for that protocol. What we do have to think about is whether the threats are different for the MIDCOM application from those considered when the candidate protocol was being designed. If so, the security architecture for that protocol may have to be modified to fit MIDCOM application. But the security section of the MIDCOM requirements document reflects the results of the MIDCOM threat analysis. Thus if our candidate protocols, including their specified security architectures, can meet these requirements in a practical way, they must be scored as passing those requirements. -----Original Message----- From: James_Renkel@3com.com [mailto:James_Renkel@3com.com] Sent: Friday, August 02, 2002 12:45 AM To: Barnes, Mary [NGC:B602:EXCH] Cc: 'midcom' Subject: RE: [midcom] Comments on protocol evaluation draft Mary (and other middlebox experts), Thank you much for your reply. The clarification of the grading system is especially useful. I had a lot of trouble understanding it before, but I think I got it now. Here's what I now understand the grades to mean: T - Compliance to the requirement with the protocol as is P+ - Compliance to the requirement with an extension to the protocol P - Compliance to the requirement with a change, or an extension that impacts existing users of the protocol F - No compliance (even with extension of the protocol???) Some observations on this: - Since all the protocols are extensible and extensions can generally be made, one way or another, to be backward compatible, I'm surprised that we have any P's of F's. :-) - We seem to have lost the concept of how large an extension needs to be made to add a "thing" to the protocol. Is the protocol close to the requirement and just needs a little extension? Or does the protocol have nothing to offer and the thing has to be added completely? I originally thought that was the idea behind the the T, P and F grades ("How much do ya have to change the protocol to satify the requirement? None, a little, and a lot, respectively"), but I guess we evolved from that, assuming that was the original intention. As you suggested, I went back and looked for what I thought were incon- sistencies in P+ and P grades. Once I got started digging, what I wound up doing was quickly reviewing all the scores for consistency with the grading system as I now understand it and the summary information for each protocol's compliance with each requirement as given in the protocol evaluation I-D (BTW, I used the -02 version of the I-D, without any of the changes that have been discussed since it was published.). The grading inconsistencies that I saw fell into 4 categories: 1. The requirement compliance text for the protocol basically said "This can be done with an extension to this protocol" and the grade was a T, instead of a P+ as I believe it should be. I included the closely related "The protocol does not preclude this extension from being made." in this category. 2. The requirement compliance text for the protocol says the protocol has something here but extension is required and can be made with no impact, but graded it as a P instead of a P+. 3. The requirement compliance text for the protocol says the protocol has nothing here but the necessary extension can be made without impact, and graded it as an F instead of a P+. 4. The requirement compliance text for the protocol says the protocol has nothing here but if ya use TLS or IPsec or whatever for security ya get everything, and graded it as a T. In the last case, I'm not sure what the right score is, but I would suggest at most P+, to distinguish these from protocols that have the right thing here without resorting to TLS or IPsec or whatever for security, which I think should get a T grade. (For consistency, I considered grades of F (Honestly given, in my opinion, but I could be wrong.) but the requirement could be fulfilled with TLS or IPsec or whatever for security, hence now graded P+ for consistency, as instances of this case also.) I also found a few other what I believe to be inconsistencies, at least based on the scoring system as I now understand it. Call this category 5. I list the inconsistencies I found at the end of this message, but here's some statistics. Take 'em for whatever ya think they're worth. Out of a total of 135 scores (27 requirements times 5 protocols) I found what I thought were 31 inconsistencies. That's just less than 23%. The number of inconsistencies by category by protocol are: Category SNMP RSIP MEGACO DIAMETER COPS Total -------- ---- ---- ------ -------- ---- ----- 1 1 0 3 3 1 8 2 0 2 0 1 0 3 3 0 4 0 0 0 4 4 0 5 4 5 0 14 5 0 2 0 0 0 2 -- -- -- -- -- -- Total 1 13 7 9 1 31 The resulting adjustments in protocols scores are: Protocol T P+ P F -------- --- --- --- --- SNMP - 1 + 1 RSIP + 2 +10 - 3 - 9 MEGACO - 7 + 7 DIAMETER - 8 + 9 - 1 COPS - 1 + 1 --- --- --- --- Total -15 +28 - 4 - 9 And the resulting protocol scores are: Protocol T P+ P F Total -------- --- --- --- --- ----- SNMP 18 9 0 0 27 RSIP 14 13 0 0 27 MEGACO 13 11 2 1 27 DIAMETER 13 13 1 0 27 COPS 19 6 1 1 27 --- --- --- --- --- Total 77 52 4 2 135 This was done real quick, so there's probably still stuff not right, but now, at least to me, the numbers better match the general feeling I get when reading the I-D. Comments expected and welcome. Jim ================ Inconsistencies I found in the MIDCOM protocol evaluation grades (This was composed with tab stops every 8 characters.) Score Require- ------------------- Inconsistency ment Protocol Was Should be Category -------- -------- --- --------- -------- 2.1.2 RSIP P T 5 2.1.8 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.2.1 RSIP P+ T 5 2.2.2 SNMP T P+ 1 RSIP P P+ 2 MEGACO T P+ 1 DIAMETER T P+ 1 2.2.3 RSIP P P+ 3 2.2.4 MEGACO T P+ 1 DIAMETER T P+ 1 2,2,6 DIAMETER T P+ 1 COPS T P+ 1 2.2.7 RSIP F P+ 3 DIAMETER T P+ 1 2.2.8 RSIP P P+ 2 MEGACO T P+ 1 2.2.9 RSIP F P+ 3 2.2.11 RSIP F P+ 3 2.3.1 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.3.2 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.3.3 RSIP F P+ 4 MEGACO T P+ 4 DIAMETER T P+ 4 2.3.4 RSIP F P+ 4 DIAMETER T P+ 4 _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 00:36:12 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA21782 for ; Mon, 5 Aug 2002 00:36:12 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id AAA29323 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 00:37:24 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id AAA29241; Mon, 5 Aug 2002 00:33:16 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id AAA29167 for ; Mon, 5 Aug 2002 00:33:13 -0400 (EDT) Received: from topaz.3com.com (topaz.3com.com [192.156.136.158]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA21725 for ; Mon, 5 Aug 2002 00:32:01 -0400 (EDT) From: James_Renkel@3com.com Received: from opal.3com.com (opal.3com.com [139.87.50.117]) by topaz.3com.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g754XEa20465 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified NO) for ; Sun, 4 Aug 2002 21:33:15 -0700 (PDT) Received: from hqsmtp01.3com.com (hqsmtp01.ops.3com.com [139.87.49.79]) by opal.3com.com (Switch-2.2.1/Switch-2.2.0) with ESMTP id g754X9K26731 for ; Sun, 4 Aug 2002 21:33:09 -0700 (PDT) To: midcom Date: Sun, 4 Aug 2002 23:32:56 -0500 Message-ID: MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.12 (www dot roaringpenguin dot com slash mimedefang) Subject: [midcom] Comments on protocol evaluation process Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Middlebox experts, As intimated in several of my recent e-mails to this list, I have a general concern about the protocol evaluation process that we're just finishing. This is beyond any specific issues of what score was given to a protocol for a particular requirement. This concern can perhaps be best expressed as a question. In evaluating these protocols, are we: - trying to get the best insight into and information about the protocols as they exist? or are we - trying to maximize the scores that the protocols receive? I certainly hope that we are trying to do the former, but I fear we are doing the latter. There are two things that cause my fear. The first is the grading system that we are using. After some discussion on the list, the scoring systme that we are now using, as I understand it, is: T - the requirement is satisfied by the protocol as is P+ - the requirement is satisfied when the protocol is extended with a backward compatible extension P - the requirement is satisfied only with a non-backward compatible extension to the protocol F - the requirement can not be met by the protocol, even with an extension (perhaps because the protocol is not extensible) We have a requirement for protocol extensibility, and all the protocols satisfy it. So I don't see how any of these protocols can receive an F score for any other requirement. I mean it's not like middleboxes are made of matter and the protocols of anti-matter so that if ya put them together they explode or something. Since all the protocols were presumably pretty well designed, and extensions can generally be made to be backward compatible, I would be surprised if any scores of P are given. So what we are left with is T and P+. One says the protocol already does something, the other says it can be extended to do so. While this is interesting, this doesn't give the insight to and information about the protocol that I was hoping to get out of this evaluation. I mean, so a protocol gets a P+ score for some requirement. Does that mean that it had nothing, and everything had to be added? Or does it mean that it fell just a smidge short and only a little has to be added? I for one would like to know the difference between these two cases. But the difference is lost with the scoring system we are using. Information of this same kind if further being lost, I believe, by allowing protocols a recieve a T score for a security requirement by saying, "TLS or IPsec provide the capability, so just run the protocol over them." Like all the protocols being extensible, all the protocols can run over TLS or IPsec. But what "native" security capabilities do they have? TLS or IPsec is fine if I need all the security capabilities they offer and I'm willing to pay the price to run them. But what if I don't need all the capabilities they offer or I'm reluctant to pay the price to run them? I'd sure like to know what security I get from a protocol natively, with it running over TLS or IPsec. Equivalently, I'd like to know how much a protocol needs to be extended to get natively a given level of security, just as I'd like to now how much a protocol has to be extended to meet other MIDCOM requifrements. And maybe isn't a protocol that has a particular security capability as a native capability better in some sense than a protocol that has to rely on TLS or IPsec for that capability? I think I'd like to know that. Maybe, at least in this case, that information is contained in the text accompanying the score. But I'd like to see it reflected in the protocols score also. So what to do. Well, what I'd idewally like to see is a protocol evaluation that is scored with this scoring system: T - the requirement is fully satisfied by the protocol as is and without the use of TLS or IPsec P - the requirement is partially met by the protocol as is, without the use of TLS or IPsec F - the requirement is not met by the protocol as is without the use of TLS or IPsec I don't think we should change what we're doing now, or hold it up to add this to it. But, if other folk also think this would be valuable, maybe we should add this later. Comments welcome, expected, and appreciated. Jim _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 09:51:26 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA13110 for ; Mon, 5 Aug 2002 09:51:26 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id JAA03003 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 09:52:39 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id JAA02947; Mon, 5 Aug 2002 09:50:33 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id JAA02917 for ; Mon, 5 Aug 2002 09:50:32 -0400 (EDT) Received: from sj-msg-core-4.cisco.com (sj-msg-core-4.cisco.com [171.71.163.54]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA12984 for ; Mon, 5 Aug 2002 09:49:17 -0400 (EDT) Received: from mira-sjc5-4.cisco.com (IDENT:mirapoint@mira-sjc5-4.cisco.com [171.71.163.21]) by sj-msg-core-4.cisco.com (8.12.2/8.12.2) with ESMTP id g75Dms6I008120; Mon, 5 Aug 2002 06:48:54 -0700 (PDT) Received: from cisco.com (ssh-sjc-1.cisco.com [171.68.225.134]) by mira-sjc5-4.cisco.com (Mirapoint) with ESMTP id AER86178; Mon, 5 Aug 2002 06:44:52 -0700 (PDT) Message-Id: <200208051344.AER86178@mira-sjc5-4.cisco.com> To: James_Renkel@3com.com cc: midcom From: Melinda Shore Subject: Re: [midcom] Comments on protocol evaluation process In-Reply-To: Message from James_Renkel@3com.com of "Sun, 04 Aug 2002 23:32:56 CDT." Date: Mon, 05 Aug 2002 09:46:54 -0400 Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org > We have a requirement for protocol extensibility, and all the protocols > satisfy it. So I don't see how any of these protocols can receive an F > score for any other requirement. Just because a protocol is "extensible" doesn't mean that it's arbitrarily extensible or that an extension in a particular direction isn't awkward or unidiomatic. On the scoring system: what we're trying to do is get a rough, general sense of how closely a particular protocol matches the requirements and framework we've established. This process is necessarily not particularly nuanced, and I don't think that's a bad thing, either. After all, one of the first things we're going to have to do is NOT to choose the closest fit, but rather to eliminate the weakest candidates. Melinda _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 10:06:01 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA14221 for ; Mon, 5 Aug 2002 10:06:01 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id KAA04423 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 10:07:14 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id KAA04359; Mon, 5 Aug 2002 10:05:00 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id KAA04326 for ; Mon, 5 Aug 2002 10:04:59 -0400 (EDT) Received: from zrc2s0jx.nortelnetworks.com (zrc2s0jx.nortelnetworks.com [47.103.122.112]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA14018 for ; Mon, 5 Aug 2002 10:03:44 -0400 (EDT) Received: from zrc2c011.us.nortel.com (zrc2c011.us.nortel.com [47.103.120.51]) by zrc2s0jx.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g75E4ZH21513 for ; Mon, 5 Aug 2002 09:04:35 -0500 (CDT) Received: by zrc2c011.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Mon, 5 Aug 2002 09:04:21 -0500 Message-ID: <933FADF5E673D411B8A30002A5608A0E03A63404@zrc2c012.us.nortel.com> From: "Sanjoy Sen" To: "Mary Barnes" , "'midcom'" Cc: "Cedric Aoun" , "Tom-PT Taylor" Date: Mon, 5 Aug 2002 09:04:18 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C23C88.FD63CC30" Subject: [midcom] RE: Protocol eval: 2.2.8 - Megaco - Question as to whether "Trans port of filtering rules" is fully supported in current protocol Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C23C88.FD63CC30 Content-Type: text/plain; charset="iso-8859-1" The reason why this was made T (in case of Megaco) was because we interpreted this requirement as the ability of the protocol to *transport* rulesets. However, since other evaluaters interpreted the requirement slightly differently, I'm not against the proposed change. -Sanjoy > -----Original Message----- > From: Barnes, Mary [NGC:B602:EXCH] > Sent: Friday, August 02, 2002 7:37 PM > To: 'midcom' > Cc: Aoun, Cedric [GOLF:MA01:EXCH]; Sen, Sanjoy > [NGC:B677:EXCH]; Taylor, > Tom-PT [CAR:B602:EXCH] > Subject: Protocol eval: 2.2.8 - Megaco - Question as to whether > "Transport of filtering rules" is fully supported in current protocol > > > Hi all, > > Per my email response to Jim, I think this may be a valid > proposal to change Megaco from "T" to "P+" for requirement > 2.2.8 - Transport of Filtering rules. > > What do the Megaco experts think on this one (I could not > find any previous discussion of this)? > > I would like feedback (positive and/or negative) on this > proposed change by > COB Monday, August 5th. > > Regards, > Mary H. Barnes > mbarnes@nortelnetworks.com > 972-684-5432 > Wireless 817-703-4806 > > > > ------_=_NextPart_001_01C23C88.FD63CC30 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: Protocol eval: 2.2.8 - Megaco - Question as to whether = "Transport of filtering rules" is fully supported in current = protocol

The reason why this was made T (in case of Megaco) = was because we interpreted this requirement as the ability of the = protocol to *transport* rulesets. However, since other evaluaters = interpreted the requirement slightly differently, I'm not against the = proposed change.

-Sanjoy

> -----Original Message-----
> From: Barnes, Mary [NGC:B602:EXCH]
> Sent: Friday, August 02, 2002 7:37 PM
> To: 'midcom'
> Cc: Aoun, Cedric [GOLF:MA01:EXCH]; Sen, Sanjoy =
> [NGC:B677:EXCH]; Taylor,
> Tom-PT [CAR:B602:EXCH]
> Subject: Protocol eval: 2.2.8 - Megaco - = Question as to whether
> "Transport of filtering rules" is = fully supported in current protocol
>
>
> Hi all,
>
> Per my email response to Jim, I think this may = be a valid
> proposal to change Megaco from "T" to = "P+" for requirement
> 2.2.8 - Transport of Filtering rules. =
>
> What do the Megaco experts think on this one (I = could not
> find any previous discussion of this)?
>
> I would like feedback (positive and/or = negative) on this
> proposed change by
> COB Monday, August 5th.
>
> Regards,
> Mary H. Barnes
> mbarnes@nortelnetworks.com
> 972-684-5432
> Wireless 817-703-4806
>
>
>
>

------_=_NextPart_001_01C23C88.FD63CC30-- _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 14:08:39 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA25220 for ; Mon, 5 Aug 2002 14:08:38 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id OAA19746 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 14:09:50 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id OAA19639; Mon, 5 Aug 2002 14:08:31 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id OAA19611 for ; Mon, 5 Aug 2002 14:08:29 -0400 (EDT) Received: from zrc2s0jx.nortelnetworks.com (zrc2s0jx.nortelnetworks.com [47.103.122.112]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA25187 for ; Mon, 5 Aug 2002 14:07:17 -0400 (EDT) Received: from zrc2c011.us.nortel.com (zrc2c011.us.nortel.com [47.103.120.51]) by zrc2s0jx.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g75I8AH25643; Mon, 5 Aug 2002 13:08:10 -0500 (CDT) Received: by zrc2c011.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Mon, 5 Aug 2002 13:07:55 -0500 Message-ID: <1B54FA3A2709D51195C800508BF9386A05A7C81A@zrc2c000.us.nortel.com> From: "Mary Barnes" To: "'James_Renkel@3com.com'" , "'midcom'" Date: Mon, 5 Aug 2002 13:07:45 -0500 X-Mailer: Internet Mail Service (5.5.2653.19) Subject: [midcom] RE: Protocol Eval - 2.2.8, 2.2.9 and 2.2.11 - RSIP and others (w as RE: Proposed changes to RSIP evaluation.... Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Hi all, I'm going to respond to a few of these requested changes for RSIP for 2.2.8, 2.2.9 and 2.2.11, and comments on the other protocols, directly inline here. The remainder I am going to post separtely so that they can be tracked more easily, thus, I've deleted most of Jim's original email. Feedback on these proposed changes is requested by noon CST on Tuesday, August 6th. Regards, Mary. -----Original Message----- From: James_Renkel@3com.com [mailto:James_Renkel@3com.com] Sent: Sunday, August 04, 2002 10:42 PM To: 'midcom' Subject: Re: Proposed changes to RSIP evaluation (was RE: [midcom] Comments on protocol evaluation draft ---text deleted---- > > 2.2.8 - I think a P+ needs additional text to substantiate that this > would be a compatible extension of the protocol > RSIP would add a new optional enumeration parameter called transportProtocol to the ASSIGN_REQUESTs. If specified, the binding created would apply only to the use of the bound addresses / ports by the specified transport protocol. If not specified, the binding would apply to all use of the bound addresses / ports by any transport protocol, thus maintaining backward compatibility with the current definition of RSIP. [MB] I propose to add the following text (reworded for consistency) to RSIP and change to a P+: "To support this requirement, a new optional enumeration parameter, transportProtocol, can be added to the RSIP ASSIGN_REQUESTs. When the parameter is included, the binding created applies only to the use of the bound addresses and ports, by the specific transportProtocol. When the parameter is not included, the binding applies to the use of all the bound addresses and ports, by any transport protocol, thus maintaining backward compatibility with the current definition of RSIP." [/MB] BTW, MEGACO is scored a T on this requirement for a package that isn't yet defined. :-( [MB] Yes, this was the one issue, that I acknowledged in response to your original email, that I thought was valid, thus I had posted separately and we have agreed to change MEGACO to a P+. [/MB] > > 2.2.9 - I don't have a problem with changing this to P. Again, P+ would > require additional text to substantiate that this would be a compatible > extension of the protocol. > 2.2.11 -ditto > RSIP would add a new optional boolean parameter called portOddity to the ASSIGN_REQUESTs. If specified as TRUE, the remote port number of the binding created would have the same oddity as the local port. If not specified (or specified as FALSE), the remote port's oddity is independent of the loacl port's oddity, thus maintaining backward compatibility with the current definition of RSIP. [MB] I propose to add the following text (reworded for consistency) to RSIP and change to a P+: "To support this requirement, a new optional boolean parameter, portOddity, can be added to the RSIP ASSIGN_REQUESTs. If the parameter is TRUE, the remote port number of the binding created would have the same oddity as the local port. If the parameter is not specified, or is FALSE, the remote port's oddity is independent of the local port's oddity, thus maintaining backward compatibility with the current definition of RSIP." [/MB] BTW, MEGACO is again scored a T on this requirement for a package that isn't yet defined. :-( [MB] The version of the document that I have already shows Megaco as a P+ for 2.2.9, as well as 2.2.11. [/MB] Overlapping rulesets may have gone away with recent semantics discussions, but ... RSIP would add a new optional boolean parameter called overlapOK to the ASSIGN_REQUESTs. If specified as TRUE, the binding created may overlap with another existing binding. If not specified (or specified as FALSE), the binding will only be created to not overlap with an existing binding, thus maintaining backward compatibility with the current definition of RSIP. [MB] I propose to add the following text (reworded for consistency) to RSIP and change to a P+: "To support this requirement, a new optional boolean parameter, overlapOK, can be added to the RSIP ASSIGN_REQUESTs. If the parameter is TRUE, the binding may overlap with an existing binding. If the parameter is unspecified, or is FALSE, the binding will not overlap with an existing binding, thus maintaining backward compatibility with the current definition of RSIP." [/MB] For this requirement, I believe MEGACO was correctly scored as a P+. Whew! I think that addresses all of Mary's response. Commented expected and welcome. Jim _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 14:30:57 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA26041 for ; Mon, 5 Aug 2002 14:30:56 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id OAA21553 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 14:32:08 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id OAA20885; Mon, 5 Aug 2002 14:29:48 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id OAA20850 for ; Mon, 5 Aug 2002 14:29:45 -0400 (EDT) Received: from zrc2s0jx.nortelnetworks.com (zrc2s0jx.nortelnetworks.com [47.103.122.112]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA25868 for ; Mon, 5 Aug 2002 14:28:32 -0400 (EDT) Received: from zrc2c011.us.nortel.com (zrc2c011.us.nortel.com [47.103.120.51]) by zrc2s0jx.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g75ITQH28516; Mon, 5 Aug 2002 13:29:26 -0500 (CDT) Received: by zrc2c011.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Mon, 5 Aug 2002 13:29:11 -0500 Message-ID: <1B54FA3A2709D51195C800508BF9386A05A7C81B@zrc2c000.us.nortel.com> From: "Mary Barnes" To: "'James_Renkel@3com.com'" , "'midcom'" Date: Mon, 5 Aug 2002 13:29:09 -0500 X-Mailer: Internet Mail Service (5.5.2653.19) Subject: [midcom] Protocol Eval - 2.2.7 - RSIP (was RE: Proposed changes to RSIP ev aluation ... Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Hi All, Per my previous email, I've broken the comments down and will reply to them in separate emails to facilitate my tracking of proposed changes and WG agreement. My comments below: [MB]. WG feedback on this would be appreciated prior to noon CST on Tuesday, August 6th. Regards, Mary. -----Original Message----- From: James_Renkel@3com.com [mailto:James_Renkel@3com.com] Sent: Sunday, August 04, 2002 10:42 PM To: 'midcom' Subject: Re: Proposed changes to RSIP evaluation (was RE: [midcom] Comments on protocol evaluation draft ---text deleted---- > > 2.2.7 - I can't quite see how this goes from F to P+; you'll need to > provide more text or clarification. > RSIP ASSIGN_RESPONSEs to successful ASSIGN_REQUESTs include a bindID parameter that uniquely identifies the binding (read "ruleset"). The bindID is specified in subsequent requests, e.g., EXTEND_REQUEST to extend the lease time of a binding, to identify the binding to which the request is to apply. I believe the RSIP specification intended, though never explicitly stated, that further requests on a binding be restricted to the to the host that created the binding; although once again, one might say that that is a matter of installation policy. To clearly satisfy the MIDCOM requirements, the RSIP semantics would be explicitly extended to permit any authorized host to request operations on a binding. As to text to use in the evaluation document, I would suggest: RSIP does not explicitly either permit or preclude an operation on a binding being requested by a host other that the host that created the binding. The RSIP semantics would need to be explicitly extended to permit any authorized host to request operations on a binding. No change to the protocol would be required. [MB] I can see that we could change RSIP to P for this one based upon the text. I think this makes it consistent with the Megaco and COPS evaluations of this requirement. Per my note below, the Diameter issue is being tracked in a separate email thread. I would propose the following re-wording for the text: " RSIP neither explicitly permits nor precludes an operation on a binding by a host that had not originally create the binding. However, to support this requirement, the RSIP semantics must be extended to explicitly permit any authorized host to request operations on a binding; this does not require a change to the protocol." [/MB] BTW, since the "The diameter protocol as currently defined offers no impediment [to] such an operation." and is scored a T, maybe either RSIP should be scored a T or DIAMETER should also be scored a P+? [MB] This is being tracked in a separate email thread per my response to your original email. If you still have concerns that this requirement also has a semantic impact on Diameter, please post them in response to that email thread. [/MB] _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 15:06:54 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA27860 for ; Mon, 5 Aug 2002 15:06:54 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id PAA23918 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 15:08:06 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id PAA23704; Mon, 5 Aug 2002 15:03:42 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id PAA23678 for ; Mon, 5 Aug 2002 15:03:41 -0400 (EDT) Received: from zrc2s0jx.nortelnetworks.com (zrc2s0jx.nortelnetworks.com [47.103.122.112]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA27688 for ; Mon, 5 Aug 2002 15:02:27 -0400 (EDT) Received: from zrc2c011.us.nortel.com (zrc2c011.us.nortel.com [47.103.120.51]) by zrc2s0jx.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g75J3LH10413; Mon, 5 Aug 2002 14:03:21 -0500 (CDT) Received: by zrc2c011.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Mon, 5 Aug 2002 14:03:06 -0500 Message-ID: <1B54FA3A2709D51195C800508BF9386A05A7C81C@zrc2c000.us.nortel.com> From: "Mary Barnes" To: "'James_Renkel@3com.com'" , "'midcom'" Date: Mon, 5 Aug 2002 14:03:02 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C23CB2.B8B4B110" Subject: [midcom] Protocol Eval - 2.2.1 - RSIP Extensibility - P+ -> T ? ( was RE : Proposed changes to RSIP evaluation Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C23CB2.B8B4B110 Content-Type: text/plain; charset="iso-8859-1" Hi all, Again, text deleted to isolate issue wrt 2.2.1 and again feedback is requested ASAP; ideally by COB on Tuesday, August 6th. Regards, Mary. -----Original Message----- From: James_Renkel@3com.com [mailto:James_Renkel@3com.com] Sent: Sunday, August 04, 2002 10:42 PM To: 'midcom' Subject: Re: Proposed changes to RSIP evaluation (was RE: [midcom] Comments on protocol evaluation draft > > 2.2.1 - The text currently supports the P+ score. > I scored this a T, which was subsequently lowered to P+, presumably based on the explanation I gave. But if you look carefully at the text I gave, it desribes how the extension mechanism might be used in a number of different ways: defining new messages, parameters, and parameter values; extending existing messages with additional parameters and parameter values, which may be either new or existing; defining a new version number if appropriate. [MB] This was lowered to a P+ based upon WG mailing list feedback (from more than one person, actually) on the -00 version of the document; that email suggested further discussion, however, there was none. So, per my summary email for the changes for -01, I made this change (and received no response to that email). For the earlier versions, the process we've been following is that unless folks disagree with what's been posted, I make the proposed change based upon mailing list discussion. Since, ideally, we'd like this version to be ready for WGLC, I'm attempting to provide a complete "heads-up" on the exact content of the new document, so there will be no surprises. What I would propose is to open this again for mailing list discussion, to see if anyone else is in support of changing this to a "T". [/MB] But no backward compatible extension *to the extension mechanism itself* is needed. If an extension to the extension mechanism were needed, then the score should be P+ or P, depending on if the extension to the extension mechanism were backward compatible or not. But since it's not even needed, the score should revert to a T. Additionally, I believe if you compare the facts on extensibility of RSIP to the extensibilities of the other protocols, you would find them the same, although they didn't go into as great a level of detail, and they were scored a T. Perhaps if more specifics were given for the other protocols as were for RSIP, they would also be scored a P or P+. :-) Again, what I'm really looking for here is consistency: with the grading system; and across the protocols. ------_=_NextPart_001_01C23CB2.B8B4B110 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Protocol Eval - 2.2.1 - RSIP Extensibility - P+ -> T ? ( = was RE: Proposed changes to RSIP evaluation

Hi all,

Again, text deleted to isolate issue wrt 2.2.1 and = again feedback is requested ASAP; ideally by COB on Tuesday, = August 6th.

Regards,
Mary.

-----Original Message-----
From: James_Renkel@3com.com [mailto:James_Renkel@3com.com]<= /FONT>
Sent: Sunday, August 04, 2002 10:42 PM
To: 'midcom'
Subject: Re: Proposed changes to RSIP evaluation = (was RE: [midcom]
Comments on protocol evaluation draft
>
> 2.2.1 - The text currently supports the P+ = score.
>

I scored this a T, which was subsequently lowered to = P+, presumably
based on the explanation I gave. But if you look = carefully at the text
I gave, it desribes how the extension mechanism = might be used in a number
of different ways: defining new messages, = parameters, and parameter
values; extending existing messages with additional = parameters and
parameter values, which may be either new or = existing; defining a new
version number if appropriate.

[MB] This was lowered to a P+ based upon WG mailing = list feedback (from more than one person, actually) on the -00 version = of the document; that email suggested further discussion, however, = there was none. So, per my summary email for the changes for -01, = I made this change (and received no response to that email). For the = earlier versions, the process we've been following is that unless folks = disagree with what's been posted, I make the proposed change based upon = mailing list discussion. Since, ideally, we'd like this version to be = ready for WGLC, I'm attempting to provide a complete = "heads-up" on the exact content of the new document, so there = will be no surprises.

What I would propose is to open this again for = mailing list discussion, to see if anyone else is in support of = changing this to a "T".

[/MB]

But no backward compatible extension *to the = extension mechanism itself*
is needed. If an extension to the extension = mechanism were needed, then
the score should be P+ or P, depending on if the = extension to the extension
mechanism were backward compatible or not. But since = it's not even
needed, the score should revert to a T.

Additionally, I believe if you compare the facts on = extensibility of RSIP
to the extensibilities of the other protocols, you = would find them the
same, although they didn't go into as great a level = of detail, and they
were scored a T. Perhaps if more specifics were = given for the other
protocols as were for RSIP, they would also be = scored a P or P+. :-)

Again, what I'm really looking for here is = consistency: with the grading
system; and across the protocols.

------_=_NextPart_001_01C23CB2.B8B4B110-- _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 15:45:52 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA29151 for ; Mon, 5 Aug 2002 15:45:52 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id PAA25604 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 15:47:04 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id PAA25469; Mon, 5 Aug 2002 15:42:44 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id PAA25441 for ; Mon, 5 Aug 2002 15:42:42 -0400 (EDT) Received: from zrc2s0jx.nortelnetworks.com (zrc2s0jx.nortelnetworks.com [47.103.122.112]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA29010 for ; Mon, 5 Aug 2002 15:41:29 -0400 (EDT) Received: from zrc2c011.us.nortel.com (zrc2c011.us.nortel.com [47.103.120.51]) by zrc2s0jx.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g75JgOH15710; Mon, 5 Aug 2002 14:42:24 -0500 (CDT) Received: by zrc2c011.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Mon, 5 Aug 2002 14:42:07 -0500 Message-ID: <1B54FA3A2709D51195C800508BF9386A05A7C81F@zrc2c000.us.nortel.com> From: "Mary Barnes" To: "'James_Renkel@3com.com'" , "'midcom'" Date: Mon, 5 Aug 2002 14:41:59 -0500 X-Mailer: Internet Mail Service (5.5.2653.19) Subject: [midcom] Protocol eval: RSIP 2.1.8 and 2.3.1 - 2.3.4 - Security F-> T (was RE: Proposed changes to RSIP evaluation... Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Hi all, Given that the RSIP protocol does define the use of IPSEC, I would agree that these could be changed to T. The current text description in section 2.3.1 is fairly informative, do you really want to replace that with the single sentence or do you want the information combined? Also, I did not see any reference to TLS in the RSIP RFCs, so I would propose to just add the reference to IPSec, or perhaps I somehow missed the reference. Note, that this would also require a change to the conclusion. Again, WG feedback (i.e. if you don't agree with changing these to T), should be sent by COB on Tuesday, August 5th. Regards, Mary. -----Original Message----- From: James_Renkel@3com.com [mailto:James_Renkel@3com.com] Sent: Sunday, August 04, 2002 10:42 PM To: 'midcom' Subject: Re: Proposed changes to RSIP evaluation (was RE: [midcom] Comments on protocol evaluation draft ---text deleted ----------- > > Now, you're also proposing that RSIP be "upgraded" for the security > onesthat you had scored as Failing to meet compliancy in your analysis. > Based upon the text currently in section 2.1.8, 2.3.1, which also > applies to 2.3.2-2.3.4, I don't have a problem changing those to Ps. > MEGACO and DIAMETER do not have "native" support for capabilities satisfying these requirements, they depend on operation over, e.g., TLS or IPsec to satisfy them, and they were scored a T. RSIP is no different: no native support; but the cappability can be added by operating over TLS or IPsec; so, it too should be scored a T. All I'm asking for here is consistency of scoring for all the protocols. Additionally, the "native" communications between hosts and RSIP gateways is over tunnels for the data connections. Although not explicitly stated, the preferred operation of the control channel is over that same tunnel. If that tunnel is IPsec, then the control channel is secured. At least with RSIP, the tunnel is already there. At to replacement for the RSIP portions of the text following requirements 2.1.8, and 2.3.1 through 2.3.4, I would suggest: RSIP does not have "native" support for this capability, but the capability can be obtained by operating RSIP over TLS or IPsec. > > The P+ category would only apply if these changes could be made to > RSIP as a natural extension of the protocol with no impact to current > users of that protocol (i.e. current users don't make use of the > information, and wouldn't be bothered by it being in the messages). > If the score for these requirements is not to be T, then .... ---Remainder of email thread deleted---- _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 15:46:54 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA29180 for ; Mon, 5 Aug 2002 15:46:54 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id PAA25645 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 15:48:07 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id PAA24891; Mon, 5 Aug 2002 15:31:10 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id PAA24853 for ; Mon, 5 Aug 2002 15:31:08 -0400 (EDT) Received: from zrc2s0jx.nortelnetworks.com (zrc2s0jx.nortelnetworks.com [47.103.122.112]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA28605 for ; Mon, 5 Aug 2002 15:29:55 -0400 (EDT) Received: from zrc2c011.us.nortel.com (zrc2c011.us.nortel.com [47.103.120.51]) by zrc2s0jx.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g75JTvH14045; Mon, 5 Aug 2002 14:29:57 -0500 (CDT) Received: by zrc2c011.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Mon, 5 Aug 2002 14:29:42 -0500 Message-ID: <1B54FA3A2709D51195C800508BF9386A05A7C81E@zrc2c000.us.nortel.com> From: "Mary Barnes" To: "'James_Renkel@3com.com'" , "'midcom'" Date: Mon, 5 Aug 2002 14:29:38 -0500 X-Mailer: Internet Mail Service (5.5.2653.19) Subject: [midcom] Protocol eval: 2.1.2 - RSIP - P -> T? (was RE: Proposed changes t o RSIP evaluation .... Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Hi all, My responses to 2.1.2 from Jim's response to email thread. Again, feedback on this is requested from the WG by COB on Tuesday, August 6th. Regards, Mary. -----Original Message----- From: James_Renkel@3com.com [mailto:James_Renkel@3com.com] Sent: Sunday, August 04, 2002 10:42 PM To: 'midcom' Subject: Re: Proposed changes to RSIP evaluation (was RE: [midcom] Comments on protocol evaluation draft ----text deleted ----- > > 2.1.2 - The text for this one clearly states that an extension is > required. > This may be a fine point, but the *RSIP framework and semantics* would require an extension, the *protocol* itself would not (BTW, that's what the text for the RSIP evaluation of the requirement says: " ... the RSIP *architecure* could be extended ..." [Emphasis added.]). The extension would be the explicit removal of an unstated (and usually unimplemented!) restriction that an RSIP request must come from the host whose communications would be affected by the request. [MB] Again, this was one that had been discussed on the mailing list. This was lowered to a P+ based upon WG mailing list feedback (from more than one person, actually) on the -00 version of the document. So, per my summary email for the changes for -01 (on June 15th), I made this change (and received no response to that email). What I would propose is to open this again for mailing list discussion, to see if anyone else is in support of changing this to a "T". [/MB] Or looking at it another way, a given installation's policy may be that RSIP requests must come from the host that is affected. RSIP permits that policy to be enforced, but it also, through it's silent on the matter, allows the opposite policy. I could certainly envision both of these policies with MODCOM, also. So either way ya look at it, the RSIP documentation should be clarified, but no change to the protocol is required. I, being the hard grader that I am and wanting to give the most information on and insight into RSIP as possible, graded this a P. But with the grading system as I now understand it, and for consistency with the way the other protocols were graded, I think that this should be a T. If replacement text is necessary, I would suggest: RSIP allows a client to simultaneously have RSIP sessions with multiple RSIP gateways. ----Remainder deleted ----- _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 16:55:01 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA01668 for ; Mon, 5 Aug 2002 16:55:01 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id QAA28784 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 16:56:14 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id QAA28722; Mon, 5 Aug 2002 16:53:05 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id QAA28693 for ; Mon, 5 Aug 2002 16:53:03 -0400 (EDT) Received: from zrc2s0jx.nortelnetworks.com (zrc2s0jx.nortelnetworks.com [47.103.122.112]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA01512 for ; Mon, 5 Aug 2002 16:51:49 -0400 (EDT) Received: from zrc2c011.us.nortel.com (zrc2c011.us.nortel.com [47.103.120.51]) by zrc2s0jx.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g75KqaH02712; Mon, 5 Aug 2002 15:52:36 -0500 (CDT) Received: by zrc2c011.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Mon, 5 Aug 2002 15:52:21 -0500 Message-ID: <1B54FA3A2709D51195C800508BF9386A05A7C820@zrc2c000.us.nortel.com> From: "Mary Barnes" To: "'James_Renkel@3com.com'" , "'midcom'" Date: Mon, 5 Aug 2002 15:52:19 -0500 X-Mailer: Internet Mail Service (5.5.2653.19) Subject: [midcom] Protocol Eval: 2.2.2 - RSIP (was RE: Proposed changes to RSIP ev aluation Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Hi all, I don't have a problem changing 2.2.2 for RSIP to P+, IFF there is agreement by the WG to change 2.2.1 Extensibility to T for RSIP. However, we've already spent some time debating 2.2.2 for Megaco (refer to the email threads with 2.2.2 in the title) and finally agreeing on T. As well, we've previously discussed SNMP, with agreement that it is a T. And to a lesser extent, there has also been discussion on COPS. Again, I don't think we should revert these previous agreements unless there is additional support to do so. Again, WG feedback by COB Tuesday, August 6th is appreciated. Regards, Mary. -----Original Message----- From: James_Renkel@3com.com [mailto:James_Renkel@3com.com] Sent: Sunday, August 04, 2002 10:42 PM To: 'midcom' Subject: Re: Proposed changes to RSIP evaluation (was RE: [midcom] Comments on protocol evaluation draft ---text deleted ----- > > 2.2.2 - I think a P+ needs additional text to substantiate that this > would be a compatible extension of the protocol (OR we need some text > upfront in the RSIP overview describing the extensibility mechanisms > defined by RSIP) > 2.2.3 - ditto > Since, in recent semantics discussions, I believe we have agreed that the only ruleset action needed is permit, the statement in the text may be true as it stands. If it is desirable to include some kind of parameter that indicates the type of middlebox being manipulated (NATter, firewall, VPN tunnel switch, etc.), that certainly can added, and in a completely backward compatible way. As I read the text for SNMP and COPS, they seem to imply that they already have this parameter, and therefore deserve a T (But more on this later.). The MEGACO text says multiple middlebox types can be supported when you define the middlebox package for MEGACO, and is scored a T. But an extension to MEGACO (i.e., one or more new packages) is required, so I think this ought to be a P+ (presumably it can be done with backward compatibility). The DIAMETER text says an extension is necessary, and is scored a P, now presumably a P+. But if ya look at the MIDCOM requirements (I'm looking at the -05 draft.), it says under requirement 2.2.2: This states that a the protocol must support rules and actions for a variety of types of middleboxes. According to this as I read it, just having a parameter that distinguishes among types of middleboxes isn't suffucient, ya gotta have rules and actions already defined in the protocol to justify a T score. I don't think this is the case for any of the protocols (Although RSIP probably comes the closest: it does have the notion of rules defined; not actions, but they may not be needed anymore.), so I think the T scores for SNMP and COPS should also be P+. Again, I'm looking for consistency here. All require extension, so all should be graded the same, and I think that's a P+. If the question had simply been "Can ya already distinguish between multiple middlebox types?", then the T scores for SNMP and COPS would be justified. ---Remaining text deleted ---- _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 17:06:13 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA01976 for ; Mon, 5 Aug 2002 17:06:13 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id RAA00173 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 17:07:26 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA00098; Mon, 5 Aug 2002 17:06:02 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id RAA00070 for ; Mon, 5 Aug 2002 17:06:00 -0400 (EDT) Received: from zrc2s0jx.nortelnetworks.com (zrc2s0jx.nortelnetworks.com [47.103.122.112]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA01931 for ; Mon, 5 Aug 2002 17:04:45 -0400 (EDT) Received: from zrc2c011.us.nortel.com (zrc2c011.us.nortel.com [47.103.120.51]) by zrc2s0jx.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g75L5dH11533; Mon, 5 Aug 2002 16:05:40 -0500 (CDT) Received: by zrc2c011.us.nortel.com with Internet Mail Service (5.5.2653.19) id ; Mon, 5 Aug 2002 16:05:25 -0500 Message-ID: <1B54FA3A2709D51195C800508BF9386A05A7C821@zrc2c000.us.nortel.com> From: "Mary Barnes" To: "'James_Renkel@3com.com'" , "'midcom'" Date: Mon, 5 Aug 2002 16:05:22 -0500 X-Mailer: Internet Mail Service (5.5.2653.19) Subject: [midcom] Protocol Eval: 2.2.3 - RSIP - F -> P or P+ ( was RE: Proposed cha nges to RSIP evaluation ... Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Hi all, One note on this one is that Jim's original email ranking from which this thread started was incorrect in that RSIP was indicated to be Failing this requirement, although his category tag was correct: 3. At a minimum, I would agree that it should be changed to a P. Per my original email response to Jim, it needs further substantiation for P+ and in particular, like 2.2.2, I think it can only be changed to a P+ if we get WG concensus on changing 2.2.1 (Extensibility) to T for RSIP. Again, this is open for discussion. To summarize, if no feedback is received by COB August 6th, then I propose to change 2.2.3 to P for RSIP. If we get agreement that 2.2.1 is a T, then I think we can agree to change 2.2.3 to P+, unless I get WG feedback to the contrary. Regards, Mary. P.S. And this is the last of my postings in response to Jim's email, so let me know if you find that I've missed responding individually to something. -----Original Message----- From: James_Renkel@3com.com [mailto:James_Renkel@3com.com] Sent: Sunday, August 04, 2002 10:42 PM To: 'midcom' Subject: Re: Proposed changes to RSIP evaluation (was RE: [midcom] Comments on protocol evaluation draft ----text deleted ----- > > 2.2.2 - I think a P+ needs additional text to substantiate that this > would be a compatible extension of the protocol (OR we need some text > upfront in the RSIP overview describing the extensibility mechanisms > defined by RSIP) > 2.2.3 - ditto > ----text deleted ----- As to 2.2.3, ruleset groups, they can be added compatibly by adding a ruleset identifier parameter to the appropriate RSIP request and response messages. If new operations on rulesets are required beyond those provided by the existing RSIP requests and responses, they can be added compatibly. As to a fuller explanation of the RSIP extension mechanism, I believe that text is already there under requirement 2.2.1. If necessary, maybe that should be moved to the overview (Or a pointer from the overview to the 2.2.1 text could be added.). If we need a fuller or different explanation, let me know and I'll provide it. ---Remaining text deleted --- _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 18:37:34 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05935 for ; Mon, 5 Aug 2002 18:37:34 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id SAA04530 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 18:38:46 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04453; Mon, 5 Aug 2002 18:34:43 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04336 for ; Mon, 5 Aug 2002 18:34:33 -0400 (EDT) Received: from topaz.3com.com (topaz.3com.com [192.156.136.158]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05783 for ; Mon, 5 Aug 2002 18:33:19 -0400 (EDT) From: James_Renkel@3com.com Received: from opal.3com.com (opal.3com.com [139.87.50.117]) by topaz.3com.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g75MYGT22600 for ; Mon, 5 Aug 2002 15:34:17 -0700 (PDT) Received: from hqsmtp01.3com.com (hqsmtp01.ops.3com.com [139.87.49.79]) by opal.3com.com (Switch-2.2.1/Switch-2.2.0) with ESMTP id g75MYBK17131 for ; Mon, 5 Aug 2002 15:34:11 -0700 (PDT) To: midcom Date: Mon, 5 Aug 2002 17:04:55 -0500 Message-ID: MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.12 (www dot roaringpenguin dot com slash mimedefang) Subject: [midcom] Protocol eval: 2.2.9 RSIP - proposal to change score and text Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Middlebox experts, As I have said in a previous e-mail, RSIP can easily be extended to preserve port number oddity when creating bindings. RSIP currently does not guarantee preservation of port number oddity. RSIP would add a new optional boolean parameter called portOddity to the ASSIGN_REQUESTs. If specified as TRUE, the remote port number of the binding created would have the same oddity as the local port. If not specified (or specified as FALSE), the remote port's oddity is independent of the loacl port's oddity, thus maintaining backward compatibility with the current definition of RSIP. RSIP is currently scored a P on this requirement when it should, in my opinion, clearly be a P+. I propose that the score of RSIP for this requirement be changed to P+, and the text changed to: RSIP can be extended to preserve the port number oddity of a binding by including an optional boolean portOddity parameter on ASSIGN_REQUESTs. If specified as TRUE, the remote port number of the binding created would have the same oddity as the local port. If not specified (or specified as FALSE), the remote port's oddity is independent of the local port's oddity, thus maintaining backward compatibility with the current definition of RSIP. Comments expected and welcome. Jim _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 18:37:34 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05941 for ; Mon, 5 Aug 2002 18:37:34 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id SAA04541 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 18:38:46 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04221; Mon, 5 Aug 2002 18:34:25 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04040 for ; Mon, 5 Aug 2002 18:34:15 -0400 (EDT) Received: from topaz.3com.com (topaz.3com.com [192.156.136.158]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05728 for ; Mon, 5 Aug 2002 18:33:02 -0400 (EDT) From: James_Renkel@3com.com Received: from opal.3com.com (opal.3com.com [139.87.50.117]) by topaz.3com.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g75MYET22575 for ; Mon, 5 Aug 2002 15:34:15 -0700 (PDT) Received: from hqsmtp01.3com.com (hqsmtp01.ops.3com.com [139.87.49.79]) by opal.3com.com (Switch-2.2.1/Switch-2.2.0) with ESMTP id g75MY9K17106 for ; Mon, 5 Aug 2002 15:34:10 -0700 (PDT) To: midcom Date: Mon, 5 Aug 2002 13:28:01 -0500 Message-ID: MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.12 (www dot roaringpenguin dot com slash mimedefang) Subject: [midcom] Protocol eval: 2.2.1 RSIP - proposal to change score Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Middlebox experts, As I have said in a previous e-mail, RSIP clearly was designed to be extensible. The evaluation text of RSIP for this requirement explains how this works in more detail than the evaluation text for the other protocols. RSIP is currently scored a P+ on this requirement when it should, in my opinion, clearly be a T: it has a degree of extensibility comparable to the other protocols, and they were scored a T. I propose that the score of RSIP for this requirement be changed to T. I don't think there's any need to change the expanatory text. Comments expected and welcome. Jim _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 18:37:35 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05963 for ; Mon, 5 Aug 2002 18:37:35 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id SAA04552 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 18:38:47 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04128; Mon, 5 Aug 2002 18:34:19 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04033 for ; Mon, 5 Aug 2002 18:34:15 -0400 (EDT) Received: from topaz.3com.com (topaz.3com.com [192.156.136.158]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05722 for ; Mon, 5 Aug 2002 18:33:02 -0400 (EDT) From: James_Renkel@3com.com Received: from opal.3com.com (opal.3com.com [139.87.50.117]) by topaz.3com.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g75MYDT22571 for ; Mon, 5 Aug 2002 15:34:14 -0700 (PDT) Received: from hqsmtp01.3com.com (hqsmtp01.ops.3com.com [139.87.49.79]) by opal.3com.com (Switch-2.2.1/Switch-2.2.0) with ESMTP id g75MY9K17098 for ; Mon, 5 Aug 2002 15:34:09 -0700 (PDT) To: midcom Date: Mon, 5 Aug 2002 13:11:54 -0500 Message-ID: MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.12 (www dot roaringpenguin dot com slash mimedefang) Subject: [midcom] Protocol eval: 2.1.8 and 2.3.1 through 2.3.4 RSIP - proposal to change score and text Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Middlebox experts, As I have said in a previous e-mail, RSIP's capabiltiies are no different w.r.t.: - mutual authentication (2.1.8) than MEGACO and DIAMETER; - message authentication, confidentiality, and integrity (2.3.1) than MEGACO and DIAMETER; - optional confidentiality protection (2.3.2) than MEGACO and perhaps DIAMETER; - operation across untrusted domains (2.3.3) than MEGACO and DIAMETER; and - mitigation against replay attacks (2.3.4) than perhaps MEGACO and DIAMETER. (The "perhaps" in the above statements indicates that the protocol may have some native capabiltiies in the area.) Those protocols were scored T for those requirements by suggesting that the requirement could be completely satisfied if the protocol were operated over TLS or IPsec. The same is true of RSIP: all these requirements may be completely satisfied by operating RSIP over TLS or IPsec. For consistency of scoring, I propose that the scores of RSIP for these requirements be changed to T, and the RSIP text under these requirements be changed to: RSIP does not have "native" support for this capability, but the capability can be obtained by operating RSIP over TLS or IPsec. Comments expected and welcome. Jim _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 18:37:38 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05991 for ; Mon, 5 Aug 2002 18:37:38 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id SAA04574 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 18:38:50 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04134; Mon, 5 Aug 2002 18:34:20 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04039 for ; Mon, 5 Aug 2002 18:34:15 -0400 (EDT) Received: from topaz.3com.com (topaz.3com.com [192.156.136.158]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05727 for ; Mon, 5 Aug 2002 18:33:02 -0400 (EDT) From: James_Renkel@3com.com Received: from opal.3com.com (opal.3com.com [139.87.50.117]) by topaz.3com.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g75MYET22573 for ; Mon, 5 Aug 2002 15:34:14 -0700 (PDT) Received: from hqsmtp01.3com.com (hqsmtp01.ops.3com.com [139.87.49.79]) by opal.3com.com (Switch-2.2.1/Switch-2.2.0) with ESMTP id g75MY9K17101 for ; Mon, 5 Aug 2002 15:34:09 -0700 (PDT) To: midcom Date: Mon, 5 Aug 2002 16:31:28 -0500 Message-ID: MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.12 (www dot roaringpenguin dot com slash mimedefang) Subject: [midcom] Protocol eval: 2.1.2 RSIP - proposal to change score and text Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Middlebox experts, As I have said in a previous e-mail, RSIP clearly allows a host to relate to multiple middleboxes. In the interest of providing as much insight into and information about RSIP as possible, I pointed out that, typically, a request for an RSIP operation comes from the host affected by the operation. But requests for operations affecting one host are permitted to come from a second host if that is consistent with local policy. But this in no way affects the ability of an RSIP client to have simultaneous sessions with multiple gateways. RSIP is currently scored a P on this requirement when it should, in my opinion, clearly be a T. I propose that the score of RSIP for this requirement be changed to T, and the RSIP text under this requirement be changed to: RSIP allows a client to simultaneously have RSIP sessions with multiple RSIP gateways. Comments expected and welcome. Jim _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 18:37:38 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05992 for ; Mon, 5 Aug 2002 18:37:38 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id SAA04580 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 18:38:50 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04299; Mon, 5 Aug 2002 18:34:30 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04150 for ; Mon, 5 Aug 2002 18:34:21 -0400 (EDT) Received: from topaz.3com.com (topaz.3com.com [192.156.136.158]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05736 for ; Mon, 5 Aug 2002 18:33:07 -0400 (EDT) From: James_Renkel@3com.com Received: from opal.3com.com (opal.3com.com [139.87.50.117]) by topaz.3com.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g75MYGT22595 for ; Mon, 5 Aug 2002 15:34:17 -0700 (PDT) Received: from hqsmtp01.3com.com (hqsmtp01.ops.3com.com [139.87.49.79]) by opal.3com.com (Switch-2.2.1/Switch-2.2.0) with ESMTP id g75MYBK17126 for ; Mon, 5 Aug 2002 15:34:11 -0700 (PDT) To: midcom Date: Mon, 5 Aug 2002 16:51:47 -0500 Message-ID: MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.12 (www dot roaringpenguin dot com slash mimedefang) Subject: [midcom] Protocol eval: 2.2.7 RSIP - proposal to change score and text Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Middlebox experts, As I have said in a previous e-mail, RSIP implicitly leaves to local policy the legality of operations on a binding by a host other than the one that created it. Although no change to the RSIP syntax is required, the RSIP specification should be clarified on this issue. Perhaps this would be considered a (backward compatible) change to the RSIP semantics. RSIP is currently scored a P on this requirement when it should, in my opinion, clearly be a P+ (if not a T). I propose that the score of RSIP for this requirement be changed to P+, and the text changed to: RSIP does not explicitly either permit or preclude an operation on a binding being requested by a host other that the host that created the binding. The RSIP semantics would need to be explicitly extended to permit any authorized host to request operations on a binding. No change to the protocol would be required. Comments expected and welcome. Jim _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 18:37:39 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA06029 for ; Mon, 5 Aug 2002 18:37:39 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id SAA04604 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 18:38:52 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04331; Mon, 5 Aug 2002 18:34:33 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04167 for ; Mon, 5 Aug 2002 18:34:22 -0400 (EDT) Received: from topaz.3com.com (topaz.3com.com [192.156.136.158]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05739 for ; Mon, 5 Aug 2002 18:33:08 -0400 (EDT) From: James_Renkel@3com.com Received: from opal.3com.com (opal.3com.com [139.87.50.117]) by topaz.3com.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g75MYGT22601 for ; Mon, 5 Aug 2002 15:34:18 -0700 (PDT) Received: from hqsmtp01.3com.com (hqsmtp01.ops.3com.com [139.87.49.79]) by opal.3com.com (Switch-2.2.1/Switch-2.2.0) with ESMTP id g75MYBK17132 for ; Mon, 5 Aug 2002 15:34:11 -0700 (PDT) To: midcom Date: Mon, 5 Aug 2002 17:26:59 -0500 Message-ID: MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.12 (www dot roaringpenguin dot com slash mimedefang) Subject: [midcom] Protocol eval: 2.2.11 RSIP - proposal to change score and text Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Middlebox experts, The MIDOCM requirements require support for overlapping rulesets. But based on recent discussions of semantics, that requirement may be going away. As I have said in a previous e-mail, RSIP can easily be extended to support overlapping rulesets, if that is required, with backward compatibility to existing semantics. RSIP currently does not permit overlapping bindings. RSIP would add a new optional boolean parameter called overlapOK to the ASSIGN_REQUESTs. If specified as TRUE, the binding created may overlap with another existing binding. If not specified (or specified as FALSE), the binding will only be created to not overlap with an existing binding, thus maintaining backward compatibility with the current definition of RSIP. RSIP is currently scored a P on this requirement when it should, in my opinion, clearly be a P+. I propose that the score of RSIP for this requirement be changed to P+, and the text changed to: RSIP can be extended to permit overlapping bindings by including an optional boolean overlapOK parameter on ASSIGN_REQUESTs. If specified as TRUE, the binding created may overlap with another existing binding. If not specified (or specified as FALSE), the binding will only be created to not overlap with an existing binding, thus maintaining backward compatibility with the current definition of RSIP. Comments expected and welcome. Jim _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 18:37:44 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA06046 for ; Mon, 5 Aug 2002 18:37:44 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id SAA04629 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 18:38:57 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04382; Mon, 5 Aug 2002 18:34:36 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04202 for ; Mon, 5 Aug 2002 18:34:23 -0400 (EDT) Received: from topaz.3com.com (topaz.3com.com [192.156.136.158]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05741 for ; Mon, 5 Aug 2002 18:33:08 -0400 (EDT) From: James_Renkel@3com.com Received: from opal.3com.com (opal.3com.com [139.87.50.117]) by topaz.3com.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g75MYFT22581 for ; Mon, 5 Aug 2002 15:34:15 -0700 (PDT) Received: from hqsmtp01.3com.com (hqsmtp01.ops.3com.com [139.87.49.79]) by opal.3com.com (Switch-2.2.1/Switch-2.2.0) with ESMTP id g75MYAK17114 for ; Mon, 5 Aug 2002 15:34:10 -0700 (PDT) To: midcom Date: Mon, 5 Aug 2002 16:42:48 -0500 Message-ID: MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.12 (www dot roaringpenguin dot com slash mimedefang) Subject: [midcom] Protocol eval: 2.2.3 RSIP - proposal to change score and text Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Middlebox experts, As I have said in a previous e-mail, RSIP clearly may be extended, with backward compatibility, to support ruleset groups. This would be accomplished by having an optional "group" parameter on appropriate requests and responses. On an ASSIGN request the group parameter would indicate the existing group to which the new binding is to be added; if the parameter is omitted, a new group would be created. The response to a successful ASSIGN request would include a group parameter indicating the group to which the binding has been added. By having the group parameter optional on ASSIGN requests with a new group created if not specified, backward compatibility with the existing RSIP semantics is preserved. RSIP is currently scored a P on this requirement when it should, in my opinion, clearly be a P+. I propose that the score of RSIP for this requirement be changed to P+, and the text changed to: A group parameter, with a default value on requests of create new group to maintain backward compatibility, can be added to appropriate requests and responses. Comments expected and welcome. Jim _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 18:47:28 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA06311 for ; Mon, 5 Aug 2002 18:47:28 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id SAA04819 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 18:48:40 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04726; Mon, 5 Aug 2002 18:44:38 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04699 for ; Mon, 5 Aug 2002 18:44:37 -0400 (EDT) Received: from sj-msg-core-4.cisco.com (sj-msg-core-4.cisco.com [171.71.163.54]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA06216 for ; Mon, 5 Aug 2002 18:43:23 -0400 (EDT) Received: from mira-sjc5-4.cisco.com (IDENT:mirapoint@mira-sjc5-4.cisco.com [171.71.163.21]) by sj-msg-core-4.cisco.com (8.12.2/8.12.2) with ESMTP id g75Mi46I001935; Mon, 5 Aug 2002 15:44:04 -0700 (PDT) Received: from cisco.com (ssh-sjc-1.cisco.com [171.68.225.134]) by mira-sjc5-4.cisco.com (Mirapoint) with ESMTP id AES04847; Mon, 5 Aug 2002 15:40:01 -0700 (PDT) Message-Id: <200208052240.AES04847@mira-sjc5-4.cisco.com> To: James_Renkel@3com.com cc: midcom From: Melinda Shore Subject: Re: [midcom] Protocol eval: 2.1.2 RSIP - proposal to change score and text In-Reply-To: Message from James_Renkel@3com.com of "Mon, 05 Aug 2002 16:31:28 CDT." Date: Mon, 05 Aug 2002 18:42:02 -0400 Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org > I propose that the score of RSIP for this requirement be changed to T, > and the RSIP text under this requirement be changed to: > > RSIP allows a client to simultaneously have RSIP sessions with > multiple RSIP gateways. I hope that you'll also provide some text describing the complexity associated with having one "virtual" interface/ address on the host for each middlebox with which it's communicating. Melinda _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 18:50:18 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA06537 for ; Mon, 5 Aug 2002 18:50:17 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id SAA04957 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 18:51:30 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04880; Mon, 5 Aug 2002 18:50:39 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04845 for ; Mon, 5 Aug 2002 18:50:37 -0400 (EDT) Received: from sj-msg-core-3.cisco.com (sj-msg-core-3.cisco.com [171.70.157.152]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA06453 for ; Mon, 5 Aug 2002 18:49:24 -0400 (EDT) Received: from mira-sjc5-4.cisco.com (IDENT:mirapoint@mira-sjc5-4.cisco.com [171.71.163.21]) by sj-msg-core-3.cisco.com (8.12.2/8.12.2) with ESMTP id g75Mn09V025039; Mon, 5 Aug 2002 15:49:01 -0700 (PDT) Received: from cisco.com (ssh-sjc-1.cisco.com [171.68.225.134]) by mira-sjc5-4.cisco.com (Mirapoint) with ESMTP id AES05035; Mon, 5 Aug 2002 15:45:10 -0700 (PDT) Message-Id: <200208052245.AES05035@mira-sjc5-4.cisco.com> To: James_Renkel@3com.com cc: midcom From: Melinda Shore Subject: Re: [midcom] Protocol eval: 2.2.7 RSIP - proposal to change score and text In-Reply-To: Message from James_Renkel@3com.com of "Mon, 05 Aug 2002 16:51:47 CDT." Date: Mon, 05 Aug 2002 18:47:12 -0400 Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org > RSIP does not explicitly either permit or preclude an operation on > a binding being requested by a host other that the host that created > the binding. The RSIP semantics would need to be explicitly extended > to permit any authorized host to request operations on a binding. No > change to the protocol would be required. The problem with this is that it's inconsistent with the loaning-an-address model that RSIP uses. I think it's fair to say that it would be a not insignificant change to the semantics of the RSIP protocol if addresses were to be loanable to more than one endpoint simultaneously. Melinda _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 18:51:50 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA06575 for ; Mon, 5 Aug 2002 18:51:50 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id SAA05040 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 18:53:02 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA05002; Mon, 5 Aug 2002 18:52:14 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04973 for ; Mon, 5 Aug 2002 18:52:12 -0400 (EDT) Received: from sj-msg-core-1.cisco.com (sj-msg-core-1.cisco.com [171.71.163.11]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA06567 for ; Mon, 5 Aug 2002 18:50:58 -0400 (EDT) Received: from mira-sjc5-4.cisco.com (IDENT:mirapoint@mira-sjc5-4.cisco.com [171.71.163.21]) by sj-msg-core-1.cisco.com (8.12.2/8.12.2) with ESMTP id g75MpZAK020301; Mon, 5 Aug 2002 15:51:35 -0700 (PDT) Received: from cisco.com (ssh-sjc-1.cisco.com [171.68.225.134]) by mira-sjc5-4.cisco.com (Mirapoint) with ESMTP id AES05146; Mon, 5 Aug 2002 15:47:36 -0700 (PDT) Message-Id: <200208052247.AES05146@mira-sjc5-4.cisco.com> To: James_Renkel@3com.com cc: midcom From: Melinda Shore Subject: Re: [midcom] Protocol eval: 2.2.2 RSIP - proposal to change score and text In-Reply-To: Message from James_Renkel@3com.com of "Mon, 05 Aug 2002 13:42:04 CDT." Date: Mon, 05 Aug 2002 18:49:38 -0400 Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org > RSIP is currently scored a P on this requirement when it should, in > my opinion, clearly be a P+ or T, depending on whether more actions than > permit are required by the semantics: if more actions than permit are > required, they can be supported with backward compatibility by the addition > of an optional action parameter in appropriate requests, with the default > value of the parameter being permit if it is omitted. I'm hoping that the protocols can be evaluated on the basis of their current defined state, rather than what they might look like after being extended. Melinda _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 19:25:01 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05965 for ; Mon, 5 Aug 2002 18:37:35 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id SAA04563 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 18:38:47 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04269; Mon, 5 Aug 2002 18:34:28 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04107 for ; Mon, 5 Aug 2002 18:34:19 -0400 (EDT) Received: from topaz.3com.com (topaz.3com.com [192.156.136.158]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05732 for ; Mon, 5 Aug 2002 18:33:05 -0400 (EDT) From: James_Renkel@3com.com Received: from opal.3com.com (opal.3com.com [139.87.50.117]) by topaz.3com.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g75MYET22579 for ; Mon, 5 Aug 2002 15:34:15 -0700 (PDT) Received: from hqsmtp01.3com.com (hqsmtp01.ops.3com.com [139.87.49.79]) by opal.3com.com (Switch-2.2.1/Switch-2.2.0) with ESMTP id g75MYAK17110 for ; Mon, 5 Aug 2002 15:34:10 -0700 (PDT) To: midcom Date: Mon, 5 Aug 2002 13:42:04 -0500 Message-ID: MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.12 (www dot roaringpenguin dot com slash mimedefang) Subject: [midcom] Protocol eval: 2.2.2 RSIP - proposal to change score and text Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Middlebox experts, As I have said in a previous e-mail, RSIP clearly may be extended, with backward compatibility, to support multiple middlebox types. The differentiation between middlebox types is in the actions that they support on a ruleset. RSIP (implicitly) only supports a permit action, while the MIDCOM requirements require multiple possible actions (Although that may have gone away with recent working group discussions on semantics.). RSIP is currently scored a P on this requirement when it should, in my opinion, clearly be a P+ or T, depending on whether more actions than permit are required by the semantics: if more actions than permit are required, they can be supported with backward compatibility by the addition of an optional action parameter in appropriate requests, with the default value of the parameter being permit if it is omitted. I propose that the score of RSIP for this requirement be changed to P+, and the text changed to: If multiple actions beyond RSIP's default "permit" action are required to differentiate between middlebox types, an action parameter, with a default value of "permit" if omitted to maintain backward compatibility, can be added to appropriate requests. Comments expected and welcome. Jim _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Mon Aug 5 19:25:02 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05998 for ; Mon, 5 Aug 2002 18:37:38 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id SAA04593 for midcom-archive@odin.ietf.org; Mon, 5 Aug 2002 18:38:51 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04408; Mon, 5 Aug 2002 18:34:38 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id SAA04233 for ; Mon, 5 Aug 2002 18:34:26 -0400 (EDT) Received: from topaz.3com.com (topaz.3com.com [192.156.136.158]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05761 for ; Mon, 5 Aug 2002 18:33:12 -0400 (EDT) From: James_Renkel@3com.com Received: from opal.3com.com (opal.3com.com [139.87.50.117]) by topaz.3com.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g75MYGT22593 for ; Mon, 5 Aug 2002 15:34:17 -0700 (PDT) Received: from hqsmtp01.3com.com (hqsmtp01.ops.3com.com [139.87.49.79]) by opal.3com.com (Switch-2.2.1/Switch-2.2.0) with ESMTP id g75MYAK17123 for ; Mon, 5 Aug 2002 15:34:11 -0700 (PDT) To: midcom Date: Mon, 5 Aug 2002 16:58:49 -0500 Message-ID: MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.12 (www dot roaringpenguin dot com slash mimedefang) Subject: [midcom] Protocol eval: 2.2.8 RSIP - proposal to change score and text Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org Middlebox experts, As I have said in a previous e-mail, RSIP can easily be extended in a backward compatible manner to restrict the transport protocols that may use a binding. RSIP currently allows all transport protocols to use any binding. RSIP would add a new optional parameter called transportProtocol to the ASSIGN_REQUESTs. If specified, the binding created would apply only to the use of the bound addresses / ports by the specified transport protocol(s). If not specified, the binding would apply to all use of the bound addresses / ports by any transport protocol, thus maintaining backward compatibility with the current definition of RSIP. RSIP is currently scored a P on this requirement when it should, in my opinion, clearly be a P+. I propose that the score of RSIP for this requirement be changed to P+, and the text changed to: RSIP can be extended to restrict the transport protocols that may use a binding by including an optional transportProtocol parameter on ASSIGN_REQUESTs. If specified, the use of the binding is restricted to the transport protocol specified. If not specified, the binding can be used by all transport protocols, giving backward compatibility with the existing RSIP semantics. Comments expected and welcome. Jim _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Tue Aug 6 08:34:44 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA08061 for ; Tue, 6 Aug 2002 08:34:44 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id IAA02684 for midcom-archive@odin.ietf.org; Tue, 6 Aug 2002 08:35:58 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id IAA02379; Tue, 6 Aug 2002 08:32:03 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id IAA02350 for ; Tue, 6 Aug 2002 08:32:02 -0400 (EDT) Received: from zcars04f.ca.nortel.com (zcars04f.nortelnetworks.com [47.129.242.57]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA07993 for ; Tue, 6 Aug 2002 08:30:47 -0400 (EDT) Received: from zcard309.ca.nortel.com (zcard309.ca.nortel.com [47.129.242.69]) by zcars04f.ca.nortel.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g76CV7N04279; Tue, 6 Aug 2002 08:31:07 -0400 (EDT) Received: by zcard309.ca.nortel.com with Internet Mail Service (5.5.2653.19) id ; Tue, 6 Aug 2002 08:31:07 -0400 Message-ID: <4D79C746863DD51197690002A52CDA0001E8A757@zcard0kc.ca.nortel.com> From: "Tom-PT Taylor" To: "'James_Renkel@3com.com'" , midcom Subject: RE: [midcom] Protocol eval: 2.1.8 and 2.3.1 through 2.3.4 RSIP - proposal to change score and text Date: Tue, 6 Aug 2002 08:30:58 -0400 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org I think I would concede your basic point. As I said in a previous E-mail, the appropriate test is the protocol security architecture as defined in the protocol documentation. I find this information in the RSIP framework document (RFC 3102): If an RSIP negotiation protocol is implemented at the application layer, a choice of transport protocol MUST be made. RSIP hosts and gateways may communicate via TCP or UDP. TCP support is required in all RSIP gateways, while UDP support is optional. In RSIP hosts, TCP, UDP, or both may be supported. However, once an RSIP host and gateway have begun communicating using either TCP or UDP, they MAY NOT switch to the other transport protocol. For RSIP implementations and deployments considered in this document, TCP is the recommended transport protocol, because TCP is known to be robust across a wide range of physical media types and traffic loads. It is recommended that all communication between an RSIP host and gateway be authenticated. Authentication, in the form of a message hash appended to the end of each RSIP protocol packet, can serve to authenticate the RSIP host and gateway to one another, provide message integrity, and (with an anti-replay counter) avoid replay attacks. In order for authentication to be supported, each RSIP host and the RSIP gateway MUST either share a secret key (distributed, for example, by Kerberos) or have a private/public key pair. In the latter case, an entity's public key can be computed over each message and a hash function applied to the result to form the message hash. The RFC protocol document (RFC 3103) steered me back to this. RFC 3103 itself concentrated on the threat of denial of service attacks at the server. -----Original Message----- From: James_Renkel@3com.com [mailto:James_Renkel@3com.com] Sent: Monday, August 05, 2002 2:12 PM To: midcom Subject: [midcom] Protocol eval: 2.1.8 and 2.3.1 through 2.3.4 RSIP - proposal to change score and text Middlebox experts, As I have said in a previous e-mail, RSIP's capabiltiies are no different w.r.t.: - mutual authentication (2.1.8) than MEGACO and DIAMETER; - message authentication, confidentiality, and integrity (2.3.1) than MEGACO and DIAMETER; - optional confidentiality protection (2.3.2) than MEGACO and perhaps DIAMETER; - operation across untrusted domains (2.3.3) than MEGACO and DIAMETER; and - mitigation against replay attacks (2.3.4) than perhaps MEGACO and DIAMETER. (The "perhaps" in the above statements indicates that the protocol may have some native capabiltiies in the area.) Those protocols were scored T for those requirements by suggesting that the requirement could be completely satisfied if the protocol were operated over TLS or IPsec. The same is true of RSIP: all these requirements may be completely satisfied by operating RSIP over TLS or IPsec. For consistency of scoring, I propose that the scores of RSIP for these requirements be changed to T, and the RSIP text under these requirements be changed to: RSIP does not have "native" support for this capability, but the capability can be obtained by operating RSIP over TLS or IPsec. Comments expected and welcome. Jim _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Tue Aug 6 08:43:15 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA08524 for ; Tue, 6 Aug 2002 08:43:14 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id IAA03063 for midcom-archive@odin.ietf.org; Tue, 6 Aug 2002 08:44:28 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id IAA02898; Tue, 6 Aug 2002 08:41:22 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id IAA02869 for ; Tue, 6 Aug 2002 08:41:20 -0400 (EDT) Received: from zcars04e.ca.nortel.com (zcars04e.nortelnetworks.com [47.129.242.56]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA08386 for ; Tue, 6 Aug 2002 08:40:06 -0400 (EDT) Received: from zcard309.ca.nortel.com (zcard309.ca.nortel.com [47.129.242.69]) by zcars04e.ca.nortel.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g76CeUL19186; Tue, 6 Aug 2002 08:40:30 -0400 (EDT) Received: by zcard309.ca.nortel.com with Internet Mail Service (5.5.2653.19) id ; Tue, 6 Aug 2002 08:40:30 -0400 Message-ID: <4D79C746863DD51197690002A52CDA0001E8A758@zcard0kc.ca.nortel.com> From: "Tom-PT Taylor" To: "Mary Barnes" , "'James_Renkel@3com.com'" , "'midcom'" Subject: RE: [midcom] Protocol eval: RSIP 2.1.8 and 2.3.1 - 2.3.4 - Securi ty F-> T (was RE: Proposed changes to RSIP evaluation... Date: Tue, 6 Aug 2002 08:40:21 -0400 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org We come to the same basic conclusion, but I should note that neither RFC 3102 nor RFC 3103 discusses the operation of the RSIP negotiation protocol itself over IPSEC. The extensive discussion in these documents is about the IPSEC transport which RSIP negotiation enables (i.e. the subject matter of the protocol, not the transport of the protocol). -----Original Message----- From: Barnes, Mary [NGC:B602:EXCH] Sent: Monday, August 05, 2002 3:42 PM To: 'James_Renkel@3com.com'; 'midcom' Subject: [midcom] Protocol eval: RSIP 2.1.8 and 2.3.1 - 2.3.4 - Security F-> T (was RE: Proposed changes to RSIP evaluation... Hi all, Given that the RSIP protocol does define the use of IPSEC, I would agree that these could be changed to T. The current text description in section 2.3.1 is fairly informative, do you really want to replace that with the single sentence or do you want the information combined? Also, I did not see any reference to TLS in the RSIP RFCs, so I would propose to just add the reference to IPSec, or perhaps I somehow missed the reference. Note, that this would also require a change to the conclusion. Again, WG feedback (i.e. if you don't agree with changing these to T), should be sent by COB on Tuesday, August 5th. Regards, Mary. -----Original Message----- From: James_Renkel@3com.com [mailto:James_Renkel@3com.com] Sent: Sunday, August 04, 2002 10:42 PM To: 'midcom' Subject: Re: Proposed changes to RSIP evaluation (was RE: [midcom] Comments on protocol evaluation draft ---text deleted ----------- > > Now, you're also proposing that RSIP be "upgraded" for the security > onesthat you had scored as Failing to meet compliancy in your analysis. > Based upon the text currently in section 2.1.8, 2.3.1, which also > applies to 2.3.2-2.3.4, I don't have a problem changing those to Ps. > MEGACO and DIAMETER do not have "native" support for capabilities satisfying these requirements, they depend on operation over, e.g., TLS or IPsec to satisfy them, and they were scored a T. RSIP is no different: no native support; but the cappability can be added by operating over TLS or IPsec; so, it too should be scored a T. All I'm asking for here is consistency of scoring for all the protocols. Additionally, the "native" communications between hosts and RSIP gateways is over tunnels for the data connections. Although not explicitly stated, the preferred operation of the control channel is over that same tunnel. If that tunnel is IPsec, then the control channel is secured. At least with RSIP, the tunnel is already there. At to replacement for the RSIP portions of the text following requirements 2.1.8, and 2.3.1 through 2.3.4, I would suggest: RSIP does not have "native" support for this capability, but the capability can be obtained by operating RSIP over TLS or IPsec. > > The P+ category would only apply if these changes could be made to > RSIP as a natural extension of the protocol with no impact to current > users of that protocol (i.e. current users don't make use of the > information, and wouldn't be bothered by it being in the messages). > If the score for these requirements is not to be T, then .... ---Remainder of email thread deleted---- _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Tue Aug 6 12:33:10 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA17456 for ; Tue, 6 Aug 2002 12:33:10 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id MAA16478 for midcom-archive@odin.ietf.org; Tue, 6 Aug 2002 12:34:22 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id MAA16234; Tue, 6 Aug 2002 12:32:11 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id MAA16179 for ; Tue, 6 Aug 2002 12:32:08 -0400 (EDT) Received: from zctfs063.nortelnetworks.com (zctfs063.nortelnetworks.com [47.164.128.120]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA17307 for ; Tue, 6 Aug 2002 12:30:43 -0400 (EDT) Received: from zctfc040.europe.nortel.com (zctfc040.europe.nortel.com [47.164.129.95]) by zctfs063.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g76GUA724757; Tue, 6 Aug 2002 18:30:11 +0200 (MEST) Received: by zctfc040.europe.nortel.com with Internet Mail Service (5.5.2653.19) id <350WM6CD>; Tue, 6 Aug 2002 18:30:09 +0200 Message-ID: From: "Cedric Aoun" To: "'James_Renkel@3com.com'" , midcom Subject: RE: [midcom] Protocol eval: 2.2.9 RSIP - proposal to change score and text Date: Tue, 6 Aug 2002 18:30:10 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C23D65.876D398E" Sender: midcom-admin@ietf.org Errors-To: midcom-admin@ietf.org X-Mailman-Version: 1.0 Precedence: bulk List-Id: X-BeenThere: midcom@ietf.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C23D65.876D398E Content-Type: text/plain; charset="iso-8859-1" I initially understood the P+ category as the protocol could be extended by using the defined extensibility mechanisms without changing the base protocol messages. This is main difference between P and P+. Other protocols evaluated in this process have MIBs, PIBs, packages etc ... to be extended easily. IMO RSIP fails to meet this requirement as you just stated that RSIP does not guarantee preservation of port number oddity; and it doesn't have easy extensibility tools it requires new messages or new parameters within the base protocol messages.It should actually be an F. -----Original Message----- From: James_Renkel@3com.com [mailto:James_Renkel@3com.com] Sent: 06 August 2002 00:05 To: midcom Subject: [midcom] Protocol eval: 2.2.9 RSIP - proposal to change score and text Middlebox experts, As I have said in a previous e-mail, RSIP can easily be extended to preserve port number oddity when creating bindings. RSIP currently does not guarantee preservation of port number oddity. RSIP would add a new optional boolean parameter called portOddity to the ASSIGN_REQUESTs. If specified as TRUE, the remote port number of the binding created would have the same oddity as the local port. If not specified (or specified as FALSE), the remote port's oddity is independent of the loacl port's oddity, thus maintaining backward compatibility with the current definition of RSIP. RSIP is currently scored a P on this requirement when it should, in my opinion, clearly be a P+. I propose that the score of RSIP for this requirement be changed to P+, and the text changed to: RSIP can be extended to preserve the port number oddity of a binding by including an optional boolean portOddity parameter on ASSIGN_REQUESTs. If specified as TRUE, the remote port number of the binding created would have the same oddity as the local port. If not specified (or specified as FALSE), the remote port's oddity is independent of the local port's oddity, thus maintaining backward compatibility with the current definition of RSIP. Comments expected and welcome. Jim _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom ------_=_NextPart_001_01C23D65.876D398E Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: [midcom] Protocol eval: 2.2.9 RSIP - proposal to change = score and text

I initially understood the P+ category as the = protocol could be extended by using
the defined extensibility mechanisms without = changing the base protocol messages.
This is main difference between P and P+.
Other protocols evaluated in this process have MIBs, = PIBs, packages etc ... to be extended
easily.
IMO RSIP fails to meet this requirement as you just = stated that RSIP does not guarantee
preservation of port number oddity; and it doesn't = have easy extensibility tools it requires
new messages or new parameters within the base = protocol messages.It should actually be an F.

-----Original Message-----
From: James_Renkel@3com.com [mailto:James_Renkel@3com.com]<= /FONT>
Sent: 06 August 2002 00:05
To: midcom
Subject: [midcom] Protocol eval: 2.2.9 RSIP - = proposal to change score
and text

Middlebox experts,

As I have said in a previous e-mail, RSIP can easily = be extended to
preserve port number oddity when creating bindings. = RSIP currently does
not guarantee preservation of port number = oddity.

RSIP would add a new optional boolean parameter = called portOddity to the
ASSIGN_REQUESTs. If specified as TRUE, the remote = port number of the
binding created would have the same oddity as the = local port. If not
specified (or specified as FALSE), the remote port's = oddity is independent
of the loacl port's oddity, thus maintaining = backward compatibility with
the current definition of RSIP.

RSIP is currently scored a P on this requirement when = it should, in
my opinion, clearly be a P+.

I propose that the score of RSIP for this requirement = be changed to P+,
and the text changed to:

     RSIP can be extended to = preserve the port number oddity of a
     binding by including an = optional boolean portOddity parameter
     on ASSIGN_REQUESTs. If = specified as TRUE, the remote port number
     of the binding created = would have the same oddity as the local port.
     If not specified (or = specified as FALSE), the remote port's oddity
     is independent of the local = port's oddity, thus maintaining
     backward compatibility with = the current definition of RSIP.

Comments expected and welcome.

Jim

_______________________________________________
midcom mailing list
midcom@ietf.org
https://www1.ietf.org/mailman/listinfo/midcom

------_=_NextPart_001_01C23D65.876D398E-- _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom From daemon@optimus.ietf.org Tue Aug 6 14:19:08 2002 Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA22146 for ; Tue, 6 Aug 2002 14:19:08 -0400 (EDT) Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id OAA22607 for midcom-archive@odin.ietf.org; Tue, 6 Aug 2002 14:20:21 -0400 (EDT) Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id OAA22507; Tue, 6 Aug 2002 14:17:38 -0400 (EDT) Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id OAA22476 for ; Tue, 6 Aug 2002 14:17:36 -0400 (EDT) Received: from zctfs063.nortelnetworks.com (zctfs063.nortelnetworks.com [47.164.128.120]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA22072 for ; Tue, 6 Aug 2002 14:16:22 -0400 (EDT) Received: from zctfc040.europe.nortel.com (zctfc040.europe.nortel.com [47.164.129.95]) by zctfs063.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g76IG0728857; Tue, 6 Aug 2002 20:16:01 +0200 (MEST) Received: by zctfc040.europe.nortel.com with Internet Mail Service (5.5.2653.19) id <350WM63K>; Tue, 6 Aug 2002 20:15:59 +0200 Message-ID: From: "Cedric Aoun"