Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [802.21] IETF draft on IS



Hi,

Sorry for my delayed response.  Please see my comments on the
requirements part.

General comment: I think the requirements described in
21-06-0348-05-0000-Higher-Layer_IS-Requirements are more concise and
mature than this version.

On Mon, Feb 27, 2006 at 07:19:10PM -0600, Srinivas Sreemanthula wrote:
> Hello,
> Here is a draft version of the internet-draft that is due on 6th March
> to the IETF that contains the 802.21 transport requirements. Your
> comments are most welcome.
>  
> Regards,
> Srini

Content-Description: draft-faccin-mih-infoserv-02.txt
> 
> 6.1.  Summary of requirements
> 
>    o  Provide an information service transport mechanism which works
>       with both IPv6 and IPv4.
> 
>    o  Distinguish between the packet source and query source (allow
>       proxies).

This depends on the proxy model used by MIIS.  What proxy model 
is assumed here?


> 
>    o  Provide transport of information services through NAT for IPv4.
> 
>    o  Provide transport of information services through firewall for
>       IPv4.
> 
>    o  Provide transport of information services through firewall for
>       IPv6.
> 
>    o  Optionally allow for multiple queries per transport session.

This functionality is provided by MIIS (i.e., multiple outstanding
queries can be distinguished by Transaction ID).  We don't need to
have this as a IS transport requirement.

> 
>    o  Optionally ensure compatability between the information services
>       transport, and those required for Event and Command Services.

What does exactly "compatibility" mean?

Why compatibility needs to be ensured between IS transport and ES/CS
transport?

> 
>    o  Describe an information service discovery mechansism for IPv6
>       hosts.
> 
>    o  Describe an information service discovery mechansism for IPv4
>       hosts.
> 
>    o  Provide a common discovery method regardless of whether the IS-
>       Server is the adjacent AP, on the same subnet, or deep within the
>       network.
> 
>    o  Information services discovery should be protected from discovery
>       service impersonation and exchange modification attacks.
> 
>    o  Optionally ensure compatability between the information services
>       discovery mechansisms, and those required for Event and Command
>       Services over IP.

What does exactly "compatibility" mean?

> 
>    o  Allow for distinct classes Information Servers to be discovered.

I don't understand this.  Why this is needed?

> 
>    o  Allow for more than one Information Server to be discovered at a
>       time.
> 
>    o  Allow for context sensitive IS server discovery (per AP, per
>       visited Subnet, per Mobile).

I don't understand this.  Why this is needed?

> 
> 
> 
> 
> Sreemanthula, et al.    Expires September 2, 2006              [Page 14]
> 
> Internet-Draft           Requirements for an IS               March 2006
> 
> 
>    o  Optionally allow discovery messages being transported through NAT.
>       In this case, support for requester specific knowledge needs to
>       use both the NAT source address and the query original address.

The second sentence looks like a solution not a requirement.  I'd
suggest removing the sentence.

> 
>    o  Provide a common SA negotiation method regardless of whether the
>       IS-Server is the adjacent AP, on the same subnet, or deep within
>       the network.
> 
>    o  Protect against IS-Server and wireless device impersonation (with
>       authentication).

This looks like a requirement on peer entity authentication, right?

> 
>    o  Protect against data insertion and modification (provide message
>       authentication).
> 
>    o  Protect against replay attacks.
> 
>    o  Provide confidentiality of query and response contents.

Is this a mandatory requirement or an optional requirement?  I 
think this can be an optional requirement.

> 
>    o  Protect the identity of a querier against eavesdroppers.

Do you mean the identity of a querier is carried in IS messages?
If so, why it is needed?

> 
>    o  Protect IS-Server and discovery resources against denial of
>       service.

This requirement is too blur.  More specific requirement on 
denial of service would be required.

> 
>    o  Minimize computational and transmission resources for mobile
>       clients.

Do you mean IS transport may involve computation on IS queries?
Please clarify.

> 
>    o  Provide compatability with Address or Security Association
>       Mobility management, to allow use of an IS server after host
>       movements without renegotiating an SA.

What do you mean by "compatability with Address or Security
Association Mobility management"?  Please clarify.

> 
>    o  Allow for security services to be diabled.

This is a strange requirement.  Clarificaiton is required.

> 
>    o  Changes to the IS payload should not affect the security
>       mechanisms defined in the underlying transport mechanism to ensure
>       protocol modifications and evolutions defined in payload.
> 
> 

Regards,
Yoshihiro Ohba