[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AD review of draft-ietf-rap-session-auth-03.txt

To: nhamer@nortelnetworks.com, gageb@nortelnetworks.com, hugh.shieh@attws.com
Subject: AD review of draft-ietf-rap-session-auth-03.txt
From: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>
Date: Mon, 20 May 2002 20:20:42 +0200
Cc: Scott Hahn <scott.hahn@intel.com>, Mark Stevens <mlstevens@rcn.com>, rap <rap@ops.ietf.org>

Before putting documents on the IESG agenda I review them first.
I have issued IETF Last Call for the document
   draft-ietf-rap-rsvp-authsession-02.txt
in which Last Call this informational is included (I expect).

So you can consider my comments as IETF Last Call comments

Here are my comments and questions:

1. Section 2 can be removed. These keywords (as far as I can tell)
   are not used in this document. This also means that reference
   to RFC2119 can go away

2. You talk about "districts" in section 3 qand figure 1 (and maybe
   other places). Where is this terminology used? Is it the same as
   "domain"... it seems it is, but I am not sure?? Maybe this
   term (District) is common place in the SIP space...
   In any event, you may want to indicate where it comes from.
   In 1st sentence on page23 you seem to refer to it as domain
   indeed.

3. You sometimes talk about "Session Manager" other times about
   Session Manager Server. I think to understand that the 
   "session manager" runs on the session server. But you may want 
   to make that clearer. For example, 2nd bullet in sect 4 talks
   about "Edge Router, Session Manager, and Policy Server" 
   I see 2 of them in the figure 1, but not the "Session Manager"
   instead I see "Session Manager Server", which I think is what 
   you mean. This happens in a few more places in the doc.

4. You may want to elaborate a bit on how the "pre-established
   trust relationships" get set up or established. It seems to be
   out of scope of the document, but it is kind of important from
   a security point of view is it not?

5. In each of section 4,5,6,7 you talk about "protocol impacts"
   on such protocols as:
    - Resource Reservation protocol
    - Policy Management protocol
    - Session Management protocol
    - Authorization protocol
   In last para on page 4, you make references to (some of) those
   protocols (but not to all). And I wonder if "session control 
   protocol" is same as "session management protocol".
   I think it would be good to:
    - be consistent in terminology 
    - make references to all protocols on page 4.
    - possibly also add example references to those protocols
      when you list them in sect 4,5,6,7.

6. In section 5 you start talking about a "per-transaction basis"
   And that comes back later on too I think.
   You may want to explain (either her or in terminology in 
   section 3) what a transaction is in this context.

7. Section 7.1 all of sudden talks about "Call Flow"
   whereas earlier sections talked about the same concept I 
   think but named it "Message Flows". Better be consistent
   or explain why now it is a "Call Flow"

8. Section 8.
   I have difficulty parsing the 1st sentence. Is that just me?
   I doubt it.

9. If you are going to do another revision, you may want to
   split the references section in Normative and non-normative
   references as per draft-rfc-editor-rfc2223bis-02.txt

Bert

Prev by Date: Re: Type definision issue in rfc2578
Next by Date: Last Call: Session Authorization for RSVP to Proposed Standard
Previous by thread: Type definision issue in rfc2578
Next by thread: Last Call: Session Authorization for RSVP to Proposed Standard
Index(es):
- Date
- Thread