Re: [Nea] Comments on PA-TNC and PB-TNC I-Ds

To: "Susan Thomson (sethomso)" <sethomso at cisco.com>, <nea at ietf.org>
Subject: Re: [Nea] Comments on PA-TNC and PB-TNC I-Ds
From: Stephen Hanna <shanna at juniper.net>
Date: Mon, 23 Mar 2009 02:05:58 -0400
Delivered-to: nea at core3.amsl.com
In-reply-to: <E699396B05B527429E4D9B8533679C49069B4DED at xmb-rtp-205.amer.cisco.com>
List-archive: <http://www.ietf.org/mail-archive/web/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
References: <E699396B05B527429E4D9B8533679C49069B4DED at xmb-rtp-205.amer.cisco.com>
Thread-index: Acmn2PWgzars+DhTRgul9BUBEGAfyQDkdwrA
Thread-topic: [Nea] Comments on PA-TNC and PB-TNC I-Ds

I'm fine with the PB-TNC changes suggested by Susan below.
They all seem quite reasonable to me. Let's discuss them at
the NEA WG meeting tomorrow.

Thanks,

Steve

> -----Original Message-----
> From: nea-bounces at ietf.org [mailto:nea-bounces at ietf.org] On 
> Behalf Of Susan Thomson (sethomso)
> Sent: Wednesday, March 18, 2009 7:51 AM
> To: nea at ietf.org
> Subject: [Nea] Comments on PA-TNC and PB-TNC I-Ds
> 
> A few comments on the I-Ds below.
> 
> Comments pertain to:
> - versioning
> - miscellaneous comments on choice of MUST, SHOULD, MAY
> - editorial
> 
> Thanks
> Susan
> ------------------------------
> 
> PA-TNC:
> 
> Section 3.7 Version field:
> 
> - The spec says Implementations SHOULD use the same version number for
> communications.  I don't think we want to allow for the 
> possibility that
> different protocol versions try to interoperate? Would it be better to
> have this as a MUST (with the exception being versioning errors)? 
> 
> - The spec currently requires that a special-purpose version 0 be
> supported for version discovery.  Since the  currently specified
> "version not supported" error message supports similar functionality
> using version 1, I am wondering whether the former is necessary and
> whether there is sufficient incentive to use it in practice.  Or put
> another way, do we really need both, and can the requirements be met
> without a special-purpose version 0? One proposal would be to 
> remove the
> current version 0 discovery and leave the version 1 processing as is.
> 
> - It would also be good to try to ensure consistency with PB 
> protocol as
> well.
> 
> Section 4.2.8.2 Version Not Supported Error Code
> 
> - Similar comment re SHOULD versus MUST as in section above.
> 
> Section 3.7 Message Id
> 
> This paragraph confused me initially. I think it would help 
> clarify the
> intended use with the following minor changes:
> - To the following sentence, add words in asterisk: 
>   This value can  be included in *the payload of* a response 
> message to
> indicate which message was received and caused the response.
> - In the next sentence, rather than saying "for example", say "In this
> specification", "this  field is included in *the payload of*  PA-TNC
> error messages so the party who receives the error message 
> can determine
> which of the messages they had sent caused the error."
> 
>  
> 
>  
> PB-TNC spec:
> 
> Section 3.1 Protocol Overview
> 
> 2nd sentence, 2nd para: Clarify that the protocol carries a 
> single batch
> of PB messages within each turn..., i.e. 
> "... takes turns sending *a single batch* of messages to each other."
> 
> Section 4.1 PB-TNC Header
> 
> Re the Version field: The PB spec supports a version error using the
> Invalid Parameter error code, and does not support version discovery.
> 
> The PA-TNC spec does support this (although the current spec may be a
> tad more than is necessary. See comments above). In any event, once we
> have consensus on what is needed, I think it would be good to have the
> version processing be consistent across the 2 protocols to 
> help minimize
> implementation errors.
> 
> Section 4.6 PB-Assessment Result
> 
> In the following sentence, is there a reason not to be more strict and
> say MUST NOT include PB-Assessment Result in a non-RESULT batch type?
> "The Posture Broker Server SHOULD include one message of this type in
> any batch of type RESULT and SHOULD NOT include a message of this type
> in any other type of batch."
> 
> In the second paragraph, there is a typo:
> PB-Access-Recommendation -> PB-Assessment Result
> 
> Section 4.7 PB-Access-Recommendation
> 
> Since there may be other ways to indicate the access provided to the
> user, I think the spec should say that the 
> PB-Access-Recommendation MAY
> be included in a RESULT batch type.
> 
> Also, similar to PB-Assessment-Result, I think we can say MUST NOT be
> included in any batch type other than RESULT. 
> 
>  
> _______________________________________________
> Nea mailing list
> Nea at ietf.org
> https://www.ietf.org/mailman/listinfo/nea
>

References:
- [Nea] Comments on PA-TNC and PB-TNC I-Ds
  - From: Susan Thomson (sethomso)

Prev by Date: [Nea] NEA Dinner on Monday night?
Next by Date: [Nea] NEA slides available online
Previous by thread: Re: [Nea] Comments on PA-TNC and PB-TNC I-Ds
Next by thread: [Nea] IEEE/PWG Hardcopy Device Health Assessment Attributes
Index(es):
- Date
- Thread

Re: [Nea] Comments on PA-TNC and PB-TNC I-Ds

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.