IETF Logo Mail Archive

Re: [Dime] Would realm-based redirection be a protocol error or an application error?

Tina TSOU <Tina.Tsou.Zouting@huawei.com> Tue, 10 January 2012 15:12 UTC

Return-Path: <Tina.Tsou.Zouting@huawei.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61CA821F85FD for <dime@ietfa.amsl.com>; Tue, 10 Jan 2012 07:12:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.569
X-Spam-Level:
X-Spam-Status: No, score=-6.569 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id keoE0OAPe9we for <dime@ietfa.amsl.com>; Tue, 10 Jan 2012 07:12:23 -0800 (PST)
Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [119.145.14.64]) by ietfa.amsl.com (Postfix) with ESMTP id CC63D21F85F8 for <dime@ietf.org>; Tue, 10 Jan 2012 07:12:18 -0800 (PST)
Received: from huawei.com (szxga05-in [172.24.2.49]) by szxga05-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LXL00FRW8VD5J@szxga05-in.huawei.com> for dime@ietf.org; Tue, 10 Jan 2012 23:11:37 +0800 (CST)
Received: from szxrg02-dlp.huawei.com ([172.24.2.119]) by szxga05-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LXL00LWE8VDFG@szxga05-in.huawei.com> for dime@ietf.org; Tue, 10 Jan 2012 23:11:37 +0800 (CST)
Received: from szxeml207-edg.china.huawei.com ([172.24.2.119]) by szxrg02-dlp.huawei.com (MOS 4.1.9-GA) with ESMTP id AGF72535; Tue, 10 Jan 2012 23:11:31 +0800
Received: from SZXEML410-HUB.china.huawei.com (10.82.67.137) by szxeml207-edg.china.huawei.com (172.24.2.59) with Microsoft SMTP Server (TLS) id 14.1.323.3; Tue, 10 Jan 2012 23:11:27 +0800
Received: from SZXEML526-MBX.china.huawei.com ([169.254.2.37]) by szxeml410-hub.china.huawei.com ([10.82.67.137]) with mapi id 14.01.0323.003; Tue, 10 Jan 2012 23:11:10 +0800
Date: Tue, 10 Jan 2012 15:11:10 +0000
From: Tina TSOU <Tina.Tsou.Zouting@huawei.com>
In-reply-to: <4F0B7ECB.5040006@gmail.com>
To: Tom Taylor <tom.taylor.stds@gmail.com>
Message-id: <D41B7710-B55D-480F-A178-F2C8DB52AB2C@huawei.com>
MIME-version: 1.0
Content-type: text/plain; charset="us-ascii"
Content-language: en-US
Content-transfer-encoding: 7bit
Accept-Language: en-US, zh-CN
Thread-topic: [Dime] Would realm-based redirection be a protocol error or an application error?
Thread-index: AQHMzkMKHo1R45LVnEGXlFhXo140npYDFisAgAEb8oCAAYWIRQ==
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
X-CFilter-Loop: Reflected
References: <4F09FA77.5020301@gmail.com> <4F0A909A.2030705@gmail.com> <4F0B7ECB.5040006@gmail.com>
Cc: "dime@ietf.org" <dime@ietf.org>
Subject: Re: [Dime] Would realm-based redirection be a protocol error or an application error?
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2012 15:12:24 -0000

DIAMETER_REALM_REDIRECT_INDICATION should be defined as an Application error.
I think the 5XXX class is appropriate.
The R-bit should be cleared (default for all Diameter answer messages) and E-bit should not be set.

Sent from my iPad

On Jan 9, 2012, at 5:57 PM, "Tom Taylor" <tom.taylor.stds@gmail.com> wrote:

> See below.
> 
> On 09/01/2012 2:00 AM, Glen Zorn wrote:
>> On 1/9/2012 3:20 AM, Tom Taylor wrote:
>> 
>>> I'm finally updating draft-ietf-dime-realm-based-redirect.
>>> 
>>> Given that realm-based redirection is defined at an application level,
>>> maybe the answer is obvious.
>> 
>> Section 7 of RFC 3588 says
>> 
>>    There are two different types of errors in Diameter; protocol and
>>    application errors.  A protocol error is one that occurs at the base
>>    protocol level, and MAY require per hop attention (e.g., message
>>    routing error).  Application errors, on the other hand, generally
>>    occur due to a problem with a function specified in a Diameter
>>    application (e.g., user authentication, Missing AVP).
>> 
>>> What I am concerned with is whether the
>>> redirect server should clear the 'R' bit in the header to ensure that
>>> the response goes all the way back to the original requesting host
>>> (i.e., following on Figure 8 in section 7 of RFC 3588).
>> 
>> I don't understand: as I understand it, the 'R' bit has nothing to do
>> with error type; if it is cleared that just signifies that the message
>> is an answer, rather than a request (which would presumably be true of
>> any error response).
> 
> [PTT] I don't think so. Section 7 makes a clear distinction between the routing for protocol error responses and application error responses (Figures 7 and 8 rtespectively) and ascribes the difference to the setting of the 'R' bit (text following Figure 8).
>> 
>>> The reason for
>>> doing this is the issue identified in the Security Considerations
>>> section of the realm-based-redirection I-D: a change of realm implies a
>>> change of business relationship
>> 
>> I think that this is not necessarily true.  For example, consider a
>> large ISP with international operations; such an entity might have
>> multiple Diameter realms (europe.bigisp.com, asia.bigisp.com, etc.), no?
>> 
>>> that should be noted by the requesting
>>> host before the request is rerouted.
> 
> [PTT] I think I've decided not to mention the 'R' bit. The result fits within the recommendations in the Security Considerations section.
> 
>>> 
>>> Tom Taylor
>>> _______________________________________________
>>> DiME mailing list
>>> DiME@ietf.org
>>> https://www.ietf.org/mailman/listinfo/dime
>> 
>> 
> _______________________________________________
> DiME mailing list
> DiME@ietf.org
> https://www.ietf.org/mailman/listinfo/dime

v2.23.0 | Report a Bug | By Email