Re: [Dime] Would realm-based redirection be a protocol error or an application error?
Tina TSOU <Tina.Tsou.Zouting@huawei.com> Tue, 10 January 2012 15:12 UTC
Return-Path: <Tina.Tsou.Zouting@huawei.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61CA821F85FD for <dime@ietfa.amsl.com>; Tue, 10 Jan 2012 07:12:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.569
X-Spam-Level:
X-Spam-Status: No, score=-6.569 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id keoE0OAPe9we for <dime@ietfa.amsl.com>; Tue, 10 Jan 2012 07:12:23 -0800 (PST)
Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [119.145.14.64]) by ietfa.amsl.com (Postfix) with ESMTP id CC63D21F85F8 for <dime@ietf.org>; Tue, 10 Jan 2012 07:12:18 -0800 (PST)
Received: from huawei.com (szxga05-in [172.24.2.49]) by szxga05-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LXL00FRW8VD5J@szxga05-in.huawei.com> for dime@ietf.org; Tue, 10 Jan 2012 23:11:37 +0800 (CST)
Received: from szxrg02-dlp.huawei.com ([172.24.2.119]) by szxga05-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LXL00LWE8VDFG@szxga05-in.huawei.com> for dime@ietf.org; Tue, 10 Jan 2012 23:11:37 +0800 (CST)
Received: from szxeml207-edg.china.huawei.com ([172.24.2.119]) by szxrg02-dlp.huawei.com (MOS 4.1.9-GA) with ESMTP id AGF72535; Tue, 10 Jan 2012 23:11:31 +0800
Received: from SZXEML410-HUB.china.huawei.com (10.82.67.137) by szxeml207-edg.china.huawei.com (172.24.2.59) with Microsoft SMTP Server (TLS) id 14.1.323.3; Tue, 10 Jan 2012 23:11:27 +0800
Received: from SZXEML526-MBX.china.huawei.com ([169.254.2.37]) by szxeml410-hub.china.huawei.com ([10.82.67.137]) with mapi id 14.01.0323.003; Tue, 10 Jan 2012 23:11:10 +0800
Date: Tue, 10 Jan 2012 15:11:10 +0000
From: Tina TSOU <Tina.Tsou.Zouting@huawei.com>
In-reply-to: <4F0B7ECB.5040006@gmail.com>
To: Tom Taylor <tom.taylor.stds@gmail.com>
Message-id: <D41B7710-B55D-480F-A178-F2C8DB52AB2C@huawei.com>
MIME-version: 1.0
Content-type: text/plain; charset="us-ascii"
Content-language: en-US
Content-transfer-encoding: 7bit
Accept-Language: en-US, zh-CN
Thread-topic: [Dime] Would realm-based redirection be a protocol error or an application error?
Thread-index: AQHMzkMKHo1R45LVnEGXlFhXo140npYDFisAgAEb8oCAAYWIRQ==
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
X-CFilter-Loop: Reflected
References: <4F09FA77.5020301@gmail.com> <4F0A909A.2030705@gmail.com> <4F0B7ECB.5040006@gmail.com>
Cc: "dime@ietf.org" <dime@ietf.org>
Subject: Re: [Dime] Would realm-based redirection be a protocol error or an application error?
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2012 15:12:24 -0000
DIAMETER_REALM_REDIRECT_INDICATION should be defined as an Application error. I think the 5XXX class is appropriate. The R-bit should be cleared (default for all Diameter answer messages) and E-bit should not be set. Sent from my iPad On Jan 9, 2012, at 5:57 PM, "Tom Taylor" <tom.taylor.stds@gmail.com> wrote: > See below. > > On 09/01/2012 2:00 AM, Glen Zorn wrote: >> On 1/9/2012 3:20 AM, Tom Taylor wrote: >> >>> I'm finally updating draft-ietf-dime-realm-based-redirect. >>> >>> Given that realm-based redirection is defined at an application level, >>> maybe the answer is obvious. >> >> Section 7 of RFC 3588 says >> >> There are two different types of errors in Diameter; protocol and >> application errors. A protocol error is one that occurs at the base >> protocol level, and MAY require per hop attention (e.g., message >> routing error). Application errors, on the other hand, generally >> occur due to a problem with a function specified in a Diameter >> application (e.g., user authentication, Missing AVP). >> >>> What I am concerned with is whether the >>> redirect server should clear the 'R' bit in the header to ensure that >>> the response goes all the way back to the original requesting host >>> (i.e., following on Figure 8 in section 7 of RFC 3588). >> >> I don't understand: as I understand it, the 'R' bit has nothing to do >> with error type; if it is cleared that just signifies that the message >> is an answer, rather than a request (which would presumably be true of >> any error response). > > [PTT] I don't think so. Section 7 makes a clear distinction between the routing for protocol error responses and application error responses (Figures 7 and 8 rtespectively) and ascribes the difference to the setting of the 'R' bit (text following Figure 8). >> >>> The reason for >>> doing this is the issue identified in the Security Considerations >>> section of the realm-based-redirection I-D: a change of realm implies a >>> change of business relationship >> >> I think that this is not necessarily true. For example, consider a >> large ISP with international operations; such an entity might have >> multiple Diameter realms (europe.bigisp.com, asia.bigisp.com, etc.), no? >> >>> that should be noted by the requesting >>> host before the request is rerouted. > > [PTT] I think I've decided not to mention the 'R' bit. The result fits within the recommendations in the Security Considerations section. > >>> >>> Tom Taylor >>> _______________________________________________ >>> DiME mailing list >>> DiME@ietf.org >>> https://www.ietf.org/mailman/listinfo/dime >> >> > _______________________________________________ > DiME mailing list > DiME@ietf.org > https://www.ietf.org/mailman/listinfo/dime
- [Dime] Would realm-based redirection be a protoco… Tom Taylor
- Re: [Dime] Would realm-based redirection be a pro… Glen Zorn
- Re: [Dime] Would realm-based redirection be a pro… Tom Taylor
- Re: [Dime] Would realm-based redirection be a pro… jouni korhonen
- Re: [Dime] Would realm-based redirection be a pro… Tina TSOU
- Re: [Dime] Would realm-based redirection be a pro… jouni korhonen
- Re: [Dime] Would realm-based redirection be a pro… Glen Zorn
- Re: [Dime] Would realm-based redirection be a pro… Tom Taylor
- Re: [Dime] Would realm-based redirection be a pro… Tina TSOU
- Re: [Dime] Would realm-based redirection be a pro… Glen Zorn
- Re: [Dime] Would realm-based redirection be a pro… Tina TSOU