Re[2]: draft-shemsedinov-usp-05.txt from Kurt D. Zeilenga on 2002-11-06 (ietf-discuss@w3.org from November 2002)

From: Kurt D. Zeilenga <Kurt@OpenLDAP.org>
Date: Wed, 06 Nov 2002 15:27:31 -0800
To: Timur Shemsedinov <Timur@niist.ntu-kpi.kiev.ua>
Cc: discuss@apps.ietf.org, paf@cisco.com
Message-Id: <5.1.0.14.0.20021106145357.042f78b8@127.0.0.1>

At 05:24 AM 2002-11-06, Timur Shemsedinov wrote:
>KDZ> Security Considerations
>KDZ> It should be clearly noted that protocol provides only
>KDZ> a simple clear-text user/password authentication mechanism.
>It is stated in unit 7.
>
>  Concerning security, the USP defines only authorization mechanism
>  and requirement to the USP server and the client realization.  This
>  document does not contain explanations of data loose protection
>  during its transmission over the transport channel or special
>  traffic coding against the grabbing.  These tasks are duty of the
>  transport layer protocols using by USP.

In short, this paragraph needs work.  The terminology and language
used is a bit odd.  For example, "grabbing" could refer to a session
hijacking or could refer to eavesdropping.  I suggest you align
the terminology with RFC 2828.

>KDZ> IANA Considerations
>KDZ> The document does not request the registration the URI scheme
>KDZ> it details.
>I looked RFC2396,2317,2318 concerning this question. All necessary
>information, for the URI definition is contained in the document.
>But, is it necessary to group or to extract definition into appendix.
>It will be great to have the reference to an example of correct
>registration.

I believe the IANA Considerations section to include (directly
or in an Appendix) a registration template for each value it
requests to be registered.  See RFC 3368 for a recent example.

>KDZ> Also, the document does not establish any IANA
>KDZ> registries but appears to have a number of extensible fields.
>You are right, the registration necessity for RPC interfaces is
>supposed in order to prevent the naming conflict.
>Whether is it IANA function?

For IETF Protocols, yes.  See RFC 2234.

>KDZ> Also, the Section 1 sentence
>KDZ>   I am distinctly aware of all complexities ...
>Probably, it is better to remove this sentence.
>
>KDZ> Lastly, in doing a quick review the document, I noticed a number
>KDZ> of editorial issues and the usual nits.  These I will raise to the
>KDZ> author separately (with CC to the Patrik) when I get a chance.
>Thanks for your comments; they are really worth.

You're welcomed.

Kurt

Received on Wednesday, 6 November 2002 18:29:25 UTC