• Revised I-D Needed - Issue raised by WG
  • Awaiting Expert Review/Resolution of Issues Raised
  • Awaiting External Review/Resolution of Issues Raised
  • Awaiting Merge with Other Document
  • Author or Editor Needed
  • Waiting for Referenced Document
  • Waiting for Referencing Document
  • Revised I-D Needed - Issue raised by WGLC
  • Revised I-D Needed - Issue raised by AD
  • Revised I-D Needed - Issue raised by IESG
  • Doc Shepherd Follow-up Underway
  • Other - see Comment Log

IETF :: pcp

Current state: WG Document

Viewing the last 20 entries. Show full log.

2013-05-17 13:16 Amy Vezza

State changed to RFC Ed Queue from Approved-announcement sent

2013-05-17 12:54 (System)

RFC Editor state changed to EDIT

2013-05-17 12:54 (System)

Announcement was received by RFC Editor

2013-05-16 15:14 (System)

IANA Action state changed to No IC

2013-05-16 11:46 Amy Vezza

State changed to Approved-announcement sent from Approved-announcement to be sent

2013-05-16 11:46 Amy Vezza

IESG has approved the document

2013-05-16 11:46 Amy Vezza

Closed "Approve" ballot

2013-05-16 11:46 Amy Vezza

Ballot approval text was generated

2013-05-03 06:55 Ted Lemon

State changed to Approved-announcement to be sent from IESG Evaluation::AD Followup

2013-05-03 06:48 Sean Turner

[Ballot Position Update] Position for Sean Turner has been changed to No Objection from Discuss

2013-04-26 08:01 Martin Stiemerling

[Ballot comment]
Thank you for addressing my issues.

2013-04-26 08:01 Martin Stiemerling

[Ballot Position Update] Position for Martin Stiemerling has been changed to No Objection from Discuss

2013-04-26 07:56 (System)

Sub state has been changed to AD Followup from Revised ID Needed

2013-04-26 07:56 Mohamed Boucadair

New revision available

2013-04-25 11:12 Cindy Morgan

State changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation

2013-04-25 06:44 Stephen Farrell

[Ballot comment]

- I support Sean's discuss. (And thought that the secdir
review was a really good one.)

- uPnP seems to cause a lot of folks security concerns so I
was surprised that there was such a short security
considerations section. However, since I know almost nothing
about uPnP and only a little about PCP and have not had a
chance to properly go into this, I don't have a valid
discuss to ballot (unless I find time in the next two hours
to read more about it;-)

2013-04-25 06:44 Stephen Farrell

[Ballot Position Update] New position, No Objection, has been recorded for Stephen Farrell

2013-04-25 05:37 Sean Turner

[Ballot discuss]
Most of these are based on the secdir review from Vincent:

0) Are there any additional recommendations this document should be making
wrt devices not implementing the default security policy recommended
by [IGD2]? There's this text in IGD2 that makes me a little happier:

The InternetGatewayDevice MUST support IGD Specific security as
defined in section 2.3, but MAY implement stricter security policy.

But then, there's this bit in s2.3 that seems to be a bit contradictory:

This document RECOMMENDS the default access level to be applied for
each action of the legacy services (version 1 and version 2). In other
words, this document does NOT REQUIRE that a vendor MUST implement the
access level defined in this document for each action of his
InternetGatewayDevice:2 implementation. As a result, vendors are allowed
to implement different access control policies than defined in this
document. For example, a vendor can decide to set a Public access level
for opening port mappings with ports lower than or equal to 1023 instead
of a Basic access level.

1) My assumption is that your models are the 3-box models because you
want access control applied based on the SHOULD [IGD2]. But, I really
can't tell.

2) I think the bit about:

Means to prevent a
malicious user from creating mappings on behalf of a third party must
be enabled as discussed in Section 13.1 of [I-D.ietf-pcp-base].

The reason IGD2 is the SHOULD because then you've got ACLs - right? But,
in reality is the LAN trusted almost all of the time?

3) In s7, please elaborate on why it's SHOULD NOT:

When only IGD:1 is available, operation on the behalf of a third party
SHOULD NOT be allowed because there's no authorization supported in
IGD:1.

That's my suggestion, but doesn't the desire to have IGD2 because of it's
authorization model mean that maybe this protocol isn't applicable to IGD1?

2013-04-25 05:37 Sean Turner

[Ballot comment]
0) I found the authorization framework and authentication options in other
documents referenced by [IGD2], but I did find them so I'm thinking it's
probably okay to not add more references. (no action required)

1) If the UPnP control point is the IGD control point, can we use the
same term in all the figures?

2) Why not reference:

[DeviceProtection] – UPnP DeviceProtection:1, version 1.0,
UPnP Forum, February 24, 2011. Available at:
http://upnp.org/specs/gw/UPnP-gw-DeviceProtection-v1-Service.pdf.

2013-04-25 05:37 Sean Turner

[Ballot Position Update] New position, Discuss, has been recorded for Sean Turner

Viewing the last 20 entries. Show full log.