Re: Comment: draft-ietf-crisp-requirements-05.txt

[hardie@qualcomm.com]

At 5:43 AM -0700 6/26/03, Allison Mankin wrote:
> Overall this is a very well-written spec.  One transport issue and two
> questions about scope - perfectly reasonable answers are out of scope,
> or already discussed and dismissed.
>
> 1.
>
> The protocol MUST
>    define one or more transport mechanisms for mandatory implementation.
>                     ^congestion-aware or overload-aware
>
> I realize that the transport choice could be UDP, but in that case,
> congestion-aware would mean UDP without aggressive retransmission.
> And in the case that that "transport" may be used here to mean a
> higher layer protocol such as mail or http, then the term
> overload-aware applies.

Speaking as one of the chairs, this change should be uncontroversial,
so an RFC editor note could cover it.

> 2.
>
> Is it out of scope for there to be a requirement in the protocol for
> the registry to be able to authenticate itself to the client, because
> in some cases there could be falsified registries?
3.1.9 covers the protocol and service descriptions here; the wg
did discuss the various use case scenarios.  The result was:
must be able to authenticate itself, but does not require that
for operation of a CRISP server.

If you have further issues, I'd be happy to discuss it with you,
or set up a call with the author.

> 3.
>
> Is it out of scope for there to be a requirement on the protocol for
> some support for authentication of the contact information?

This would have to be covered by the requirements on the protocol
that populates the data.  A distribution protocol is pretty much too late
in the game to put in requirements for authenticating the contact
information that _has_been_populated.