[appsdir] Scan of draft-ietf-straw-b2bua-dtls-srtp-00.txt
"Orit Levin (LCA)" <oritl@microsoft.com> Sat, 11 April 2015 00:32 UTC
Return-Path: <oritl@microsoft.com>
X-Original-To: appsdir@ietfa.amsl.com
Delivered-To: appsdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5270E1A8953 for <appsdir@ietfa.amsl.com>; Fri, 10 Apr 2015 17:32:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r34VDON3ML99 for <appsdir@ietfa.amsl.com>; Fri, 10 Apr 2015 17:32:54 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0128.outbound.protection.outlook.com [207.46.100.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C2BA1A893E for <appsdir@ietf.org>; Fri, 10 Apr 2015 17:32:54 -0700 (PDT)
Received: from BL2PR03MB290.namprd03.prod.outlook.com (10.141.68.19) by BL2PR03MB289.namprd03.prod.outlook.com (10.141.68.12) with Microsoft SMTP Server (TLS) id 15.1.130.23; Sat, 11 Apr 2015 00:32:53 +0000
Received: from BL2PR03MB290.namprd03.prod.outlook.com ([10.141.68.19]) by BL2PR03MB290.namprd03.prod.outlook.com ([10.141.68.19]) with mapi id 15.01.0130.020; Sat, 11 Apr 2015 00:32:52 +0000
From: "Orit Levin (LCA)" <oritl@microsoft.com>
To: "appsdir@ietf.org" <appsdir@ietf.org>
Thread-Topic: Scan of draft-ietf-straw-b2bua-dtls-srtp-00.txt
Thread-Index: AdBz4+eD15tsTP/3QoW0zEfKlAUT4gACwgig
Date: Sat, 11 Apr 2015 00:32:52 +0000
Message-ID: <BL2PR03MB290EEA02125C78306FC090EADF90@BL2PR03MB290.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [71.231.185.158]
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BL2PR03MB289;
x-forefront-antispam-report: BMV:1; SFV:NSPM; SFS:(10019020)(77156002)(19300405004)(46102003)(66066001)(15975445007)(76576001)(19580405001)(92566002)(19580395003)(107886001)(87936001)(2656002)(74316001)(2351001)(229853001)(86612001)(77096005)(2900100001)(16236675004)(33656002)(102836002)(86362001)(450100001)(62966003)(230783001)(19625215002)(122556002)(50986999)(2501003)(40100003)(110136001)(54356999)(99286002)(579004); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2PR03MB289; H:BL2PR03MB290.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
x-microsoft-antispam-prvs: <BL2PR03MB28928655AF59DE6062DE262ADF90@BL2PR03MB289.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5002010)(5005006); SRVR:BL2PR03MB289; BCL:0; PCL:0; RULEID:; SRVR:BL2PR03MB289;
x-forefront-prvs: 05437568AA
Content-Type: multipart/alternative; boundary="_000_BL2PR03MB290EEA02125C78306FC090EADF90BL2PR03MB290namprd_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Apr 2015 00:32:52.8824 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2PR03MB289
Archived-At: <http://mailarchive.ietf.org/arch/msg/appsdir/1fTNtLPgizKmfy2b9g8fx7TAL1I>
Subject: [appsdir] Scan of draft-ietf-straw-b2bua-dtls-srtp-00.txt
X-BeenThere: appsdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Apps Area Review List <appsdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/appsdir>, <mailto:appsdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/appsdir/>
List-Post: <mailto:appsdir@ietf.org>
List-Help: <mailto:appsdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/appsdir>, <mailto:appsdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Apr 2015 00:32:57 -0000
This is a short (7 pages) draft. The proposed status is a "Standards Track" although, in essence, it is a list of guidelines based on mechanisms defined in existing RFCs or drafts. The "recommendations/guidelines" are arranged in three groups - each applicable to a different "type" of a SIP B2B media relay: - media non-aware - media aware with header inspection only (and no payload inspection/modification) - media aware with headers modification (and no payload inspection/modification) While the use cases behind each of the technical approaches might be well-known, the motivation behind "standardizing" each one separately (with a different set of MUSTs & SHOULDs!) is not clear to me. The Security Considerations section reads as a "placeholder" at this time, although the whole document is about security and privacy considerations. Most of the Informative References need to be Normative; this is especially important for rfc4474bis and jones-avtcore drafts that are in the core of the guidelines. A few more specific comments: Section 3.3 the paragraph before the last "... MUST ensure that it does not modify any of the headers used to construct the signature." It would be helpful to actually analyze the provided references and compile a list of headers that the relay MUST NOT modify. Section 3.2.2 "This security and privacy problem can be addressed by ... as discussed in [I-D.jones-avtcore-private-media-reqts],..." This needs to be (re)phrased as a normative statement. Orit.
- [appsdir] Scan of draft-ietf-straw-b2bua-dtls-srt… Orit Levin (LCA)