Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-05: (with DISCUSS and COMMENT)

"Dan.Hanson@gd-ms.com" <Dan.Hanson@gd-ms.com> Wed, 06 December 2023 15:29 UTC

Return-Path: <Dan.Hanson@gd-ms.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFF47C14CE30; Wed, 6 Dec 2023 07:29:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.406
X-Spam-Level:
X-Spam-Status: No, score=-4.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gd-ms.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MW7DT2KGKYHv; Wed, 6 Dec 2023 07:28:58 -0800 (PST)
Received: from vadc01-egs02.gd-ms.com (vadc01-egs02.gd-ms.com [137.100.132.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 264A0C14CE22; Wed, 6 Dec 2023 07:28:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gd-ms.com; i=@gd-ms.com; q=dns/txt; s=esa; t=1701876538; x=1733412538; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=kuu8cpf/84RNW0v4gynThVCGOk6jIAqj1/zXa8UNj/M=; b=MbmwQZrZAJjZrcEqQB2qo0xoqMNT6CmPozzgzru8q259BK4TIxh7eg2a fAgseCKgyFNz7E16QKV2Wyjxo3f1Cy455phCAjngjqOPBRfy0D6PG6uRC 5G1LnNp/DS6gHutsZz0+mJ5BJOAWPE7SwcH7XlSGv5uv7iU82WhykstWd C7LZogqbSvQ1Q66UM+1RtiKTQisygO7xSHlILdc+H0+N5tWcJULlGvIu3 n2J6U6tE9o6uKF/Af2kCSjUoJ/fPRFlAy6yKw5R4+iBmCj/XEUlvngyJ8 RJUJUuYY8ARBwljwTWj7KICdYhx/ZTGnhZxz+84wOqY6+NXw4CMXOSM3A g==;
X-CSE-ConnectionGUID: d2Qlz2qgTfqh0UxlN4adnQ==
X-CSE-MsgGUID: 1Gk1mD7YRRm7HFBOhjPYNQ==
X-IronPort-AV: E=Sophos;i="6.04,255,1695700800"; d="scan'208,217";a="58681228"
Received: from unknown (HELO eadc-e-fmsprd01.eadc-e.gd-ais.com) ([10.96.30.97]) by vadc01-egs02.gd-ms.com with ESMTP; 06 Dec 2023 10:28:54 -0500
Received: from azr-v-mbx01.GD-MS.US (outlook-east.gd-ms.us [10.144.20.52]) by eadc-e-fmsprd01.eadc-e.gd-ais.com (Postfix) with ESMTP id 28EBDFB04FD; Wed, 6 Dec 2023 15:28:54 +0000 (UTC)
Received: from azr-v-mbx01.GD-MS.US (10.144.20.52) by azr-v-mbx01.GD-MS.US (10.144.20.52) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 6 Dec 2023 10:28:53 -0500
Received: from USG02-CY1-obe.outbound.protection.office365.us (137.100.132.86) by smtp-relay.gd-ms.us (10.144.20.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Wed, 6 Dec 2023 10:28:52 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=sw+JfhGbEbfJwNEnG42hinwA4Djx8rK15DGeFmElRtAt/Ez8gu4onU3HzYfnnCFBma83vGanjZeaHuByY9sFbB5MHHONE1IT0IRTvQdwbrEAEiVBNMjqS0F+zibwbm55cR1EwKlQij/NAs8OD2DefxcfvDTVcxJ8syQ1oxy3Ve6Wf/62Ob5VR9XZ/lOWMkZo+xt5qLJuN4+OJDmwZzJdmy/FOVYjvjrXNHMuncDnkho77CZnCHRh0E8ZkamIocPdQZKdYLvY/I9eJhA3gBMX03EwBlexjxebuwZ4p/fTMutceS5hyGMWjHSy02yBcfJrhEJlo8f34Ma103iC0dHVww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Jc3yVn689pxfJGs2WGYxyuO1Sci6sCXmIR8AtbYoqhA=; b=tovF/aUqIHc3+Tr6OqASFC7P+Jp0dyziwvBQu8Ocb6tSZA/E+QXXDman7T/RAVGiXu7YnoC+mM+2LkrQG0BwoFx8KBUJRqDbzacxvTDSIkfyHHLvAHexZg40dosvR1KWI+0eBlPeXxwYZmv6Wjyn1wmn002h3oWBRt3Ue7MuCxnZv5oWik0ouGXoia/0cE9hU0ySeMPVCFMaC9N/PXru3E+a8Mrh9jzG6k0HYbdUFOrrAmvu550QLxQlyta0P0QAwCfEa4l7USUA2dXoNlQojNfvrGjl5P7TziWLrfacd08C+VQ0J0tetQWpP9gbZf7EkIJGyIrEQ5k1fBaPA0UwGw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=gd-ms.com; dmarc=pass action=none header.from=gd-ms.com; dkim=pass header.d=gd-ms.com; arc=none
Received: from PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:189::10) by PH1P110MB1003.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:177::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7002.40; Wed, 6 Dec 2023 15:28:50 +0000
Received: from PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM ([fe80::814d:108f:9d5e:9d9a]) by PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM ([fe80::814d:108f:9d5e:9d9a%6]) with mapi id 15.20.7002.040; Wed, 6 Dec 2023 15:28:50 +0000
From: "Dan.Hanson@gd-ms.com" <Dan.Hanson@gd-ms.com>
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, "Dan.Hanson@gd-ms.com" <Dan.Hanson=40gd-ms.com@dmarc.ietf.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-avtcore-rtp-scip@ietf.org" <draft-ietf-avtcore-rtp-scip@ietf.org>, "avtcore-chairs@ietf.org" <avtcore-chairs@ietf.org>, "avt@ietf.org" <avt@ietf.org>, "jonathan.lennox@8x8.com" <jonathan.lennox@8x8.com>, "bernard.aboba@gmail.com" <bernard.aboba@gmail.com>, "Michael.Faller@gd-ms.com" <Michael.Faller@gd-ms.com>, "Keith.Maver@gd-ms.com" <Keith.Maver@gd-ms.com>
Thread-Topic: Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-05: (with DISCUSS and COMMENT)
Thread-Index: AQHZxtZ097QbN+FWmUO2Wex3y3ZgrK/aMmrQgAY5ngCAAZuJ8IC5hM4SgAGV4SA=
Date: Wed, 06 Dec 2023 15:28:50 +0000
Message-ID: <PH1P110MB1172CF38D237E64D04B653BBD584A@PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM>
References: <169115523149.4829.17144483631227846115@ietfa.amsl.com> <PH1P110MB117290489471D0F1907923F4D509A@PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM> <D8C1AF75-49A8-4A13-82BB-34BF41928F10@cisco.com> <PH1P110MB1172408A169C49301CAB5F86D512A@PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM> <PH0PR11MB4966E6481938C973E5C9766DA985A@PH0PR11MB4966.namprd11.prod.outlook.com>
In-Reply-To: <PH0PR11MB4966E6481938C973E5C9766DA985A@PH0PR11MB4966.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=gd-ms.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH1P110MB1172:EE_|PH1P110MB1003:EE_
x-ms-office365-filtering-correlation-id: 8482fa0c-bb93-418f-b874-08dbf6700c09
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: P4iKDc2N2QeaX48nR+K4kUnY0baMpwjJ3QqKOadocDZSOrJiPl+NjCCJkT/wQvFxCwMWzbPjE/lEegDL4lz87BeBlX6weV9CE7+gdG658H6co5UU4KB/gWevDgfhhFjBdYJMaydpPOHqPHfD7yPGXR1ZaZiePV+MReeJcT5iGbTv1mxi7ccHXtQTPcy9yzd33Be0FT2fsJ4DVhPW9qBGjEW1tVrfdIFdvkR91fbmuydvp8JnERTOH4gO+o8TNbLw7+TFmD9PWf2JCuUuHA0S17fwIVtd75s4I4zGsbl+wH1yvgMoOf/RmF4hJIkVXDAra8FQQWC1U6DrWMsQBCQUlm1RN2saP/lCgNcDRtDQOpctkot/lBs6SVvrgzTq5b7GjWNpEgfIy22NazQzpSJ+b42IREV3YhGlrGlUTITcLgpdGwPYNX37S9JXH4lxuGAbUFsV/+OaZBfk3ruSEuJ6LKa/8CloFXV890thr6rQvbo9jEfvlZhDRRsdKrdlBfrLrwu/pq6p8fAc4Hwp7L9wMk8WdQ2vepVNFmS9n9JWpMi6FUjAUK2NEUojUcX4cROI0DjHLRmeoc8kJxrB28Az36TQPdwLPVmisaaoUPWgut/rhryr0ZN7i1rIw1lJUjCJucfXskNVAGMRpzFuiJ4BSo2/HT8sAN0jIj4AYbGj/O8=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(366004)(230922051799003)(230273577357003)(230173577357003)(1800799012)(451199024)(186009)(38070700009)(55016003)(66899024)(33656002)(5660300002)(122000001)(82960400001)(9686003)(224303003)(2906002)(30864003)(71200400001)(83380400001)(166002)(53546011)(38100700002)(6506007)(26005)(107886003)(7696005)(4326008)(966005)(110136005)(76116006)(54906003)(498600001)(52536014)(64756008)(66556008)(66946007)(66446008)(66476007)(86362001)(8936002)(491001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: LcqOSpYHewJZHQGYXa5dmeBJI+1XJTrlqfJHBDh3fIvZdHYzVT0TFPvJEkutKvmguJoPnXDNI3PK/7nd80LEB+VlxkFDVeoBCVdARPbKEt5mt90R47GgEJ0ZyxkKXGN5t4D2DYHy+nPsuVarSp3himDscs0WSt81+KYT4ku1Um8JHYiprxu8Wrv+E5VVN6qw01KNsP8E2c3/Xn15arb9HQVenpGuYKLCjTVyPTaSceUueyEOZtMB1o6nclvH7+k3kZu6k/kH5KdzeW7hHMT7wZBQx9+n0OLB2prwOERhRfhJf0CVu7hVi9wWESooORDQ7dvusUZSVPEHHskLytDvpTGJ1T7LADuL/qoJtjL3tFHIulRS6rqBGVi+mz5KRbOgLckUe5oyKhtinYhdNqM6m8ZSLOENNh2V3qxweLxBU1siJckWtTcxay9ysFtM7uH7k9PHT4BWEH2JpPSLw+78rzTFH4xAmhTIgIUJv9nIaAlzKcFWhp/Vyz1gWOmUUuXzhCzyXDfGIebT5iXQqFuy9qzZqK90Ymu6rrUNWnqJzC1pOUUxuWOhjetjkAZ/7ZVasRzCx1UF3cPed9xbI3CCtJdUmUpCvGW0E+7rGibCzNOVNzAyrfixwksd+d7VGygW59NsEjiJJo+YVgvNr5fmpjLWypCSuRiMqr7LX90wqT8J8yh8RlMmamvPVXZ1Sfqx4fjkkzWqnB2oU8Q81E7UqenHMxzjuu0rRyNwpJiFWzrsWEVIT7Rb6hA8Tyj8EfI0LJLGBGWQpWwT9nsy2OcjN44Uyy2zVeMFZ4+BInScVVDdI4F/QV45YxG1BQe6RYfCxKsvGGZfz1JxukMU8m4OpjWkdBRXcOnl9VNZMQ91Zc4vny7RuuvqdPU+Y1niP+ja/yUfngsWSdfBvwNFj8PuV1PJkiw/iUnYaApy0PfB3uaUsA1ToMuF7t9bYsIGOUErng2vb8lmhdaVp635Hm4X8unMoRZyO0ykTr6M+W2FEhkLP3pQLZWOYLsGacAzGQBZwikqA7H/TVL0LElHlqMpN3rvBoYU2KgM4TiMDr4b+H5Ihs+2KAtNNx3qwtxGcowZcSGbh53QNYMFOhmPFJLCsswjdO/SNmwHUW+UJ56FeKruF96eQJ/gbdPD5k0VpE8XawoOlgAkDJoPZ0FCTcdj08TSktKf7l3uHP/d0QDU4cf6FdNxTKG2Eln/DVZ5BORwOlnYl2WBRYAgkBmechgkvECox6kQkR1+4y3Y64SmyPSbXo1/pf/g/cLFHrQ1jTD7XNMvKxBJL8P6UPhHj+T/q7/JB9BOd2Dw1P42UwASXSikCn89CF0VIp4xxaFMPrWoq5Tfq14Sb2UvQP16XVbLOOSpCI4vDSIY2zCaD51UNCFYphuYTTdUcKXjuSv07AW1sNlr5UbFEQJ+K2VFRYVNu6O1uklDXAtUjkpqsuGDlSCjo4UVU0o/5owAG8MnCMbtODMJdI/UjmhAbc3K2s+3vTLzFOplgFg9LCAmh7ydyJQ=
Content-Type: multipart/alternative; boundary="_000_PH1P110MB1172CF38D237E64D04B653BBD584APH1P110MB1172NAMP_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 8482fa0c-bb93-418f-b874-08dbf6700c09
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Dec 2023 15:28:50.1297 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 7c5a26cf-ddf0-400c-9703-4070b4e3a54d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH1P110MB1003
X-OriginatorOrg: gd-ms.com
X-Content-Scanned: Fidelis Mail
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/Q7qj4SE3aK9PYykmT4LEsTt5lnA>
X-Mailman-Approved-At: Wed, 06 Dec 2023 08:01:46 -0800
Subject: Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-05: (with DISCUSS and COMMENT)
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Dec 2023 15:29:04 -0000

Eric,

Thank you for reviewing the document.  After consulting with others in the IETF, they state the following:

The IETF has routinely published documents encapsulating security protocols it did not develop without reviewing them.  For example, RFC 4186 documents EAP-SIM, RFC 4187 documents EAP-AKA, etc.  Both of those documents include a "Security claims" section (e.g., a statement of the security services provided, as required by RFC 3748), without a proof of the actual security of those services (which had well known issues, in the case of SIM in particular).


Regards,
Dan Hanson
General Dynamics Mission Systems

This message and/or attachments may include information subject to GD Corporate Policies 07-103 and 07-105 and is intended to be accessed only by authorized recipients.  Use, storage and transmission are governed by General Dynamics and its policies. Contractual restrictions apply to third parties.  Recipients should refer to the policies or contract to determine proper handling.  Unauthorized review, use, disclosure or distribution is prohibited.  If you are not an intended recipient, please contact the sender and destroy all copies of the original message.

From: Eric Vyncke (evyncke) <evyncke@cisco.com>
Sent: Tuesday, December 5, 2023 10:12 AM
To: Hanson, Daniel C <Dan.Hanson@gd-ms.com>; Dan.Hanson@gd-ms.com <Dan.Hanson=40gd-ms.com@dmarc.ietf.org>; The IESG <iesg@ietf.org>
Cc: draft-ietf-avtcore-rtp-scip@ietf.org; avtcore-chairs@ietf.org; avt@ietf.org; jonathan.lennox@8x8.com; bernard.aboba@gmail.com; Faller, Michael F <Michael.Faller@gd-ms.com>; Maver, Keith M <Keith.Maver@gd-ms.com>
Subject: Re: Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-05: (with DISCUSS and COMMENT)

External E-mail --- CAUTION: This email originated from outside GDMS. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Dan,

Finally, NATO has provided the IESG with a copy of the SCIP-210.

OTOH, the main point of my DISCUSS is about the claim in section 3 (background). There has been no security review by the IETF of SCIP-210, so how can an IETF standard track document claim:

"These capabilities include end-to-end security at the application layer, authentication of user identity, the ability to apply different security levels for each secure session, and secure communication over any end-to-end data connection."<https://datatracker.ietf.org/doc/html/draft-ietf-avtcore-rtp-scip-06#section-3-1>

I suggest removing this sentence from the I-D, it won't change the actual purpose of the I-D and I could then clear my current blocking DISCUSS.

Regards

-éric

From: Dan.Hanson@gd-ms.com <Dan.Hanson@gd-ms.com>
Date: Wednesday, 9 August 2023 at 16:14
To: Eric Vyncke (evyncke) <evyncke@cisco.com>, Dan.Hanson@gd-ms.com <Dan.Hanson=40gd-ms.com@dmarc.ietf.org>, The IESG <iesg@ietf.org>
Cc: draft-ietf-avtcore-rtp-scip@ietf.org <draft-ietf-avtcore-rtp-scip@ietf.org>, avtcore-chairs@ietf.org <avtcore-chairs@ietf.org>, avt@ietf.org <avt@ietf.org>, jonathan.lennox@8x8.com <jonathan.lennox@8x8.com>, bernard.aboba@gmail.com <bernard.aboba@gmail.com>, Michael.Faller@gd-ms.com <Michael.Faller@gd-ms.com>, Keith.Maver@gd-ms.com <Keith.Maver@gd-ms.com>
Subject: RE: Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-05: (with DISCUSS and COMMENT)
Eric,

NATO may be a little slow to respond since probably many of the staff is on European summer holiday.  In the meantime, you can get an older version of SCIP-210 at https://www.iad.gov/SecurePhone/index.cfm.  Click SCIP Specification on the left side of the page, then scroll down to SCIP-210 Rev 3.6 which is the next to last item in the list.

SCIP-210 and supporting documents define SCIP (Secure Interoperable Communications Protocol) and demonstrates the statement "These capabilities include end-to-end security at the application layer, authentication of user identity, ..."


Regards,
Dan Hanson
General Dynamics Mission Systems

This message and/or attachments may include information subject to GD Corporate Policies 07-103 and 07-105 and is intended to be accessed only by authorized recipients.  Use, storage and transmission are governed by General Dynamics and its policies. Contractual restrictions apply to third parties.  Recipients should refer to the policies or contract to determine proper handling.  Unauthorized review, use, disclosure or distribution is prohibited.  If you are not an intended recipient, please contact the sender and destroy all copies of the original message.

-----Original Message-----
From: Eric Vyncke (evyncke) <evyncke@cisco.com>
Sent: Tuesday, August 8, 2023 7:33 AM
To: Dan.Hanson@gd-ms.com <Dan.Hanson=40gd-ms.com@dmarc.ietf.org>; The IESG <iesg@ietf.org>
Cc: draft-ietf-avtcore-rtp-scip@ietf.org; avtcore-chairs@ietf.org; avt@ietf.org; jonathan.lennox@8x8.com; bernard.aboba@gmail.com
Subject: Re: Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-05: (with DISCUSS and COMMENT)

----
External E-mail --- CAUTION: This email originated from outside GDMS. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hello Dan,

Thank you for your prompt reply.

FYI, I have requested the SCIP standard, but I am still waiting for it.

Anyway, my blocking issue is different from Lars' one, but more on the assertion/claim in this I-D on the IETF stream: `These capabilities include end-to-end security at the application layer, authentication of user identity,`. First, it brings nothing to the actual purpose of the I-D, but more important nobody in the IETF community has analyzed the security properties of SCIP. I.e., suggest to simply remove this claim from the text.

See below for EV>

Hope this helps

-éric


?On 04/08/2023, 17:41, "iesg on behalf of Dan.Hanson@gd-ms.com <mailto:Dan.Hanson@gd-ms.com>" <iesg-bounces@ietf.org <mailto:iesg-bounces@ietf.org> on behalf of Dan.Hanson=40gd-ms.com@dmarc.ietf.org <mailto:40gd-ms.com@dmarc.ietf.org>> wrote:


Éric,


Thank you for reviewing this document. Responses are inline below prefixed with [DH].




Dan Hanson
General Dynamics Mission Systems


This message and/or attachments may include information subject to GD Corporate Policies 07-103 and 07-105 and is intended to be accessed only by authorized recipients. Use, storage and transmission are governed by General Dynamics and its policies. Contractual restrictions apply to third parties. Recipients should refer to the policies or contract to determine proper handling. Unauthorized review, use, disclosure or distribution is prohibited. If you are not an intended recipient, please contact the sender and destroy all copies of the original message.


-----Original Message-----
From: Éric Vyncke via Datatracker <noreply@ietf.org <mailto:noreply@ietf.org>>
Sent: Friday, August 4, 2023 9:21 AM
To: The IESG <iesg@ietf.org <mailto:iesg@ietf.org>>
Cc: draft-ietf-avtcore-rtp-scip@ietf.org <mailto:draft-ietf-avtcore-rtp-scip@ietf.org>; avtcore-chairs@ietf.org <mailto:avtcore-chairs@ietf.org>; avt@ietf.org <mailto:avt@ietf.org>; jonathan.lennox@8x8.com <mailto:jonathan.lennox@8x8.com>; bernard.aboba@gmail.com <mailto:bernard.aboba@gmail.com>; bernard.aboba@gmail.com <mailto:bernard.aboba@gmail.com>
Subject: Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-05: (with DISCUSS and COMMENT)


----
External E-mail --- CAUTION: This email originated from outside GDMS. Do not click links or open attachments unless you recognize the sender and know the content is safe.


Éric Vyncke has entered the following ballot position for
draft-ietf-avtcore-rtp-scip-05: Discuss


When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)




Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ <https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/>
for more information about how to handle DISCUSS and COMMENT positions.




The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-avtcore-rtp-scip/ <https://datatracker.ietf.org/doc/draft-ietf-avtcore-rtp-scip/>






----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------




# Éric Vyncke, INT AD, comments for draft-ietf-avtcore-rtp-scip-05


Thank you for the work put into this document.


Please find below one blocking DISCUSS points (easy to address), some
non-blocking COMMENT points (but replies would be appreciated even if only for
my own education), and some nits.


Special thanks to Bernard Aboba for the shepherd's detailed write-up including
the WG consensus ***but it lacks*** the justification of the intended status,
this is related to my DISCUSS below.


I hope that this review helps to improve the document,


Regards,


-éric


# DISCUSS


As noted in https://www.ietf.org/blog/handling-iesg-ballot-positions/ <https://www.ietf.org/blog/handling-iesg-ballot-positions/>, a
DISCUSS ballot is a request to have a discussion on the following topics:


## Section 2


I am afraid that without free and public access to the IETF community (whether
informational or normative) to the SCIP protocol itself, the IETF stream cannot
publish any document (even informational or experimental) with the following
assertion/claim `These capabilities include end-to-end security at the
application layer, authentication of user identity,`. Suggest removing any such
claim from the text.


[DH] The most recent version of SCIP-210 can be requested via email from NATO at ncia.cis3@ncia.nato.int <mailto:ncia.cis3@ncia.nato.int> (this is email specified in Section 8 of the I-D). An older version is publicly available at https://www.iad.gov/SecurePhone/index.cfm. Section <https://www.iad.gov/SecurePhone/index.cfm.&nbsp;&nbsp;Section> 8 will be updated to explicitly state that requests for the SCIP-210 specification can be made via email.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------




# COMMENTS


## Abstract


Is there a reason why is SDP expanded and not RTP ?


[DH] The expansion of SDP can be removed.




## Section 1


Unsure whether the following text has a place into an IETF RFC `This document
provides a reference for network security policymakers, network equipment OEMs,
procurement personnel, and government agency and commercial industry
representatives.`. Suggest to remove it.


[DH] The intent was to emphasize that this I-D is focused on network devices and the information provided here-in identifies the SCIP media subtype as a valid codec to be allowed to traverse network devices. We are asking:
1. network device manufacturers include 'scip' as a known codec in their equipment
2. network security policymakers allow 'scip' to traverse their networks
3. procurement personnel be able to identify which network devices implement 'scip' when bidding for equipment

EV> the above was a suggestion, feel free to ignore

I wonder to wonder whether the USA has left NATO ? The text `SCIP is presently
implemented in United States and NATO` seems to indicate that the USA are not
included in NATO.


[DH] SCIP was first only implemented in the USA, then it was later provided to NATO. We deliberately made this distinction.

EV> suggest to rephrase as "SCIP was first implemented in the USA then in NATO member states" or something similar to capture the time line.

## Section 1.2


The DTX acronym is expanded twice and never used. Suggest to remove it.


[DH] The DTX acronym will be removed from the acronym list and from the text in section 3.1.


## Section 2


Per `Secure Communication Interoperability Protocol (SCIP) allows the
negotiation of several voice, data, and video applications`, it appears that
SCIP can also be used for *data*, but this document is only about video/audio.
I.e., some text should explain to the reader what happens to the data.


[DH] SCIP-210 defines proprietary encrypted 'data' protocols. Perhaps 'data' could be removed from this I-D to avoid confusion.

EV> this would be nice indeed

Please explain what is a STANAG or provide an informational reference to STANAG
5068.


[DH] STANAG = Standardization Agreements. "... a normative document that records an agreement among several or all NATO member states - ratified at the authorized national level - to implement a standard, in whole or in part, with or without reservation." Information about STANAG 5068 can found at: https://nso.nato.int/nso/nsdd/main/standards/stanag-details/7712/EN <https://nso.nato.int/nso/nsdd/main/standards/stanag-details/7712/EN> but the document cannot be downloaded from that site. We mentioned STANAG 5068 in the background section to emphasize the acceptance of SCIP by NATO, but it was not intended as a reference document for the I-D..

EV> lease expand STANAG at least

The reader will welcome explanations about the numbers in `scip/8000 and
scip/90000` (e.g., by a reference to section 5)


[DH] The text will be changed to "... audio/scip and video/scip, respectively, ..."


## Section 3.1


Should there be informative references for MELPe, G.729D ?


[DH] MELPe (RFC 8130) is listed in the informative references. G.729D (RFC 3551) is listed in the normative references. The citation links are made later in the document; they will be moved up to the first occurrence of those terms.


Is this subsection useful ? This document is about RTP payload and this
subsection is more fit for the SCIP endpoints themselves. But, I am neither a
transport nor an application expert, so, feel free to keep this subsection.


# NITS


The official name of the UNO member state is "United States of America" and not
simply "United States".


[DH] We used "United States" for brevity since it is unambiguous.

EV> unsure whether it is really unambiguous, suggest to use "USA" then.