Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-05: (with DISCUSS and COMMENT)
"Dan.Hanson@gd-ms.com" <Dan.Hanson@gd-ms.com> Wed, 06 December 2023 15:29 UTC
Return-Path: <Dan.Hanson@gd-ms.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFF47C14CE30; Wed, 6 Dec 2023 07:29:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.406
X-Spam-Level:
X-Spam-Status: No, score=-4.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gd-ms.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MW7DT2KGKYHv; Wed, 6 Dec 2023 07:28:58 -0800 (PST)
Received: from vadc01-egs02.gd-ms.com (vadc01-egs02.gd-ms.com [137.100.132.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 264A0C14CE22; Wed, 6 Dec 2023 07:28:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gd-ms.com; i=@gd-ms.com; q=dns/txt; s=esa; t=1701876538; x=1733412538; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=kuu8cpf/84RNW0v4gynThVCGOk6jIAqj1/zXa8UNj/M=; b=MbmwQZrZAJjZrcEqQB2qo0xoqMNT6CmPozzgzru8q259BK4TIxh7eg2a fAgseCKgyFNz7E16QKV2Wyjxo3f1Cy455phCAjngjqOPBRfy0D6PG6uRC 5G1LnNp/DS6gHutsZz0+mJ5BJOAWPE7SwcH7XlSGv5uv7iU82WhykstWd C7LZogqbSvQ1Q66UM+1RtiKTQisygO7xSHlILdc+H0+N5tWcJULlGvIu3 n2J6U6tE9o6uKF/Af2kCSjUoJ/fPRFlAy6yKw5R4+iBmCj/XEUlvngyJ8 RJUJUuYY8ARBwljwTWj7KICdYhx/ZTGnhZxz+84wOqY6+NXw4CMXOSM3A g==;
X-CSE-ConnectionGUID: d2Qlz2qgTfqh0UxlN4adnQ==
X-CSE-MsgGUID: 1Gk1mD7YRRm7HFBOhjPYNQ==
X-IronPort-AV: E=Sophos;i="6.04,255,1695700800"; d="scan'208,217";a="58681228"
Received: from unknown (HELO eadc-e-fmsprd01.eadc-e.gd-ais.com) ([10.96.30.97]) by vadc01-egs02.gd-ms.com with ESMTP; 06 Dec 2023 10:28:54 -0500
Received: from azr-v-mbx01.GD-MS.US (outlook-east.gd-ms.us [10.144.20.52]) by eadc-e-fmsprd01.eadc-e.gd-ais.com (Postfix) with ESMTP id 28EBDFB04FD; Wed, 6 Dec 2023 15:28:54 +0000 (UTC)
Received: from azr-v-mbx01.GD-MS.US (10.144.20.52) by azr-v-mbx01.GD-MS.US (10.144.20.52) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 6 Dec 2023 10:28:53 -0500
Received: from USG02-CY1-obe.outbound.protection.office365.us (137.100.132.86) by smtp-relay.gd-ms.us (10.144.20.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Wed, 6 Dec 2023 10:28:52 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=sw+JfhGbEbfJwNEnG42hinwA4Djx8rK15DGeFmElRtAt/Ez8gu4onU3HzYfnnCFBma83vGanjZeaHuByY9sFbB5MHHONE1IT0IRTvQdwbrEAEiVBNMjqS0F+zibwbm55cR1EwKlQij/NAs8OD2DefxcfvDTVcxJ8syQ1oxy3Ve6Wf/62Ob5VR9XZ/lOWMkZo+xt5qLJuN4+OJDmwZzJdmy/FOVYjvjrXNHMuncDnkho77CZnCHRh0E8ZkamIocPdQZKdYLvY/I9eJhA3gBMX03EwBlexjxebuwZ4p/fTMutceS5hyGMWjHSy02yBcfJrhEJlo8f34Ma103iC0dHVww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Jc3yVn689pxfJGs2WGYxyuO1Sci6sCXmIR8AtbYoqhA=; b=tovF/aUqIHc3+Tr6OqASFC7P+Jp0dyziwvBQu8Ocb6tSZA/E+QXXDman7T/RAVGiXu7YnoC+mM+2LkrQG0BwoFx8KBUJRqDbzacxvTDSIkfyHHLvAHexZg40dosvR1KWI+0eBlPeXxwYZmv6Wjyn1wmn002h3oWBRt3Ue7MuCxnZv5oWik0ouGXoia/0cE9hU0ySeMPVCFMaC9N/PXru3E+a8Mrh9jzG6k0HYbdUFOrrAmvu550QLxQlyta0P0QAwCfEa4l7USUA2dXoNlQojNfvrGjl5P7TziWLrfacd08C+VQ0J0tetQWpP9gbZf7EkIJGyIrEQ5k1fBaPA0UwGw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=gd-ms.com; dmarc=pass action=none header.from=gd-ms.com; dkim=pass header.d=gd-ms.com; arc=none
Received: from PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:189::10) by PH1P110MB1003.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:177::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7002.40; Wed, 6 Dec 2023 15:28:50 +0000
Received: from PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM ([fe80::814d:108f:9d5e:9d9a]) by PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM ([fe80::814d:108f:9d5e:9d9a%6]) with mapi id 15.20.7002.040; Wed, 6 Dec 2023 15:28:50 +0000
From: "Dan.Hanson@gd-ms.com" <Dan.Hanson@gd-ms.com>
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, "Dan.Hanson@gd-ms.com" <Dan.Hanson=40gd-ms.com@dmarc.ietf.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-avtcore-rtp-scip@ietf.org" <draft-ietf-avtcore-rtp-scip@ietf.org>, "avtcore-chairs@ietf.org" <avtcore-chairs@ietf.org>, "avt@ietf.org" <avt@ietf.org>, "jonathan.lennox@8x8.com" <jonathan.lennox@8x8.com>, "bernard.aboba@gmail.com" <bernard.aboba@gmail.com>, "Michael.Faller@gd-ms.com" <Michael.Faller@gd-ms.com>, "Keith.Maver@gd-ms.com" <Keith.Maver@gd-ms.com>
Thread-Topic: Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-05: (with DISCUSS and COMMENT)
Thread-Index: AQHZxtZ097QbN+FWmUO2Wex3y3ZgrK/aMmrQgAY5ngCAAZuJ8IC5hM4SgAGV4SA=
Date: Wed, 06 Dec 2023 15:28:50 +0000
Message-ID: <PH1P110MB1172CF38D237E64D04B653BBD584A@PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM>
References: <169115523149.4829.17144483631227846115@ietfa.amsl.com> <PH1P110MB117290489471D0F1907923F4D509A@PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM> <D8C1AF75-49A8-4A13-82BB-34BF41928F10@cisco.com> <PH1P110MB1172408A169C49301CAB5F86D512A@PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM> <PH0PR11MB4966E6481938C973E5C9766DA985A@PH0PR11MB4966.namprd11.prod.outlook.com>
In-Reply-To: <PH0PR11MB4966E6481938C973E5C9766DA985A@PH0PR11MB4966.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=gd-ms.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH1P110MB1172:EE_|PH1P110MB1003:EE_
x-ms-office365-filtering-correlation-id: 8482fa0c-bb93-418f-b874-08dbf6700c09
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: P4iKDc2N2QeaX48nR+K4kUnY0baMpwjJ3QqKOadocDZSOrJiPl+NjCCJkT/wQvFxCwMWzbPjE/lEegDL4lz87BeBlX6weV9CE7+gdG658H6co5UU4KB/gWevDgfhhFjBdYJMaydpPOHqPHfD7yPGXR1ZaZiePV+MReeJcT5iGbTv1mxi7ccHXtQTPcy9yzd33Be0FT2fsJ4DVhPW9qBGjEW1tVrfdIFdvkR91fbmuydvp8JnERTOH4gO+o8TNbLw7+TFmD9PWf2JCuUuHA0S17fwIVtd75s4I4zGsbl+wH1yvgMoOf/RmF4hJIkVXDAra8FQQWC1U6DrWMsQBCQUlm1RN2saP/lCgNcDRtDQOpctkot/lBs6SVvrgzTq5b7GjWNpEgfIy22NazQzpSJ+b42IREV3YhGlrGlUTITcLgpdGwPYNX37S9JXH4lxuGAbUFsV/+OaZBfk3ruSEuJ6LKa/8CloFXV890thr6rQvbo9jEfvlZhDRRsdKrdlBfrLrwu/pq6p8fAc4Hwp7L9wMk8WdQ2vepVNFmS9n9JWpMi6FUjAUK2NEUojUcX4cROI0DjHLRmeoc8kJxrB28Az36TQPdwLPVmisaaoUPWgut/rhryr0ZN7i1rIw1lJUjCJucfXskNVAGMRpzFuiJ4BSo2/HT8sAN0jIj4AYbGj/O8=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(366004)(230922051799003)(230273577357003)(230173577357003)(1800799012)(451199024)(186009)(38070700009)(55016003)(66899024)(33656002)(5660300002)(122000001)(82960400001)(9686003)(224303003)(2906002)(30864003)(71200400001)(83380400001)(166002)(53546011)(38100700002)(6506007)(26005)(107886003)(7696005)(4326008)(966005)(110136005)(76116006)(54906003)(498600001)(52536014)(64756008)(66556008)(66946007)(66446008)(66476007)(86362001)(8936002)(491001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: LcqOSpYHewJZHQGYXa5dmeBJI+1XJTrlqfJHBDh3fIvZdHYzVT0TFPvJEkutKvmguJoPnXDNI3PK/7nd80LEB+VlxkFDVeoBCVdARPbKEt5mt90R47GgEJ0ZyxkKXGN5t4D2DYHy+nPsuVarSp3himDscs0WSt81+KYT4ku1Um8JHYiprxu8Wrv+E5VVN6qw01KNsP8E2c3/Xn15arb9HQVenpGuYKLCjTVyPTaSceUueyEOZtMB1o6nclvH7+k3kZu6k/kH5KdzeW7hHMT7wZBQx9+n0OLB2prwOERhRfhJf0CVu7hVi9wWESooORDQ7dvusUZSVPEHHskLytDvpTGJ1T7LADuL/qoJtjL3tFHIulRS6rqBGVi+mz5KRbOgLckUe5oyKhtinYhdNqM6m8ZSLOENNh2V3qxweLxBU1siJckWtTcxay9ysFtM7uH7k9PHT4BWEH2JpPSLw+78rzTFH4xAmhTIgIUJv9nIaAlzKcFWhp/Vyz1gWOmUUuXzhCzyXDfGIebT5iXQqFuy9qzZqK90Ymu6rrUNWnqJzC1pOUUxuWOhjetjkAZ/7ZVasRzCx1UF3cPed9xbI3CCtJdUmUpCvGW0E+7rGibCzNOVNzAyrfixwksd+d7VGygW59NsEjiJJo+YVgvNr5fmpjLWypCSuRiMqr7LX90wqT8J8yh8RlMmamvPVXZ1Sfqx4fjkkzWqnB2oU8Q81E7UqenHMxzjuu0rRyNwpJiFWzrsWEVIT7Rb6hA8Tyj8EfI0LJLGBGWQpWwT9nsy2OcjN44Uyy2zVeMFZ4+BInScVVDdI4F/QV45YxG1BQe6RYfCxKsvGGZfz1JxukMU8m4OpjWkdBRXcOnl9VNZMQ91Zc4vny7RuuvqdPU+Y1niP+ja/yUfngsWSdfBvwNFj8PuV1PJkiw/iUnYaApy0PfB3uaUsA1ToMuF7t9bYsIGOUErng2vb8lmhdaVp635Hm4X8unMoRZyO0ykTr6M+W2FEhkLP3pQLZWOYLsGacAzGQBZwikqA7H/TVL0LElHlqMpN3rvBoYU2KgM4TiMDr4b+H5Ihs+2KAtNNx3qwtxGcowZcSGbh53QNYMFOhmPFJLCsswjdO/SNmwHUW+UJ56FeKruF96eQJ/gbdPD5k0VpE8XawoOlgAkDJoPZ0FCTcdj08TSktKf7l3uHP/d0QDU4cf6FdNxTKG2Eln/DVZ5BORwOlnYl2WBRYAgkBmechgkvECox6kQkR1+4y3Y64SmyPSbXo1/pf/g/cLFHrQ1jTD7XNMvKxBJL8P6UPhHj+T/q7/JB9BOd2Dw1P42UwASXSikCn89CF0VIp4xxaFMPrWoq5Tfq14Sb2UvQP16XVbLOOSpCI4vDSIY2zCaD51UNCFYphuYTTdUcKXjuSv07AW1sNlr5UbFEQJ+K2VFRYVNu6O1uklDXAtUjkpqsuGDlSCjo4UVU0o/5owAG8MnCMbtODMJdI/UjmhAbc3K2s+3vTLzFOplgFg9LCAmh7ydyJQ=
Content-Type: multipart/alternative; boundary="_000_PH1P110MB1172CF38D237E64D04B653BBD584APH1P110MB1172NAMP_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 8482fa0c-bb93-418f-b874-08dbf6700c09
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Dec 2023 15:28:50.1297 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 7c5a26cf-ddf0-400c-9703-4070b4e3a54d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH1P110MB1003
X-OriginatorOrg: gd-ms.com
X-Content-Scanned: Fidelis Mail
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/Q7qj4SE3aK9PYykmT4LEsTt5lnA>
X-Mailman-Approved-At: Wed, 06 Dec 2023 08:01:46 -0800
Subject: Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-05: (with DISCUSS and COMMENT)
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Dec 2023 15:29:04 -0000
Eric, Thank you for reviewing the document. After consulting with others in the IETF, they state the following: The IETF has routinely published documents encapsulating security protocols it did not develop without reviewing them. For example, RFC 4186 documents EAP-SIM, RFC 4187 documents EAP-AKA, etc. Both of those documents include a "Security claims" section (e.g., a statement of the security services provided, as required by RFC 3748), without a proof of the actual security of those services (which had well known issues, in the case of SIM in particular). Regards, Dan Hanson General Dynamics Mission Systems This message and/or attachments may include information subject to GD Corporate Policies 07-103 and 07-105 and is intended to be accessed only by authorized recipients. Use, storage and transmission are governed by General Dynamics and its policies. Contractual restrictions apply to third parties. Recipients should refer to the policies or contract to determine proper handling. Unauthorized review, use, disclosure or distribution is prohibited. If you are not an intended recipient, please contact the sender and destroy all copies of the original message. From: Eric Vyncke (evyncke) <evyncke@cisco.com> Sent: Tuesday, December 5, 2023 10:12 AM To: Hanson, Daniel C <Dan.Hanson@gd-ms.com>; Dan.Hanson@gd-ms.com <Dan.Hanson=40gd-ms.com@dmarc.ietf.org>; The IESG <iesg@ietf.org> Cc: draft-ietf-avtcore-rtp-scip@ietf.org; avtcore-chairs@ietf.org; avt@ietf.org; jonathan.lennox@8x8.com; bernard.aboba@gmail.com; Faller, Michael F <Michael.Faller@gd-ms.com>; Maver, Keith M <Keith.Maver@gd-ms.com> Subject: Re: Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-05: (with DISCUSS and COMMENT) External E-mail --- CAUTION: This email originated from outside GDMS. Do not click links or open attachments unless you recognize the sender and know the content is safe. Dan, Finally, NATO has provided the IESG with a copy of the SCIP-210. OTOH, the main point of my DISCUSS is about the claim in section 3 (background). There has been no security review by the IETF of SCIP-210, so how can an IETF standard track document claim: "These capabilities include end-to-end security at the application layer, authentication of user identity, the ability to apply different security levels for each secure session, and secure communication over any end-to-end data connection."<https://datatracker.ietf.org/doc/html/draft-ietf-avtcore-rtp-scip-06#section-3-1> I suggest removing this sentence from the I-D, it won't change the actual purpose of the I-D and I could then clear my current blocking DISCUSS. Regards -éric From: Dan.Hanson@gd-ms.com <Dan.Hanson@gd-ms.com> Date: Wednesday, 9 August 2023 at 16:14 To: Eric Vyncke (evyncke) <evyncke@cisco.com>, Dan.Hanson@gd-ms.com <Dan.Hanson=40gd-ms.com@dmarc.ietf.org>, The IESG <iesg@ietf.org> Cc: draft-ietf-avtcore-rtp-scip@ietf.org <draft-ietf-avtcore-rtp-scip@ietf.org>, avtcore-chairs@ietf.org <avtcore-chairs@ietf.org>, avt@ietf.org <avt@ietf.org>, jonathan.lennox@8x8.com <jonathan.lennox@8x8.com>, bernard.aboba@gmail.com <bernard.aboba@gmail.com>, Michael.Faller@gd-ms.com <Michael.Faller@gd-ms.com>, Keith.Maver@gd-ms.com <Keith.Maver@gd-ms.com> Subject: RE: Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-05: (with DISCUSS and COMMENT) Eric, NATO may be a little slow to respond since probably many of the staff is on European summer holiday. In the meantime, you can get an older version of SCIP-210 at https://www.iad.gov/SecurePhone/index.cfm. Click SCIP Specification on the left side of the page, then scroll down to SCIP-210 Rev 3.6 which is the next to last item in the list. SCIP-210 and supporting documents define SCIP (Secure Interoperable Communications Protocol) and demonstrates the statement "These capabilities include end-to-end security at the application layer, authentication of user identity, ..." Regards, Dan Hanson General Dynamics Mission Systems This message and/or attachments may include information subject to GD Corporate Policies 07-103 and 07-105 and is intended to be accessed only by authorized recipients. Use, storage and transmission are governed by General Dynamics and its policies. Contractual restrictions apply to third parties. Recipients should refer to the policies or contract to determine proper handling. Unauthorized review, use, disclosure or distribution is prohibited. If you are not an intended recipient, please contact the sender and destroy all copies of the original message. -----Original Message----- From: Eric Vyncke (evyncke) <evyncke@cisco.com> Sent: Tuesday, August 8, 2023 7:33 AM To: Dan.Hanson@gd-ms.com <Dan.Hanson=40gd-ms.com@dmarc.ietf.org>; The IESG <iesg@ietf.org> Cc: draft-ietf-avtcore-rtp-scip@ietf.org; avtcore-chairs@ietf.org; avt@ietf.org; jonathan.lennox@8x8.com; bernard.aboba@gmail.com Subject: Re: Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-05: (with DISCUSS and COMMENT) ---- External E-mail --- CAUTION: This email originated from outside GDMS. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hello Dan, Thank you for your prompt reply. FYI, I have requested the SCIP standard, but I am still waiting for it. Anyway, my blocking issue is different from Lars' one, but more on the assertion/claim in this I-D on the IETF stream: `These capabilities include end-to-end security at the application layer, authentication of user identity,`. First, it brings nothing to the actual purpose of the I-D, but more important nobody in the IETF community has analyzed the security properties of SCIP. I.e., suggest to simply remove this claim from the text. See below for EV> Hope this helps -éric ?On 04/08/2023, 17:41, "iesg on behalf of Dan.Hanson@gd-ms.com <mailto:Dan.Hanson@gd-ms.com>" <iesg-bounces@ietf.org <mailto:iesg-bounces@ietf.org> on behalf of Dan.Hanson=40gd-ms.com@dmarc.ietf.org <mailto:40gd-ms.com@dmarc.ietf.org>> wrote: Éric, Thank you for reviewing this document. Responses are inline below prefixed with [DH]. Dan Hanson General Dynamics Mission Systems This message and/or attachments may include information subject to GD Corporate Policies 07-103 and 07-105 and is intended to be accessed only by authorized recipients. Use, storage and transmission are governed by General Dynamics and its policies. Contractual restrictions apply to third parties. Recipients should refer to the policies or contract to determine proper handling. Unauthorized review, use, disclosure or distribution is prohibited. If you are not an intended recipient, please contact the sender and destroy all copies of the original message. -----Original Message----- From: Éric Vyncke via Datatracker <noreply@ietf.org <mailto:noreply@ietf.org>> Sent: Friday, August 4, 2023 9:21 AM To: The IESG <iesg@ietf.org <mailto:iesg@ietf.org>> Cc: draft-ietf-avtcore-rtp-scip@ietf.org <mailto:draft-ietf-avtcore-rtp-scip@ietf.org>; avtcore-chairs@ietf.org <mailto:avtcore-chairs@ietf.org>; avt@ietf.org <mailto:avt@ietf.org>; jonathan.lennox@8x8.com <mailto:jonathan.lennox@8x8.com>; bernard.aboba@gmail.com <mailto:bernard.aboba@gmail.com>; bernard.aboba@gmail.com <mailto:bernard.aboba@gmail.com> Subject: Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-05: (with DISCUSS and COMMENT) ---- External E-mail --- CAUTION: This email originated from outside GDMS. Do not click links or open attachments unless you recognize the sender and know the content is safe. Éric Vyncke has entered the following ballot position for draft-ietf-avtcore-rtp-scip-05: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ <https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/> for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-avtcore-rtp-scip/ <https://datatracker.ietf.org/doc/draft-ietf-avtcore-rtp-scip/> ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- # Éric Vyncke, INT AD, comments for draft-ietf-avtcore-rtp-scip-05 Thank you for the work put into this document. Please find below one blocking DISCUSS points (easy to address), some non-blocking COMMENT points (but replies would be appreciated even if only for my own education), and some nits. Special thanks to Bernard Aboba for the shepherd's detailed write-up including the WG consensus ***but it lacks*** the justification of the intended status, this is related to my DISCUSS below. I hope that this review helps to improve the document, Regards, -éric # DISCUSS As noted in https://www.ietf.org/blog/handling-iesg-ballot-positions/ <https://www.ietf.org/blog/handling-iesg-ballot-positions/>, a DISCUSS ballot is a request to have a discussion on the following topics: ## Section 2 I am afraid that without free and public access to the IETF community (whether informational or normative) to the SCIP protocol itself, the IETF stream cannot publish any document (even informational or experimental) with the following assertion/claim `These capabilities include end-to-end security at the application layer, authentication of user identity,`. Suggest removing any such claim from the text. [DH] The most recent version of SCIP-210 can be requested via email from NATO at ncia.cis3@ncia.nato.int <mailto:ncia.cis3@ncia.nato.int> (this is email specified in Section 8 of the I-D). An older version is publicly available at https://www.iad.gov/SecurePhone/index.cfm. Section <https://www.iad.gov/SecurePhone/index.cfm. Section> 8 will be updated to explicitly state that requests for the SCIP-210 specification can be made via email. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # COMMENTS ## Abstract Is there a reason why is SDP expanded and not RTP ? [DH] The expansion of SDP can be removed. ## Section 1 Unsure whether the following text has a place into an IETF RFC `This document provides a reference for network security policymakers, network equipment OEMs, procurement personnel, and government agency and commercial industry representatives.`. Suggest to remove it. [DH] The intent was to emphasize that this I-D is focused on network devices and the information provided here-in identifies the SCIP media subtype as a valid codec to be allowed to traverse network devices. We are asking: 1. network device manufacturers include 'scip' as a known codec in their equipment 2. network security policymakers allow 'scip' to traverse their networks 3. procurement personnel be able to identify which network devices implement 'scip' when bidding for equipment EV> the above was a suggestion, feel free to ignore I wonder to wonder whether the USA has left NATO ? The text `SCIP is presently implemented in United States and NATO` seems to indicate that the USA are not included in NATO. [DH] SCIP was first only implemented in the USA, then it was later provided to NATO. We deliberately made this distinction. EV> suggest to rephrase as "SCIP was first implemented in the USA then in NATO member states" or something similar to capture the time line. ## Section 1.2 The DTX acronym is expanded twice and never used. Suggest to remove it. [DH] The DTX acronym will be removed from the acronym list and from the text in section 3.1. ## Section 2 Per `Secure Communication Interoperability Protocol (SCIP) allows the negotiation of several voice, data, and video applications`, it appears that SCIP can also be used for *data*, but this document is only about video/audio. I.e., some text should explain to the reader what happens to the data. [DH] SCIP-210 defines proprietary encrypted 'data' protocols. Perhaps 'data' could be removed from this I-D to avoid confusion. EV> this would be nice indeed Please explain what is a STANAG or provide an informational reference to STANAG 5068. [DH] STANAG = Standardization Agreements. "... a normative document that records an agreement among several or all NATO member states - ratified at the authorized national level - to implement a standard, in whole or in part, with or without reservation." Information about STANAG 5068 can found at: https://nso.nato.int/nso/nsdd/main/standards/stanag-details/7712/EN <https://nso.nato.int/nso/nsdd/main/standards/stanag-details/7712/EN> but the document cannot be downloaded from that site. We mentioned STANAG 5068 in the background section to emphasize the acceptance of SCIP by NATO, but it was not intended as a reference document for the I-D.. EV> lease expand STANAG at least The reader will welcome explanations about the numbers in `scip/8000 and scip/90000` (e.g., by a reference to section 5) [DH] The text will be changed to "... audio/scip and video/scip, respectively, ..." ## Section 3.1 Should there be informative references for MELPe, G.729D ? [DH] MELPe (RFC 8130) is listed in the informative references. G.729D (RFC 3551) is listed in the normative references. The citation links are made later in the document; they will be moved up to the first occurrence of those terms. Is this subsection useful ? This document is about RTP payload and this subsection is more fit for the SCIP endpoints themselves. But, I am neither a transport nor an application expert, so, feel free to keep this subsection. # NITS The official name of the UNO member state is "United States of America" and not simply "United States". [DH] We used "United States" for brevity since it is unambiguous. EV> unsure whether it is really unambiguous, suggest to use "USA" then.
- [AVTCORE] Éric Vyncke's Discuss on draft-ietf-avt… Éric Vyncke via Datatracker
- Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf… Dan.Hanson@gd-ms.com
- Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf… Eric Vyncke (evyncke)
- Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf… Dan.Hanson@gd-ms.com
- Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf… Eric Vyncke (evyncke)
- Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf… Dan.Hanson@gd-ms.com
- Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf… Eric Vyncke (evyncke)
- Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf… Dan.Hanson@gd-ms.com