[AVTCORE] help
"Qasim Y. Khan" <qasim@qasimkhan.com> Thu, 03 August 2017 20:24 UTC
Return-Path: <qasim@qasimkhan.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04F3E129AB2 for <avt@ietfa.amsl.com>; Thu, 3 Aug 2017 13:24:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=qasimkhan-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aYkUheo96HhY for <avt@ietfa.amsl.com>; Thu, 3 Aug 2017 13:24:01 -0700 (PDT)
Received: from mail-it0-x236.google.com (mail-it0-x236.google.com [IPv6:2607:f8b0:4001:c0b::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9FC4131C8A for <avt@ietf.org>; Thu, 3 Aug 2017 13:24:00 -0700 (PDT)
Received: by mail-it0-x236.google.com with SMTP id h199so3026013ith.0 for <avt@ietf.org>; Thu, 03 Aug 2017 13:24:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qasimkhan-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=OYQajhWL6Ht1gzhDtOTld/OmtXBa6hzGYLQidbLRqhw=; b=r/CNPmrxIJ1olAyj13ZIPVS4lB8hf7phOhNwFulNMklUDT3fgpBvix5r6w8r+xIWOk V5w7XMAmGxM7RfdBW7WODdhMm30Mi/8/4Lll5B5XiiycJB+ytJvSQDOua+jgULIxLIGJ cQCUkPnEtVJI1qVgH+tiCuv+Fw3uILZ92rID01sHoD/HAU541YglxNVqLOLqI2Iu6KjH LpcR7XgkuMmGxjs/ZhHqJxzq2BCM+qma1LMscOzyq0ekHb6P4Y/4/Q3+f9py4Z87CDR3 rHYAOXeFyhNWl9tQ2c1mYDU1L0QWUBo3/vK1qbiEij94dC3qfqcG+fARtXwwK/gjN7YT WDVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=OYQajhWL6Ht1gzhDtOTld/OmtXBa6hzGYLQidbLRqhw=; b=oNA8gEoZGUUT3ukNOoY9WEd0WRIXw2lVgerhWtcb/B41tLqduAmmbGF7QvmVHYoJlJ GQ/tI9Qu4jWp+eEzRQP0gWp7Ei0CYDZpgPBqVJOfPfhsUBDvIscA8RI7NVKWrkRYMjOS dDhETjUMdkpDFbP/0mNbbHp0R3vg8WGpuDMgYPL1G6X0KeMmStu4mQrqBsFnDm8wORbQ lnI0pt2EixPpScS3lXb4q2s4Pa7waZHH+/k0X1o+PgBkl4wuqRA/5duECoBWYdQ9ccWK aya+GTiT4EC16x7Jn8Eil9cV4O746VWpHmDXs8KUyCdnrC5iCe3lrzV1vtd8sIoivqXN C9Dw==
X-Gm-Message-State: AIVw113N+yIusYde0ROqjxUYXrxKrNgl47Up/rQdZPVQfcs5DnjA3Pa4 JtNW3v54Pr5LDio+56eYGTZwypympR75
X-Received: by 10.36.116.146 with SMTP id o140mr614763itc.107.1501791839726; Thu, 03 Aug 2017 13:23:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.2.216 with HTTP; Thu, 3 Aug 2017 13:23:59 -0700 (PDT)
From: "Qasim Y. Khan" <qasim@qasimkhan.com>
Date: Fri, 04 Aug 2017 01:23:59 +0500
Message-ID: <CAFORFUX+4MtK9qm21QNohUvMq5s-+ZGEtd0_4gakqcXuWLX2sg@mail.gmail.com>
To: avt@ietf.org
Content-Type: multipart/alternative; boundary="001a114aaadc22756a0555df2952"
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/cOFcKqr2Emb1i-GIsATqEzdd_c4>
Subject: [AVTCORE] help
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Aug 2017 20:24:14 -0000
On Thu, Aug 3, 2017 at 6:55 PM, <avt-request@ietf.org> wrote: > Send avt mailing list submissions to > avt@ietf.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.ietf.org/mailman/listinfo/avt > or, via email, send a message with subject or body 'help' to > avt-request@ietf.org > > You can reach the person managing the list at > avt-owner@ietf.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of avt digest..." > > > Today's Topics: > > 1. Kathleen Moriarty's No Objection on > draft-ietf-avtcore-aria-srtp-10: (with COMMENT) (Kathleen Moriarty) > 2. Re: Kathleen Moriarty's No Objection on > draft-ietf-avtcore-aria-srtp-10: (with COMMENT) (Ben Campbell) > 3. Re: Kathleen Moriarty's No Objection on > draft-ietf-avtcore-aria-srtp-10: (with COMMENT) (Kathleen Moriarty) > 4. Re: Kathleen Moriarty's No Objection on > draft-ietf-avtcore-aria-srtp-10: (with COMMENT) (Ben Campbell) > 5. Re: Kathleen Moriarty's No Objection on > draft-ietf-avtcore-aria-srtp-10: (with COMMENT) (Kathleen Moriarty) > 6. Re: Kathleen Moriarty's No Objection on > draft-ietf-avtcore-aria-srtp-10: (with COMMENT) (Ben Campbell) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 02 Aug 2017 18:50:50 -0700 > From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com> > To: "The IESG" <iesg@ietf.org> > Cc: draft-ietf-avtcore-aria-srtp@ietf.org, Roni Even > <roni.even@huawei.com>, avtcore-chairs@ietf.org, > roni.even@huawei.com, > avt@ietf.org > Subject: [AVTCORE] Kathleen Moriarty's No Objection on > draft-ietf-avtcore-aria-srtp-10: (with COMMENT) > Message-ID: > <150172505031.5791.14553211399724965332.idtracker@ietfa.amsl.com> > Content-Type: text/plain; charset="utf-8" > > Kathleen Moriarty has entered the following ballot position for > draft-ietf-avtcore-aria-srtp-10: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-avtcore-aria-srtp/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Although this is not a discuss, I think updated text would be very helpful > on > the following two issues. > > I agree with the SecDir reviewer that there should be more text around the > short tag length in the security considerations section. I don't see a > response to that post though. > > For SHA-1, a reference to RFC6194 for the security considerations for > SHA-1message digest algorithms would be helpful. Thank you! > > > > > ------------------------------ > > Message: 2 > Date: Wed, 2 Aug 2017 21:36:31 -0500 > From: Ben Campbell <ben@nostrum.com> > To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> > Cc: The IESG <iesg@ietf.org>, avtcore-chairs@ietf.org, > roni.even@huawei.com, draft-ietf-avtcore-aria-srtp@ietf.org, > avt@ietf.org > Subject: Re: [AVTCORE] Kathleen Moriarty's No Objection on > draft-ietf-avtcore-aria-srtp-10: (with COMMENT) > Message-ID: <084BEE4A-1241-42C6-BD39-36F11792ABB4@nostrum.com> > Content-Type: text/plain; charset=utf-8 > > > > > > On Aug 2, 2017, at 8:50 PM, Kathleen Moriarty < > kathleen.moriarty.ietf@gmail.com> wrote: > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > Although this is not a discuss, I think updated text would be very > helpful on > > the following two issues. > > > > I agree with the SecDir reviewer that there should be more text around > the > > short tag length in the security considerations section. I don't see a > > response to that post though. > > > > Hi Kathleen, > > I think you are referring to Ben Laurie?s SecDir review of 06, rather than > his later review of 09. Is that correct? Version 9 removed the GCM_8 modes. > Or were you referring to something else? > > > For SHA-1, a reference to RFC6194 for the security considerations for > > SHA-1message digest algorithms would be helpful. Thank you! > > Thanks, that?s helpful. I agree the security considerations needs to say > something about the use of SHA1 > > Ben. > > > ------------------------------ > > Message: 3 > Date: Wed, 2 Aug 2017 22:50:02 -0400 > From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> > To: Ben Campbell <ben@nostrum.com> > Cc: The IESG <iesg@ietf.org>, avtcore-chairs@ietf.org, Roni Even > <roni.even@huawei.com>, draft-ietf-avtcore-aria-srtp@ietf.org, > avt@ietf.org > Subject: Re: [AVTCORE] Kathleen Moriarty's No Objection on > draft-ietf-avtcore-aria-srtp-10: (with COMMENT) > Message-ID: > <CAHbuEH4+R8KguTtLdoGnGdom1YB6Cp0XD5nLTm > -YUMHaLsXxuw@mail.gmail.com> > Content-Type: text/plain; charset="UTF-8" > > Hi Ben, > > Thanks for the quick response, inline. > > On Wed, Aug 2, 2017 at 10:36 PM, Ben Campbell <ben@nostrum.com> wrote: > > > > > > > >> On Aug 2, 2017, at 8:50 PM, Kathleen Moriarty < > kathleen.moriarty.ietf@gmail.com> wrote: > >> ---------------------------------------------------------------------- > >> COMMENT: > >> ---------------------------------------------------------------------- > >> > >> Although this is not a discuss, I think updated text would be very > helpful on > >> the following two issues. > >> > >> I agree with the SecDir reviewer that there should be more text around > the > >> short tag length in the security considerations section. I don't see a > >> response to that post though. > >> > > > > Hi Kathleen, > > > > I think you are referring to Ben Laurie?s SecDir review of 06, rather > than his later review of 09. Is that correct? Version 9 removed the GCM_8 > modes. Or were you referring to something else? > > I am referring to Ben's review of -06, where he had the following text: > > Thirdly, I am not familiar enough with SRTP to understand why short > authentication tags are needed, but in general its a bad idea, so I > feel the Security Considerations should explain more fully than > "Ciphersuites with short tag length may be > considered for specific application environments stated in 7.5 of > [RFC3711], but the risk of weak authentication described in > Section 9.5.1 of [RFC3711] should be taken into account." > > I don't see an update to this text to address his question - providing > additional information as to what should be "taken into account". > > > > > >> For SHA-1, a reference to RFC6194 for the security considerations for > >> SHA-1message digest algorithms would be helpful. Thank you! > > > > Thanks, that?s helpful. I agree the security considerations needs to say > something about the use of SHA1 > > Great, thanks! > > > > Ben. > > > > -- > > Best regards, > Kathleen > > > > ------------------------------ > > Message: 4 > Date: Wed, 2 Aug 2017 22:15:45 -0500 > From: Ben Campbell <ben@nostrum.com> > To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> > Cc: The IESG <iesg@ietf.org>, avtcore-chairs@ietf.org, Roni Even > <roni.even@huawei.com>, draft-ietf-avtcore-aria-srtp@ietf.org, > avt@ietf.org > Subject: Re: [AVTCORE] Kathleen Moriarty's No Objection on > draft-ietf-avtcore-aria-srtp-10: (with COMMENT) > Message-ID: <D666082B-4DBF-406E-AC6C-03493A376A53@nostrum.com> > Content-Type: text/plain; charset=utf-8 > > > > On Aug 2, 2017, at 9:50 PM, Kathleen Moriarty < > kathleen.moriarty.ietf@gmail.com> wrote: > > > > Hi Ben, > > > > Thanks for the quick response, inline. > > > > On Wed, Aug 2, 2017 at 10:36 PM, Ben Campbell <ben@nostrum.com> wrote: > >> > >> > >> > >>> On Aug 2, 2017, at 8:50 PM, Kathleen Moriarty < > kathleen.moriarty.ietf@gmail.com> wrote: > >>> ---------------------------------------------------------------------- > >>> COMMENT: > >>> ---------------------------------------------------------------------- > >>> > >>> Although this is not a discuss, I think updated text would be very > helpful on > >>> the following two issues. > >>> > >>> I agree with the SecDir reviewer that there should be more text around > the > >>> short tag length in the security considerations section. I don't see a > >>> response to that post though. > >>> > >> > >> Hi Kathleen, > >> > >> I think you are referring to Ben Laurie?s SecDir review of 06, rather > than his later review of 09. Is that correct? Version 9 removed the GCM_8 > modes. Or were you referring to something else? > > > > I am referring to Ben's review of -06, where he had the following text: > > > > Thirdly, I am not familiar enough with SRTP to understand why short > > authentication tags are needed, but in general its a bad idea, so I > > feel the Security Considerations should explain more fully than > > "Ciphersuites with short tag length may be > > considered for specific application environments stated in 7.5 of > > [RFC3711], but the risk of weak authentication described in > > Section 9.5.1 of [RFC3711] should be taken into account." > > > > I don't see an update to this text to address his question - providing > > additional information as to what should be "taken into account?. > > I had assumed his concern was about short tags in GCM mode, namely the > following: > > AEAD_ARIA_128_GCM_8 > AEAD_ARIA_256_GCM_8 > AEAD_ARIA_128_GCM_12 > AEAD_ARIA_256_GCM_12 > > These have all been removed as of version 09. Ben?s review of 09 made no > further mention of short tags. > > Are there suites still in version 09 that you think need further > discussion in the security considerations? I think the authors would > happily add something if we can tell them what is needed, but I?m certainly > not the expert here. > > Ben. > > > > ------------------------------ > > Message: 5 > Date: Thu, 3 Aug 2017 09:26:51 -0400 > From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> > To: Ben Campbell <ben@nostrum.com> > Cc: The IESG <iesg@ietf.org>, avtcore-chairs@ietf.org, Roni Even > <roni.even@huawei.com>, draft-ietf-avtcore-aria-srtp@ietf.org, > avt@ietf.org > Subject: Re: [AVTCORE] Kathleen Moriarty's No Objection on > draft-ietf-avtcore-aria-srtp-10: (with COMMENT) > Message-ID: > <CAHbuEH6JJNq9QmAi9Dbg15-SctUS+c6FArW94KqfRzVP_g4gGw@ > mail.gmail.com> > Content-Type: text/plain; charset="UTF-8" > > Hi Ben, > > On Wed, Aug 2, 2017 at 11:15 PM, Ben Campbell <ben@nostrum.com> wrote: > > > >> On Aug 2, 2017, at 9:50 PM, Kathleen Moriarty < > kathleen.moriarty.ietf@gmail.com> wrote: > >> > >> Hi Ben, > >> > >> Thanks for the quick response, inline. > >> > >> On Wed, Aug 2, 2017 at 10:36 PM, Ben Campbell <ben@nostrum.com> wrote: > >>> > >>> > >>> > >>>> On Aug 2, 2017, at 8:50 PM, Kathleen Moriarty < > kathleen.moriarty.ietf@gmail.com> wrote: > >>>> ------------------------------------------------------------ > ---------- > >>>> COMMENT: > >>>> ------------------------------------------------------------ > ---------- > >>>> > >>>> Although this is not a discuss, I think updated text would be very > helpful on > >>>> the following two issues. > >>>> > >>>> I agree with the SecDir reviewer that there should be more text > around the > >>>> short tag length in the security considerations section. I don't see > a > >>>> response to that post though. > >>>> > >>> > >>> Hi Kathleen, > >>> > >>> I think you are referring to Ben Laurie?s SecDir review of 06, rather > than his later review of 09. Is that correct? Version 9 removed the GCM_8 > modes. Or were you referring to something else? > >> > >> I am referring to Ben's review of -06, where he had the following text: > >> > >> Thirdly, I am not familiar enough with SRTP to understand why short > >> authentication tags are needed, but in general its a bad idea, so I > >> feel the Security Considerations should explain more fully than > >> "Ciphersuites with short tag length may be > >> considered for specific application environments stated in 7.5 of > >> [RFC3711], but the risk of weak authentication described in > >> Section 9.5.1 of [RFC3711] should be taken into account." > >> > >> I don't see an update to this text to address his question - providing > >> additional information as to what should be "taken into account?. > > > > I had assumed his concern was about short tags in GCM mode, namely the > following: > > > > AEAD_ARIA_128_GCM_8 > > AEAD_ARIA_256_GCM_8 > > AEAD_ARIA_128_GCM_12 > > AEAD_ARIA_256_GCM_12 > > > > These have all been removed as of version 09. Ben?s review of 09 made no > further mention of short tags. > > Thanks, but the text warning about them remains in the security > considerations section. Is it needed for some reason? > > Kathleen > > > > > Are there suites still in version 09 that you think need further > discussion in the security considerations? I think the authors would > happily add something if we can tell them what is needed, but I?m certainly > not the expert here. > > > > Ben. > > > > > > -- > > Best regards, > Kathleen > > > > ------------------------------ > > Message: 6 > Date: Thu, 3 Aug 2017 08:55:42 -0500 > From: Ben Campbell <ben@nostrum.com> > To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> > Cc: The IESG <iesg@ietf.org>, avtcore-chairs@ietf.org, Roni Even > <roni.even@huawei.com>, draft-ietf-avtcore-aria-srtp@ietf.org, > avt@ietf.org > Subject: Re: [AVTCORE] Kathleen Moriarty's No Objection on > draft-ietf-avtcore-aria-srtp-10: (with COMMENT) > Message-ID: <D2164284-D756-4193-AF5E-258FF8EFC09B@nostrum.com> > Content-Type: text/plain; charset=utf-8 > > > > On Aug 3, 2017, at 8:26 AM, Kathleen Moriarty < > kathleen.moriarty.ietf@gmail.com> wrote: > > > > Hi Ben, > > > > On Wed, Aug 2, 2017 at 11:15 PM, Ben Campbell <ben@nostrum.com> wrote: > >> > >>> On Aug 2, 2017, at 9:50 PM, Kathleen Moriarty < > kathleen.moriarty.ietf@gmail.com> wrote: > >>> > >>> Hi Ben, > >>> > >>> Thanks for the quick response, inline. > >>> > >>> On Wed, Aug 2, 2017 at 10:36 PM, Ben Campbell <ben@nostrum.com> wrote: > >>>> > >>>> > >>>> > >>>>> On Aug 2, 2017, at 8:50 PM, Kathleen Moriarty < > kathleen.moriarty.ietf@gmail.com> wrote: > >>>>> ------------------------------------------------------------ > ---------- > >>>>> COMMENT: > >>>>> ------------------------------------------------------------ > ---------- > >>>>> > >>>>> Although this is not a discuss, I think updated text would be very > helpful on > >>>>> the following two issues. > >>>>> > >>>>> I agree with the SecDir reviewer that there should be more text > around the > >>>>> short tag length in the security considerations section. I don't > see a > >>>>> response to that post though. > >>>>> > >>>> > >>>> Hi Kathleen, > >>>> > >>>> I think you are referring to Ben Laurie?s SecDir review of 06, rather > than his later review of 09. Is that correct? Version 9 removed the GCM_8 > modes. Or were you referring to something else? > >>> > >>> I am referring to Ben's review of -06, where he had the following text: > >>> > >>> Thirdly, I am not familiar enough with SRTP to understand why short > >>> authentication tags are needed, but in general its a bad idea, so I > >>> feel the Security Considerations should explain more fully than > >>> "Ciphersuites with short tag length may be > >>> considered for specific application environments stated in 7.5 of > >>> [RFC3711], but the risk of weak authentication described in > >>> Section 9.5.1 of [RFC3711] should be taken into account." > >>> > >>> I don't see an update to this text to address his question - providing > >>> additional information as to what should be "taken into account?. > >> > >> I had assumed his concern was about short tags in GCM mode, namely the > following: > >> > >> AEAD_ARIA_128_GCM_8 > >> AEAD_ARIA_256_GCM_8 > >> AEAD_ARIA_128_GCM_12 > >> AEAD_ARIA_256_GCM_12 > >> > >> These have all been removed as of version 09. Ben?s review of 09 made > no further mention of short tags. > > > > Thanks, but the text warning about them remains in the security > > considerations section. Is it needed for some reason? > > > > Ah, I get it?I thought you were asking for _more_ text :-). I think they > put that in as a result of the 06 review, but didn?t take it out when they > removed those modes. I will verify that the authors don?t think the warning > applies to any of the remaining. > > Ben. > > > Kathleen > > > >> > >> Are there suites still in version 09 that you think need further > discussion in the security considerations? I think the authors would > happily add something if we can tell them what is needed, but I?m certainly > not the expert here. > >> > >> Ben. > >> > > > > > > > > -- > > > > Best regards, > > Kathleen > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Audio/Video Transport Core Maintenance > avt@ietf.org > https://www.ietf.org/mailman/listinfo/avt > > > ------------------------------ > > End of avt Digest, Vol 160, Issue 2 > *********************************** >
- [AVTCORE] help Qasim Y. Khan