IETF Logo Mail Archive

Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-08: (with DISCUSS and COMMENT)

Bernard Aboba <bernard.aboba@gmail.com> Mon, 05 February 2024 12:13 UTC

Return-Path: <bernard.aboba@gmail.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EBADC1519A2; Mon, 5 Feb 2024 04:13:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WvV2Xxe_8osY; Mon, 5 Feb 2024 04:13:07 -0800 (PST)
Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com [IPv6:2607:f8b0:4864:20::42a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21418C15199D; Mon, 5 Feb 2024 04:13:07 -0800 (PST)
Received: by mail-pf1-x42a.google.com with SMTP id d2e1a72fcca58-6e0507eb60cso126077b3a.3; Mon, 05 Feb 2024 04:13:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1707135186; x=1707739986; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=X0Q4ifmB1mAIIl7WZhWns+fgZTcRffMjBtZUMUTRmPw=; b=kyaLL+1N4B1AiOs0FrWOQrARV/IVWupV6jp2ahBFfYEiGg+ldCjrNuPCUc9RR0pObM FqOUcv9q8N3IH6YMuGltEREwDmejgvCYdJ+RyFaTdaskCiN1FH2YKqwwcNC1hmmU6WIH ml+ScRRyYFLMvO9RO+q3jXmU+T6GU+6qAH4q052LwR/o0HXeSg1gVmG6NTY3KYApI+Mm RIVgaHFMKClTGQ6/M93z6jTA0zEB5PRTiPttXcwI5xgOkoHwCEU9feRDFceC/TB7iegT kP2nHeZAkNLI69HGSn9Ug6CmLfh437KNA0qJAN+qRl79PNPzAsrqWMGD6+tnARkYcbYS vtTg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707135186; x=1707739986; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=X0Q4ifmB1mAIIl7WZhWns+fgZTcRffMjBtZUMUTRmPw=; b=iDPMACasBVB5UEupEWEEbIEHfgY9O8L9CIXDIN+u/p5kzqz+pbPrMOAU1D3FEAUmai DiJcK9UPxmU9kB2q8/9kcG6K3KmydOGBcogKMe1j2qPdjz2Ck0i/0D41sQYwsN4o9w4D XkfmQJ/VT3AKh8VD/OfsiEFV0qTdYdwYCzCIrMu6w/2BFlU+eBMYnyjEGq3IPTNCP5xl W8LoFS3gY9BcjqQVMsJxwNlUWHNlG3gP83Au8WVX9bpXq+KBFJpHO2ApqgBvDoLqq7d+ IjRwqW7MH6d4GrnXvh0pxZOCLNGUHvVbc9gBGbuSLYLlz1dF7CGfOSjXg2ljpN6XgnNz bhpw==
X-Gm-Message-State: AOJu0Yz6Kl2Vd9UQi7zQhWvbPMwmD3psNVEgi3VBhNfXKz9t2m0IBtvJ 5tZoF7idVhX9pov34zfvdpExH2VsUXVzTaDpHSIbNkLw5gjWbqxJThdxZeBGla365pi1glwyBwK 4ITqUWssjgcnoipTh8zCqH1GsYm0=
X-Google-Smtp-Source: AGHT+IFO8Q4VilSFp2acCWxpn+aOMUBj4eRyK5dBxzzT5OZ3nTJXVdxoMheBBgyZoksgHC5WEwRfOfpCMFF/GexLtSw=
X-Received: by 2002:a05:6a00:23cb:b0:6db:d978:9047 with SMTP id g11-20020a056a0023cb00b006dbd9789047mr19030835pfc.1.1707135185974; Mon, 05 Feb 2024 04:13:05 -0800 (PST)
MIME-Version: 1.0
References: <170688085244.27140.3271707817213892752@ietfa.amsl.com> <CAOW+2dsV=0Ku4qhG8NODwyryMtoDzBGyqKGaxqdVLPb05BLhkQ@mail.gmail.com> <BB342F86-32C9-4F1D-95BD-A8ACB5BED0EF@cisco.com>
In-Reply-To: <BB342F86-32C9-4F1D-95BD-A8ACB5BED0EF@cisco.com>
From: Bernard Aboba <bernard.aboba@gmail.com>
Date: Mon, 05 Feb 2024 04:12:54 -0800
Message-ID: <CAOW+2duJw65dies62FO5aDJHi_PHjTYq2M9qh1yddz=CFV=jXw@mail.gmail.com>
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
Cc: The IESG <iesg@ietf.org>, "draft-ietf-avtcore-rtp-scip@ietf.org" <draft-ietf-avtcore-rtp-scip@ietf.org>, "avtcore-chairs@ietf.org" <avtcore-chairs@ietf.org>, "avt@ietf.org" <avt@ietf.org>, "jonathan.lennox@8x8.com" <jonathan.lennox@8x8.com>
Content-Type: multipart/alternative; boundary="00000000000057fe880610a1624f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/i4vKOv-4udgnQtq_qmpOSuOwMus>
Subject: Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-08: (with DISCUSS and COMMENT)
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Feb 2024 12:13:11 -0000

Eric --

Something along the lines you suggest seems viable.  Since Sahed's DISCUSS
comment relates to what is done in SCIP versus higher layers such (S)RTP
and cryptex, some discussion of the SCIP negotiation will be needed.

On Mon, Feb 5, 2024 at 3:40 AM Eric Vyncke (evyncke) <evyncke@cisco.com>
wrote:

> Hello Bernard,
>
>
>
> The SCIP specification was indeed provided t*o *the IESG, thanks for that.
>
>
>
> My remaining issue should be trivial to address, let me repeat it with
> other words. There are two assertions in the text about the security of
> SCIP:
>
> - in the abstract: -`SCIP is an application layer protocol that provides
> ... security services such as confidentiality and integrity protection`
>
> - in section 2, 4th paragraph: `The SCIP protocol defined in SCIP-210
> [SCIP210] includes ... security services such as end-to-end confidentiality
> and integrity protection.`
>
>
>
> Those claims have not been verified explicitly by the IETF community,
> i.e., they cannot appear like that in an IETF stream document.
>
>
>
> As I suggested in my DISCUSS, restricting the claim by removing the
> implicit IETF support with statement like “The SCIP WG of ???” (with “???”
> being “NATO” or “US Department of Defense” or ...
>
>
>
> Or even a clear disclaimer at the abstract/introduction (or an IESG note)
> with text such as “The IETF has not conducted a security review of SCIP and
> therefore has not verified the claims contained in this document”.
>
>
>
> Regards
>
>
>
> -éric
>
>
>
>
>
>
>
> *From: *Bernard Aboba <bernard.aboba@gmail.com>
> *Date: *Friday, 2 February 2024 at 22:19
> *To: *Eric Vyncke <evyncke@cisco.com>
> *Cc: *The IESG <iesg@ietf.org>, "draft-ietf-avtcore-rtp-scip@ietf.org" <
> draft-ietf-avtcore-rtp-scip@ietf.org>, "avtcore-chairs@ietf.org" <
> avtcore-chairs@ietf.org>, "avt@ietf.org" <avt@ietf.org>, "
> jonathan.lennox@8x8.com" <jonathan.lennox@8x8.com>
> *Subject: *Re: Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-08:
> (with DISCUSS and COMMENT)
>
>
>
> Eric said:
>
>
>
> "Indeed, all IETF stream documents require that the IETF community was
> able to
>
> review it. The nature of SCIP standard has prevented such review, therefore, it
>
> is not possible for an IETF stream document to make those claims (that are
>
> probably correct)."
>
>
>
> [BA] As has been the case with other RTP payload specifications (e.g. EVC
> RTP Payload), arrangements were made to provide the SCIP specification to
> the IETF community.  I as well as other WG participants made requests for
> the SCIP specification and were provided with it.
>
>
>
> Was an IESG member who requested the SCIP specification denied access?  If
> so, this is probably more of an oversight than an intentional denial.
>
>
>
>
>
>
>
> On Fri, Feb 2, 2024 at 5:34 AM Éric Vyncke via Datatracker <
> noreply@ietf.org> wrote:
>
> Éric Vyncke has entered the following ballot position for
> draft-ietf-avtcore-rtp-scip-08: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to
> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
> for more information about how to handle DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-avtcore-rtp-scip/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
>
> # Éric Vyncke, INT AD, comments for draft-ietf-avtcore-rtp-scip-05
>
> Thank you for the work put into this document. Alas, even after some email
> discussions with the authors, the core of my discuss is still there. So, I
> cannot clear my discuss.
>
> Previous DISCUSS is at:
> https://mailarchive.ietf.org/arch/msg/avt/xFC3Ux9AfYt3e5T0GSzrasQe_j4/
>
> # DISCUSS
>
> As noted in https://www.ietf.org/blog/handling-iesg-ballot-positions/, a
> DISCUSS ballot is a request to have a discussion on the following topics:
>
> ## Section 3 and abstract
>
> I am afraid that without free and public access to the IETF community
> (whether
> informational or normative) to the SCIP protocol itself, the IETF stream
> cannot
> publish any document (even informational or experimental) with the
> following
> assertions/claims:
>
> - `SCIP is an application layer protocol that provides ... security
> services
> such as confidentiality and integrity protection` - `The SCIP protocol
> defined
> in SCIP-210 [SCIP210] includes ... security services such as end-to-end
> confidentiality and integrity protection.`
>
> Indeed, all IETF stream documents require that the IETF community was able
> to
> review it. The nature of SCIP standard has prevented such review,
> therefore, it
> is not possible for an IETF stream document to make those claims (that are
> probably correct).
>
> Suggest removing any such claim from the text or rephrasing them so that
> they
> do not appear as an IETF claim, e.g., "NATO claims that..." or "NATO
> certifies
> that ..."
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
>
> # COMMENTS
>
> ## Abstract
>
> Is there a reason why is SDP expanded and not RTP ?
>
> ## Section 1
>
> Unsure whether the following text has a place into an IETF RFC `This
> document
> provides a reference for network security policymakers, network equipment
> OEMs,
> procurement personnel, and government agency and commercial industry
> representatives.`. Suggest to remove it.
>
> I wonder to wonder whether the USA has left NATO ? The text `SCIP is
> presently
> implemented in United States and NATO` seems to indicate that the USA are
> not
> included in NATO.
>
> ## Section 1.2
>
> The DTX acronym is expanded twice and never used. Suggest to remove it.
>
> ## Section 2
>
> Per `Secure Communication Interoperability Protocol (SCIP) allows the
> negotiation of several voice, data, and video applications`, it appears
> that
> SCIP can also be used for *data*, but this document is only about
> video/audio.
> I.e., some text should explain to the reader what happens to the data.
>
> Please explain what is a STANAG or provide an informational reference to
> STANAG
> 5068.
>
> The reader will welcome explanations about the numbers in `scip/8000 and
> scip/90000` (e.g., by a reference to section 5)
>
> ## Section 3.1
>
> Should there be informative references for MELPe, G.729D ?
>
> Is this subsection useful ? This document is about RTP payload and this
> subsection is more fit for the SCIP endpoints themselves. But, I am
> neither a
> transport nor an application expert, so, feel free to keep this subsection.
>
> # NITS
>
> The official name of the UNO member state is "United States of America"
> and not
> simply "United States".
>
>
>

v2.23.0 | Report a Bug | By Email