Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-08: (with DISCUSS and COMMENT)
Harald Alvestrand <harald@alvestrand.no> Tue, 13 February 2024 13:50 UTC
Return-Path: <harald@alvestrand.no>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B0D6C15109E; Tue, 13 Feb 2024 05:50:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qOZXxA08dXwK; Tue, 13 Feb 2024 05:50:57 -0800 (PST)
Received: from smtp.alvestrand.no (smtp.alvestrand.no [65.21.189.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FE62C151524; Tue, 13 Feb 2024 05:50:18 -0800 (PST)
Received: from [100.82.175.86] (unknown [104.132.27.86]) by smtp.alvestrand.no (Postfix) with ESMTPSA id AF2E7486C0; Tue, 13 Feb 2024 14:50:16 +0100 (CET)
Content-Type: multipart/alternative; boundary="------------UO2zRjuqQjKzk66YeUYFcSMC"
Message-ID: <cdda2693-00d9-4205-84c9-ee6ae343326c@alvestrand.no>
Date: Tue, 13 Feb 2024 14:50:16 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: "Eric Vyncke (evyncke)" <evyncke=40cisco.com@dmarc.ietf.org>, Bernard Aboba <bernard.aboba@gmail.com>
Cc: The IESG <iesg@ietf.org>, "draft-ietf-avtcore-rtp-scip@ietf.org" <draft-ietf-avtcore-rtp-scip@ietf.org>, "avtcore-chairs@ietf.org" <avtcore-chairs@ietf.org>, "avt@ietf.org" <avt@ietf.org>, "jonathan.lennox@8x8.com" <jonathan.lennox@8x8.com>
References: <170688085244.27140.3271707817213892752@ietfa.amsl.com> <CAOW+2dsV=0Ku4qhG8NODwyryMtoDzBGyqKGaxqdVLPb05BLhkQ@mail.gmail.com> <BB342F86-32C9-4F1D-95BD-A8ACB5BED0EF@cisco.com>
From: Harald Alvestrand <harald@alvestrand.no>
In-Reply-To: <BB342F86-32C9-4F1D-95BD-A8ACB5BED0EF@cisco.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/jOAOg2xf-g7yJ1xqIF9HT-61_OI>
Subject: Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf-avtcore-rtp-scip-08: (with DISCUSS and COMMENT)
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Feb 2024 13:50:59 -0000
On 2/5/24 12:40, Eric Vyncke (evyncke) wrote: > > Hello Bernard, > > The SCIP specification was indeed provided t/o /the IESG, thanks for that. > > My remaining issue should be trivial to address, let me repeat it with > other words. There are two assertions in the text about the security > of SCIP: > > - in the abstract: -`SCIP is an application layer protocol that > provides ... security services such as confidentiality and integrity > protection` > > - in section 2, 4^th paragraph: `The SCIP protocol defined in SCIP-210 > [SCIP210] includes ... security services such as end-to-end > confidentiality and integrity protection.` > > Those claims have not been verified explicitly by the IETF community, > i.e., they cannot appear like that in an IETF stream document. > This seems like a very finicky kind of requirement. Possibly a more palatable way of stating this would be "The SCIP protocol defined in SCIP-210 [SCIP210] states that it includes security services such as ..." - making it clear that this is a statement of what the non-IETF document claims, not about what the protocol actually provides. But in general, I find the argument about "IETF requires inspectability of the carried material" argument hard to follow - after all, TCP and UDP were explicitly defined not to make any claims about the bytes they carry. > As I suggested in my DISCUSS, restricting the claim by removing the > implicit IETF support with statement like “The SCIP WG of ???” (with > “???” being “NATO” or “US Department of Defense” or ... > > Or even a clear disclaimer at the abstract/introduction (or an IESG > note) with text such as “The IETF has not conducted a security review > of SCIP and therefore has not verified the claims contained in this > document”. > > Regards > > -éric > > // > > *From: *Bernard Aboba <bernard.aboba@gmail.com> > *Date: *Friday, 2 February 2024 at 22:19 > *To: *Eric Vyncke <evyncke@cisco.com> > *Cc: *The IESG <iesg@ietf.org>, "draft-ietf-avtcore-rtp-scip@ietf.org" > <draft-ietf-avtcore-rtp-scip@ietf.org>, "avtcore-chairs@ietf.org" > <avtcore-chairs@ietf.org>, "avt@ietf.org" <avt@ietf.org>, > "jonathan.lennox@8x8.com" <jonathan.lennox@8x8.com> > *Subject: *Re: Éric Vyncke's Discuss on > draft-ietf-avtcore-rtp-scip-08: (with DISCUSS and COMMENT) > > Eric said: > > "Indeed, all IETF stream documents require that the IETF community was > able to > > review it. The nature of SCIP standard has prevented such review, > therefore, it > is not possible for an IETF stream document to make those claims (that > are > > probably correct)." > > [BA] As has been the case with other RTP payload specifications (e.g. > EVC RTP Payload), arrangements were made to provide the SCIP > specification to the IETF community. I as well as other WG > participants made requests for the SCIP specification and were > provided with it. > > Was an IESG member who requested the SCIP specification denied > access? If so, this is probably more of an oversight than an > intentional denial. > > On Fri, Feb 2, 2024 at 5:34 AM Éric Vyncke via Datatracker > <noreply@ietf.org> wrote: > > Éric Vyncke has entered the following ballot position for > draft-ietf-avtcore-rtp-scip-08: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut > this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > > for more information about how to handle DISCUSS and COMMENT > positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-avtcore-rtp-scip/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > > # Éric Vyncke, INT AD, comments for draft-ietf-avtcore-rtp-scip-05 > > Thank you for the work put into this document. Alas, even after > some email > discussions with the authors, the core of my discuss is still > there. So, I > cannot clear my discuss. > > Previous DISCUSS is at: > https://mailarchive.ietf.org/arch/msg/avt/xFC3Ux9AfYt3e5T0GSzrasQe_j4/ > > # DISCUSS > > As noted in > https://www.ietf.org/blog/handling-iesg-ballot-positions/, a > DISCUSS ballot is a request to have a discussion on the following > topics: > > ## Section 3 and abstract > > I am afraid that without free and public access to the IETF > community (whether > informational or normative) to the SCIP protocol itself, the IETF > stream cannot > publish any document (even informational or experimental) with the > following > assertions/claims: > > - `SCIP is an application layer protocol that provides ... > security services > such as confidentiality and integrity protection` - `The SCIP > protocol defined > in SCIP-210 [SCIP210] includes ... security services such as > end-to-end > confidentiality and integrity protection.` > > Indeed, all IETF stream documents require that the IETF community > was able to > review it. The nature of SCIP standard has prevented such review, > therefore, it > is not possible for an IETF stream document to make those claims > (that are > probably correct). > > Suggest removing any such claim from the text or rephrasing them > so that they > do not appear as an IETF claim, e.g., "NATO claims that..." or > "NATO certifies > that ..." > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > # COMMENTS > > ## Abstract > > Is there a reason why is SDP expanded and not RTP ? > > ## Section 1 > > Unsure whether the following text has a place into an IETF RFC > `This document > provides a reference for network security policymakers, network > equipment OEMs, > procurement personnel, and government agency and commercial industry > representatives.`. Suggest to remove it. > > I wonder to wonder whether the USA has left NATO ? The text `SCIP > is presently > implemented in United States and NATO` seems to indicate that the > USA are not > included in NATO. > > ## Section 1.2 > > The DTX acronym is expanded twice and never used. Suggest to > remove it. > > ## Section 2 > > Per `Secure Communication Interoperability Protocol (SCIP) allows the > negotiation of several voice, data, and video applications`, it > appears that > SCIP can also be used for *data*, but this document is only about > video/audio. > I.e., some text should explain to the reader what happens to the data. > > Please explain what is a STANAG or provide an informational > reference to STANAG > 5068. > > The reader will welcome explanations about the numbers in > `scip/8000 and > scip/90000` (e.g., by a reference to section 5) > > ## Section 3.1 > > Should there be informative references for MELPe, G.729D ? > > Is this subsection useful ? This document is about RTP payload and > this > subsection is more fit for the SCIP endpoints themselves. But, I > am neither a > transport nor an application expert, so, feel free to keep this > subsection. > > # NITS > > The official name of the UNO member state is "United States of > America" and not > simply "United States". > > > > _______________________________________________ > Audio/Video Transport Core Maintenance > avt@ietf.org > https://www.ietf.org/mailman/listinfo/avt
- [AVTCORE] Éric Vyncke's Discuss on draft-ietf-avt… Éric Vyncke via Datatracker
- Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf… Dan.Hanson@gd-ms.com
- Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf… Bernard Aboba
- Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf… Eric Vyncke (evyncke)
- Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf… Bernard Aboba
- Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf… Eric Vyncke (evyncke)
- Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf… Dan.Hanson@gd-ms.com
- Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf… Harald Alvestrand
- Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf… Eric Vyncke (evyncke)
- Re: [AVTCORE] Éric Vyncke's Discuss on draft-ietf… Dan.Hanson@gd-ms.com