Re: [AVTCORE] Roman Danyliw's No Objection on draft-ietf-avtcore-multi-party-rtt-mix-18: (with COMMENT)

Gunnar Hellström <gunnar.hellstrom@ghaccess.se> Tue, 25 May 2021 20:42 UTC

Return-Path: <gunnar.hellstrom@ghaccess.se>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EB263A0874; Tue, 25 May 2021 13:42:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=egensajt.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IMBw81nZEKgn; Tue, 25 May 2021 13:42:28 -0700 (PDT)
Received: from smtp.egensajt.se (smtp.egensajt.se [194.68.80.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE50B3A0815; Tue, 25 May 2021 13:42:27 -0700 (PDT)
Received: from [192.168.2.137] (h77-53-37-81.cust.a3fiber.se [77.53.37.81]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: gunnar.hellstrom@ghaccess.se) by smtp.egensajt.se (Postfix) with ESMTPSA id 4039D209A0; Tue, 25 May 2021 22:42:23 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=egensajt.se; s=dkim; t=1621975343; bh=mmXI9n/XhcUJV/rtja2YZcszP2AOsMlpKcFmbCskYQk=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=Ep8h3GgLES90AcKxO4K8jBmgLa2mc2bDQk4bzaD2+aGNMEfyWCqKhMqiZ0k5PDzGZ oTKO9DeNj7lCZUTwvDLQfxNIheToc/au71LjTqr9ZL6/LYton6l83KSCXjpHRbmE5c RyItneVDS3Plaf5gMtNaj2+ef5I2IZ/RaSqBLZRM=
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
Cc: draft-ietf-avtcore-multi-party-rtt-mix@ietf.org, avtcore-chairs@ietf.org, avt@ietf.org, bernard.aboba@gmail.com
References: <162139124891.22846.16818872777832269848@ietfa.amsl.com>
From: =?UTF-8?Q?Gunnar_Hellstr=c3=b6m?= <gunnar.hellstrom@ghaccess.se>
Message-ID: <9e367a69-a035-cf03-5789-50f8c0cd4d33@ghaccess.se>
Date: Tue, 25 May 2021 22:42:20 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.2
MIME-Version: 1.0
In-Reply-To: <162139124891.22846.16818872777832269848@ietfa.amsl.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: sv
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/kx5R6W-7a9kNEOfEnvMimqJfRYI>
Subject: Re: [AVTCORE] Roman Danyliw's No Objection on draft-ietf-avtcore-multi-party-rtt-mix-18: (with COMMENT)
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 May 2021 20:42:33 -0000

Roman,

Thank you for the review,

please see answers inline,

Den 2021-05-19 kl. 04:27, skrev Roman Danyliw via Datatracker:
> Roman Danyliw has entered the following ballot position for
> draft-ietf-avtcore-multi-party-rtt-mix-18: No Objection
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-avtcore-multi-party-rtt-mix/
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Thank you to Rich Salz for the SECDIR review.
>
> ** Section 11.  Per “Participants with malicious intentions may appear ...”,
> this text seems to be describing an attacker that is party to the call.  If the
> mitigations suggested in the next sentence (i.e., secure signaling ... and
> authentication) aren’t present, this style of attack may also be possible by an
> on-path attacker as might be simple eavesdropping or injection of arbitrary
> content.
[GH] I added this sentence in section 11: "Care should be taken that if 
use of the mixer is allowed for users both with and without security 
procedures, opens for possible attacks by both unauthenticated call 
participants and even eavesdropping and manipulating of content 
non-participants."
>
> ** Section 11. Would the caution of the mixer not revealing that a user is
> hearing or speech impaired noted in Section 8 of RFC5194 apply here too?
[GH] Yes. How about inserting this sentence in section 8: " The services 
available through the RTT mixer may have special interest for deaf and 
hard-of-hearing persons. Some users may want to refrain from revealing 
such characteristics broadly in conferences. The design of the 
conference systems where the mixer is included MAY need to be made with 
confidentiality of such characteristics in mind."

Thanks,

Gunnar

>
-- 
Gunnar Hellström
GHAccess
gunnar.hellstrom@ghaccess.se