IETF Logo Mail Archive

Re: [avtext] Kathleen Moriarty's No Objection on draft-ietf-avtext-splicing-notification-07: (with COMMENT)

kathleen.moriarty.ietf@gmail.com Mon, 20 June 2016 13:14 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: avtext@ietfa.amsl.com
Delivered-To: avtext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3358F12D0C9; Mon, 20 Jun 2016 06:14:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C2LR9OKZIRX3; Mon, 20 Jun 2016 06:14:16 -0700 (PDT)
Received: from mail-qk0-x236.google.com (mail-qk0-x236.google.com [IPv6:2607:f8b0:400d:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07F0212D0A7; Mon, 20 Jun 2016 06:14:16 -0700 (PDT)
Received: by mail-qk0-x236.google.com with SMTP id t127so38967151qkf.1; Mon, 20 Jun 2016 06:14:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=r4hwuRISoJCReA7c199+rDoJ4EtG0WUtAGW3kipBWSk=; b=WPMzYka5ZdnQcH1km6ytj5oNV9rhxVM8oW6iJaZw0wIIBk2yVTAht97YcvuTl6wolu IdjjXBYR0pcTfeGcIgqVSRadPvshxLFN45at8si2WJcvaSnQrNwYHLxy5LR4lfw7yX11 mnQeMsxO7zP8sBSXqJf5PhiyZacgU5rCNJqkzEUm96AzeUq/chYnarPb96LeUIYTadXa hzPNsbjLnjOwfl8g9aokAUsu3I5ejcMeHo57l1RuCCH91Xmhx+85loDDcN761WhkMVUg BbXj0AXslKGiMqSlIIyxs+FaolHmGLlmJJ7IokITcAFeqP+kKsUAoT6vwjFbashcGEuS wrzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=r4hwuRISoJCReA7c199+rDoJ4EtG0WUtAGW3kipBWSk=; b=Yw0engVo6aCZ73LzGXTVsczbkf/BmUj3ceZGbLVcBKWFEyKJLHNZw/GZU1DrLjHRmw msmnMdirtnRTayJA41RBX9s67LzzfzvVgMp+NpHL2fti+7qn1gISWjTVRU7Rmuzm8Ph7 TmGDNkcJHa4L0HMcDAb1Zwef+dmhppELqtl5qA+h7/FDgSHrfc/gIAc/7ev+5rPg/OR4 jBhuqUvwHLdSzDWkLbVP3wXzY22iesJOOUcgr4n+ctGU/VWmOeVGwvVLs12wvVFKDmeI fdoi2reiFk5pcoTrJKbMn8MCarlmOOgfMqsXJk35h3OmuDz9Dk5FHJzGCZ4PPFflLWlW MuJQ==
X-Gm-Message-State: ALyK8tJkdcrnNpNJpN4DHLYjVqpg3JUUFCowZgcu74oG/h/LRDHskOr7d7zQ13G5p6TpXg==
X-Received: by 10.55.212.133 with SMTP id s5mr20318283qks.85.1466428451300; Mon, 20 Jun 2016 06:14:11 -0700 (PDT)
Received: from [192.168.1.3] (209-6-124-204.c3-0.arl-ubr1.sbo-arl.ma.cable.rcn.com. [209.6.124.204]) by smtp.gmail.com with ESMTPSA id t1sm20723674qke.18.2016.06.20.06.14.10 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 20 Jun 2016 06:14:10 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: kathleen.moriarty.ietf@gmail.com
X-Mailer: iPhone Mail (12H143)
In-Reply-To: <6BB6D77A-579F-4690-8582-A6B41A70CB4C@kuehlewind.net>
Date: Mon, 20 Jun 2016 09:14:10 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <A3B3AC0F-40D9-418F-94CA-0B2988471BA3@gmail.com>
References: <20160615183734.26197.55835.idtracker@ietfa.amsl.com> <B8BB63C9-B261-4BBC-8CEE-5058010A8D8C@csperkins.org> <6BB6D77A-579F-4690-8582-A6B41A70CB4C@kuehlewind.net>
To: "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/avtext/AuBK1-nRMqdp_pxYb_PH_U8chOU>
Cc: "jonathan@vidyo.com" <jonathan@vidyo.com>, "avtext@ietf.org" <avtext@ietf.org>, "avtext-chairs@ietf.org" <avtext-chairs@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-avtext-splicing-notification@ietf.org" <draft-ietf-avtext-splicing-notification@ietf.org>, Colin Perkins <csp@csperkins.org>
Subject: Re: [avtext] Kathleen Moriarty's No Objection on draft-ietf-avtext-splicing-notification-07: (with COMMENT)
X-BeenThere: avtext@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Audio/Video Transport Extensions working group discussion list <avtext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avtext>, <mailto:avtext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avtext/>
List-Post: <mailto:avtext@ietf.org>
List-Help: <mailto:avtext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avtext>, <mailto:avtext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jun 2016 13:14:21 -0000


Sent from my iPhone

> On Jun 20, 2016, at 5:29 AM, Mirja Kuehlewind (IETF) <ietf@kuehlewind.net> wrote:
> 
> Hi Colin,
> 
> see below.
> 
>>> Am 16.06.2016 um 00:34 schrieb Colin Perkins <csp@csperkins.org>:
>>> 
>>> On 15 Jun 2016, at 19:37, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote:
>>> 
>>> Kathleen Moriarty has entered the following ballot position for
>>> draft-ietf-avtext-splicing-notification-07: No Objection
>>> 
>>> When responding, please keep the subject line intact and reply to all
>>> email addresses included in the To and CC lines. (Feel free to cut this
>>> introductory paragraph, however.)
>>> 
>>> 
>>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>>> for more information about IESG DISCUSS and COMMENT positions.
>>> 
>>> 
>>> The document, along with other ballot positions, can be found here:
>>> https://datatracker.ietf.org/doc/draft-ietf-avtext-splicing-notification/
>>> 
>>> 
>>> 
>>> ----------------------------------------------------------------------
>>> COMMENT:
>>> ----------------------------------------------------------------------
>>> 
>>> I strongly support Mirja's and Alia's discuss points and would like to
>>> see more of a discussion of the capability to hide splicing in the
>>> security considerations text.  My ballot would be discuss, but they
>>> pulled out the relevant sections and that would be duplication.  I'd like
>>> to review agreed upon text though to address these concerns.  
>>> 
>>> I don't like the idea of enabling a MiTM, but do see the draft talks
>>> about how to protect headers when this happens and confidentiality is
>>> needed as well as session protection between the endpoints and the
>>> splicer (which I don't like either, but you do call out the security
>>> considerations of this and that's what is needed).
>> 
>> The mechanism described doesn’t work unless the receiver explicitly chooses to receive media content delivered via the splicer. I agree that the draft could be more clearly written, but it doesn’t seem to be “enabling a MiTM” attack, since the receiver opts in.
> 
> This definitely need from clarification in the draft!

Yes, can we see some proposed text?  

Thank you,
Kathleen 
> 
> Mirja
> 
> 
>> 
>> -- 
>> Colin Perkins
>> https://csperkins.org/
>

v2.23.0 | Report a Bug | By Email