Re: [avtext] Stephen Farrell's Discuss on draft-ietf-avtext-splicing-notification-07: (with DISCUSS and COMMENT)
"Huangyihong (Rachel)" <rachel.huang@huawei.com> Tue, 21 June 2016 01:21 UTC
Return-Path: <rachel.huang@huawei.com>
X-Original-To: avtext@ietfa.amsl.com
Delivered-To: avtext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F161912DB00; Mon, 20 Jun 2016 18:21:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.647
X-Spam-Level:
X-Spam-Status: No, score=-5.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7JKkW6f2GZdO; Mon, 20 Jun 2016 18:21:43 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4C1B12DAF6; Mon, 20 Jun 2016 18:21:40 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml707-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CMH70573; Tue, 21 Jun 2016 01:21:38 +0000 (GMT)
Received: from NKGEML411-HUB.china.huawei.com (10.98.56.70) by lhreml707-cah.china.huawei.com (10.201.5.199) with Microsoft SMTP Server (TLS) id 14.3.235.1; Tue, 21 Jun 2016 02:21:37 +0100
Received: from NKGEML513-MBX.china.huawei.com ([169.254.1.81]) by nkgeml411-hub.china.huawei.com ([10.98.56.70]) with mapi id 14.03.0235.001; Tue, 21 Jun 2016 09:21:29 +0800
From: "Huangyihong (Rachel)" <rachel.huang@huawei.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
Thread-Topic: Stephen Farrell's Discuss on draft-ietf-avtext-splicing-notification-07: (with DISCUSS and COMMENT)
Thread-Index: AQHRx7/AweW8aYmvaU+udtkKRDujUJ/yGB+g//+XwYCAAXRBQA==
Date: Tue, 21 Jun 2016 01:21:29 +0000
Message-ID: <51E6A56BD6A85142B9D172C87FC3ABBB86ED87EB@nkgeml513-mbx.china.huawei.com>
References: <20160616111046.10405.20492.idtracker@ietfa.amsl.com> <51E6A56BD6A85142B9D172C87FC3ABBB86ED8585@nkgeml513-mbx.china.huawei.com> <5767CC71.4070907@cs.tcd.ie>
In-Reply-To: <5767CC71.4070907@cs.tcd.ie>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.78.128]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090201.576896A3.0006, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.1.81, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: f1db55e820b24b535e9658bb0ceac83e
Archived-At: <https://mailarchive.ietf.org/arch/msg/avtext/eJsAZJdxueAyljqQt7vnrQmM6as>
Cc: "draft-ietf-avtext-splicing-notification@ietf.org" <draft-ietf-avtext-splicing-notification@ietf.org>, "avtext@ietf.org" <avtext@ietf.org>, "avtext-chairs@ietf.org" <avtext-chairs@ietf.org>, "jonathan@vidyo.com" <jonathan@vidyo.com>
Subject: Re: [avtext] Stephen Farrell's Discuss on draft-ietf-avtext-splicing-notification-07: (with DISCUSS and COMMENT)
X-BeenThere: avtext@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Audio/Video Transport Extensions working group discussion list <avtext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avtext>, <mailto:avtext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avtext/>
List-Post: <mailto:avtext@ietf.org>
List-Help: <mailto:avtext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avtext>, <mailto:avtext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jun 2016 01:21:46 -0000
Hi Stephen, Please see inline. BR, Rachel > -----Original Message----- > From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] > Sent: Monday, June 20, 2016 6:59 PM > To: Huangyihong (Rachel); The IESG > Cc: draft-ietf-avtext-splicing-notification@ietf.org; avtext@ietf.org; > jonathan@vidyo.com; avtext-chairs@ietf.org > Subject: Re: Stephen Farrell's Discuss on > draft-ietf-avtext-splicing-notification-07: (with DISCUSS and COMMENT) > > > Hiya, > > On 20/06/16 11:42, Huangyihong (Rachel) wrote: > > Hi Stephen, > > > > Please see my replies inline. > > > > BR, Rachel > > > >> -----Original Message----- From: Stephen Farrell > >> [mailto:stephen.farrell@cs.tcd.ie] Sent: Thursday, June 16, 2016 > >> 7:11 PM To: The IESG Cc: > >> draft-ietf-avtext-splicing-notification@ietf.org; > >> avtext-chairs@ietf.org; jonathan@vidyo.com; avtext@ietf.org > >> Subject: Stephen Farrell's Discuss on > >> draft-ietf-avtext-splicing-notification-07: (with DISCUSS and > >> COMMENT) > >> > >> Stephen Farrell has entered the following ballot position for > >> draft-ietf-avtext-splicing-notification-07: Discuss > >> > >> When responding, please keep the subject line intact and reply to > >> all email addresses included in the To and CC lines. (Feel free to > >> cut this introductory paragraph, however.) > >> > >> > >> Please refer to > >> https://www.ietf.org/iesg/statement/discuss-criteria.html for more > >> information about IESG DISCUSS and COMMENT positions. > >> > >> > >> The document, along with other ballot positions, can be found > >> here: > >> https://datatracker.ietf.org/doc/draft-ietf-avtext-splicing-notification/ > >> > >> > >> > >> > >> > ---------------------------------------------------------------------- > >> DISCUSS: > >> ---------------------------------------------------------------------- > >> > >> > >> > >> > (1) Section 7, 3rd para: Saying that "splicer works as a trusted entity" > seems > >> wrong - you need to say who trusts whom for what I think. I also > >> don't get what you mean by saying there'll be a security > >> association between the splicer and the receiver, nor how that > >> might ever be possible if the splicer wants to hide what it's > >> doing. I think what you're after is some general statement that > >> splicing breaks all security unless all the parties involved share > >> the same security association. IIRC there is text like that in > >> other RTP documents that might be copied but I forget the detail. > > > > [Rachel]: Are you looking for such sentences? > > > > OLD " Since splicer works as a trusted entity, any RTP-level or > > outside security mechanism, such as IPsec[RFC4301] or Datagram > > Transport Layer Security [RFC6347], will use a security association > > between the splicer and the receiver. When using the Secure Real-Time > > Transport Protocol (SRTP) [RFC3711], the splicer could be provisioned > > with the same security association as the main RTP sender. " NEW " > > Since the splicer breaks RTP-level end-to-end security, it need to be > > a trusted device that is part of the signaling context and get the > > necessary security associations (e.g., SRTP crypto contexts) > > established with its RTP session participants. When using the Secure > > Real-Time Transport Protocol (SRTP) [RFC3711], the splicer could be > > provisioned with the same security association as the main RTP > > sender. " > > That's better yes, but I'd still recommend not saying "trusted > device" at all since that calls into question who is trusting it > for what and in this case the ultimate receiver doesn't usually > know the splicer is there at all and hence cannot trust it in > any meaningful sense. So I'd suggest: > > NEW: > > " > Since the splicer breaks RTP-level end-to-end security, it needs to > be part of the signaling context and be a part of the > necessary security associations (e.g., SRTP crypto contexts) > established for the RTP session participants. When using the Secure > Real-Time Transport Protocol (SRTP) [RFC3711], the splicer would > have to be > provisioned with the same security association as the main RTP > sender. > " [Rachel]: Looks better than mine^^. > > >> > >> (2) Section 7, 4th para: You say there is a case where header > >> extension encryption SHOULD be used - how would that work? If > >> there's a clear way to do it that'd get interop, then why is that > >> not described? If there are ways in which might or might not work, > >> or if some proprietary arrangements might be needed then how is it > >> ok to have a SHOULD there? I suspect that the right thing here may > >> be to not pretend that that can be done but to just stick with > >> saying that splicing is inherently not going to work if you use any > >> real security mechanisms, or something similar. > > > > [Rachel]: Yes. I agree. So we should use "MUST" here. > > > > OLD: " If there is a concern about the confidentiality of the > > splicing time information, header extension encryption [RFC6904] > > SHOULD be used. " > > > > NEW: > > > > " If there is a concern about the confidentiality of the splicing > > time information, header extension encryption [RFC6904] MUST be > > used. " > > That's clearer than a SHOULD, yes. I'm still not clear if this > MUST is something that just works or not though, can you clarify > that? (In general, I'd not recommend we add any MUST or SHOULD > at all if we're not confident that an implementer will actually > write and test that code and that it'd work.) > [Rachel]: Sorry, I misunderstood your point. I think you're right since actually I can't clarify that [RFC6904] is the only way to do this. So here's my new proposal: " If there is a concern about the confidentiality of the splicing time information, the header extension defined in this document MUST be also protected, for example, header extension encryption [RFC6904] can be used in this case. " > > > >> > >> (3) In discussion of RFC6828 there was some concern about possible > >> creation of loops. I forget the issues though, but wanted to check > >> this in case it also applies here. (See 4.5 of 6828 maybe or the > >> history for that RFC in the tracker.) > >> > >> > > > > [Rachel]: Yes, you're right. How about adding a new paragraph in > > Section 7 to discuss loops? > > > > " When implementing undetectable splicing, CSRC list, which can be > > used to detect RTP-level forwarding loops as defined in Section 8.2 > > of [RFC3550], may be removed to prevent receivers from detecting the > > splicing occurrence. Hence, loops could occur to cause packets to > > loop back to upstream of the splicer and may form a serious > > denial-of-service threat. In such a case, non-RTP means MUST be used > > to detect and resolve loops if the splicer does not add a CSRC list > > when forwarding the RTP packet. " > > That does look right to me, but since I don't understand it really, > I'll just believe you that it's ok:-) Are the "non-RTP means" that > could be used something that'd be clear to an implementer? If so, > then that'd be fine. If not, maybe you need to say what that means? [Rachel]: Sure. See following proposal " In such a case, non-RTP means, e.g., signaling among all the participants, MUST be used to detect and resolve loops if the splicer does not add a CSRC list when forwarding the RTP packet." > > > > >> ---------------------------------------------------------------------- > >> > >> > COMMENT: > >> ---------------------------------------------------------------------- > >> > >> > >> > >> > >> > - I agree with Alia's discuss, but suspect the ship has sailed. > >> (Sadly IMO, but sailed nonetheless.) > >> > >> - The security considerations here are similar to but not quite the > >> same as those in RFC6828 which I think was the last time a similar > >> document was before the IESG. I wondered if those differences were > >> significant or not, it might be no harm to commpare the two (if > >> that's not already been done) since they really ought be pretty > >> much the same. > >> > > > > [Rachel]: Not quite the same. This draft is about defining messages. > > And RFC6828 is one option scenario where these messages can be used. > > But people may use other models. But as suggested by Mirja, it's good > > to add some words to described what RFC 6828 is about. > > Fair enough, > Cheers, > S. > > > >
- Re: [avtext] Stephen Farrell's Discuss on draft-i… Huangyihong (Rachel)
- Re: [avtext] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [avtext] Stephen Farrell's Discuss on draft-i… Huangyihong (Rachel)
- [avtext] Stephen Farrell's Discuss on draft-ietf-… Stephen Farrell