Re: [avtext] Stephen Farrell's Discuss on draft-ietf-avtext-splicing-notification-07: (with DISCUSS and COMMENT)
"Huangyihong (Rachel)" <rachel.huang@huawei.com> Mon, 20 June 2016 10:42 UTC
Return-Path: <rachel.huang@huawei.com>
X-Original-To: avtext@ietfa.amsl.com
Delivered-To: avtext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1745E12B025; Mon, 20 Jun 2016 03:42:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.647
X-Spam-Level:
X-Spam-Status: No, score=-5.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 83QXCiHIh4Zt; Mon, 20 Jun 2016 03:42:25 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B05A12B006; Mon, 20 Jun 2016 03:42:24 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml708-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CMG75539; Mon, 20 Jun 2016 10:42:21 +0000 (GMT)
Received: from NKGEML412-HUB.china.huawei.com (10.98.56.73) by lhreml708-cah.china.huawei.com (10.201.5.202) with Microsoft SMTP Server (TLS) id 14.3.235.1; Mon, 20 Jun 2016 11:42:20 +0100
Received: from NKGEML513-MBX.china.huawei.com ([169.254.1.81]) by nkgeml412-hub.china.huawei.com ([10.98.56.73]) with mapi id 14.03.0235.001; Mon, 20 Jun 2016 18:42:14 +0800
From: "Huangyihong (Rachel)" <rachel.huang@huawei.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
Thread-Topic: Stephen Farrell's Discuss on draft-ietf-avtext-splicing-notification-07: (with DISCUSS and COMMENT)
Thread-Index: AQHRx7/AweW8aYmvaU+udtkKRDujUJ/yGB+g
Date: Mon, 20 Jun 2016 10:42:14 +0000
Message-ID: <51E6A56BD6A85142B9D172C87FC3ABBB86ED8585@nkgeml513-mbx.china.huawei.com>
References: <20160616111046.10405.20492.idtracker@ietfa.amsl.com>
In-Reply-To: <20160616111046.10405.20492.idtracker@ietfa.amsl.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.78.128]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020204.5767C88E.005B, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.1.81, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: f1db55e820b24b535e9658bb0ceac83e
Archived-At: <https://mailarchive.ietf.org/arch/msg/avtext/jVIdinFMsUseenhUlMeEFn761LI>
Cc: "draft-ietf-avtext-splicing-notification@ietf.org" <draft-ietf-avtext-splicing-notification@ietf.org>, "avtext@ietf.org" <avtext@ietf.org>, "jonathan@vidyo.com" <jonathan@vidyo.com>, "avtext-chairs@ietf.org" <avtext-chairs@ietf.org>
Subject: Re: [avtext] Stephen Farrell's Discuss on draft-ietf-avtext-splicing-notification-07: (with DISCUSS and COMMENT)
X-BeenThere: avtext@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Audio/Video Transport Extensions working group discussion list <avtext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avtext>, <mailto:avtext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avtext/>
List-Post: <mailto:avtext@ietf.org>
List-Help: <mailto:avtext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avtext>, <mailto:avtext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jun 2016 10:42:28 -0000
Hi Stephen, Please see my replies inline. BR, Rachel > -----Original Message----- > From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] > Sent: Thursday, June 16, 2016 7:11 PM > To: The IESG > Cc: draft-ietf-avtext-splicing-notification@ietf.org; avtext-chairs@ietf.org; > jonathan@vidyo.com; avtext@ietf.org > Subject: Stephen Farrell's Discuss on draft-ietf-avtext-splicing-notification-07: > (with DISCUSS and COMMENT) > > Stephen Farrell has entered the following ballot position for > draft-ietf-avtext-splicing-notification-07: Discuss > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines. (Feel free to cut this introductory > paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-avtext-splicing-notification/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > > (1) Section 7, 3rd para: Saying that "splicer works as a trusted entity" seems > wrong - you need to say who trusts whom for what I think. I also don't get what > you mean by saying there'll be a security association between the splicer and > the receiver, nor how that might ever be possible if the splicer wants to hide > what it's doing. I think what you're after is some general statement that > splicing breaks all security unless all the parties involved share the same > security association. IIRC there is text like that in other RTP documents that > might be copied but I forget the detail. [Rachel]: Are you looking for such sentences? OLD " Since splicer works as a trusted entity, any RTP-level or outside security mechanism, such as IPsec[RFC4301] or Datagram Transport Layer Security [RFC6347], will use a security association between the splicer and the receiver. When using the Secure Real-Time Transport Protocol (SRTP) [RFC3711], the splicer could be provisioned with the same security association as the main RTP sender. " NEW " Since the splicer breaks RTP-level end-to-end security, it need to be a trusted device that is part of the signaling context and get the necessary security associations (e.g., SRTP crypto contexts) established with its RTP session participants. When using the Secure Real-Time Transport Protocol (SRTP) [RFC3711], the splicer could be provisioned with the same security association as the main RTP sender. " > > (2) Section 7, 4th para: You say there is a case where header extension > encryption SHOULD be used - how would that work? If there's a clear way to do > it that'd get interop, then why is that not described? If there are ways in which > might or might not work, or if some proprietary arrangements might be needed > then how is it ok to have a SHOULD there? I suspect that the right thing here > may be to not pretend that that can be done but to just stick with saying that > splicing is inherently not going to work if you use any real security mechanisms, > or something similar. [Rachel]: Yes. I agree. So we should use "MUST" here. OLD: " If there is a concern about the confidentiality of the splicing time information, header extension encryption [RFC6904] SHOULD be used. " NEW: " If there is a concern about the confidentiality of the splicing time information, header extension encryption [RFC6904] MUST be used. " > > (3) In discussion of RFC6828 there was some concern about possible creation of > loops. I forget the issues though, but wanted to check this in case it also > applies here. (See 4.5 of > 6828 maybe or the history for that RFC in the tracker.) > > [Rachel]: Yes, you're right. How about adding a new paragraph in Section 7 to discuss loops? " When implementing undetectable splicing, CSRC list, which can be used to detect RTP-level forwarding loops as defined in Section 8.2 of [RFC3550], may be removed to prevent receivers from detecting the splicing occurrence. Hence, loops could occur to cause packets to loop back to upstream of the splicer and may form a serious denial-of-service threat. In such a case, non-RTP means MUST be used to detect and resolve loops if the splicer does not add a CSRC list when forwarding the RTP packet. " > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > > - I agree with Alia's discuss, but suspect the ship has sailed. > (Sadly IMO, but sailed nonetheless.) > > - The security considerations here are similar to but not quite the same as > those in RFC6828 which I think was the last time a similar document was > before the IESG. I wondered if those differences were significant or not, it > might be no harm to commpare the two (if that's not already been done) since > they really ought be pretty much the same. > [Rachel]: Not quite the same. This draft is about defining messages. And RFC6828 is one option scenario where these messages can be used. But people may use other models. But as suggested by Mirja, it's good to add some words to described what RFC 6828 is about.
- Re: [avtext] Stephen Farrell's Discuss on draft-i… Huangyihong (Rachel)
- Re: [avtext] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [avtext] Stephen Farrell's Discuss on draft-i… Huangyihong (Rachel)
- [avtext] Stephen Farrell's Discuss on draft-ietf-… Stephen Farrell