Re: [avtext] Stephen Farrell's Discuss on draft-ietf-avtext-splicing-notification-07: (with DISCUSS and COMMENT)
Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 20 June 2016 10:59 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: avtext@ietfa.amsl.com
Delivered-To: avtext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 298F112D53C; Mon, 20 Jun 2016 03:59:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.727
X-Spam-Level:
X-Spam-Status: No, score=-5.727 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tGyDhMjHlatp; Mon, 20 Jun 2016 03:59:01 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 554DE12B006; Mon, 20 Jun 2016 03:59:01 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 82A83BDF9; Mon, 20 Jun 2016 11:58:59 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hXkGag7E7SMY; Mon, 20 Jun 2016 11:58:59 +0100 (IST)
Received: from [134.226.36.93] (bilbo.dsg.cs.tcd.ie [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id EF336BE29; Mon, 20 Jun 2016 11:58:58 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1466420339; bh=8wHCmV41OurMBu+KeANJK0AMsI4XfbCNEk3An31gFgE=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=a1F4jqwbiSX+yGxjb8MX4i4jbryMHLR3SoFunPapyHFdawQ+zD5n4ZmGRdwLyPt4b VsBq6bX2jQiuBwimtxX0Go9dBDQgN6Ow+U39nCr5lriZ33879j1uZmR1c2wfgdt/Yz ytrDMO2z4pq+/vmbFplLznl3IeSgCq1CFmzsvBho=
To: "Huangyihong (Rachel)" <rachel.huang@huawei.com>, The IESG <iesg@ietf.org>
References: <20160616111046.10405.20492.idtracker@ietfa.amsl.com> <51E6A56BD6A85142B9D172C87FC3ABBB86ED8585@nkgeml513-mbx.china.huawei.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <5767CC71.4070907@cs.tcd.ie>
Date: Mon, 20 Jun 2016 11:58:57 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <51E6A56BD6A85142B9D172C87FC3ABBB86ED8585@nkgeml513-mbx.china.huawei.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms010006090401090802080605"
Archived-At: <https://mailarchive.ietf.org/arch/msg/avtext/y79Wnnj52EaF5fPdjk1rwjmlIlg>
Cc: "draft-ietf-avtext-splicing-notification@ietf.org" <draft-ietf-avtext-splicing-notification@ietf.org>, "avtext@ietf.org" <avtext@ietf.org>, "avtext-chairs@ietf.org" <avtext-chairs@ietf.org>, "jonathan@vidyo.com" <jonathan@vidyo.com>
Subject: Re: [avtext] Stephen Farrell's Discuss on draft-ietf-avtext-splicing-notification-07: (with DISCUSS and COMMENT)
X-BeenThere: avtext@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Audio/Video Transport Extensions working group discussion list <avtext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avtext>, <mailto:avtext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avtext/>
List-Post: <mailto:avtext@ietf.org>
List-Help: <mailto:avtext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avtext>, <mailto:avtext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jun 2016 10:59:04 -0000
Hiya, On 20/06/16 11:42, Huangyihong (Rachel) wrote: > Hi Stephen, > > Please see my replies inline. > > BR, Rachel > >> -----Original Message----- From: Stephen Farrell >> [mailto:stephen.farrell@cs.tcd.ie] Sent: Thursday, June 16, 2016 >> 7:11 PM To: The IESG Cc: >> draft-ietf-avtext-splicing-notification@ietf.org; >> avtext-chairs@ietf.org; jonathan@vidyo.com; avtext@ietf.org >> Subject: Stephen Farrell's Discuss on >> draft-ietf-avtext-splicing-notification-07: (with DISCUSS and >> COMMENT) >> >> Stephen Farrell has entered the following ballot position for >> draft-ietf-avtext-splicing-notification-07: Discuss >> >> When responding, please keep the subject line intact and reply to >> all email addresses included in the To and CC lines. (Feel free to >> cut this introductory paragraph, however.) >> >> >> Please refer to >> https://www.ietf.org/iesg/statement/discuss-criteria.html for more >> information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found >> here: >> https://datatracker.ietf.org/doc/draft-ietf-avtext-splicing-notification/ >> >> >> >> >> ---------------------------------------------------------------------- >> DISCUSS: >> ---------------------------------------------------------------------- >> >> >> >> (1) Section 7, 3rd para: Saying that "splicer works as a trusted entity" seems >> wrong - you need to say who trusts whom for what I think. I also >> don't get what you mean by saying there'll be a security >> association between the splicer and the receiver, nor how that >> might ever be possible if the splicer wants to hide what it's >> doing. I think what you're after is some general statement that >> splicing breaks all security unless all the parties involved share >> the same security association. IIRC there is text like that in >> other RTP documents that might be copied but I forget the detail. > > [Rachel]: Are you looking for such sentences? > > OLD " Since splicer works as a trusted entity, any RTP-level or > outside security mechanism, such as IPsec[RFC4301] or Datagram > Transport Layer Security [RFC6347], will use a security association > between the splicer and the receiver. When using the Secure Real-Time > Transport Protocol (SRTP) [RFC3711], the splicer could be provisioned > with the same security association as the main RTP sender. " NEW " > Since the splicer breaks RTP-level end-to-end security, it need to be > a trusted device that is part of the signaling context and get the > necessary security associations (e.g., SRTP crypto contexts) > established with its RTP session participants. When using the Secure > Real-Time Transport Protocol (SRTP) [RFC3711], the splicer could be > provisioned with the same security association as the main RTP > sender. " That's better yes, but I'd still recommend not saying "trusted device" at all since that calls into question who is trusting it for what and in this case the ultimate receiver doesn't usually know the splicer is there at all and hence cannot trust it in any meaningful sense. So I'd suggest: NEW: " Since the splicer breaks RTP-level end-to-end security, it needs to be part of the signaling context and be a part of the necessary security associations (e.g., SRTP crypto contexts) established for the RTP session participants. When using the Secure Real-Time Transport Protocol (SRTP) [RFC3711], the splicer would have to be provisioned with the same security association as the main RTP sender. " >> >> (2) Section 7, 4th para: You say there is a case where header >> extension encryption SHOULD be used - how would that work? If >> there's a clear way to do it that'd get interop, then why is that >> not described? If there are ways in which might or might not work, >> or if some proprietary arrangements might be needed then how is it >> ok to have a SHOULD there? I suspect that the right thing here may >> be to not pretend that that can be done but to just stick with >> saying that splicing is inherently not going to work if you use any >> real security mechanisms, or something similar. > > [Rachel]: Yes. I agree. So we should use "MUST" here. > > OLD: " If there is a concern about the confidentiality of the > splicing time information, header extension encryption [RFC6904] > SHOULD be used. " > > NEW: > > " If there is a concern about the confidentiality of the splicing > time information, header extension encryption [RFC6904] MUST be > used. " That's clearer than a SHOULD, yes. I'm still not clear if this MUST is something that just works or not though, can you clarify that? (In general, I'd not recommend we add any MUST or SHOULD at all if we're not confident that an implementer will actually write and test that code and that it'd work.) > >> >> (3) In discussion of RFC6828 there was some concern about possible >> creation of loops. I forget the issues though, but wanted to check >> this in case it also applies here. (See 4.5 of 6828 maybe or the >> history for that RFC in the tracker.) >> >> > > [Rachel]: Yes, you're right. How about adding a new paragraph in > Section 7 to discuss loops? > > " When implementing undetectable splicing, CSRC list, which can be > used to detect RTP-level forwarding loops as defined in Section 8.2 > of [RFC3550], may be removed to prevent receivers from detecting the > splicing occurrence. Hence, loops could occur to cause packets to > loop back to upstream of the splicer and may form a serious > denial-of-service threat. In such a case, non-RTP means MUST be used > to detect and resolve loops if the splicer does not add a CSRC list > when forwarding the RTP packet. " That does look right to me, but since I don't understand it really, I'll just believe you that it's ok:-) Are the "non-RTP means" that could be used something that'd be clear to an implementer? If so, then that'd be fine. If not, maybe you need to say what that means? > >> ---------------------------------------------------------------------- >> >> COMMENT: >> ---------------------------------------------------------------------- >> >> >> >> >> - I agree with Alia's discuss, but suspect the ship has sailed. >> (Sadly IMO, but sailed nonetheless.) >> >> - The security considerations here are similar to but not quite the >> same as those in RFC6828 which I think was the last time a similar >> document was before the IESG. I wondered if those differences were >> significant or not, it might be no harm to commpare the two (if >> that's not already been done) since they really ought be pretty >> much the same. >> > > [Rachel]: Not quite the same. This draft is about defining messages. > And RFC6828 is one option scenario where these messages can be used. > But people may use other models. But as suggested by Mirja, it's good > to add some words to described what RFC 6828 is about. Fair enough, Cheers, S. >
- Re: [avtext] Stephen Farrell's Discuss on draft-i… Huangyihong (Rachel)
- Re: [avtext] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [avtext] Stephen Farrell's Discuss on draft-i… Huangyihong (Rachel)
- [avtext] Stephen Farrell's Discuss on draft-ietf-… Stephen Farrell