Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-bfcp-websocket-11
"Ram Mohan R (rmohanr)" <rmohanr@cisco.com> Wed, 21 December 2016 06:49 UTC
Return-Path: <rmohanr@cisco.com>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F7871297BE for <bfcpbis@ietfa.amsl.com>; Tue, 20 Dec 2016 22:49:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.622
X-Spam-Level:
X-Spam-Status: No, score=-17.622 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-3.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jU7evJmvp4Nq for <bfcpbis@ietfa.amsl.com>; Tue, 20 Dec 2016 22:49:33 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF23D1296DD for <bfcpbis@ietf.org>; Tue, 20 Dec 2016 22:49:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4932; q=dns/txt; s=iport; t=1482302972; x=1483512572; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=CAkePsB0NTNh/pFCDtZjRSNWaFA1J4t+jHYcnAQOXoE=; b=fE/qA9R+o1oJcGXXnclJu8kbzwocyBcAkexKQ5FhDco+2iZOhYVvfe9K +Ttqd9tY9RPjul1wE/3FGlpSFh4TuDGp1LI7bdHHvwOokdSmBtVTMNohR EjdmAq+2/E1YlfgBhZPX3A1j82t+KgypAnUuhlgi5PpyX7RA7z6g+V2Ke o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AVAQD7JFpY/5JdJa1dGQEBAQEBAQEBAQEBBwEBAQEBgzYBAQEBAR9agQYHjUmWWZUOggofC4UuSgIagVI/FAECAQEBAQEBAWIohGgBAQEEAQEQERE6FwQCAQgRAwECAwImAgICJQsVCAgCBAESIohJDplyAY12giiLEwEBAQEBAQEBAQEBAQEBAQEBAQEBARgFgQuHKAiCVIQqFoMELYIwBZpwAZEzkE2OGoQOAR83gSYsDwGFSnKGTCuBA4ENAQEB
X-IronPort-AV: E=Sophos;i="5.33,382,1477958400"; d="scan'208";a="175351831"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Dec 2016 06:49:32 +0000
Received: from XCH-RTP-019.cisco.com (xch-rtp-019.cisco.com [64.101.220.159]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id uBL6nVLg006652 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 21 Dec 2016 06:49:32 GMT
Received: from xch-rtp-017.cisco.com (64.101.220.157) by XCH-RTP-019.cisco.com (64.101.220.159) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 21 Dec 2016 01:49:31 -0500
Received: from xch-rtp-017.cisco.com ([64.101.220.157]) by XCH-RTP-017.cisco.com ([64.101.220.157]) with mapi id 15.00.1210.000; Wed, 21 Dec 2016 01:49:31 -0500
From: "Ram Mohan R (rmohanr)" <rmohanr@cisco.com>
To: Alissa Cooper <alissa@cooperw.in>, "bfcpbis@ietf.org" <bfcpbis@ietf.org>
Thread-Topic: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-bfcp-websocket-11
Thread-Index: AQHSUj5Jb/ytCFEwYEyUiN4MDv3AWKESuEgA
Date: Wed, 21 Dec 2016 06:49:31 +0000
Message-ID: <F4BF5E0C-7079-441E-9405-C24CA0FB8F42@cisco.com>
References: <4759F0BB-0B86-44E9-A4CF-69D7A8A01169@cooperw.in>
In-Reply-To: <4759F0BB-0B86-44E9-A4CF-69D7A8A01169@cooperw.in>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.1a.0.160910
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.196.92.37]
Content-Type: text/plain; charset="utf-8"
Content-ID: <8BFF0786AF4C8C4B94DD9C2A7DD24A1C@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/bfcpbis/S05R6wiLrUvZx7Ng75VsAkhR8Es>
Subject: Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-bfcp-websocket-11
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Dec 2016 06:49:34 -0000
HI Alissa, Thanks for your feedback. I have addressed the below comments except the one on author list which we will discuss and address later and published a new revision. Regards, Ram -----Original Message----- From: bfcpbis <bfcpbis-bounces@ietf.org> on behalf of Alissa Cooper <alissa@cooperw.in> Date: Friday, 9 December 2016 at 10:33 PM To: "bfcpbis@ietf.org" <bfcpbis@ietf.org> Subject: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-bfcp-websocket-11 I have reviewed this document in preparation for IETF last call. It is in good shape but I have a couple of comments to discuss before issuing the last call. I’ve also included some nits below that should be resolved together this IETF LC comments. Substantive comments: = Section 5 = "The BFCP server is a server, on the Internet, and thus doesn't need ICE and thus the clients always initiate connection to it, and the clients only validate its certificate and the clients do not include their certificate in TLS ClientHello." This is text from the SDP directorate review of draft-ietf-bfcpbis-sdp-ws-uri right? I'm not really clear on why all of it needs to be in this document, or in this section which is about transport reliability, at least. I would suggest: "The BFCP server is a server on the Internet and thus does not require ICE as clients always initiate connections to it." = Section 6.2 = s/as the a=ws-uri or a=wss-uri SHALL provide port number when needed./as the a=ws-uri or a=wss-uri SHOULD provide port number when needed./ If it's not always needed then SHOULD is more appropriate than SHALL. = Section 8 = OLD The BFCP client validates the server by means of verifying server certificate and this requires wss-uri contains a hostname. a=fingerprint is not used here in the verification process. NEW The BFCP client validates the server by means of verifying the server certificate. This means the wss-uri MUST contain a hostname. The verification process does not use a=fingerprint. = Section 9 = Don't the security considerations from RFC 6455 apply as well? = Section 12.1 = I think RFC 7525 and draft-ietf-bfcpbis-rfc4583bis should be normative references. Nits: = General = Per the RFC style guide, when a document has more than 5 authors, 1 or 2 editors should be chosen and the remaining authors listed in the Contributors section. = Section 4.1 = s/the value "bfcp"/the value "BFCP"/ = Section 6.1 = s/When TCP is used as the transport, the port field is set following/The port field is set following OLD So, while the recommendation to use Secure WebSockets (i.e. TCP/WSS) is for security reasons, it is also to achieve maximum compatibility among clients. NEW So, while this document recommends the use of Secure WebSockets (i.e. TCP/WSS) for security reasons, TCP/WS is also permitted so as to achieve maximum compatibility among clients. = Section 6.2 and 7.1 = These sections have formatting problems and repeated text that need to be fixed. = Section 8 = s/with webSocket server/with the WebSocket server/ _______________________________________________ bfcpbis mailing list bfcpbis@ietf.org https://www.ietf.org/mailman/listinfo/bfcpbis
- [bfcpbis] AD evaluation: draft-ietf-bfcpbis-bfcp-… Alissa Cooper
- Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-b… Ram Mohan R (rmohanr)