IETF Logo Mail Archive

[bfcpbis] AD evaluation: draft-ietf-bfcpbis-rfc4582bis-12

Alissa Cooper <alissa@cooperw.in> Thu, 29 January 2015 21:20 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56C521A0174 for <bfcpbis@ietfa.amsl.com>; Thu, 29 Jan 2015 13:20:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l_947pST41L8 for <bfcpbis@ietfa.amsl.com>; Thu, 29 Jan 2015 13:19:58 -0800 (PST)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B00E1A00ED for <bfcpbis@ietf.org>; Thu, 29 Jan 2015 13:19:58 -0800 (PST)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 7BC1320486 for <bfcpbis@ietf.org>; Thu, 29 Jan 2015 16:19:56 -0500 (EST)
Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Thu, 29 Jan 2015 16:19:56 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h= x-sasl-enc:from:content-type:subject:message-id:date:to :mime-version; s=mesmtp; bh=9k/D7MAawBDSP87C8MDFFpqHY+s=; b=FBb2 CFUFzmiXlYEzdHuC/H0ii/1HMxnNUHZKsga5eCHNoaS2nnIJrUwhlYclUlAmereG JM4nwRWvp/KBFK3IL/G6XDzXvbhjO5VoW4UZSj+ykcs54LVUGQanytxG0Q/KeN8K ZfIHYSQgPSXrGQUab92wllyf1mHn10r4SnzxPcQ=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=x-sasl-enc:from:content-type:subject :message-id:date:to:mime-version; s=smtpout; bh=9k/D7MAawBDSP87C 8MDFFpqHY+s=; b=pHZca2g9C3+M4/ZKjqjV3+qJlmJduUt4aJdsOuXjcV3xWUpM 1O+1L/5ES4yXteWi/ppAcVqVXFrlNO9+RKpP3k8J8BXvnFI3GgZ0MAw8LEnpaeva kSyS5SOUYN9pFz3vkRuvpxOLwLK2W99scSdRXIAh3MeSahs1RY9RJmsUt8s=
X-Sasl-enc: tBVE9eZ17k8dgmoLOBOSzuHWpplEXUZUJKmilS9LvD+x 1422566395
Received: from sjc-alcoop-8817.cisco.com (unknown [128.107.239.233]) by mail.messagingengine.com (Postfix) with ESMTPA id 840E66801C7 for <bfcpbis@ietf.org>; Thu, 29 Jan 2015 16:19:55 -0500 (EST)
From: Alissa Cooper <alissa@cooperw.in>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C5D297A8-7B5D-44F3-9553-7CA3314094D6"
Message-Id: <DB7476B4-3F88-4A8F-804D-130A9907C6D8@cooperw.in>
Date: Thu, 29 Jan 2015 13:19:52 -0800
To: bfcpbis@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/bfcpbis/Tb_4GYuIHtocW3Px1CYztca-61c>
Subject: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-rfc4582bis-12
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jan 2015 21:20:01 -0000

I have reviewed this draft in preparation for IETF LC. Overall the document appears in good shape. I have a few questions and comments I’d like to discuss before issuing the IETF last call. I’ve also included some editorial nits that should be addressed together with any last call comments.

Comments and questions:

= Section 5.1 =
"If an endpoint receives a message with an	
 	   unsupported version field value, the receiving server MUST send an	
 	   Error message with parameter value 12 (Unsupported Version) to	
 	   indicate this.”

This seems a little misleading since RFC 4582 didn’t specify what to do upon receipt of a message with a version other than 1. Implementations that do not get upgraded to be compliant with 4582bis (which could certainly account for some of those that will not support version 2) will therefore never send the error specified here. This seems like it should at least be noted given the MUST-level requirement. The same applies in Section 13.7.


= Section 7 =
"BFCP entities MUST support, at a minimum, the
   TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite [6].”

I realize this requirement comes from RFC 4582, but I’d like to understand why it has not been updated to be consistent with more current guidance on cipher suite selection (e.g., https://tools.ietf.org/html/draft-ietf-uta-tls-bcp-08#section-4).


= Sections 8, 8.1, 8.2 =
It seems like the transaction ID requirements regarding non-reuse/monotonically increasing IDs are re-stated multiple times across these three sections, in slightly different ways, to the point where it’s not clear exactly what they are. It seems like they are:

(1) Reliable transport, server-initiated transaction: ID is 0
(2) Unreliable transport, server-initiated transaction: ID MUST be monotonically increasing (except for wrap-around)
(3) Reliable transport, client-initiated transaction: ID MUST NOT be 0 and MUST NOT be reused in another message from the client until a response from the server is received for the transaction, but need not be monotonically increasing (e.g., a lower, recently used ID could be re-used once a response is received)
(4) Unreliable transport, client-initiated transaction: ID MUST be monotonically increasing (except for wrap-around)

Is (3) the correct interpretation of the text in 8.1? If so, why not just require IDs in all client-initiated transactions to be monotonically increasing?


= Section 9 (impacts Section 14 as well) =
"BFCP clients SHOULD authenticate the floor control server before
   sending any BFCP message to it or accepting any BFCP message from it.
   Similarly, floor control servers SHOULD authenticate a client before
   accepting any BFCP message from it or sending any BFCP message to it.

   BFCP supports TLS/DTLS mutual authentication between clients and
   floor control servers, as specified in Section 9.1.  This is the
   RECOMMENDED authentication mechanism in BFCP.”

What are the cases where clients and servers do not need to be authenticating each other? I know this requirement and the other SHOULD-level requirements around use of TLS/DTLS are carried over from RFC 4582, but I’m concerned that they aren’t as strong as they should be. For a conference where the signaling traffic is authenticated and confidentiality and integrity protected, why is it ok for the floor control traffic not to be? Could these requirements be adjusted to require use of TLS/DTLS at least in cases where the signaling is also protected?


= Section 14 =
See the point above about ciphersuites. “Non-null encryption” is not a sufficient minimum baseline, and if the requirements change in Section 7 they should be reflected here as well.


Editorial nits to be resolved with LC comments:

= Section 5.1 =
“The version field MUST be set to 1 when using BFCP over a reliable
   transport, i.e. as in [2].”

I find it a little odd to reference the spec you’re obsoleting in this sentence, especially since BFCP over a reliable transport is completely specified in this bis document. I would suggest dropping the i.e. clause.

"The version field MUST be set to 2 when
   using BFCP over an unreliable transport with the extensions specified
   in this document.”

The bit about “with the extensions specified in this document” is extraneous and should be removed.

"If an endpoint receives a message with an	
 	   unsupported version field value, the receiving server MUST send an	
 	   Error message with parameter value 12 (Unsupported Version) to	
 	   indicate this.”

Use of the word “server” here makes it sound as if only servers could receive headers with unsupported versions. Should this be “the receiving endpoint”?

= Section 6.2.4 =
"[23], Section 6.7 provides useful recommendations …”

The links in the references are not quite right.

= Section 8.3.2 =
s/when fires/when fired/

= Section 14 =
s/high-jack/hijack/

= Section B.1 =
"situation where multiple different and non-interoperable would co-
   exist in the market.”

There is a word missing after “non-interoperable."

v2.23.0 | Report a Bug | By Email