Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis
"Charles Eckel (eckelcu)" <eckelcu@cisco.com> Fri, 17 April 2015 21:42 UTC
Return-Path: <eckelcu@cisco.com>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B16E31A89FA for <bfcpbis@ietfa.amsl.com>; Fri, 17 Apr 2015 14:42:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.811
X-Spam-Level:
X-Spam-Status: No, score=-11.811 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZPFEx0Cf4Bos for <bfcpbis@ietfa.amsl.com>; Fri, 17 Apr 2015 14:42:37 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 233631A8765 for <bfcpbis@ietf.org>; Fri, 17 Apr 2015 14:42:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=26710; q=dns/txt; s=iport; t=1429306953; x=1430516553; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=nIbFPI/1aCpvgR/u6ASxLJ1R/bfJCBcDVJI9FFHiV0E=; b=IrAVvXLmDGYe2jWuwIrcmgYmub6yRgnCZij+/8lsp4NHnLamGSrLJ6Zw 2d5Qbl3sVWnmzQ+ODZlrtZasnKlKditXOxJ/jP8wKUD06h7c2CvMH8bOw GrKFl8Efu9VjGls6p980ORwiZM/AT25EZ8zdmm49Mi8NmLeSeGqzC38kO E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AqBQD2fTFV/5hdJa1dgwxSXAWDEsRcCoU1TgIcgR1MAQEBAQEBfoQgAQEBBAEBASARMwEGCwwEAgEIEQMBAQEBAgIRAREDAgICJQsUAQgIAgQBDQWIKw2zGZUtAQEBAQEBAQEBAQEBAQEBAQEBAQEBEwSBIYkJf4QxCQ8YGwcGBAgMgkqBRQWOc4Ivg3yBdIQugR2DOoJpXIVbg0WDTiKCBRkEgVFvgQQHFyKBAAEBAQ
X-IronPort-AV: E=Sophos;i="5.11,597,1422921600"; d="scan'208";a="409654594"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-1.cisco.com with ESMTP; 17 Apr 2015 21:42:31 +0000
Received: from xhc-aln-x15.cisco.com (xhc-aln-x15.cisco.com [173.36.12.89]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id t3HLgV6V022263 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 17 Apr 2015 21:42:31 GMT
Received: from xmb-aln-x08.cisco.com ([169.254.3.36]) by xhc-aln-x15.cisco.com ([173.36.12.89]) with mapi id 14.03.0195.001; Fri, 17 Apr 2015 16:42:31 -0500
From: "Charles Eckel (eckelcu)" <eckelcu@cisco.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>, Alissa Cooper <alissa@cooperw.in>
Thread-Topic: draft-ietf-bfcpbis-rfc4583bis
Thread-Index: AQHQcVgJIBlxi40KJkGU8dHel48Ni51B0jUAgAC+2oCAC3vWAIADnbAA
Date: Fri, 17 Apr 2015 21:42:30 +0000
Message-ID: <D156C697.46550%eckelcu@cisco.com>
References: <CC0C9FBD-75D7-4767-9873-CFF6212B9B2D@cooperw.in> <BD0F4637-1FC5-467A-939D-E8BEFF731579@cooperw.in> <tnf3xk3w8p88iwpoxg7973m4.1424020394665@email.android.com> <C011E430-72D1-4AE1-B546-B65658BADE8F@cooperw.in> <54EDAA70.5060600@ericsson.com> <0DCBEFF7-771F-4F62-83CE-1E98D18ACBFF@cooperw.in> <D1134285.3E7A2%eckelcu@cisco.com> <282A6C48-E88B-495F-A343-591A9C8BF5B5@cooperw.in> <D14980E3.455F6%eckelcu@cisco.com> <82BD9835-8304-439C-9FB9-AB1B14F466D1@cooperw.in> <7594FB04B1934943A5C02806D1A2204B1D799F48@ESESSMB209.ericsson.se>
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B1D799F48@ESESSMB209.ericsson.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.8.150116
x-originating-ip: [10.24.195.36]
Content-Type: text/plain; charset="utf-8"
Content-ID: <E0306847437F734AA9D116812380FF77@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/bfcpbis/nqfgJ8SsW7lp0HFW66LqsyC4CHo>
Cc: Ben Campbell <ben@nostrum.com>, "bfcpbis@ietf.org" <bfcpbis@ietf.org>, "draft-ietf-bfcpbis-rfc4582bis@tools.ietf.org" <draft-ietf-bfcpbis-rfc4582bis@tools.ietf.org>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>, "Tom Kristensen (tomkrist)" <tomkrist@cisco.com>
Subject: Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Apr 2015 21:42:40 -0000
[adding bfcppbis list] Hi Christer, Thanks for your review and comments. In the BFCP usage, the DTLS connection is dedicated to the BFCP stream it contains. As I understand it, the complications around DTLS re-establishement discussed in MMUSIC result from use of a single DTLS connection for multiple RTP and/or SCTP streams. Those complications do not exist with the BFCP usage, so I think it is sufficient to continue to reference RFC 5763 and not use the SDP connection attribute. Cheers, Charles (as an individual) On 4/15/15, 12:29 AM, "Christer Holmberg" <christer.holmberg@ericsson.com> wrote: >Hi, > >First, I want to apologize for not providing my review earlier. > >As far as the BFCP specifics are concerned, I am ok with the latest >version of the draft. > >However, there is an issue regarding the DTLS considerations (section >10.5). > >The text says: > > "Once a DTLS connection has been established, if the 'active/passive' > status of the endpoints change during a session, a new DTLS > connection MUST be established." > >There is currently an ongoing discussion in MMUSIC about when a DTLS >connection is to be re-established. > >The discussion is still ongoing, but the outcome will most likely NOT be >aligned with the text above. > >For example, there has been a suggestion (by myself) to use the SDP >connection attribute to explicitly indicate that a new DTLS connection >needs to be established. > > >The draft also says: > > "If the transport parameters or the key fingerprints change, the > endpoints MUST establish a new DTLS connection." > >This is related to the earlier issue. There is the discussion about ICE >"virtual connections", and that a single DTLS connection would apply to >all ICE candidates associated with >an m- line. So, even if a candidate changes (read: transport parameter >changes), it would not automatically trigger a new DTLS connection. > > >The issues above are also holding up the SCTP-SDP draft, so it doesn't >only affect BFCPbis :) > > >Regards, > >Christer > > >-----Original Message----- >From: Alissa Cooper [mailto:alissa@cooperw.in] >Sent: 8. huhtikuuta 2015 3:07 >To: Charles Eckel (eckelcu) >Cc: Gonzalo Camarillo; Tom Kristensen (tomkrist); >draft-ietf-bfcpbis-rfc4582bis@tools.ietf.org; Ben Campbell; Christer >Holmberg >Subject: Re: draft-ietf-bfcpbis-rfc4583bis > >Adding Christer to this thread. > >On Apr 7, 2015, at 12:44 PM, Charles Eckel (eckelcu) <eckelcu@cisco.com> >wrote: > >> Christer (cc’d) and I discussed some of the changes offlist in Dallas, >> and he is to come back to the list with comments after Dallas - which >> is now :) >> >> Cheers, >> Charles >> >> On 4/7/15, 10:26 AM, "Alissa Cooper" <alissa@cooperw.in> wrote: >> >>> Checking in on this — has Christer been prompted to review the latest >>> rev of draft-ietf-bfcpbis-rfc4583bis? >>> >>> Thanks, >>> Alissa >>> >>> On Feb 25, 2015, at 9:14 AM, Charles Eckel (eckelcu) >>> <eckelcu@cisco.com> >>> wrote: >>> >>>> Most of the changes I this recent update to rfc4583bis were inspired >>>> by comments and suggested text provided by Christer. He is in the >>>> process of reviewing. If all goes well with that, we are ready to >>>> proceed with proto writeup (Mary) and AD review. >>>> >>>> Cheers, >>>> Charles >>>> >>>> On 2/25/15, 7:01 AM, "Alissa Cooper" <alissa@cooperw.in> wrote: >>>> >>>>> rfc4583 has not had an AD review yet. Richard can hopefully take >>>>> care of that while I¹m on leave (starting today, actually). >>>>> >>>>> On Feb 25, 2015, at 2:56 AM, Gonzalo Camarillo >>>>> <gonzalo.camarillo@ericsson.com> wrote: >>>>> >>>>>> Hi Alissa, >>>>>> >>>>>> I have noted that while rfc4582bis in on the agenda of the March >>>>>> 5th telechat (thanks for handling that!), rfc4583bis isn't. Tom >>>>>> revised rfc4583bis on February 20th. Should rfc4583bis be on the >>>>>> agenda of the telechat as well or there is still something left >>>>>> for Tom to take care of? >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Gonzalo >>>>>> >>>>>> On 18/02/2015 9:28 PM, Alissa Cooper wrote: >>>>>>> Pinging on this. >>>>>>> >>>>>>> March 5 will likely be my last telechat before going on leave, so >>>>>>> it would be great to get this scheduled on that one. To do that, >>>>>>> the rev needs to be posted today. The updates are pretty minimal >>>>>>> and are all basically written up in Charles¹ response to my AD >>>>>>>review. >>>>>>> >>>>>>> Alissa >>>>>>> >>>>>>> On Feb 15, 2015, at 9:13 AM, Gonzalo Camarillo >>>>>>> <gonzalo.camarillo@ericsson.com >>>>>>> <mailto:gonzalo.camarillo@ericsson.com>> >>>>>>> wrote: >>>>>>> >>>>>>>> I have talked offline with the other authors and Tom is holding >>>>>>>> the pen. Tom, do you think you can meet the time frame below? >>>>>>>> >>>>>>>> Cheers, >>>>>>>> >>>>>>>> Gonzalo >>>>>>>> >>>>>>>> Sent from my mobile >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ---- Alissa Cooper wrote ---- >>>>>>>> >>>>>>>> Just wanted to see if this rev might get done in the next couple >>>>>>>> of days. If so, we could get it on the next telechat agenda >>>>>>>>(March 5). >>>>>>>> >>>>>>>> Alissa >>>>>>>> >>>>>>>> Begin forwarded message: >>>>>>>> >>>>>>>>> *From: *Alissa Cooper <alissa@cooperw.in >>>>>>>>> <mailto:alissa@cooperw.in>> >>>>>>>>> *Subject: **Re: [bfcpbis] AD evaluation: >>>>>>>>> draft-ietf-bfcpbis-rfc4582bis-12* >>>>>>>>> *Date: *February 9, 2015 at 3:58:52 PM PST >>>>>>>>> *To: *"Charles Eckel (eckelcu)" <eckelcu@cisco.com >>>>>>>>> <mailto:eckelcu@cisco.com>> >>>>>>>>> *Cc: *"bfcpbis@ietf.org <mailto:bfcpbis@ietf.org>" >>>>>>>>> <bfcpbis@ietf.org >>>>>>>>> <mailto:bfcpbis@ietf.org>> >>>>>>>>> >>>>>>>>> Hi Charles, >>>>>>>>> >>>>>>>>> Thanks, some responses inline. >>>>>>>>> >>>>>>>>> On Feb 4, 2015, at 10:40 AM, Charles Eckel (eckelcu) >>>>>>>>> <eckelcu@cisco.com <mailto:eckelcu@cisco.com>> wrote: >>>>>>>>> >>>>>>>>>> HI Alissa, >>>>>>>>>> >>>>>>>>>> Thank you for the review. Please see my thoughts on your >>>>>>>>>> comments and questions inline. >>>>>>>>>> >>>>>>>>>> From: Alissa Cooper <alissa@cooperw.in >>>>>>>>>> <mailto:alissa@cooperw.in>> >>>>>>>>>> Date: Thursday, January 29, 2015 at 10:19 PM >>>>>>>>>> To: "bfcpbis@ietf.org <mailto:bfcpbis@ietf.org>" >>>>>>>>>> <bfcpbis@ietf.org <mailto:bfcpbis@ietf.org>> >>>>>>>>>> Subject: [bfcpbis] AD evaluation: >>>>>>>>>> draft-ietf-bfcpbis-rfc4582bis-12 >>>>>>>>>> >>>>>>>>>>> I have reviewed this draft in preparation for IETF LC. >>>>>>>>>>> Overall the document appears in good shape. I have a few >>>>>>>>>>> questions and comments I¹d like to discuss before issuing the >>>>>>>>>>> IETF last call. I¹ve also included some editorial nits that >>>>>>>>>>> should be addressed together with any last call comments. >>>>>>>>>>> >>>>>>>>>>> Comments and questions: >>>>>>>>>>> >>>>>>>>>>> = Section 5.1 = >>>>>>>>>>> "If an endpoint receives a message with an unsupported >>>>>>>>>>> version field value, the receiving server MUST send an Error >>>>>>>>>>> message with parameter value 12 (Unsupported Version) to >>>>>>>>>>> indicate this.² >>>>>>>>>>> >>>>>>>>>>> This seems a little misleading since RFC 4582 didn¹t specify >>>>>>>>>>> what to do upon receipt of a message with a version other than >>>>>>>>>>>1. >>>>>>>>>>> Implementations that do not get upgraded to be compliant with >>>>>>>>>>> 4582bis (which could certainly account for some of those that >>>>>>>>>>> will not support version 2) will therefore never send the >>>>>>>>>>> error specified here. This seems like it should at least be >>>>>>>>>>> noted given the MUST-level requirement. The same applies in >>>>>>>>>>> Section 13.7. >>>>>>>>>> >>>>>>>>>> Good point. I believe we made this a MUST because we were >>>>>>>>>> thinking in terms of implementations compliant with this bis >>>>>>>>>>version. >>>>>>>>>> Adding >>>>>>>>>> your suggested note about rfc 4582 implementations here and in >>>>>>>>>> section 13.7 seems useful to me. >>>>>>>>> >>>>>>>>> Ok >>>>>>>>> >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> = Section 7 = >>>>>>>>>>> "BFCP entities MUST support, at a minimum, the >>>>>>>>>>> TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite [6].² >>>>>>>>>>> >>>>>>>>>>> I realize this requirement comes from RFC 4582, but I¹d like >>>>>>>>>>> to understand why it has not been updated to be consistent >>>>>>>>>>> with more current guidance on cipher suite selection (e.g., >>>>>>>>>>> >>>>>>>>>>>https://tools.ietf.org/html/draft-ietf-uta-tls-bcp-08#section-4) >>>>>>>>>>>. >>>>>>>>>> >>>>>>>>>> How about we keep this minimum requirement, and add a >>>>>>>>>> reference to draft-ietf-uta-tls-bcp along with a >>>>>>>>>> recommendation to adhere to the best practices it outlines in >>>>>>>>>>section 4? >>>>>>>>> >>>>>>>>> I think MUST support TLS_RSA_WITH_AES_128_CBC_SHA for backwards >>>>>>>>> compatibility and SHOULD support the ones listed in the UTA >>>>>>>>> drafts would be ok. >>>>>>>>> >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> = Sections 8, 8.1, 8.2 = >>>>>>>>>>> It seems like the transaction ID requirements regarding >>>>>>>>>>> non-reuse/monotonically increasing IDs are re-stated multiple >>>>>>>>>>> times across these three sections, in slightly different >>>>>>>>>>> ways, to the point where it¹s not clear exactly what they >>>>>>>>>>> are. It seems like they are: >>>>>>>>>>> >>>>>>>>>>> (1) Reliable transport, server-initiated transaction: ID is 0 >>>>>>>>>>> (2) Unreliable transport, server-initiated transaction: ID >>>>>>>>>>> MUST be monotonically increasing (except for wrap-around) >>>>>>>>>>> (3) Reliable transport, client-initiated transaction: ID MUST >>>>>>>>>>> NOT be 0 and MUST NOT be reused in another message from the >>>>>>>>>>> client until a response from the server is received for the >>>>>>>>>>> transaction, but need not be monotonically increasing (e.g., >>>>>>>>>>> a lower, recently used ID could be re-used once a response is >>>>>>>>>>> received) >>>>>>>>>>> (4) Unreliable transport, client-initiated transaction: ID >>>>>>>>>>> MUST be monotonically increasing (except for wrap-around) >>>>>>>>>>> >>>>>>>>>>> Is (3) the correct interpretation of the text in 8.1? If so, >>>>>>>>>>> why not just require IDs in all client-initiated transactions >>>>>>>>>>> to be monotonically increasing? >>>>>>>>>> >>>>>>>>>> Agree we can and should simplify this. Sections 8.1 and 8.2 >>>>>>>>>> cover the client behavior and server behavior in detail. As >>>>>>>>>> such, the transaction ID related information at the start of >>>>>>>>>> Section 8 is superfluous. I recommend reducing the text in >>>>>>>>>> Section 8 to the >>>>>>>>>> follow: >>>>>>>>>> >>>>>>>>>> 8. Protocol Transactions >>>>>>>>>> >>>>>>>>>> In BFCP, there are two types of transactions: client-initiated >>>>>>>>>> transactions and server-initiated transactions. >>>>>>>>>> >>>>>>>>>> Client-initiated transactions consist of a request from a >>>>>>>>>> client to a floor control server and a response from the floor >>>>>>>>>> control server to the client. >>>>>>>>>> >>>>>>>>>> Server-initiated transactions have different behavior >>>>>>>>>> depending on underlying transport: >>>>>>>>>> >>>>>>>>>> When using a reliable transport, server-initiated >>>>>>>>>>transactions >>>>>>>>>> consist of a single message from a floor control server to a >>>>>>>>>> client (notifications). They do not trigger any response. >>>>>>>>>> >>>>>>>>>> When using an unreliable transport, server-initiated >>>>>>>>>> transactions >>>>>>>>>> consist of a request from a floor control server to a >>>>>>>>>> client and a >>>>>>>>>> response from the client to the floor control server. >>>>>>>>>> >>>>>>>>>> When using BFCP over an unreliable transport, retransmission >>>>>>>>>> timer T1 (see Section 8.3) MUST be used for all requests until >>>>>>>>>> the transaction is completed. >>>>>>>>>> >>>>>>>>>> Then in section 8.1, we add the important details removed from >>>>>>>>>> section 8. >>>>>>>>>> >>>>>>>>>> 8.1.1 Client Behavior >>>>>>>>>> >>>>>>>>>> A client starting a client-initiated transaction MUST set the >>>>>>>>>> Conference ID in the common header of the message to the >>>>>>>>>> Conference ID for the conference that the client obtained >>>>>>>>>> previously. >>>>>>>>>> >>>>>>>>>> The client MUST set the Transaction ID value in the common >>>>>>>>>> header to a number that is different from 0 and that MUST NOT >>>>>>>>>> be reused in another message from the client until a response >>>>>>>>>> from the server is received for the transaction. The client >>>>>>>>>> uses the Transaction ID value to match this message with the >>>>>>>>>> response from the floor control server. When using BFCP over >>>>>>>>>> an unreliable transport, it is important to choose a >>>>>>>>>> Transaction ID value that lets the receiver distinguish the >>>>>>>>>> reception of the next message in a sequence of BFCP messages >>>>>>>>>> from a retransmission of a previous message. Therefore, BFCP >>>>>>>>>> entities using an unreliable transport MUST use monotonically >>>>>>>>>> increasing Transaction ID values (except for wrap-around). >>>>>>>>>> >>>>>>>>>> A client receiving a server-initiated transaction over an >>>>>>>>>> unreliable transport MUST copy the Transaction ID from the >>>>>>>>>> request received from the server into the response. >>>>>>>>>> [Question: is there a need to copy the Conference ID and User >>>>>>>>>> ID, if present?] >>>>>>>>>> >>>>>>>>>> 8.2. Server Behavior >>>>>>>>>> >>>>>>>>>> A floor control server sending a response within a >>>>>>>>>> client-initiated transaction MUST copy the Conference ID, the >>>>>>>>>> Transaction ID, and the User ID from the request received from >>>>>>>>>> the client into the response. >>>>>>>>>> >>>>>>>>>> Server-initiated transactions MUST contain a Transaction ID >>>>>>>>>> equal to >>>>>>>>>> 0 when BFCP is used over a reliable transport. Over an >>>>>>>>>> unreliable transport, the Transaction ID shall have the same >>>>>>>>>> properties as for client-initiated transactions. The server >>>>>>>>>> uses the Transaction ID value to match this message with the >>>>>>>>>> response from the floor participant or floor chair. >>>>>>>>>> >>>>>>>>> >>>>>>>>> Thanks, this is better. >>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> = Section 9 (impacts Section 14 as well) = "BFCP clients >>>>>>>>>>> SHOULD authenticate the floor control server before sending >>>>>>>>>>> any BFCP message to it or accepting any BFCP message from it. >>>>>>>>>>> Similarly, floor control servers SHOULD authenticate a client >>>>>>>>>>> before accepting any BFCP message from it or sending any BFCP >>>>>>>>>>> message to it. >>>>>>>>>>> >>>>>>>>>>> BFCP supports TLS/DTLS mutual authentication between clients >>>>>>>>>>> and floor control servers, as specified in Section 9.1. This >>>>>>>>>>> is the RECOMMENDED authentication mechanism in BFCP.² >>>>>>>>>>> >>>>>>>>>>> What are the cases where clients and servers do not need to >>>>>>>>>>> be authenticating each other? I know this requirement and the >>>>>>>>>>> other SHOULD-level requirements around use of TLS/DTLS are >>>>>>>>>>> carried over from RFC 4582, but I¹m concerned that they >>>>>>>>>>> aren¹t as strong as they should be. For a conference where >>>>>>>>>>> the signaling traffic is authenticated and confidentiality >>>>>>>>>>> and integrity protected, why is it ok for the floor control >>>>>>>>>>> traffic not to be? Could these requirements be adjusted to >>>>>>>>>>> require use of TLS/DTLS at least in cases where the signaling >>>>>>>>>>> is also protected? >>>>>>>>>> >>>>>>>>>> Yes, but again, this would be at the expense of adding a non >>>>>>>>>> backward compatible change from rfc 4582. How about saying >>>>>>>>>> TLS/DTLS MUST be used for BFCP in such cases, while pointing >>>>>>>>>> out the rfc >>>>>>>>>> 4582 >>>>>>>>>> based implementations may not comply (similar to what we did >>>>>>>>>> with the version field). >>>>>>>>> >>>>>>>>> Works for me. >>>>>>>>> >>>>>>>>> Feel free to make all of these changes and submit a rev and >>>>>>>>> I¹ll issue the IETF LC. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Alissa >>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> = Section 14 = >>>>>>>>>>> See the point above about ciphersuites. ³Non-null encryption² >>>>>>>>>>> is not a sufficient minimum baseline, and if the requirements >>>>>>>>>>> change in Section 7 they should be reflected here as well. >>>>>>>>>> >>>>>>>>>> Yep. >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Editorial nits to be resolved with LC comments: >>>>>>>>>>> >>>>>>>>>>> = Section 5.1 = >>>>>>>>>>> ³The version field MUST be set to 1 when using BFCP over a >>>>>>>>>>> reliable transport, i.e. as in [2].² >>>>>>>>>>> >>>>>>>>>>> I find it a little odd to reference the spec you¹re >>>>>>>>>>> obsoleting in this sentence, especially since BFCP over a >>>>>>>>>>> reliable transport is completely specified in this bis >>>>>>>>>>> document. I would suggest dropping the i.e. clause. >>>>>>>>>> >>>>>>>>>> Good catch. This is a carry over from before this draft was >>>>>>>>>> adopted as a bis version of rfc4582. >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> "The version field MUST be set to 2 when using BFCP over an >>>>>>>>>>> unreliable transport with the extensions specified in this >>>>>>>>>>> document.² >>>>>>>>>>> >>>>>>>>>>> The bit about ³with the extensions specified in this >>>>>>>>>>> document² is extraneous and should be removed. >>>>>>>>>>> >>>>>>>>>>> "If an endpoint receives a message with an unsupported >>>>>>>>>>> version field value, the receiving server MUST send an Error >>>>>>>>>>> message with parameter value 12 (Unsupported Version) to >>>>>>>>>>> indicate this.² >>>>>>>>>>> >>>>>>>>>>> Use of the word ³server² here makes it sound as if only >>>>>>>>>>> servers could receive headers with unsupported versions. >>>>>>>>>>> Should this be ³the receiving endpoint²? >>>>>>>>>>> >>>>>>>>>>> = Section 6.2.4 = >>>>>>>>>>> "[23], Section 6.7 provides useful recommendations Š² >>>>>>>>>>> >>>>>>>>>>> The links in the references are not quite right. >>>>>>>>>>> >>>>>>>>>>> = Section 8.3.2 = >>>>>>>>>>> s/when fires/when fired/ >>>>>>>>>>> >>>>>>>>>>> = Section 14 = >>>>>>>>>>> s/high-jack/hijack/ >>>>>>>>>>> >>>>>>>>>>> = Section B.1 = >>>>>>>>>>> "situation where multiple different and non-interoperable >>>>>>>>>>> would >>>>>>>>>>> co- >>>>>>>>>>> exist in the market.² >>>>>>>>>>> >>>>>>>>>>> There is a word missing after ³non-interoperable." >>>>>>>>>> >>>>>>>>>> This should read ³non-interoperable implementations². Earlier >>>>>>>>>> in that same sentence, ³BFCP over UDP were already used² >>>>>>>>>> should read ³BFCP over UDP is already being used². >>>>>>>>>> >>>>>>>>>> Cheers, >>>>>>>>>> Charles >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> bfcpbis mailing list >>>>>>>>> bfcpbis@ietf.org <mailto:bfcpbis@ietf.org> >>>>>>>>> https://www.ietf.org/mailman/listinfo/bfcpbis >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
- [bfcpbis] AD evaluation: draft-ietf-bfcpbis-rfc45… Alissa Cooper
- Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-r… Charles Eckel (eckelcu)
- Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-r… Alissa Cooper
- Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-r… Tom Kristensen
- Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-r… Charles Eckel (eckelcu)
- Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-r… Tom Kristensen
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Charles Eckel (eckelcu)
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Christer Holmberg
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Charles Eckel (eckelcu)
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Charles Eckel (eckelcu)
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Tom Kristensen
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Christer Holmberg
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Tom Kristensen
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Christer Holmberg
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Charles Eckel (eckelcu)
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Christer Holmberg