Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis
Christer Holmberg <christer.holmberg@ericsson.com> Sat, 18 April 2015 21:01 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB8751A90C7 for <bfcpbis@ietfa.amsl.com>; Sat, 18 Apr 2015 14:01:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vDdioSLoO8em for <bfcpbis@ietfa.amsl.com>; Sat, 18 Apr 2015 14:01:41 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1DBD1A90C6 for <bfcpbis@ietf.org>; Sat, 18 Apr 2015 14:01:39 -0700 (PDT)
X-AuditID: c1b4fb3a-f79146d0000070a3-97-5532c631b903
Received: from ESESSHC017.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id D7.97.28835.136C2355; Sat, 18 Apr 2015 23:01:37 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.61]) by ESESSHC017.ericsson.se ([153.88.183.69]) with mapi id 14.03.0210.002; Sat, 18 Apr 2015 23:01:36 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "Charles Eckel (eckelcu)" <eckelcu@cisco.com>, Alissa Cooper <alissa@cooperw.in>
Thread-Topic: draft-ietf-bfcpbis-rfc4583bis
Thread-Index: AQHQcY/3+6WBU9fDy02Mo1B8Yn23Op1B0jUAgAC+2oCAC3vWAIADnbAAgAGnAGA=
Date: Sat, 18 Apr 2015 21:01:36 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1D7B046D@ESESSMB209.ericsson.se>
References: <CC0C9FBD-75D7-4767-9873-CFF6212B9B2D@cooperw.in> <BD0F4637-1FC5-467A-939D-E8BEFF731579@cooperw.in> <tnf3xk3w8p88iwpoxg7973m4.1424020394665@email.android.com> <C011E430-72D1-4AE1-B546-B65658BADE8F@cooperw.in> <54EDAA70.5060600@ericsson.com> <0DCBEFF7-771F-4F62-83CE-1E98D18ACBFF@cooperw.in> <D1134285.3E7A2%eckelcu@cisco.com> <282A6C48-E88B-495F-A343-591A9C8BF5B5@cooperw.in> <D14980E3.455F6%eckelcu@cisco.com> <82BD9835-8304-439C-9FB9-AB1B14F466D1@cooperw.in> <7594FB04B1934943A5C02806D1A2204B1D799F48@ESESSMB209.ericsson.se> <D156C697.46550%eckelcu@cisco.com>
In-Reply-To: <D156C697.46550%eckelcu@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.148]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupnkeLIzCtJLcpLzFFi42KZGfG3RtfwmFGowZ37ghbTz/xltJjfeZrd 4t+6o0wWt9bfZrHYNOsLm8WVI7/YHNg8pvzeyOrx5clLJo8lS34yecza+YTF48vlz2wBrFFc NimpOZllqUX6dglcGR8PH2UtOHaVseLbkXeMDYwdFxi7GDk5JARMJOZ+n80EYYtJXLi3nq2L kYtDSOAoo8SNQxNZQBJCAosZJTqP+XcxcnCwCVhIdP/TBgmLCIRJfPi3kBWknllgGpPE55+X GUFqhAW0JFo2skLUaEv83dvOAmH7Sez63AZmswioShxfsI8NpJxXwFfiRasgxNrLLBLXt38B 6+UU0JdYO2EyO4jNCHTb91NrwO5kFhCXuPVkPtTNAhJL9pxnhrBFJV4+/scKYStJNC55wgoy n1lAU2L9Ln2IVkWJKd0PwUbyCghKnJz5hGUCo9gsJFNnIXTMQtIxC0nHAkaWVYyixanFxbnp RkZ6qUWZycXF+Xl6eaklmxiBMXhwy2+rHYwHnzseYhTgYFTi4X3wyTBUiDWxrLgy9xCjNAeL kjivnfGhECGB9MSS1OzU1ILUovii0pzU4kOMTBycUg2MvrOmaMfMdGTiaz93Pk0k+sac9AeF p7c7NpfWnK9UNzvs9XivDZ/YLmOTC7fi2c7cvW8WsH1b/q3+X1d1IqZrZ8/3vOwgvdRKUWFq COPOLVO/O2tofSwWC925s3hP1bPOTI3bXbkrHgj0mm78eOqOuvmZKcvXtf1eJr/6yX6BhpiF v0pFv63ersRSnJFoqMVcVJwIAG+cSv+iAgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/bfcpbis/r_iaq58FYyh3viIeJRn5DCXvNEQ>
Cc: Ben Campbell <ben@nostrum.com>, "bfcpbis@ietf.org" <bfcpbis@ietf.org>, "draft-ietf-bfcpbis-rfc4582bis@tools.ietf.org" <draft-ietf-bfcpbis-rfc4582bis@tools.ietf.org>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>, "Tom Kristensen (tomkrist)" <tomkrist@cisco.com>
Subject: Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Apr 2015 21:01:45 -0000
Hi Charles, > [adding bfcppbis list] > > Hi Christer, > > Thanks for your review and comments. In the BFCP usage, the DTLS connection is dedicated to the BFCP > stream it contains. As I understand it, the complications around DTLS re-establishement discussed in MMUSIC > result from use of a single DTLS connection for multiple RTP and/or SCTP streams. Those complications do > not exist with the BFCP usage, so I think it is sufficient to continue to reference RFC 5763 and not use the > SDP connection attribute. The complications do not result from use of a single DTLS connection for multiple streams - it mainly results from the usage of ICE. And, as far as I know, ICE can be used also for BFCP. And, even without ICE we intend to add text saying that a DTLS connection is only re-established if the underlying transport changes. Regards, Christer >Hi, > >First, I want to apologize for not providing my review earlier. > >As far as the BFCP specifics are concerned, I am ok with the latest >version of the draft. > >However, there is an issue regarding the DTLS considerations (section >10.5). > >The text says: > > "Once a DTLS connection has been established, if the 'active/passive' > status of the endpoints change during a session, a new DTLS > connection MUST be established." > >There is currently an ongoing discussion in MMUSIC about when a DTLS >connection is to be re-established. > >The discussion is still ongoing, but the outcome will most likely NOT >be aligned with the text above. > >For example, there has been a suggestion (by myself) to use the SDP >connection attribute to explicitly indicate that a new DTLS connection >needs to be established. > > >The draft also says: > > "If the transport parameters or the key fingerprints change, the > endpoints MUST establish a new DTLS connection." > >This is related to the earlier issue. There is the discussion about ICE >"virtual connections", and that a single DTLS connection would apply to >all ICE candidates associated with an m- line. So, even if a candidate >changes (read: transport parameter changes), it would not automatically >trigger a new DTLS connection. > > >The issues above are also holding up the SCTP-SDP draft, so it doesn't >only affect BFCPbis :) > > >Regards, > >Christer > > >-----Original Message----- >From: Alissa Cooper [mailto:alissa@cooperw.in] >Sent: 8. huhtikuuta 2015 3:07 >To: Charles Eckel (eckelcu) >Cc: Gonzalo Camarillo; Tom Kristensen (tomkrist); >draft-ietf-bfcpbis-rfc4582bis@tools.ietf.org; Ben Campbell; Christer >Holmberg >Subject: Re: draft-ietf-bfcpbis-rfc4583bis > >Adding Christer to this thread. > >On Apr 7, 2015, at 12:44 PM, Charles Eckel (eckelcu) ><eckelcu@cisco.com> >wrote: > >> Christer (cc’d) and I discussed some of the changes offlist in >> Dallas, and he is to come back to the list with comments after Dallas >> - which is now :) >> >> Cheers, >> Charles >> >> On 4/7/15, 10:26 AM, "Alissa Cooper" <alissa@cooperw.in> wrote: >> >>> Checking in on this — has Christer been prompted to review the >>> latest rev of draft-ietf-bfcpbis-rfc4583bis? >>> >>> Thanks, >>> Alissa >>> >>> On Feb 25, 2015, at 9:14 AM, Charles Eckel (eckelcu) >>> <eckelcu@cisco.com> >>> wrote: >>> >>>> Most of the changes I this recent update to rfc4583bis were >>>> inspired by comments and suggested text provided by Christer. He is >>>> in the process of reviewing. If all goes well with that, we are >>>> ready to proceed with proto writeup (Mary) and AD review. >>>> >>>> Cheers, >>>> Charles >>>> >>>> On 2/25/15, 7:01 AM, "Alissa Cooper" <alissa@cooperw.in> wrote: >>>> >>>>> rfc4583 has not had an AD review yet. Richard can hopefully take >>>>> care of that while I¹m on leave (starting today, actually). >>>>> >>>>> On Feb 25, 2015, at 2:56 AM, Gonzalo Camarillo >>>>> <gonzalo.camarillo@ericsson.com> wrote: >>>>> >>>>>> Hi Alissa, >>>>>> >>>>>> I have noted that while rfc4582bis in on the agenda of the March >>>>>> 5th telechat (thanks for handling that!), rfc4583bis isn't. Tom >>>>>> revised rfc4583bis on February 20th. Should rfc4583bis be on the >>>>>> agenda of the telechat as well or there is still something left >>>>>> for Tom to take care of? >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Gonzalo >>>>>> >>>>>> On 18/02/2015 9:28 PM, Alissa Cooper wrote: >>>>>>> Pinging on this. >>>>>>> >>>>>>> March 5 will likely be my last telechat before going on leave, >>>>>>>so it would be great to get this scheduled on that one. To do >>>>>>>that, the rev needs to be posted today. The updates are pretty >>>>>>>minimal and are all basically written up in Charles¹ response to >>>>>>>my AD review. >>>>>>> >>>>>>> Alissa >>>>>>> >>>>>>> On Feb 15, 2015, at 9:13 AM, Gonzalo Camarillo >>>>>>> <gonzalo.camarillo@ericsson.com >>>>>>> <mailto:gonzalo.camarillo@ericsson.com>> >>>>>>> wrote: >>>>>>> >>>>>>>> I have talked offline with the other authors and Tom is holding >>>>>>>> the pen. Tom, do you think you can meet the time frame below? >>>>>>>> >>>>>>>> Cheers, >>>>>>>> >>>>>>>> Gonzalo >>>>>>>> >>>>>>>> Sent from my mobile >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ---- Alissa Cooper wrote ---- >>>>>>>> >>>>>>>> Just wanted to see if this rev might get done in the next >>>>>>>>couple of days. If so, we could get it on the next telechat >>>>>>>>agenda (March 5). >>>>>>>> >>>>>>>> Alissa >>>>>>>> >>>>>>>> Begin forwarded message: >>>>>>>> >>>>>>>>> *From: *Alissa Cooper <alissa@cooperw.in >>>>>>>>> <mailto:alissa@cooperw.in>> >>>>>>>>> *Subject: **Re: [bfcpbis] AD evaluation: >>>>>>>>> draft-ietf-bfcpbis-rfc4582bis-12* >>>>>>>>> *Date: *February 9, 2015 at 3:58:52 PM PST >>>>>>>>> *To: *"Charles Eckel (eckelcu)" <eckelcu@cisco.com >>>>>>>>> <mailto:eckelcu@cisco.com>> >>>>>>>>> *Cc: *"bfcpbis@ietf.org <mailto:bfcpbis@ietf.org>" >>>>>>>>> <bfcpbis@ietf.org >>>>>>>>> <mailto:bfcpbis@ietf.org>> >>>>>>>>> >>>>>>>>> Hi Charles, >>>>>>>>> >>>>>>>>> Thanks, some responses inline. >>>>>>>>> >>>>>>>>> On Feb 4, 2015, at 10:40 AM, Charles Eckel (eckelcu) >>>>>>>>> <eckelcu@cisco.com <mailto:eckelcu@cisco.com>> wrote: >>>>>>>>> >>>>>>>>>> HI Alissa, >>>>>>>>>> >>>>>>>>>> Thank you for the review. Please see my thoughts on your >>>>>>>>>> comments and questions inline. >>>>>>>>>> >>>>>>>>>> From: Alissa Cooper <alissa@cooperw.in >>>>>>>>>> <mailto:alissa@cooperw.in>> >>>>>>>>>> Date: Thursday, January 29, 2015 at 10:19 PM >>>>>>>>>> To: "bfcpbis@ietf.org <mailto:bfcpbis@ietf.org>" >>>>>>>>>> <bfcpbis@ietf.org <mailto:bfcpbis@ietf.org>> >>>>>>>>>> Subject: [bfcpbis] AD evaluation: >>>>>>>>>> draft-ietf-bfcpbis-rfc4582bis-12 >>>>>>>>>> >>>>>>>>>>> I have reviewed this draft in preparation for IETF LC. >>>>>>>>>>> Overall the document appears in good shape. I have a few >>>>>>>>>>> questions and comments I¹d like to discuss before issuing >>>>>>>>>>> the IETF last call. I¹ve also included some editorial nits >>>>>>>>>>> that should be addressed together with any last call comments. >>>>>>>>>>> >>>>>>>>>>> Comments and questions: >>>>>>>>>>> >>>>>>>>>>> = Section 5.1 = >>>>>>>>>>> "If an endpoint receives a message with an unsupported >>>>>>>>>>> version field value, the receiving server MUST send an >>>>>>>>>>> Error message with parameter value 12 (Unsupported Version) >>>>>>>>>>> to indicate this.² >>>>>>>>>>> >>>>>>>>>>> This seems a little misleading since RFC 4582 didn¹t specify >>>>>>>>>>>what to do upon receipt of a message with a version other >>>>>>>>>>>than 1. >>>>>>>>>>> Implementations that do not get upgraded to be compliant >>>>>>>>>>>with 4582bis (which could certainly account for some of >>>>>>>>>>>those that will not support version 2) will therefore never >>>>>>>>>>>send the error specified here. This seems like it should at >>>>>>>>>>>least be noted given the MUST-level requirement. The same >>>>>>>>>>>applies in Section 13.7. >>>>>>>>>> >>>>>>>>>> Good point. I believe we made this a MUST because we were >>>>>>>>>>thinking in terms of implementations compliant with this bis >>>>>>>>>>version. >>>>>>>>>> Adding >>>>>>>>>> your suggested note about rfc 4582 implementations here and >>>>>>>>>>in section 13.7 seems useful to me. >>>>>>>>> >>>>>>>>> Ok >>>>>>>>> >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> = Section 7 = >>>>>>>>>>> "BFCP entities MUST support, at a minimum, the >>>>>>>>>>> TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite [6].² >>>>>>>>>>> >>>>>>>>>>> I realize this requirement comes from RFC 4582, but I¹d like >>>>>>>>>>> to understand why it has not been updated to be consistent >>>>>>>>>>> with more current guidance on cipher suite selection (e.g., >>>>>>>>>>> >>>>>>>>>>>https://tools.ietf.org/html/draft-ietf-uta-tls-bcp-08#section >>>>>>>>>>>-4) >>>>>>>>>>>. >>>>>>>>>> >>>>>>>>>> How about we keep this minimum requirement, and add a >>>>>>>>>>reference to draft-ietf-uta-tls-bcp along with a >>>>>>>>>>recommendation to adhere to the best practices it outlines in >>>>>>>>>>section 4? >>>>>>>>> >>>>>>>>> I think MUST support TLS_RSA_WITH_AES_128_CBC_SHA for >>>>>>>>> backwards compatibility and SHOULD support the ones listed in >>>>>>>>> the UTA drafts would be ok. >>>>>>>>> >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> = Sections 8, 8.1, 8.2 = >>>>>>>>>>> It seems like the transaction ID requirements regarding >>>>>>>>>>> non-reuse/monotonically increasing IDs are re-stated >>>>>>>>>>> multiple times across these three sections, in slightly >>>>>>>>>>> different ways, to the point where it¹s not clear exactly >>>>>>>>>>> what they are. It seems like they are: >>>>>>>>>>> >>>>>>>>>>> (1) Reliable transport, server-initiated transaction: ID is >>>>>>>>>>> 0 >>>>>>>>>>> (2) Unreliable transport, server-initiated transaction: ID >>>>>>>>>>> MUST be monotonically increasing (except for wrap-around) >>>>>>>>>>> (3) Reliable transport, client-initiated transaction: ID >>>>>>>>>>> MUST NOT be 0 and MUST NOT be reused in another message from >>>>>>>>>>> the client until a response from the server is received for >>>>>>>>>>> the transaction, but need not be monotonically increasing >>>>>>>>>>> (e.g., a lower, recently used ID could be re-used once a >>>>>>>>>>> response is >>>>>>>>>>> received) >>>>>>>>>>> (4) Unreliable transport, client-initiated transaction: ID >>>>>>>>>>> MUST be monotonically increasing (except for wrap-around) >>>>>>>>>>> >>>>>>>>>>> Is (3) the correct interpretation of the text in 8.1? If so, >>>>>>>>>>> why not just require IDs in all client-initiated >>>>>>>>>>> transactions to be monotonically increasing? >>>>>>>>>> >>>>>>>>>> Agree we can and should simplify this. Sections 8.1 and 8.2 >>>>>>>>>> cover the client behavior and server behavior in detail. As >>>>>>>>>> such, the transaction ID related information at the start of >>>>>>>>>> Section 8 is superfluous. I recommend reducing the text in >>>>>>>>>> Section 8 to the >>>>>>>>>> follow: >>>>>>>>>> >>>>>>>>>> 8. Protocol Transactions >>>>>>>>>> >>>>>>>>>> In BFCP, there are two types of transactions: >>>>>>>>>> client-initiated transactions and server-initiated transactions. >>>>>>>>>> >>>>>>>>>> Client-initiated transactions consist of a request from a >>>>>>>>>> client to a floor control server and a response from the >>>>>>>>>> floor control server to the client. >>>>>>>>>> >>>>>>>>>> Server-initiated transactions have different behavior >>>>>>>>>> depending on underlying transport: >>>>>>>>>> >>>>>>>>>> When using a reliable transport, server-initiated >>>>>>>>>>transactions >>>>>>>>>> consist of a single message from a floor control server to a >>>>>>>>>> client (notifications). They do not trigger any response. >>>>>>>>>> >>>>>>>>>> When using an unreliable transport, server-initiated >>>>>>>>>> transactions >>>>>>>>>> consist of a request from a floor control server to a >>>>>>>>>> client and a >>>>>>>>>> response from the client to the floor control server. >>>>>>>>>> >>>>>>>>>> When using BFCP over an unreliable transport, retransmission >>>>>>>>>> timer T1 (see Section 8.3) MUST be used for all requests >>>>>>>>>> until the transaction is completed. >>>>>>>>>> >>>>>>>>>> Then in section 8.1, we add the important details removed >>>>>>>>>> from section 8. >>>>>>>>>> >>>>>>>>>> 8.1.1 Client Behavior >>>>>>>>>> >>>>>>>>>> A client starting a client-initiated transaction MUST set the >>>>>>>>>> Conference ID in the common header of the message to the >>>>>>>>>> Conference ID for the conference that the client obtained >>>>>>>>>> previously. >>>>>>>>>> >>>>>>>>>> The client MUST set the Transaction ID value in the common >>>>>>>>>> header to a number that is different from 0 and that MUST NOT >>>>>>>>>> be reused in another message from the client until a response >>>>>>>>>> from the server is received for the transaction. The client >>>>>>>>>> uses the Transaction ID value to match this message with the >>>>>>>>>> response from the floor control server. When using BFCP over >>>>>>>>>> an unreliable transport, it is important to choose a >>>>>>>>>> Transaction ID value that lets the receiver distinguish the >>>>>>>>>> reception of the next message in a sequence of BFCP messages >>>>>>>>>> from a retransmission of a previous message. Therefore, BFCP >>>>>>>>>> entities using an unreliable transport MUST use monotonically >>>>>>>>>> increasing Transaction ID values (except for wrap-around). >>>>>>>>>> >>>>>>>>>> A client receiving a server-initiated transaction over an >>>>>>>>>> unreliable transport MUST copy the Transaction ID from the >>>>>>>>>> request received from the server into the response. >>>>>>>>>> [Question: is there a need to copy the Conference ID and User >>>>>>>>>> ID, if present?] >>>>>>>>>> >>>>>>>>>> 8.2. Server Behavior >>>>>>>>>> >>>>>>>>>> A floor control server sending a response within a >>>>>>>>>> client-initiated transaction MUST copy the Conference ID, the >>>>>>>>>> Transaction ID, and the User ID from the request received >>>>>>>>>> from the client into the response. >>>>>>>>>> >>>>>>>>>> Server-initiated transactions MUST contain a Transaction ID >>>>>>>>>> equal to >>>>>>>>>> 0 when BFCP is used over a reliable transport. Over an >>>>>>>>>> unreliable transport, the Transaction ID shall have the same >>>>>>>>>> properties as for client-initiated transactions. The server >>>>>>>>>> uses the Transaction ID value to match this message with the >>>>>>>>>> response from the floor participant or floor chair. >>>>>>>>>> >>>>>>>>> >>>>>>>>> Thanks, this is better. >>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> = Section 9 (impacts Section 14 as well) = "BFCP clients >>>>>>>>>>> SHOULD authenticate the floor control server before sending >>>>>>>>>>> any BFCP message to it or accepting any BFCP message from it. >>>>>>>>>>> Similarly, floor control servers SHOULD authenticate a >>>>>>>>>>> client before accepting any BFCP message from it or sending >>>>>>>>>>> any BFCP message to it. >>>>>>>>>>> >>>>>>>>>>> BFCP supports TLS/DTLS mutual authentication between clients >>>>>>>>>>> and floor control servers, as specified in Section 9.1. >>>>>>>>>>> This is the RECOMMENDED authentication mechanism in BFCP.² >>>>>>>>>>> >>>>>>>>>>> What are the cases where clients and servers do not need to >>>>>>>>>>> be authenticating each other? I know this requirement and >>>>>>>>>>> the other SHOULD-level requirements around use of TLS/DTLS >>>>>>>>>>> are carried over from RFC 4582, but I¹m concerned that they >>>>>>>>>>> aren¹t as strong as they should be. For a conference where >>>>>>>>>>> the signaling traffic is authenticated and confidentiality >>>>>>>>>>> and integrity protected, why is it ok for the floor control >>>>>>>>>>> traffic not to be? Could these requirements be adjusted to >>>>>>>>>>> require use of TLS/DTLS at least in cases where the >>>>>>>>>>> signaling is also protected? >>>>>>>>>> >>>>>>>>>> Yes, but again, this would be at the expense of adding a non >>>>>>>>>> backward compatible change from rfc 4582. How about saying >>>>>>>>>> TLS/DTLS MUST be used for BFCP in such cases, while pointing >>>>>>>>>> out the rfc >>>>>>>>>> 4582 >>>>>>>>>> based implementations may not comply (similar to what we did >>>>>>>>>> with the version field). >>>>>>>>> >>>>>>>>> Works for me. >>>>>>>>> >>>>>>>>> Feel free to make all of these changes and submit a rev and >>>>>>>>> I¹ll issue the IETF LC. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Alissa >>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> = Section 14 = >>>>>>>>>>> See the point above about ciphersuites. ³Non-null >>>>>>>>>>> encryption² is not a sufficient minimum baseline, and if the >>>>>>>>>>> requirements change in Section 7 they should be reflected here as well. >>>>>>>>>> >>>>>>>>>> Yep. >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Editorial nits to be resolved with LC comments: >>>>>>>>>>> >>>>>>>>>>> = Section 5.1 = >>>>>>>>>>> ³The version field MUST be set to 1 when using BFCP over a >>>>>>>>>>> reliable transport, i.e. as in [2].² >>>>>>>>>>> >>>>>>>>>>> I find it a little odd to reference the spec you¹re >>>>>>>>>>> obsoleting in this sentence, especially since BFCP over a >>>>>>>>>>> reliable transport is completely specified in this bis >>>>>>>>>>> document. I would suggest dropping the i.e. clause. >>>>>>>>>> >>>>>>>>>> Good catch. This is a carry over from before this draft was >>>>>>>>>> adopted as a bis version of rfc4582. >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> "The version field MUST be set to 2 when using BFCP over an >>>>>>>>>>> unreliable transport with the extensions specified in this >>>>>>>>>>> document.² >>>>>>>>>>> >>>>>>>>>>> The bit about ³with the extensions specified in this >>>>>>>>>>> document² is extraneous and should be removed. >>>>>>>>>>> >>>>>>>>>>> "If an endpoint receives a message with an unsupported >>>>>>>>>>> version field value, the receiving server MUST send an Error >>>>>>>>>>> message with parameter value 12 (Unsupported Version) to >>>>>>>>>>> indicate this.² >>>>>>>>>>> >>>>>>>>>>> Use of the word ³server² here makes it sound as if only >>>>>>>>>>> servers could receive headers with unsupported versions. >>>>>>>>>>> Should this be ³the receiving endpoint²? >>>>>>>>>>> >>>>>>>>>>> = Section 6.2.4 = >>>>>>>>>>> "[23], Section 6.7 provides useful recommendations Š² >>>>>>>>>>> >>>>>>>>>>> The links in the references are not quite right. >>>>>>>>>>> >>>>>>>>>>> = Section 8.3.2 = >>>>>>>>>>> s/when fires/when fired/ >>>>>>>>>>> >>>>>>>>>>> = Section 14 = >>>>>>>>>>> s/high-jack/hijack/ >>>>>>>>>>> >>>>>>>>>>> = Section B.1 = >>>>>>>>>>> "situation where multiple different and non-interoperable >>>>>>>>>>> would >>>>>>>>>>> co- >>>>>>>>>>> exist in the market.² >>>>>>>>>>> >>>>>>>>>>> There is a word missing after ³non-interoperable." >>>>>>>>>> >>>>>>>>>> This should read ³non-interoperable implementations². Earlier >>>>>>>>>> in that same sentence, ³BFCP over UDP were already used² >>>>>>>>>> should read ³BFCP over UDP is already being used². >>>>>>>>>> >>>>>>>>>> Cheers, >>>>>>>>>> Charles >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> bfcpbis mailing list >>>>>>>>> bfcpbis@ietf.org <mailto:bfcpbis@ietf.org> >>>>>>>>> https://www.ietf.org/mailman/listinfo/bfcpbis >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
- [bfcpbis] AD evaluation: draft-ietf-bfcpbis-rfc45… Alissa Cooper
- Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-r… Charles Eckel (eckelcu)
- Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-r… Alissa Cooper
- Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-r… Tom Kristensen
- Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-r… Charles Eckel (eckelcu)
- Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-r… Tom Kristensen
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Charles Eckel (eckelcu)
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Christer Holmberg
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Charles Eckel (eckelcu)
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Charles Eckel (eckelcu)
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Tom Kristensen
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Christer Holmberg
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Tom Kristensen
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Christer Holmberg
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Charles Eckel (eckelcu)
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Christer Holmberg