[bfcpbis] AD evaluation: draft-ietf-bfcpbis-bfcp-websocket-11
Alissa Cooper <alissa@cooperw.in> Fri, 09 December 2016 17:04 UTC
Return-Path: <alissa@cooperw.in>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C7CB129952 for <bfcpbis@ietfa.amsl.com>; Fri, 9 Dec 2016 09:04:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cooperw.in header.b=X5+y3Onb; dkim=pass (1024-bit key) header.d=messagingengine.com header.b=nHVlQE9J
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RAVJExoFWp3W for <bfcpbis@ietfa.amsl.com>; Fri, 9 Dec 2016 09:04:15 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A32DA1298D0 for <bfcpbis@ietf.org>; Fri, 9 Dec 2016 09:03:43 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 01603208E9 for <bfcpbis@ietf.org>; Fri, 9 Dec 2016 12:03:42 -0500 (EST)
Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Fri, 09 Dec 2016 12:03:43 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h= content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=8BRW7U1qWOBcd/gTHSPOrFPFQ/g=; b=X5+y3O nbUlMFBo/bwNTi/qP6EGHtJVUOmfdde6zNxZyX4+eO+UvG0yNFO4pZd7hiQ+P9go lqMaMKiw4xA3WLPiVxN21JqjYsLEt1UJl+KspfFWTzEp0GoXDt8gcwM7NtH98t3P yLtf8UWNDhcAffIn1uD5AiJacFmwHIK/DN5JI=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=smtpout; bh=8BRW7U1qWOBcd/ gTHSPOrFPFQ/g=; b=nHVlQE9J0KMoeHzD3NyqpJEQte4agdTXvIsTPH8Hv9cqDH Ji76nhY1CxrhJ4k8kUvaX1d7Mgp4dIO25pa7g6b5EVhmaHCcOqaI0cl9a5uw8MZU EGzXQzH43z4NFXGOFvlizyown/7u53SZgMgcL36JPPxGXnSktEzVjsPV5Ryz0=
X-ME-Sender: <xms:7uNKWOMmymzxDQPXknufD-SE1tKjKvhTsLDu5A--3vgNvvqbY-kCQw>
X-Sasl-enc: jYGn1aC043ttKeMjfLeihsMuOSWZzafH/YHVvb0IrCAE 1481303022
Received: from sjc-alcoop-8819.cisco.com (unknown [128.107.241.190]) by mail.messagingengine.com (Postfix) with ESMTPA id 6FD5D7EDEA for <bfcpbis@ietf.org>; Fri, 9 Dec 2016 12:03:42 -0500 (EST)
From: Alissa Cooper <alissa@cooperw.in>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <4759F0BB-0B86-44E9-A4CF-69D7A8A01169@cooperw.in>
Date: Fri, 09 Dec 2016 12:03:40 -0500
To: bfcpbis@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/bfcpbis/tkc3s5hx1NdNiYfJ_XBuOPSiOlM>
Subject: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-bfcp-websocket-11
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Dec 2016 17:04:16 -0000
I have reviewed this document in preparation for IETF last call. It is in good shape but I have a couple of comments to discuss before issuing the last call. I’ve also included some nits below that should be resolved together this IETF LC comments. Substantive comments: = Section 5 = "The BFCP server is a server, on the Internet, and thus doesn't need ICE and thus the clients always initiate connection to it, and the clients only validate its certificate and the clients do not include their certificate in TLS ClientHello." This is text from the SDP directorate review of draft-ietf-bfcpbis-sdp-ws-uri right? I'm not really clear on why all of it needs to be in this document, or in this section which is about transport reliability, at least. I would suggest: "The BFCP server is a server on the Internet and thus does not require ICE as clients always initiate connections to it." = Section 6.2 = s/as the a=ws-uri or a=wss-uri SHALL provide port number when needed./as the a=ws-uri or a=wss-uri SHOULD provide port number when needed./ If it's not always needed then SHOULD is more appropriate than SHALL. = Section 8 = OLD The BFCP client validates the server by means of verifying server certificate and this requires wss-uri contains a hostname. a=fingerprint is not used here in the verification process. NEW The BFCP client validates the server by means of verifying the server certificate. This means the wss-uri MUST contain a hostname. The verification process does not use a=fingerprint. = Section 9 = Don't the security considerations from RFC 6455 apply as well? = Section 12.1 = I think RFC 7525 and draft-ietf-bfcpbis-rfc4583bis should be normative references. Nits: = General = Per the RFC style guide, when a document has more than 5 authors, 1 or 2 editors should be chosen and the remaining authors listed in the Contributors section. = Section 4.1 = s/the value "bfcp"/the value "BFCP"/ = Section 6.1 = s/When TCP is used as the transport, the port field is set following/The port field is set following OLD So, while the recommendation to use Secure WebSockets (i.e. TCP/WSS) is for security reasons, it is also to achieve maximum compatibility among clients. NEW So, while this document recommends the use of Secure WebSockets (i.e. TCP/WSS) for security reasons, TCP/WS is also permitted so as to achieve maximum compatibility among clients. = Section 6.2 and 7.1 = These sections have formatting problems and repeated text that need to be fixed. = Section 8 = s/with webSocket server/with the WebSocket server/
- [bfcpbis] AD evaluation: draft-ietf-bfcpbis-bfcp-… Alissa Cooper
- Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-b… Ram Mohan R (rmohanr)