Re: [clue] AD evaluation: draft-ietf-clue-framework-22
Ron Even <ron.even.tlv@gmail.com> Sun, 19 July 2015 08:53 UTC
Return-Path: <ron.even.tlv@gmail.com>
X-Original-To: clue@ietfa.amsl.com
Delivered-To: clue@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 211C31A8958 for <clue@ietfa.amsl.com>; Sun, 19 Jul 2015 01:53:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GhJMsQS0hMCX for <clue@ietfa.amsl.com>; Sun, 19 Jul 2015 01:53:22 -0700 (PDT)
Received: from mail-la0-x232.google.com (mail-la0-x232.google.com [IPv6:2a00:1450:4010:c03::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 940B21A8A4A for <clue@ietf.org>; Sun, 19 Jul 2015 01:53:21 -0700 (PDT)
Received: by lahh5 with SMTP id h5so81634432lah.2 for <clue@ietf.org>; Sun, 19 Jul 2015 01:53:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=LnNkbHVjQs9d3bb6/zO95w8fVwrbyJupcqLdd3HBOCo=; b=jRPqgHTSitIEOjA5NMJ4hl/Lak0hSkjiCx6+v9QoyyxMPPtTgmrGM01CeMZYJzHX+4 rMtOwQXBnip7gBOlP1BFe66IEXPD0D1l+7FEoPi6pop8AEQ0IpmmFHswFu5t/XGLgX/L UZzchRtdFysFAqftcdQ4zUoaGP53Ly+Cpp9zuDvnb96GTMobCU05vU25nVeu2U6fZo9h T8OeJya5nHjlEbxJwabVCaCxlLC5MExezZ7aaFifbiiPw4AjGfkjsE17ojzgM5RVi1Ef tkCk9P0elPucUxz3j3g5SYzsD5jR9LLNQsogG9Mxf0PAQqLbaX8ghPSpDfAWziR7tme2 WWLQ==
MIME-Version: 1.0
X-Received: by 10.112.142.232 with SMTP id rz8mr21752513lbb.74.1437295999931; Sun, 19 Jul 2015 01:53:19 -0700 (PDT)
Received: by 10.112.118.99 with HTTP; Sun, 19 Jul 2015 01:53:19 -0700 (PDT)
In-Reply-To: <F0EF2F2C-3E11-44A3-8E89-24D81AF480FE@cooperw.in>
References: <F0EF2F2C-3E11-44A3-8E89-24D81AF480FE@cooperw.in>
Date: Sun, 19 Jul 2015 11:53:19 +0300
Message-ID: <CAHy0fzCihLo35uUM+TC4dcSV7kRDDD4HX7Mjw26rMH10TX_C-A@mail.gmail.com>
From: Ron Even <ron.even.tlv@gmail.com>
To: Alissa Cooper <alissa@cooperw.in>
Content-Type: multipart/alternative; boundary="089e0112cdfe835cb5051b368d3c"
Archived-At: <http://mailarchive.ietf.org/arch/msg/clue/ATmoXa6sSkmdY2VYUGE57wP2C0c>
Cc: "clue@ietf.org" <clue@ietf.org>
Subject: Re: [clue] AD evaluation: draft-ietf-clue-framework-22
X-BeenThere: clue@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CLUE - ControLling mUltiple streams for TElepresence <clue.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/clue>, <mailto:clue-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/clue/>
List-Post: <mailto:clue@ietf.org>
List-Help: <mailto:clue-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/clue>, <mailto:clue-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Jul 2015 08:53:26 -0000
Hi Alissa, See inline Roni On Fri, Jul 3, 2015 at 9:28 PM, Alissa Cooper <alissa@cooperw.in> wrote: > I have reviewed this document in preparation for IETF LC and I have some > comments and questions I'd like to see resolved before issuing the last > call. I've also listed some nits further below that should be resolved in > the next revision of the document. > > Overall, the amount of complexity that this framework supports in terms of > the number of configuration choices that can be provided and consumed is > daunting. I know the WG is already well down the path towards finishing > this off so I'm not suggesting changes in this regard, but I do think folks > should be prepared for questions about the trade-off between flexibility > and implementability that may arise during IETF LC or IESG evaluation. > > Substantive comments and questions: > > = Section 3 = > Why are these definitions not necessarily consistent with the definitions > in RFC 7262 (e.g., Endpoint)? Why not just rely on the definitions in that > document for terms being re-used? I know there was a conclusion that strict > alignment with the taxonomy doc was not necessary, but it seems like at > least the CLUE docs should be internally consistent. > RE: We had a definition document https://www.ietf.org/archive/id/draft-wenger-clue-definitions-02.txt that tried to capture the terminology for telepresence systems, we decided that it should not be a separte document and moved the content to the framework, the other documents should be consistent with it > > = Section 7.1.1.10 = > I think this section (and to some extent the one that follows) require a > more thorough explanation to justify how it is that sending a lot of > detailed information about the people involved in a telepresence session > actually helps the endpoints decide how to arrange the media in the > session. I understand that some (limited) information is useful for display > purposes, but this section provides really broad leeway for endpoints to > send a lot of information about individual participants without a > thoroughgoing justification of how policies are built that act on such > detailed information. > RE: By Christian > > On the other hand, there are some data fields I would have expected to > possibly be useful for these kinds of policies, like device type or room > type or even device name, but it's not clear how endpoints are supposed to > communicate those, if at all (stuff them into an xCard somewhow?). What is > the story as far as those kinds of attributes go? > > = Section 7.2.1.1 = > Just because the syntax of the MaxCaptures definition theoretically allows > for it to be set to <=1 does not mean that semantic should necessarily be > allowed in the protocol. I don't understand the case where sending <=1 > should be considered valid -- why have an MCC with zero captures in it? It > seems like =1 and <=N where N>1 are the only valid values here. > RE: By Christian > > = Section 15 = > RE: wii respond later > "Thus, it is RECOMMENDED that an MCU > implementing the protocols necessary to support CLUE, follow the > security recommendations specified in the conference control > protocol documents." > > The specific documents need to be listed here, assuming RFC 4579 is not > the only one to be mentioned. > > "Thus > the security mechanisms recommended for SIP [RFC3261], including > user authentication and authorization, SHOULD be followed." > > Given that implementations will need to be updated to support CLUE, what > is the rationale for having user authentication and authorization be > optional? What are the cases where allowing an unauthenticated or > unauthorized participant to join a telepresence session would be considered > acceptable? > > "In > addition, the media is based on RTP and thus existing RTP security > mechanisms SHOULD be supported, and DTLS/SRTP MUST be supported. > Media security is also discussed in [I-D.ietf-clue-signaling] and > [I-D.ietf-clue-rtp-mapping]." > > I think it's worth pointing out in this document that DTLS/SRTP is > required to use for CLUE-controlled m-lines. Also, I just did a quick skim > of draft-ietf-clue-rtp-mapping and didn't see anything in there about media > security. > > "A separate data channel is established to transport the CLUE > protocol messages. The contents of the CLUE protocol messages are > based on information introduced in this document. The CLUE data > model [I-D.ietf-clue-data-model-schema] defines through an XML > schema the syntax to be used. Some of the information which could > possibly introduce privacy concerns is the xCard information as > described in section 7.1.1.11. In addition, the (text) > description field in the Media Capture attribute (section 7.1.1.7) > could possibly reveal sensitive information or specific > identities. The same would be true for the descriptions in the > Capture Scene (section 7.3.1) and Capture Scene View (7.3.2) > attributes. One other important consideration for the > information in the xCard as well as the description field in the > Media Capture and Capture Scene View attributes is that while the > endpoints involved in the session have been authenticated, there > is no assurance that the information in the xCard or description > fields is authentic. Thus, this information MUST NOT be used to > make any authorization decisions." > > I don't think it's enough to point out that sensitive data can be sent > back and forth with CLUE and that it shouldn't be used for authorization > decisions. Is there some guidance that can be given about minimizing the > amount and sensitivity of data to be sent? Are there certain xCard fields > that endpoints should avoid sending? Some of this is obviously dependent on > context and whether the participants in a conference know this information > about each other already, but it's still worth mentioning how to mitigate > the risks of sharing more data or more sensitive data than is necessary for > the purposes of supporting a telepresence session. This might imply > additional text in 7.1.1.10 as well. > > "Thus, it MUST be possible for the endpoints to establish > a channel which is secure against both message recovery and > message modification. Further details on this are provided in the > CLUE data channel solution document." > > There are no details about how the data channel is secured in > draft-ietf-clue-datachannel (which should be cited here if it's going to be > referenced). Nor are the details in draft-ietf-rtcweb-data-channel, but > rather they are in draft-ietf-rtcweb-security-arch and > draft-ietf-rtcweb-security. > > Furthermore, the details provided in draft-ietf-rtcweb-security-arch and > draft-ietf-rtcweb-security explain the situation for rtcweb, where the > endpoints rely on identity providers to authenticate each others' > identities. IdPs are not specifically included in the CLUE architecture > and, as noted above, the SIP authentication mechanisms are optional -- so > how is it that the CLUE data channel is actually secured against an active > MITM? > > > Nits: > There are a bunch of uses of normative MAY in this document that don't > really fit the RFC 2119 usage of the term (i.e., are not actually protocol > options). I've pointed them out below along with other nits. > > = Section 3 = > "The spatial region represented by a Capture > Scene MAY correspond to a real region in physical space, such as a > room." > > I don't think normative language is necessary here. s/MAY/may/ > > s/[RFC4353] like Mixer/[RFC4353]-like Mixer/ > > = Section 4 = > s/it should be stressed that its use in an implementation/it should be > stressed that their use in an implementation/ > > = Section 5 = > "Also, the Consumer > MAY use the information provided to tailor the SDP it is going to > send during any following SIP offer/answer exchange, and its > reaction to SDP it receives in that step." > > I don't think normative language is necessary here. s/MAY/may/ > > "For example, if both sides decide to upgrade the call from a single > screen to a > multi-screen call and more bandwidth is required for the additional > video channels compared to what was previously negotiated using > offer/answer, a new O/A exchange is REQUIRED." > > I don't think normative language is necessary here since this is just an > example. s/REQUIRED/required/ > > = Secton 7.1.1.4 = > s/High dynamic/Highly dynamic/ > > = Section 7.1.1.11 = > Not everyone considers "chairman" to be a gender-neutral term. You might > want to consider "chair" and "vice-chair" instead. > > In general it's hard for me to believe that there is much of an > interoperability gain from specifying titles in this level of detail, > rather than just allowing advertisers to specify all of their own -- is > there some compelling need to specify this set of values initially? > > = Section 7.1.1.12 = > s/no assumptions regarding relative important/no assumptions regarding > relative importance/ > > = Section 7.1.1.13 = > s/the video Capture MAY contain speech to text information/the video > Capture may contain speech to text information/ > > = Section 7.2.1.1 = > s/MaxCaptures MAY be set to one/MaxCaptures may be set to one/ > > = Section 10 = > s/Optimized implementations MAY speed up the reaction to the > offer/answer exchange/Optimized implementations may speed up the > reaction to the > offer/answer exchange/ > > = Section 10.1 = > s/if the Consumer is an MCU, it MAY choose to receive/if the Consumer is > an MCU, it may choose to receive/ > > s/user choice (for instance, selection of a new layout) MAY result/user > choice (for instance, selection of a new layout) may result > > _______________________________________________ > clue mailing list > clue@ietf.org > https://www.ietf.org/mailman/listinfo/clue >
- [clue] AD evaluation: draft-ietf-clue-framework-22 Alissa Cooper
- Re: [clue] AD evaluation: draft-ietf-clue-framewo… Duckworth, Mark
- Re: [clue] AD evaluation: draft-ietf-clue-framewo… Christian Groves
- Re: [clue] AD evaluation: draft-ietf-clue-framewo… Ron Even