Re: [clue] Stephen Farrell's Discuss on draft-ietf-clue-data-model-schema-15: (with DISCUSS and COMMENT)
Alissa Cooper <alissa@cooperw.in> Wed, 01 June 2016 21:18 UTC
Return-Path: <alissa@cooperw.in>
X-Original-To: clue@ietfa.amsl.com
Delivered-To: clue@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1ABE12D0C5; Wed, 1 Jun 2016 14:18:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cooperw.in header.b=V0gbmkir; dkim=pass (1024-bit key) header.d=messagingengine.com header.b=iUy6ESvc
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n3oOxP4LD6GM; Wed, 1 Jun 2016 14:18:50 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E6BC12B01F; Wed, 1 Jun 2016 14:18:50 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 7C3D020B44; Wed, 1 Jun 2016 17:18:49 -0400 (EDT)
Received: from frontend1 ([10.202.2.160]) by compute3.internal (MEProxy); Wed, 01 Jun 2016 17:18:49 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=UoByt wmwfKtye8LGef0PdMd5fUw=; b=V0gbmkirOe/mToDu8jkbj/Uh/HC1mso9M/luE NeBFXFXHQWfWEZOFFfZtv3Igvi2iTVDLm7S9y8CxTE5Hz0Acn9bSa5OaY1GE8yP3 6sFTO9s4LUhNg5K5ZhNzQp1QL//1i4uGzzWuniJfshUNjKxAHyD5ZXOk59DSkqCG Jly8Nk=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=smtpout; bh=UoBytwmwfKtye8LGef0PdMd5fUw=; b=iUy6E SvcZzf98dvLnyUah9jxhabxE9xw5dBFu/Dp9rsUB9xUd10r8UZHEAu1ew9OexQJ4 IziXpkAvDSh+lkRnDt1STvzAKbTxNAaPtsfwqbImpYuVtNY0WDROnCKl6TmQR0tp POicqtpKtobsphUol0Xdc6Xdv/SNZLlZ2R9LdM=
X-Sasl-enc: quJR/6S9Uddd7olHHEeLLbn60CyTkvzCwpbnIxZwz1RS 1464815929
Received: from dhcp-171-68-20-157.cisco.com (dhcp-171-68-20-157.cisco.com [171.68.20.157]) by mail.messagingengine.com (Postfix) with ESMTPA id 93EB9F2A08; Wed, 1 Jun 2016 17:18:48 -0400 (EDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_5585E326-FF14-438C-9483-06CBC867A9EC"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <20160601193224.16192.23638.idtracker@ietfa.amsl.com>
Date: Wed, 01 Jun 2016 14:18:48 -0700
Message-Id: <3F791257-1EE1-4E07-9406-3E036293FC80@cooperw.in>
References: <20160601193224.16192.23638.idtracker@ietfa.amsl.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.3124)
Archived-At: <http://mailarchive.ietf.org/arch/msg/clue/QbX8iJYA3FKP6Au7PSKFbrlAFsY>
Cc: clue-chairs@ietf.org, CLUE <clue@ietf.org>, IESG <iesg@ietf.org>, draft-ietf-clue-data-model-schema@ietf.org
Subject: Re: [clue] Stephen Farrell's Discuss on draft-ietf-clue-data-model-schema-15: (with DISCUSS and COMMENT)
X-BeenThere: clue@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: CLUE - ControLling mUltiple streams for TElepresence <clue.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/clue>, <mailto:clue-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/clue/>
List-Post: <mailto:clue@ietf.org>
List-Help: <mailto:clue-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/clue>, <mailto:clue-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jun 2016 21:18:53 -0000
> On Jun 1, 2016, at 12:32 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Stephen Farrell has entered the following ballot position for > draft-ietf-clue-data-model-schema-15: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-clue-data-model-schema/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > > There may be no change needed here, but I want to check. > This draft defines no security mechanisms and doens't say > how to interoperably use any security mechanisms. For > example, I don't understand how one might (interoperably) > do RBAC or other "advanced" security mechanisms that are > promised in other CLUE documents. [1] Even worse, I don't > get how one could e.g. use XMLENC to encrypt parts of the > schema here, as that'd (I think) almost certainty have to > have been considered in the design of this schema, but > there's no evidence of that. That seems to end up meaning > that the only security mechanisms that one can use with > CLUE and for which one can currently achieve interop are > transport security mechanisms. That all seems to conflict > with text in the security consideration of the CLUE > protocol draft. So my question to discuss is: other than > transport security, what interoperable security > mechanisms are expected to be defined in CLUE, and where > might I find descriptions of those? Note there was no [1] anywhere else in your ballot, but I’m assuming you are referencing https://tools.ietf.org/html/draft-ietf-clue-protocol-08#section-10 <https://tools.ietf.org/html/draft-ietf-clue-protocol-08#section-10>. If not, please correct me. So, the text in that section of the protocol draft is quite new and is still under discussion in the WG. One of the points of discussion surrounds whether to take the RBAC paragraph out: https://www.ietf.org/mail-archive/web/clue/current/msg04859.html <https://www.ietf.org/mail-archive/web/clue/current/msg04859.html> https://www.ietf.org/mail-archive/web/clue/current/msg04863.html <https://www.ietf.org/mail-archive/web/clue/current/msg04863.html> In any event, I do not expect there to be any further mechanisms defined in CLUE to support what is written there. The expectation is that implementations can use SIP security mechanisms to establish sessions with other participants authorized to receive CLUE information, and they can use transport encryption to protect CLUE information in flight. WG folks should feel free to correct me but there has been no discussion of any kind of finer-grained protections applied to individual schema elements AFAIK. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > - section 25 says: "Indeed, authenticated access is > strongly advisable, especially if you convey information > about individuals (<personalInfo>)..." I don't get the > logic there - it seems incorrect actually. Personal data > usually implies a need for confidentiality and not > authenticated access - what was meant here? Are you using > the term authenticated access to mean more that it does? > (to this reader:-) > Perhaps this would have been clearer if it said “authentication” rather than “authenticated access.” I think the point here is that it is advisable to authenticate the remote endpoint before sending a CLUE message containing <personalInfo> to that endpoint, in the same way it’s advisable to authenticate it before sending media to it. Alissa >
- [clue] Stephen Farrell's Discuss on draft-ietf-cl… Stephen Farrell
- Re: [clue] Stephen Farrell's Discuss on draft-iet… kathleen.moriarty.ietf
- Re: [clue] Stephen Farrell's Discuss on draft-iet… Alissa Cooper
- Re: [clue] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [clue] Stephen Farrell's Discuss on draft-iet… Simon Pietro Romano