Re: [clue] Stephen Farrell's Discuss on draft-ietf-clue-data-model-schema-15: (with DISCUSS and COMMENT)
Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 01 June 2016 21:31 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: clue@ietfa.amsl.com
Delivered-To: clue@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6478512D61C; Wed, 1 Jun 2016 14:31:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.727
X-Spam-Level:
X-Spam-Status: No, score=-5.727 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G1j7uS9UBpuk; Wed, 1 Jun 2016 14:31:49 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67A1C12B01F; Wed, 1 Jun 2016 14:31:49 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id A3A61BE3F; Wed, 1 Jun 2016 22:31:47 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XIndf3uIKwwo; Wed, 1 Jun 2016 22:31:45 +0100 (IST)
Received: from [10.87.48.210] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 6E5C7BE2F; Wed, 1 Jun 2016 22:31:45 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1464816705; bh=G8uK01sBx32ovzlELYmAewW9m4+lbtMqK+nSpc1i234=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=mf7awu/PIsLjMM0nqHh9FmkH1DTnTqCGoIkLclAdeoCz3vHUSsmAHbaj087KLtDpA 35QWa+etkc95f1LIEA3j+SWABmUoRgMG/uG6mXtYDvKyDQ5agiXLDtbCqWoIzNoLRQ zdaI9QRWWgRfYxFSmNJlG/NiQWUXgz8S9uOckKFI=
To: Alissa Cooper <alissa@cooperw.in>
References: <20160601193224.16192.23638.idtracker@ietfa.amsl.com> <3F791257-1EE1-4E07-9406-3E036293FC80@cooperw.in>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <574F5441.6090908@cs.tcd.ie>
Date: Wed, 01 Jun 2016 22:31:45 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <3F791257-1EE1-4E07-9406-3E036293FC80@cooperw.in>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms010307010607060008010507"
Archived-At: <http://mailarchive.ietf.org/arch/msg/clue/YyLLl9AoolZyYRxpAsaCT0k8YEg>
Cc: clue-chairs@ietf.org, CLUE <clue@ietf.org>, IESG <iesg@ietf.org>, draft-ietf-clue-data-model-schema@ietf.org
Subject: Re: [clue] Stephen Farrell's Discuss on draft-ietf-clue-data-model-schema-15: (with DISCUSS and COMMENT)
X-BeenThere: clue@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: CLUE - ControLling mUltiple streams for TElepresence <clue.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/clue>, <mailto:clue-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/clue/>
List-Post: <mailto:clue@ietf.org>
List-Help: <mailto:clue-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/clue>, <mailto:clue-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jun 2016 21:31:52 -0000
Hiya, On 01/06/16 22:18, Alissa Cooper wrote: > >> On Jun 1, 2016, at 12:32 PM, Stephen Farrell >> <stephen.farrell@cs.tcd.ie> wrote: >> >> Stephen Farrell has entered the following ballot position for >> draft-ietf-clue-data-model-schema-15: Discuss >> >> When responding, please keep the subject line intact and reply to >> all email addresses included in the To and CC lines. (Feel free to >> cut this introductory paragraph, however.) >> >> >> Please refer to >> https://www.ietf.org/iesg/statement/discuss-criteria.html for more >> information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found >> here: >> https://datatracker.ietf.org/doc/draft-ietf-clue-data-model-schema/ >> >> >> >> >> ---------------------------------------------------------------------- >> DISCUSS: >> ---------------------------------------------------------------------- >> >> >> >> There may be no change needed here, but I want to check. >> This draft defines no security mechanisms and doens't say how to >> interoperably use any security mechanisms. For example, I don't >> understand how one might (interoperably) do RBAC or other >> "advanced" security mechanisms that are promised in other CLUE >> documents. [1] Even worse, I don't get how one could e.g. use >> XMLENC to encrypt parts of the schema here, as that'd (I think) >> almost certainty have to have been considered in the design of this >> schema, but there's no evidence of that. That seems to end up >> meaning that the only security mechanisms that one can use with >> CLUE and for which one can currently achieve interop are transport >> security mechanisms. That all seems to conflict with text in the >> security consideration of the CLUE protocol draft. So my question >> to discuss is: other than transport security, what interoperable >> security mechanisms are expected to be defined in CLUE, and where >> might I find descriptions of those? > > Note there was no [1] anywhere else in your ballot, but I’m assuming > you are referencing > https://tools.ietf.org/html/draft-ietf-clue-protocol-08#section-10 > <https://tools.ietf.org/html/draft-ietf-clue-protocol-08#section-10>. > If not, please correct me. Sorry, yes that's the bit. > > So, the text in that section of the protocol draft is quite new and > is still under discussion in the WG. One of the points of discussion > surrounds whether to take the RBAC paragraph out: > > https://www.ietf.org/mail-archive/web/clue/current/msg04859.html > <https://www.ietf.org/mail-archive/web/clue/current/msg04859.html> > https://www.ietf.org/mail-archive/web/clue/current/msg04863.html > <https://www.ietf.org/mail-archive/web/clue/current/msg04863.html> > > In any event, I do not expect there to be any further mechanisms > defined in CLUE to support what is written there. The expectation is > that implementations can use SIP security mechanisms to establish > sessions with other participants authorized to receive CLUE > information, and they can use transport encryption to protect CLUE > information in flight. WG folks should feel free to correct me but > there has been no discussion of any kind of finer-grained protections > applied to individual schema elements AFAIK. Fair enough. RBAC and selective field confidentiality for bits of this data model seemed a bit of a stretch goal to me too, but I can imagine some situations where that would be wanted/needed. If interop between a randomly chosen clue-device with such things isn't a priority, that's not crazy. I'll clear the discuss anyway and make this a comment. But if folks do want to argue for such interop then we ought chat about it. The selective field confidentiality thing in particular would I think require some changes to this schema if one wanted that kind of interop, so would be something it'd be way better to talk about now and not punt until later. (Arguably, approving this schema amounts to saying that selective-field-confidentiality won't be supported for this version.) > >> >> >> ---------------------------------------------------------------------- >> >> COMMENT: >> ---------------------------------------------------------------------- >> >> >> >> - section 25 says: "Indeed, authenticated access is >> strongly advisable, especially if you convey information about >> individuals (<personalInfo>)..." I don't get the logic there - it >> seems incorrect actually. Personal data usually implies a need for >> confidentiality and not authenticated access - what was meant here? >> Are you using the term authenticated access to mean more that it >> does? (to this reader:-) >> > > Perhaps this would have been clearer if it said “authentication” > rather than “authenticated access.” I think the point here is that it > is advisable to authenticate the remote endpoint before sending a > CLUE message containing <personalInfo> to that endpoint, in the same > way it’s advisable to authenticate it before sending media to it. I suppose. My guess was that maybe the authors were using it as a short-hand for server-auth-TLS. If so, it might be better to say that, but it's a nit really. Cheers, S. > > Alissa > >> > >
- [clue] Stephen Farrell's Discuss on draft-ietf-cl… Stephen Farrell
- Re: [clue] Stephen Farrell's Discuss on draft-iet… kathleen.moriarty.ietf
- Re: [clue] Stephen Farrell's Discuss on draft-iet… Alissa Cooper
- Re: [clue] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [clue] Stephen Farrell's Discuss on draft-iet… Simon Pietro Romano