Re: [clue] FW: I-D Action: draft-ietf-clue-rtp-mapping-13.txt
Roni Even <roni.even@huawei.com> Sun, 26 February 2017 07:13 UTC
Return-Path: <roni.even@huawei.com>
X-Original-To: clue@ietfa.amsl.com
Delivered-To: clue@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42EDD129535 for <clue@ietfa.amsl.com>; Sat, 25 Feb 2017 23:13:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.222
X-Spam-Level:
X-Spam-Status: No, score=-4.222 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bUFaWkJu3OhF for <clue@ietfa.amsl.com>; Sat, 25 Feb 2017 23:13:17 -0800 (PST)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1DFA12950F for <clue@ietf.org>; Sat, 25 Feb 2017 23:13:16 -0800 (PST)
Received: from 172.18.7.190 (EHLO lhreml702-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DBS48619; Sun, 26 Feb 2017 07:13:14 +0000 (GMT)
Received: from DGGEMM406-HUB.china.huawei.com (10.3.20.214) by lhreml702-cah.china.huawei.com (10.201.108.43) with Microsoft SMTP Server (TLS) id 14.3.301.0; Sun, 26 Feb 2017 07:13:13 +0000
Received: from DGGEMM506-MBX.china.huawei.com ([169.254.3.117]) by DGGEMM406-HUB.china.huawei.com ([10.3.20.214]) with mapi id 14.03.0301.000; Sun, 26 Feb 2017 15:13:05 +0800
From: Roni Even <roni.even@huawei.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>, "clue@ietf.org" <clue@ietf.org>
Thread-Topic: [clue] FW: I-D Action: draft-ietf-clue-rtp-mapping-13.txt
Thread-Index: AQHSjnYLI5E0p0FPFkOsfZCUnmoPx6F64E5w
Date: Sun, 26 Feb 2017 07:13:04 +0000
Message-ID: <6E58094ECC8D8344914996DAD28F1CCD776942@DGGEMM506-MBX.china.huawei.com>
References: <148697819872.24905.9378282459902101772.idtracker@ietfa.amsl.com> <6E58094ECC8D8344914996DAD28F1CCD77374B@DGGEMM506-MBX.china.huawei.com> <8d7ca9a1-b4de-8c3f-833e-c7119c1b7614@ericsson.com>
In-Reply-To: <8d7ca9a1-b4de-8c3f-833e-c7119c1b7614@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.200.201.150]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090201.58B2800A.0081, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.3.117, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 890cbe386ddaebc04e8765caff1669ab
Archived-At: <https://mailarchive.ietf.org/arch/msg/clue/sTxO3Kz9ZUDcGr6_FcwKrEHgqbs>
Subject: Re: [clue] FW: I-D Action: draft-ietf-clue-rtp-mapping-13.txt
X-BeenThere: clue@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: CLUE - ControLling mUltiple streams for TElepresence <clue.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/clue>, <mailto:clue-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/clue/>
List-Post: <mailto:clue@ietf.org>
List-Help: <mailto:clue-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/clue>, <mailto:clue-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Feb 2017 07:13:19 -0000
HI Magnus,
Thanks,
The security consideration when discussing captureID references RFC7941 where it says:
"In RTP sessions where any type of confidentiality protection is
enabled for RTCP, the SDES item header extensions MUST also be
protected. This implies that to provide confidentiality, users of
the Secure Real-time Transport Protocol (SRTP) need to implement and
use encrypted header extensions per [RFC6904]. "
so since we mandate RTCP confidentiality the RTP header extension MUST also be encrypted.
As for the non-traceable I will change to
"CLUE endpoint MUST generate short-term persistent RTCP CNAMES, as
specified in [RFC7022], and thus can't be used for long term tracking of the user."
Any other open issue? I would like to submit what would maybe be the final version
Roni
> -----Original Message-----
> From: Magnus Westerlund [mailto:magnus.westerlund@ericsson.com]
> Sent: יום ו 24 פברואר 2017 10:14
> To: Roni Even; clue@ietf.org
> Subject: Re: [clue] FW: I-D Action: draft-ietf-clue-rtp-mapping-13.txt
>
> Hi,
>
> To be clear, yesterday's posting with remaining issues are applicable on this
> version.
>
> That is actually a shortcoming of RTCWeb Security architecture and there
> exists an tracked issue for it:
>
> https://github.com/rtcweb-wg/security-arch/issues/34
>
> So, yes, I would really like to see the communication security section
> mandate encrypted RTCP. This due to the information included in RTCP about
> the application. The protection profile mandated does imply equal strength
> RTCP protection, but if one uses other profiles it might not be as clear cut. So
> a wording on protecting RTCP at same or similar protection strength to RTP I
> think is motivated.
>
> What I also think is missing in the new text is discussion of RTP header
> extension encryption, i.e. RFC 6904. I thought the conclusion on the capture
> ID is that there is no strong generation requirements to ensure they don't
> contain privacy sensitive information. And it definitely reveals what is
> happening in the application context to third parties.
> Thus, I think encrypting the RTP header extensions would be good practice in
> clue situations.
>
> I also reacted to the use of "untraceable" in this sentence:
>
> CLUE endpoint MUST generate short-term persistent RTCP CNAMES, as
> specified in [RFC7022], resulting in untraceable CNAME values.
>
> The point of them is that they are not long term persistent and thus can't be
> used for long term tracking of the user. Writing "untraceable"
> I would interpret as indicating a stronger user protection then what is actually
> provided.
>
> Cheers
>
> Magnus
>
> Den 2017-02-13 kl. 10:59, skrev Roni Even:
> > Hi,
> > This new version is submitted to address Magnus and Ben comments.
> > There is a new section Communication security that specifies normative
> security for CLUE media.
> > The security consideration is just considerations and added text about
> > the CaptureID There are also some editorial and nits changes Roni
> >
> >
> > -----Original Message-----
> > From: clue [mailto:clue-bounces@ietf.org] On Behalf Of
> > internet-drafts@ietf.org
> > Sent: יום ב 13 פברואר 2017 11:30
> > To: i-d-announce@ietf.org
> > Cc: clue@ietf.org
> > Subject: [clue] I-D Action: draft-ietf-clue-rtp-mapping-13.txt
> >
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> > This draft is a work item of the ControLling mUltiple streams for
> tElepresence of the IETF.
> >
> > Title : Mapping RTP streams to CLUE Media Captures
> > Authors : Roni Even
> > Jonathan Lennox
> > Filename : draft-ietf-clue-rtp-mapping-13.txt
> > Pages : 14
> > Date : 2017-02-13
> >
> > Abstract:
> > This document describes how the Real Time transport Protocol (RTP) is
> > used in the context of the CLUE protocol (ControLling mUltiple
> > streams for tElepresence). It also describes the mechanisms and
> > recommended practice for mapping RTP media streams defined in
> Session
> > Description Protocol (SDP) to CLUE Media Captures and defines a new
> > RTP header extension (CaptureId).
> >
> >
> > The IETF datatracker status page for this draft is:
> > https://datatracker.ietf.org/doc/draft-ietf-clue-rtp-mapping/
> >
> > There's also a htmlized version available at:
> > https://tools.ietf.org/html/draft-ietf-clue-rtp-mapping-13
> >
> > A diff from the previous version is available at:
> > https://www.ietf.org/rfcdiff?url2=draft-ietf-clue-rtp-mapping-13
> >
> >
> > Please note that it may take a couple of minutes from the time of
> submission until the htmlized version and diff are available at tools.ietf.org.
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
> > _______________________________________________
> > clue mailing list
> > clue@ietf.org
> > https://www.ietf.org/mailman/listinfo/clue
> >
> > _______________________________________________
> > clue mailing list
> > clue@ietf.org
> > https://www.ietf.org/mailman/listinfo/clue
> >
> -
>
> --
>
> Magnus Westerlund
>
> ----------------------------------------------------------------------
> Services, Media and Network features, Ericsson Research EAB/TXM
> ----------------------------------------------------------------------
> Ericsson AB | Phone +46 10 7148287
> Färögatan 6 | Mobile +46 73 0949079
> SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
> ----------------------------------------------------------------------
- [clue] I-D Action: draft-ietf-clue-rtp-mapping-13… internet-drafts
- [clue] FW: I-D Action: draft-ietf-clue-rtp-mappin… Roni Even
- Re: [clue] FW: I-D Action: draft-ietf-clue-rtp-ma… Paul Kyzivat
- Re: [clue] I-D Action: draft-ietf-clue-rtp-mappin… Ben Campbell
- Re: [clue] FW: I-D Action: draft-ietf-clue-rtp-ma… Magnus Westerlund
- Re: [clue] FW: I-D Action: draft-ietf-clue-rtp-ma… Paul Kyzivat
- Re: [clue] FW: I-D Action: draft-ietf-clue-rtp-ma… Roni Even
- Re: [clue] FW: I-D Action: draft-ietf-clue-rtp-ma… Roni Even
- Re: [clue] FW: I-D Action: draft-ietf-clue-rtp-ma… Magnus Westerlund
- Re: [clue] FW: I-D Action: draft-ietf-clue-rtp-ma… Roni Even
- Re: [clue] FW: I-D Action: draft-ietf-clue-rtp-ma… Magnus Westerlund
- Re: [clue] FW: I-D Action: draft-ietf-clue-rtp-ma… Paul Kyzivat