Re: [Ecrit] Roman Danyliw's Discuss on draft-ietf-ecrit-data-only-ea-21: (with DISCUSS and COMMENT)
Brian Rosen <br@brianrosen.net> Mon, 09 March 2020 21:06 UTC
Return-Path: <br@brianrosen.net>
X-Original-To: ecrit@ietfa.amsl.com
Delivered-To: ecrit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00FBA3A1790 for <ecrit@ietfa.amsl.com>; Mon, 9 Mar 2020 14:06:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.887
X-Spam-Level:
X-Spam-Status: No, score=-1.887 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=brianrosen-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W258vguxEOvf for <ecrit@ietfa.amsl.com>; Mon, 9 Mar 2020 14:06:52 -0700 (PDT)
Received: from mail-yw1-xc2a.google.com (mail-yw1-xc2a.google.com [IPv6:2607:f8b0:4864:20::c2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53C6A3A1768 for <ecrit@ietf.org>; Mon, 9 Mar 2020 14:06:52 -0700 (PDT)
Received: by mail-yw1-xc2a.google.com with SMTP id x5so10739730ywb.13 for <ecrit@ietf.org>; Mon, 09 Mar 2020 14:06:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brianrosen-net.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=6SOk8UGofwUYFpuqilD6cpVaXOQB1MOodJk5/atDOSQ=; b=1DcfTt6rn2cdpiFE10PcCd8jUgpOB5HeV7+0ZeAbbfDKQaC0DDtN2NdwaPhbgQNaXm ax0wF2CMEoPYiF8pLQabMNw2SHiuAWTO21VAnVw9E+9D3C7iZ0CrohXnYUQ8u4F1tFkN WBCZcvVTkbWQ84SbocTf+yZsnJhNPbBz+bjz74BFekBL/ewBBj7b858McNm58CJs9ApT XkqZMlMHgyK1sEGR4weToVYj56TB0Fg4OLlT5l6CIzMMKWCgvwCcEjUJ96WgjohQeDDU 8q2KjbVJyFafAx7ENeJ4APYWCfYjBFpYKaYuAni20Trcf/n7GD9ThP/iT5fFzpyOJOCL n5Ow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=6SOk8UGofwUYFpuqilD6cpVaXOQB1MOodJk5/atDOSQ=; b=uXFvXDKTxpiTXr9fWSuGHHUYmEM+LrxIJ5COEhgzw8Wo1A1cikiRt3E4XP/NNWHLfh 2Rh74s7bkpa9PXhHGAEkYUtb3TufsfaIG2rfwzFoLFbkFqy/9OuiHCFMpmkQoeKZpJI8 AXOwq2KxJiHtstpvgMwukg5QAs57qbsDTZimqGS161WPDQ2AQ7A9K+cW4CdJM5m4KODL vLIbP8dJZnP6oskaoJSMma7TVkK+FpM1+xAm5Hc4m6ic/z90QUPIQkqV9DTI6jwTyLk3 HsO1CNwY+pkl7uux4TvvR1ovGkCIDkNTbYE4Jfs4mmTIW/Iea9He2HeeFDDyIOL1GC9t PR7g==
X-Gm-Message-State: ANhLgQ2/XS9KReapfE19+cj05Y0YU4xrRYfJsvnYlq7MWsdXtdYMboU7 eOKT/8XnUE1TF5/PKXtGu5qhp2Agf/uEsg==
X-Google-Smtp-Source: ADFU+vtYh107FgIgDJXiSd/sysKL7LX+2jpTc0A9pExTJuXqc5SCPHr/P2UqlUriBrLJovOB0AXOHA==
X-Received: by 2002:a81:4ed8:: with SMTP id c207mr20187955ywb.188.1583788010928; Mon, 09 Mar 2020 14:06:50 -0700 (PDT)
Received: from brians-mbp-2871.lan ([72.23.94.147]) by smtp.gmail.com with ESMTPSA id u84sm3515609ywb.26.2020.03.09.14.06.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 Mar 2020 14:06:50 -0700 (PDT)
From: Brian Rosen <br@brianrosen.net>
Message-Id: <14047770-28BE-4EB2-8866-D12D5B5C3771@brianrosen.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_D91AEEBC-CC05-48FC-AB6A-036422147861"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.40.2.2.4\))
Date: Mon, 09 Mar 2020 17:06:49 -0400
In-Reply-To: <4C966190-8F2F-42EB-BD24-60D90C86F2EA@brianrosen.net>
Cc: Adam Roach <adam@nostrum.com>, The IESG <iesg@ietf.org>, Allison Mankin <allison.mankin@gmail.com>, "ecrit-chairs@ietf.org" <ecrit-chairs@ietf.org>, "ecrit@ietf.org" <ecrit@ietf.org>, "draft-ietf-ecrit-data-only-ea@ietf.org" <draft-ietf-ecrit-data-only-ea@ietf.org>
To: Roman Danyliw <rdd@cert.org>
References: <158318494177.27467.10769075669362560529@ietfa.amsl.com> <227ba0d7-8ace-2ad2-c28c-e74996210c4e@nostrum.com> <359EC4B99E040048A7131E0F4E113AFC0216F60CEA@marchand> <4C966190-8F2F-42EB-BD24-60D90C86F2EA@brianrosen.net>
X-Mailer: Apple Mail (2.3608.40.2.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ecrit/LR8vk3z29nnCp67h2O1i3e_Vw88>
Subject: Re: [Ecrit] Roman Danyliw's Discuss on draft-ietf-ecrit-data-only-ea-21: (with DISCUSS and COMMENT)
X-BeenThere: ecrit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ecrit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ecrit>, <mailto:ecrit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ecrit/>
List-Post: <mailto:ecrit@ietf.org>
List-Help: <mailto:ecrit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2020 21:07:03 -0000
I hope I got all your comments fixed in -22 https://tools.ietf.org/html/draft-ietf-ecrit-data-only-ea-22 Brian > On Mar 2, 2020, at 5:24 PM, Brian Rosen <br@brianrosen.net> wrote: > > I’ll add Adam’s suggested language. > > WRT the first issue: URIs to untrusted entities, I note that there is no discussion of untrusted entities in Section 7 of RFC 3986. There is discussion of misleading URIs. If I added text to the security section that read: > > When the CAP message is passed by reference, the recipients of the MESSAGE may not have a trust relationship with the sender. Recipients MUST take precautions in retrieving the CAP message because the URI may point to a malicious actor. > > Would that satisfy your concerns? > > I will also fix the nits. > >> On Mar 2, 2020, at 4:51 PM, Roman Danyliw <rdd@cert.org <mailto:rdd@cert.org>> wrote: >> >> Hi Adam! >> >>> -----Original Message----- >>> From: Adam Roach <adam@nostrum.com <mailto:adam@nostrum.com>> >>> Sent: Monday, March 02, 2020 4:45 PM >>> To: Roman Danyliw <rdd@cert.org <mailto:rdd@cert.org>>; The IESG <iesg@ietf.org <mailto:iesg@ietf.org>> >>> Cc: allison.mankin@gmail.com <mailto:allison.mankin@gmail.com>; ecrit-chairs@ietf.org <mailto:ecrit-chairs@ietf.org>; ecrit@ietf.org <mailto:ecrit@ietf.org>; draft- >>> ietf-ecrit-data-only-ea@ietf.org <mailto:ietf-ecrit-data-only-ea@ietf.org> >>> Subject: Re: Roman Danyliw's Discuss on draft-ietf-ecrit-data-only-ea-21: >>> (with DISCUSS and COMMENT) >>> >>> On 3/2/2020 3:35 PM, Roman Danyliw via Datatracker wrote: >>>> Section 9. Per “To provide protection of the entire SIP message >>>> exchange between neighboring SIP entities, the usage of TLS is >>>> REQUIRED.”, can you please provide guidance on how to use TLS. >>> >>> >>> I think the strong implication here is that TLS is to be used in the same way >>> that TLS is used in other SIP applications (in the same way that an HTTP >>> document saying "MUST use TLS" is pretty clearly saying to use HTTPS as per >>> the existing HTTP RFCs). >>> >>> Unfortunately, the TLS handling for SIP is mixed into RFC 3261 all _over_ the >>> place, so there's not anything particularly comprehensive to point to. The >>> best that I think could be said would be something along the lines of "...the >>> usage of TLS, as described in section 26 of [RFC3261], is REQUIRED." >>> >>> Would that satisfy your concern? >> >> I can appreciate this difficulty. Sounds good to me. >> >> Roman >
- [Ecrit] Roman Danyliw's Discuss on draft-ietf-ecr… Roman Danyliw via Datatracker
- Re: [Ecrit] Roman Danyliw's Discuss on draft-ietf… Adam Roach
- Re: [Ecrit] Roman Danyliw's Discuss on draft-ietf… Roman Danyliw
- Re: [Ecrit] Roman Danyliw's Discuss on draft-ietf… Brian Rosen
- Re: [Ecrit] Roman Danyliw's Discuss on draft-ietf… Brian Rosen