[Gen-art] Gen-ART review of draft-ietf-sip-dtls-srtp-framework-05.txt
Suresh Krishnan <suresh.krishnan@ericsson.com> Wed, 05 November 2008 16:55 UTC
Return-Path: <gen-art-bounces@ietf.org>
X-Original-To: gen-art-archive@optimus.ietf.org
Delivered-To: ietfarch-gen-art-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5D3943A67D9; Wed, 5 Nov 2008 08:55:26 -0800 (PST)
X-Original-To: gen-art@core3.amsl.com
Delivered-To: gen-art@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F3CBB3A67D9 for <gen-art@core3.amsl.com>; Wed, 5 Nov 2008 08:55:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.464
X-Spam-Level:
X-Spam-Status: No, score=-6.464 tagged_above=-999 required=5 tests=[AWL=0.135, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jHMAvaMcn90R for <gen-art@core3.amsl.com>; Wed, 5 Nov 2008 08:55:24 -0800 (PST)
Received: from imr2.ericy.com (imr2.ericy.com [198.24.6.3]) by core3.amsl.com (Postfix) with ESMTP id DCCBC3A6858 for <gen-art@ietf.org>; Wed, 5 Nov 2008 08:55:23 -0800 (PST)
Received: from eusrcmw750.eamcs.ericsson.se (eusrcmw750.exu.ericsson.se [138.85.77.50]) by imr2.ericy.com (8.13.1/8.13.1) with ESMTP id mA5GtJJF015366; Wed, 5 Nov 2008 10:55:20 -0600
Received: from eusrcmw750.eamcs.ericsson.se ([138.85.77.53]) by eusrcmw750.eamcs.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Wed, 5 Nov 2008 10:55:19 -0600
Received: from [142.133.10.113] ([142.133.10.113]) by eusrcmw750.eamcs.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Wed, 5 Nov 2008 10:55:19 -0600
Message-ID: <4911CF93.5020400@ericsson.com>
Date: Wed, 05 Nov 2008 11:53:39 -0500
From: Suresh Krishnan <suresh.krishnan@ericsson.com>
User-Agent: Thunderbird 2.0.0.17 (X11/20080925)
MIME-Version: 1.0
To: General Area Review Team <gen-art@ietf.org>, draft-ietf-sip-dtls-srtp-framework@tools.ietf.org
X-OriginalArrivalTime: 05 Nov 2008 16:55:19.0272 (UTC) FILETIME=[48D2B680:01C93F67]
Cc: sip-ads@tools.ietf.org, sip-chairs@tools.ietf.org
Subject: [Gen-art] Gen-ART review of draft-ietf-sip-dtls-srtp-framework-05.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: gen-art-bounces@ietf.org
Errors-To: gen-art-bounces@ietf.org
I am the assigned Gen-ART reviewer for draft-ietf-sip-dtls-srtp-framework-05.txt For background on Gen-ART, please see the FAQ at <http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html>. Please resolve these comments along with any other Last Call comments you may receive. Summary: This draft is almost ready for publication as Proposed Standard, but I have a few comments. Substantial =========== Section 8.1: Responder identity When Bob does not respond with an UPDATE message, his identity is not integrity protected. The draft states that in such case, a MITM attacker may tamper with the fingerprint but Bob would be aware of this. It is not clear to me how Bob would be aware of this. Consider the scenario where an attacker Eve (who can attack both the signaling and media paths) has switched Bob's key fingerprint with hers. She can receive encrypted media coming from Alice, decrypt it for her own use and re-encrypt it for Bob and send it to him. How will Bob detect this tampering? Minor ===== * draft-ietf-avt-dtls-srtp-05 needs to become a Normative reference instead of an informative reference. Section 6.10 has the following text "Implementations of this specification MUST support DTLS-SRTP" making it impossible to implement this spec without implementing DTLS-SRTP. This will also lead to a downref that needs to be called out. * Section 7: Call flow with STUN "Message (6): STUN connectivity-check response Bob -> Alice" Bob is responding to Message 5 instead of Message 3 as stated in the text. Please replace. Editorial ========= * SBC (expand at first use) : Probably add reference to draft-ietf-sipping-sbc-funcs-07 * Section 6.10: s/less highly optimized/less optimized/ Typos ===== Section 1 Para 4: s/sigaling/signaling/ Section 6.7.2: s/appopriate/appropriate/ Section 6.9 Title: s/Encryptions/Encryption/ Section 7 Para 3: s/especialy/especially/ Section 8.6 para 2: s/taht/that/ Appendix A.3. : s/Reusage/Reuse/ Appendix A.18. : s/Negotation/Negotiation/ Cheers Suresh _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Gen-ART review of draft-ietf-sip-dtls-s… Suresh Krishnan