Re: [Gen-art] [Perc] Genart last call review of draft-ietf-perc-srtp-ekt-diet-09
Alissa Cooper <alissa@cooperw.in> Wed, 20 February 2019 22:41 UTC
Return-Path: <alissa@cooperw.in>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1551130E63; Wed, 20 Feb 2019 14:41:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=E/Ep6uJf; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=FfMkICoI
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JHtVr5E7flM9; Wed, 20 Feb 2019 14:41:29 -0800 (PST)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B809512D7EA; Wed, 20 Feb 2019 14:41:29 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id BE25D31B4; Wed, 20 Feb 2019 17:41:28 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute7.internal (MEProxy); Wed, 20 Feb 2019 17:41:29 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h= from:message-id:content-type:mime-version:subject:date :in-reply-to:cc:to:references; s=fm2; bh=5Wslj8eYe08EnDrMxXkFqMn XcnhDIsF/sgNeALAW0s0=; b=E/Ep6uJfFPNtrn1HYl7QITKJQG8JokckhsRNbUJ +/IekwAYJSiv0kDo7uhIGa0HB8TMFeUgdzOzo21cfIac0LoGo5mS3bxv+O5Wj1NK 8Aj5h7V8Y9hroHmksz0SDEqEzueLRCs/U/kDF2hct6FKh4TPhPnU2UMIESL3uXkA DX1dJK0Xt/0sHayNNu0gFGLmQkaVG1i2Wior20JMvBD9JpxSFGMNHnv6lOqxLfIE di7QtgskgpsVl/72Vch6XD/WirqlEyF+2vsXKwTf1+Ks+nG1UHpEIGpKR6/BNxZ3 htDh4gSKPFcBdhZ8wwTiMPD7ldafKJGvgT8ZUAMdUIqYmqg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=5Wslj8 eYe08EnDrMxXkFqMnXcnhDIsF/sgNeALAW0s0=; b=FfMkICoIa19gDZFnoNTU91 e8JcZFQMylP7VBPIAQmKRzEMONGMq4MQbbxT20O3b0rtVwRMbYPULInZc/fUr+CF 3BZdQ2uDNbjJbQsgq+ATZNX1finDKtaniBud4TBMPCy1bv0VDXJtLKuUnKhpH0AL i3xmufJS/ZGrR4cOOC3ko+N/aWFWrdZdLoeq3x6elha7X6Bp8RyCNcJemoY5siTu WApB5d7R+MRZgpiFOt72tTTCwhL5e3AxXkQYVUpd/iLM3I6zvIyb7gKJ2x3zaGHr CFeTvJz89LJE6BsPJxseno7cRw8LYO2o2KyLYYN/JKiu6i6OclXY/jry2wd3LXDg ==
X-ME-Sender: <xms:l9dtXHIp2aHLb0xWldTzq2WFGFQRgYkxvQzV9mghUBCp4U-W9cdN_w>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtdejucdltddurdegtdelrddttddmucetuf doteggodetrfdotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfquhhtnecuuegr ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug hrpefhkfgtggfuffgjvfhfofesrgdtmherhhdtvdenucfhrhhomheptehlihhsshgrucev ohhophgvrhcuoegrlhhishhsrgestghoohhpvghrfidrihhnqeenucffohhmrghinhepgh hithhhuhgsrdgtohhmpdhivghtfhdrohhrghenucfkphepuddtgedrudehfedrvddvgedr udeileenucfrrghrrghmpehmrghilhhfrhhomheprghlihhsshgrsegtohhophgvrhifrd hinhenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:l9dtXMxw2ln_2VkHyev4bVLP5cR1e5V9taELPKKUgaujPDFeiznj8A> <xmx:l9dtXOb4WguKnUHC0l41mboSd9ZAFgzJh3L_D68F1v0mL2W7iVtzfA> <xmx:l9dtXI71WTE-h07cBNHS_O3EglKOebqWUiUCpWDRXe7az04xf7DtIg> <xmx:mNdtXPm4ZpR5DbH3KBGDFRODE3fv7CLdppjxUjJtnKgAn2JiEfWhww>
Received: from [172.19.249.51] (unknown [104.153.224.169]) by mail.messagingengine.com (Postfix) with ESMTPA id 0DA1510310; Wed, 20 Feb 2019 17:41:21 -0500 (EST)
From: Alissa Cooper <alissa@cooperw.in>
Message-Id: <0E76378A-3129-4801-8C13-66184E295CCF@cooperw.in>
Content-Type: multipart/alternative; boundary="Apple-Mail=_5AD1B654-74D2-4BDB-88A0-E8E8826C3F44"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Wed, 20 Feb 2019 17:41:13 -0500
In-Reply-To: <CAL02cgSgdSpwkjDekt+8pFhQeojE75jhrBbyfXi9_1=0Vgogxw@mail.gmail.com>
Cc: IETF Gen-ART <gen-art@ietf.org>, perc@ietf.org, draft-ietf-perc-srtp-ekt-diet.all@ietf.org
To: Richard Barnes <rlb@ipv.sx>, Christer Holmberg <christer.holmberg@ericsson.com>
References: <154007316490.13794.11476150183128445420@ietfa.amsl.com> <CAL02cgSgdSpwkjDekt+8pFhQeojE75jhrBbyfXi9_1=0Vgogxw@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/Pa05NbDemjKgal5RXbEg45spUaY>
Subject: Re: [Gen-art] [Perc] Genart last call review of draft-ietf-perc-srtp-ekt-diet-09
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2019 22:41:33 -0000
Christer, thanks for your review. Richard, thanks for your responses. I entered a No Objection ballot. Alissa > On Feb 7, 2019, at 3:18 PM, Richard Barnes <rlb@ipv.sx> wrote: > > Hi Christer, > > Sorry, just now seeing this. Responses inline. PR here: > > https://github.com/ietf/perc-wg/pull/165 <https://github.com/ietf/perc-wg/pull/165> > > --RLB > > On Sat, Oct 20, 2018 at 6:06 PM Christer Holmberg <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com>> wrote: > Reviewer: Christer Holmberg > Review result: Ready with Issues > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>>. > > Document: draft-ietf-perc-srtp-ekt-diet-09 > Reviewer: Christer Holmberg > Review Date: 2018-10-20 > IETF LC End Date: 2018-11-01 > IESG Telechat date: Not scheduled for a telechat > > Summary: The document is well written, and easy to read. But, I think some > things still need to be clarified. I also have some editorial modification > suggestions. > > Major issues: > -------------- > > Q1_1: > > The text in section 1 says that EKT removes the need for co-ordinating SSRCs, > and that an endpoint can choose whatever value it wants. > > However, I can't find any explanation on how EKT removes that need. > > The answer is toward the end of the introduction: "EKT does not control the manner in which the SSRC is generated..." -- it just makes the distribution of security information easier.. I extended that paragraph to clarify. > > > Q1_3: > > The text in section 1 says that EKT is not intended to replace key > establishment mechanisms, but to "be used in conjunction". > > However, there is no description on how that works in conjunction with existing > mechanisms (e.g., together with SDP Offer/Answer), and whether existing > mechanisms need to be modified in order to work in conjunction with EKT. > > Section 5.3 does say that the SDP O/A exchange is not affected. If that is > true, then you need to describe how SSRC values etc signalled in SDP relate to > values signalled using EKT, what happens if there are mismatches etc. > > This document only defines one such augmentation -- the integration with DTLS-SRTP. I extended the relevant part of the introduction to say this. > > > Minor issues: > -------------- > > Q1_2: > > The text in section 1 says: > > "However, there are several cases in which conventional signaling systems > cannot easily provide all of the coordination required." > > I think some examples would be useful. > > Disagree. > > Q1_4: > > The text in section 1 says that providing SSRCs etc using signaling systems > cause layer violations. > > Is this layer violation described somewhere? If so, I think a reference would > be useful. > > I just deleted this sentence.. It wasn't adding much. > > > Q4-2_1: > > The text in section 4.2 says: > > "All of the received EKT parameter sets SHOULD be stored by all of the > participants in an SRTP session, for use in processing inbound SRTP > and SRTCP traffic." > > What is the reason for SHOULD, instead of MUST? What happens if an endpoint > does NOT store the EKT parameter sets? > > I think the SHOULD here is to allow, e.g., cache management. Clarified the consequences. > > > Q4-2-1_2: > > The text in section 4.2.1 says: > > "Outbound packets SHOULD continue to use the old SRTP Master Key for > 250 ms after sending any new key." > > What is the reason for SHOULD, instead of MUST? > > I don't think this should be a MUST. For example, how accurately are you going to measure compliance? If the change-over is 10ms short 10% of the time, is the endpoint out of compliance. Plus, there's minimal interop impact; this just helps things go smoothly. > > > Q4-3_2: > > The text in section 4.3 says: > > "Section 4.2.1 recommends that SRTP senders continue using an old key > for some time after sending a new key in an EKT tag." > > The text in section 4.2.1 contains a SHOULD, so it is more than a > recommendation. > > According to RFC 2119, a SHOULD is precisely a recommendation: > > """ > 3. SHOULD This word, or the adjective "RECOMMENDED", mean that there > may exist valid reasons in particular circumstances to ignore a > particular item, but the full implications must be understood and > carefully weighed before choosing a different course. > """ > > https://tools.ietf.org/html/rfc2119#section-3 <https://tools.ietf.org/html/rfc2119#section-3> > > > Nits/editorial comments: > -------------------------- > > Q1_5: > > I think Section 1 should also indicate that EKT is an DTLS extension, similar > to the Abstract. Otherwise, when you say that EKT is a way to distribute > information, it is unclear why EKT doesn't violate layers. > > Done. > > > I think that Section 2 (Overview) could be combined with Section 1 > (Introduction). Introduction sections in RFCs typically provide both > background, problem statement and an overview of the mechanism - and sometimes > also the document structure. > > Disagree. > > Q4_1: > > The text in section 4.1 says: > > "EKT MUST NOT be used in conjunction with SRTP's MKI (Master Key > Identifier) or with SRTP's <From, To> [RFC3711], as those SRTP > features duplicate some of the functions of EKT. Senders MUST NOT > include MKI when using EKT. Receivers SHOULD simply ignore any MKI > field received if EKT is in use." > > I suggest to put this text in a dedicated Applicability section. > > Disagree. > > Q4-1_1: > > The text in section 4.1 says: > > "Together, these data elements are called an EKT parameter set. Each > distinct EKT parameter set that is used MUST be associated with a > distinct SPI value to avoid ambiguity." > > I suggest to defined "EKT parameter set" in the same way as the other > terminology. I.e., > > "EKT parameter set: The parameters indicated by the SPI" > > .....or something like that. > > There's not a terminology section, so I didn't do exactly what you say. But I pulled this out into a separate section so that it doesn't interrupt the flow, and clarified that the SPI-params association is set up by the DTLS-SRTP extension. > > > Q4-2-1_1: > > For the section names of sections 4.2.1 and 4.2.2, I suggest to talk about > sending/transmitting and receiving instead of inbound and outbound. > > Disagree > > Q4-3_1: > > In section 4.3, I think the name of the section ("Implementation Notes") is a > little confusing. Also, is there a reason why the text is not in section 4.2.1 > and/or 4.2.2? > > Just folded this into section 4.2.2. > > > Q4-4_1: > > Sections 4.4 and 4.4.1 have the same section names. Please change one of them > (e.g., change 4.4.1 to "Default Cipher"). > > Changed to "AES Key Wrap" > > > Q4-6_1: > > I think the text in section 4.6 should be placed in the Applicability section I > suggested earlier (Q4_1). > > Merged it into section 4. > > > Q5_1: > > In section 5, I suggest to change the section name to "DTLS-SRTP > Considerations". > > Disagree. > > > > _______________________________________________ > Perc mailing list > Perc@ietf.org <mailto:Perc@ietf.org> > https://www.ietf.org/mailman/listinfo/perc <https://www.ietf.org/mailman/listinfo/perc> > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Genart last call review of draft-ietf-p… Christer Holmberg
- Re: [Gen-art] [Perc] Genart last call review of d… Richard Barnes
- Re: [Gen-art] [Perc] Genart last call review of d… Alissa Cooper