tsv-dir review of draft-ietf-xcon-bfcp-connection-04
Black_David@emc.com Tue, 27 March 2007 14:08 UTC
Return-path: <ietf-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HWCLp-00019o-Ii; Tue, 27 Mar 2007 10:08:41 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HUuSD-0003qN-VC; Fri, 23 Mar 2007 20:49:57 -0400
Received: from mexforward.lss.emc.com ([128.222.32.20]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HUuSA-0007om-Kn; Fri, 23 Mar 2007 20:49:57 -0400
Received: from mailhub.lss.emc.com (sesha.lss.emc.com [10.254.144.12]) by mexforward.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id l2O0nmEl021455; Fri, 23 Mar 2007 20:49:48 -0400 (EDT)
Received: from corpussmtp3.corp.emc.com (corpussmtp3.corp.emc.com [10.254.64.53]) by mailhub.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id l2O0nkql024925; Fri, 23 Mar 2007 20:49:47 -0400 (EDT)
From: Black_David@emc.com
Received: from CORPUSMX20A.corp.emc.com ([128.221.62.12]) by corpussmtp3.corp.emc.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 23 Mar 2007 20:49:46 -0400
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 23 Mar 2007 20:49:45 -0400
Message-ID: <F222151D3323874393F83102D614E055068B9132@CORPUSMX20A.corp.emc.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: tsv-dir review of draft-ietf-xcon-bfcp-connection-04
Thread-Index: AcdtrlF7yP7eXFUGRuWBdZFXUpRBTA==
To: ietf@ietf.org, gonzalo.camarillo@ericsson.com
X-OriginalArrivalTime: 24 Mar 2007 00:49:46.0658 (UTC) FILETIME=[51BF5820:01C76DAE]
X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2007.3.23.171934
X-PerlMx-Spam: Gauge=, SPAM=0%, Reason='EMC_BODY_1+ -3, EMC_FROM_0+ -3, NO_REAL_NAME 0, __C230066_P5 0, __CT 0, __CTE 0, __CTYPE_CHARSET_QUOTED 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0'
X-Spam-Score: 0.2 (/)
X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c
X-Mailman-Approved-At: Tue, 27 Mar 2007 10:08:33 -0400
Cc: xcon@ietf.org, Black_David@emc.com, tsv-dir@ietf.org
Subject: tsv-dir review of draft-ietf-xcon-bfcp-connection-04
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org
I've reviewed this document as part of the transport area directorate's ongoing effort to review key IETF documents. These comments were written primarily for the transport area directors, but are copied to the document's authors for their information and to allow them to address any issues raised. This is a relatively straightforward draft about how a client opens a TCP connection to a BFCP server when it has the server's transport address information. Section 3 ventures into the area of IP address selection - it references RFC 3484 (which is good) and then goes on to make additional comments and recommendations on usage and state of deployment of the techniques specified in RFC 3484. While there's nothing technically wrong with this text, the additional comments and recommendations are not specific to BFCP, and may belong in a more generic document. Section 4 starts with "All BFCP entities implement TLS ..." That is correct, as RFC 4582 requires this, but it would be better to cite RFC 4582 as part of this statement, e.g., "[RFC 4582] requires that all BFCP entities implement TLS ..." In the second paragraph of Section 4, I would change "can request the use of TLS" to "SHOULD request the use of TLS". Section 5.1 specifies that SubjectAltName identities in certificates are to be preferred to Subject identities. Is this specific to BFCP or more general? The following text appears to be an oversight: If the client knows the server's IP address, the iPAddress subjectAltName must be present in the certificate and must exactly match the IP address known to the client. The client *always* knows the server's IP address (e.g., DNS returns it). I think the intended case here is that the client contacts the server using the server's IP address and as a result does not know the server's hostname. Rephrasing in that sort of fashion would also express a preference for hostname as certificate identity, which I believe is desirable. Section 6 disturbingly shifts between "password" and "pre-shared key" and appears to get a few things wrong in the process. To begin with, the statement that "TLS PSK mode is subject to offline dictionary attacks." is false when the PSK is high-entropy. OTOH, it is correct when the PSK is low-entropy (e.g., a password, or derived from a password without introduction of additional entropy). The discussion in Section 7.2 of RFC 4279 applies, especially the last paragraph about PSK generation. The section needs to be carefully revised to distinguish between "password" and "pre-shared key", especially given the mention of use of PBKDF2 to generate the latter from the former. Thanks, --David ---------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------- _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- tsv-dir review of draft-ietf-xcon-bfcp-connection… Black_David
- RE: [XCON] Re: tsv-dir review of draft-ietf-xcon-… Brian Rosen
- Re: [XCON] Re: tsv-dir review of draft-ietf-xcon-… Eric Rescorla
- Re: tsv-dir review of draft-ietf-xcon-bfcp-connec… Gonzalo Camarillo
- RE: tsv-dir review of draft-ietf-xcon-bfcp-connec… Black_David
- Re: tsv-dir review of draft-ietf-xcon-bfcp-connec… Gonzalo Camarillo
- RE: tsv-dir review of draft-ietf-xcon-bfcp-connec… Black_David
- Re: tsv-dir review of draft-ietf-xcon-bfcp-connec… Cullen Jennings