Re: Genart last call review of draft-campbell-sip-messaging-smime-03
Ben Campbell <ben@nostrum.com> Tue, 09 October 2018 16:55 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 315D4131332; Tue, 9 Oct 2018 09:55:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.879
X-Spam-Level:
X-Spam-Status: No, score=-1.879 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KGXU4z-VAjUY; Tue, 9 Oct 2018 09:55:32 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7141B13126C; Tue, 9 Oct 2018 09:55:29 -0700 (PDT)
Received: from [10.0.1.27] (cpe-70-122-203-106.tx.res.rr.com [70.122.203.106]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id w99GtQRt013942 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 9 Oct 2018 11:55:26 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-70-122-203-106.tx.res.rr.com [70.122.203.106] claimed to be [10.0.1.27]
From: Ben Campbell <ben@nostrum.com>
Message-Id: <2B90D592-7D23-4BC9-8F1A-2D1498C825BA@nostrum.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_F7389D4C-872C-440C-B76F-E5631BAC8AF4"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\))
Subject: Re: Genart last call review of draft-campbell-sip-messaging-smime-03
Date: Tue, 09 Oct 2018 11:55:25 -0500
In-Reply-To: <153905382541.18578.5868847330566894521@ietfa.amsl.com>
Cc: gen-art@ietf.org, draft-campbell-sip-messaging-smime.all@ietf.org, ietf@ietf.org
To: Peter Yee <peter@akayla.com>
References: <153905382541.18578.5868847330566894521@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3445.100.39)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/h7mazKPdXiDVOJPjp8Q29rGd_aA>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Oct 2018 16:55:35 -0000
Hi Peter, thanks for your review. Please see inline: Ben. > On Oct 8, 2018, at 9:57 PM, Peter Yee <peter@akayla.com> wrote: > > Reviewer: Peter Yee > Review result: Ready with Nits > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > Document: draft-campbell-sip-messaging-smime-03 > Reviewer: Peter Yee > Review Date: 2018-10-08 > IETF LC End Date: 2018-10-10 > IESG Telechat date: 2018-10-25 > > Summary: This draft updates and clarifies the use of S/MIME with SIP and MSRP > to provide end-to-end message protection. A few nits should be corrected and > there are a couple of requests listed as minor issues, but those can be safely > ignored. [Ready with nits] > > Major issues: None > > Minor issues: > > Section 10/Appendix A: It would be good to supply the private keys used for > signing and encryption in the example messages so that implementers can test > the correctness of their implementations against the RFC. As it stands, the > examples mostly serve to show format. The purpose was in fact to show format. We did not mean these to be test vectors, and I don’t think this draft is the right place for that. At best, we would be showing the output of a particular version of OpenSSL. > > Page 22, 2nd full paragraph, 2nd sentence: mention is made of information that > would have otherwise been encrypted. It's not clear how use of S/MIME is > inducing that information to be sent in the clear rather than encrypted. > Perhaps a brief explanation would help rather than relying on "certain cases”. The point is that the the intermediaries insert cleartext metadata that includes information that the sending client might have preferred to be encrypted. How about the following: OLD: Certain messaging services, for example those based on CPM and RCS, may include intermediaries that attach metadata to user generated messages. In certain cases this metadata may reveal information to third parties that would have otherwise been encrypted. Implementors and operators should consider whether this metadata may create privacy leaks. Such an analysis is beyond the scope of this document. NEW: Certain messaging services, for example those based on CPM and RCS, may include intermediaries that attach metadata to user generated messages. In some cases this metadata may include information that the sender might have preferred not to send in clear text. Operators should consider whether this metadata may create privacy leaks. Such an analysis is beyond the scope of this document. > > Nits/editorial comments: I will fix the editorial issues, save one on which I have commented below: > > Page 1, header: remove "RFC" in three places in the "Updates" header. (Run > idnits nad read through the output. There's more.) > > Page 3, Section 1, 5th paragraph, last sentence: append a comma after "RFC > 3428". > > Page 4, Section 3, 1st paragraph, 1st sentence: change "SIP based" to > "SIP-based". > > Page 4, Section 3, 4th paragraph, delete an extraneous space before "already". > > Page 5, 1st paragraph, 1st sentence: change "send" to "sent". > > Page 5, 2nd paragraph: append "to" after "intended". > > Page 7, 2nd paragraph after "id-aes128-CBC", 1st sentence: append algorithm > after "AES-128-WRAP" *or* change "AES-128-WRAP" to "AES-128 wrap" as given in > RFC 3565. > > Page 7, 3rd paragraph after id-aes128-wrap, 2nd sentence: append "algorithm" > after (ECDH). Do something similar for the next two sentences. > > Page 7, Secion 4.3, 1st sentence: expand UAC here on first use. > > Page 8, section 4.4.1, 1st paragraph: insert "as" before "a SIP URI". > > Page 9, 6th paragraph: change "received" to "receive". > > Page 9, 8th paragraph: change "out of band" to "out-of-band". > > Page 10, Section 7.3, 1st paragraph, last sentence: insert a double quote > before "Unsupported". > > Page 12, Section 8.3, 3rd paragraph, 2nd to last sentence: change "s/mime" to > "S/MIME". > > Page 13, Section 8.4, 2nd paragraph, 2nd sentence: change "answer" to > "answerer". > > Page 13, Section 8.4, 2nd paragraph, 3rd sentence: delete duplicated "the". > > Page 13, Section 8.5, 1st paragraph, 2nd sentence: delete duplicated "since". > > Page 14, 1st full paragraph, last sentence: change "Intant" to "Instant". > > Page 14, Section 9.2, 1st sentence: append a space after "mechanism". > > Page 15, Section 10, 1st paragraph, 3rd sentence: join "over" and "running" > into a single word. > > Page 15, Section 10, 2nd paragraph: if you wish to be historically correct, > insert "Mr." before "Watson". That would, however, cause a painful exercise in > regenerating the examples, so feel free to ignore this suggestion. We will fix this if we find other reasons to regenerate the example, but otherwise we will exercise the option to ignore for the reason you mentioned :-) > > Page 15, section 10.1, 1st paragraph, 2nd sentence: change "a" to "an" unless > "smime" is not pronounced "ess-mime". > > Page 22, 1st partial paragraph, last sentence: change "vulnerabile" to > "vulnerable". >