IETF Logo Mail Archive

Re: [secdir] Review of draft-ietf-mmusic-sctp-sdp-22

Paul Wouters <paul@nohats.ca> Fri, 10 February 2017 03:32 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50296129656; Thu, 9 Feb 2017 19:32:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.991
X-Spam-Level:
X-Spam-Status: No, score=-1.991 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XpVunRpmG5i2; Thu, 9 Feb 2017 19:32:41 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 895E7129578; Thu, 9 Feb 2017 19:32:41 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3vKL9g3zFlz3Dh; Fri, 10 Feb 2017 04:32:39 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1486697559; bh=41ItAJCBPu8Y4GNdSkUe64AugKBIen1ZNJ36Nn8rYY0=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=slCOM8j0RCSCK0AZi/mUHPru6llcQWjcW7MumLmWS30EjA+6TzWxr8JKAXYT8owNm F06QC+162aALKyENVP3Tk99IaZUG1CHbAOd5fkw7sSTvFVKKR08WpvT95AqwVS3Q7/ 0Lazuo+v9qV+Pm5ymisq7Wx4PqdvzloHClqiwdwA=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id NlL_y-MJBiUh; Fri, 10 Feb 2017 04:32:37 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Fri, 10 Feb 2017 04:32:37 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 1C8292DEFE9; Thu, 9 Feb 2017 22:32:35 -0500 (EST)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 1C8292DEFE9
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 0473940267E6; Thu, 9 Feb 2017 22:32:34 -0500 (EST)
Date: Thu, 09 Feb 2017 22:32:34 -0500
From: Paul Wouters <paul@nohats.ca>
To: Paul Wouters <pwouters@redhat.com>
Subject: Re: [secdir] Review of draft-ietf-mmusic-sctp-sdp-22
In-Reply-To: <148669725288.8138.2095744202497272272.idtracker@ietfa.amsl.com>
Message-ID: <alpine.LRH.2.20.1702092230300.22742@bofh.nohats.ca>
References: <148669725288.8138.2095744202497272272.idtracker@ietfa.amsl.com>
User-Agent: Alpine 2.20 (LRH 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/hvGbThT-HBNY_I3KkuYM-j1awFA>
Cc: draft-ietf-mmusic-sctp-sdp.all@ietf.org, ietf@ietf.org, mmusic@ietf.org, secdir <secdir@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Feb 2017 03:32:44 -0000

On Thu, 9 Feb 2017, Paul Wouters wrote:

> Subject: [secdir] Review of draft-ietf-mmusic-sctp-sdp-22
> 
> Reviewer: Paul Wouters
> Review result: Has Issues

ouch. The new secdir review submission using file upload really mangled
the whitespace into something unreadable. I've included the original
review txt file here inline to make the review readable. Perhaps Tero
can investigate what's going on here?

Paul



I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.


[Note that I am not well versed in SCTP]

This document defines SDP [RFC4566] protocol identifiers (proto values):
'UDP/DTLS/SCTP' and 'TCP/DTLS/SCTP'.  This specification also specifies
how to use the new proto values with the SDP Offer/Answer mechanism
[RFC3264] for negotiating SCTP-over-DTLS associations.

As this document only defines a method of signaling to use UDP/DTLS/SCTP
or UDP/DTLS/SCTP, there are not specific Security Considerations for this
document, and the Security Considerations correctly points to the documents
that actually implement the UDP/DTLS/SCTP and TCP/DTLS/SCTP protocols.

So from a security point of view, this document is Ready.

I do have some generic concerns and questions I would like to see addressed:

One general issue I have is with the specification of IANA values and punting
some of its meaning. Let me quote an example:

 	NOTE: This specification only defines the usage of the SDP 'max-
 	message-size' attribute when associated with an m- line containing
 	one of the following proto values: 'UDP/DTLS/SCTP' or 'TCP/DTLS/
 	SCTP'.  Usage of the attribute with other proto values needs to be
 	defined in a separate specification.

This type of constraint is not clear and easilly displayed in an IANA registry if
other values are later added to the table. This text is also an example of how
througout the document, items are explicitely "this use is unspecified for now
but other documents may change that". It would have been better to just simply
and clearly state the current specified use, and let future documents handle
updating this document appropriately. This language use makes a lot of decisions
for implementers unclear as these decisions are punted forward in time without
a reference to follow.

Section 4.4.1 states:

 	This specification creates an IANA registry for 'association-usage' values.

I think this should be specified a little more clearly, similar to the IANA section
specification itself. Something like:

 	This specification creates the IANA 'association-usage' registry for SDP Attributes.

Section 4.4.2:

The table contains an error on the <port> entries (UDP instead of TCP). I would personally
change the port parameter value to just "port number for <proto>" or "UDP or TCP port number"

Section 4.5:

I'm unsure if ordering matters, so I am confused by the table ordering in media, proto, port,
and the m= line example ordering media, port proto.

I'm further confused by the table listing colon's, eg "<proto>:" and the m= line not
using colons but spaces. And the following a= lines using colons again. Is this an error,
or this is my lack of familiarity with the used protocols?

Section 5.1:

 	Therefore, if the attribute is not present, the associated m- line MUST be considered invalid.

Is it obvious what one must done when the m- line is considered invalid?

Section 5.2:

 	Leading zeroes MUST NOT be used.

What is the problem with leading zeros? What can go wrong when these are used? Should
an implementor be warned about something specific?

Section 6.1:

 	An SCTP endpoint MUST NOT send a SCTP user message with a message
 	size that is larger than the maximum size indicated by the peer, as
 	it cannot be assumed that the peer would accept such message.

While this tells an implementer what not to do, it does not tell the implementer
what to do when this happens on the receiving end. It would be good to specify
that here as well so that implementors will be reminded to think of this error
handling case.

 	a maximum message size value of zero, it indicates the SCTP endpoint will handle
 	messages of any size, subject to memory capacity etc.

I'm personally not a big fan of 0 meaning infinite, but if this is how other related
specs are handling these values in this way, I can understand doing it here as well.
For instance, not specifying a max-message-size seems more indicative of not having
a max message size. But here that has been defined as meaning 64k. If this usage
would be a precedent, I would recommend to not do this. If this is how these things
are done in this world, then I guess stick to what has already been done in this space.

The table entry in 6.2 lists an email contact for an IANA entry. Why does an IANA
entry need someone's email address as contact? IANA entries normally only refer to
the RFC's that define them, and people are expected to contact the working group
or maybe one of the RFC authors for questions. But putting a name and email address
entry here seems to convey some kind of "ownership" of the IANA entry which I think
is the wrong thing to do.

Section 6.3

    As the usage of multiple SCTP associations on top of a single DTLS
    association is outside the scope of this specification, no mux rules
    are specified for the 'UDP/DTLS/SCTP' and 'TCP/DTLS/SCTP' proto
    values.

Why is this out of scope? If there are good reasons not to do it, should it not
be defined to MUST NOT? If it is out of scope only for now, then it seems that
this document should in fact just specify it so people know how to do it. The
way this is phrased seems to leave the thing hanging in midair, and implememters
might end up doing different things.


Section 7:

    NOTE: While [I-D.ietf-tsvwg-sctp-dtls-encaps] allows multiple SCTP
    associations on top of a single DTLS association, the procedures in
    this specification only support the negotiation of a single SCTP
    association on top of any given DTLS association.

And similar here.

Setion 8:

Similar issues with "the procedures" and with "is out of scope for this"

Section 9.2:

 	This specification does not define semantics for the SDP direction
 	attributes [RFC4566].  Unless semantics of these attributes for an
 	SCTP association usage have been defined, SDP direction attributes
 	MUST be ignored if present.

Why are these attributes not defined in this specification? If there are good
reasons for it not to have been specified, why not change the language to
clearly state these attributes here are invalid and MUST be ignored? If it
is possibly these will be defined in the future (which the current text
suggest might happen) perhaps that specification really belongs in this
document.


Nits:

Through the document, there are paragraphs that start with "NOTE:". I think
those can all be safely removed to increase the readability.

Section 1:

    [I-D.ietf-tsvwg-sctp-dtls-encaps]

This looks but is not a proper reference. (eg there is no link)

    When the 'UDP/DTLS/SCTP' and 'TCP/DTLS/SCTP' proto values, the m-
    line fmt value, identifying the application-layer protocol, MUST be
    registered by IANA.

This sentence does not parse.


Section 6.1

Line wrapping 'TCP/DTLS/
               SCTP'   is best avoided.


Section 9

 	Each can be established and closed without impacting others.

Should that not be "each other" or "the others" (as opposed to "others" being other things far far away)

Section 10.3

[I-D.ietf-mmusic-dtls-sdp] is not a proper reference with link.

Section 12

I would rephrase "The text in the paragraph above" as these indirect references make the text harder
to read.

v2.23.0 | Report a Bug | By Email