Re: [MMUSIC] WGLC on draft-ietf-mmusic-sdp-uks-03

"Martin Thomson" <mt@lowentropy.net> Fri, 01 March 2019 06:47 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 406DD12D4ED; Thu, 28 Feb 2019 22:47:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=hFTvbDKG; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=pgw/HnTv
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UB2mVQsRUs-s; Thu, 28 Feb 2019 22:47:19 -0800 (PST)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D25731274D0; Thu, 28 Feb 2019 22:47:19 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id BEFA935C9; Fri, 1 Mar 2019 01:47:18 -0500 (EST)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Fri, 01 Mar 2019 01:47:19 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=message-id:in-reply-to:references:date:from:to:cc:subject :content-type; s=fm1; bh=dKto89BCk4enrp+D4LX3Ao1Je2VOfw9dGsvwejM 8tQM=; b=hFTvbDKGDLewl4H1RrlQL+OTQsr2lmsZ/LeaArtLJVwvD+ScaA+c2nt w9WwHPUyuhgSvA6CPubQvD6o9XUIQX+gho3iY2y5ZmSEt9GP4XFQ5MdIM+T5MMzx E30FvNG8S6ljMjLg38venvxvU/xZYc064nHa1d8wyw/zOMTXncLf2t9O6hfUm+zp 4bDVML3l86FbkXkKUFgLirV+81QPJwdHCQrlxNE8zTEM0qhvZI3TVUotF7gjd5vy hgZhMcKfoqNuC7nzgPgtm/mTNj7NJvAk6vw5pRT1ECZGAAjBd8pfzRDuNZ5uqQeF 3vGc4LxXU3X8m6TRxjewnsx3EBf8s8A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:references:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=dKto89BCk4enrp+D4 LX3Ao1Je2VOfw9dGsvwejM8tQM=; b=pgw/HnTvTl52UoU4+vQMUkbIu9nwXAbvr yED/KbmElh2JPj6y8KJeyZw2j1qmM9P6wZuUiOaV5MnMS93HQRy2ikrKQOmhY6Gr pl4qVb3HGe4hj2QTq9HxAAOLoISZGFlO8s3l3Hba3V+wDT58YZhbhCjex5IxW09I 744DhaNz3HVrYJPs59DWDh10cn+TXZBS9a1rXRbyiZSaqMJoBUBywpiERbfRH7dD RsZ53Kp5THnsV1UJF8X3xY7SaUbY2Cda9TUHDAmqTvfYl8Xcl5lJ5Hl/hIgU8ETX tO2VkANzSQ0xIGGyYQBiTK7NsdgIScjA77YgCzFyd4gGF6s9zfvqw==
X-ME-Sender: <xms:ddV4XNVvzlyeoj7lWfaxv13wxeKrjzxIQadHb9eTmJlVhXu5ATfF_w>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrvdeggddutdefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfofgrrhht ihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenucffoh hmrghinhepghhithhhuhgsrdgtohhmnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmthes lhhofigvnhhtrhhophihrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:ddV4XDmbTqOx-IHrREZ8Q1xBqVp1sLxcZfi_4BX7AAu6RWQFZavDGg> <xmx:ddV4XHBDwuJBg0uP436h-yhLLN_s_ucfJmXPmlaf1ECVZX1XtNQ_pw> <xmx:ddV4XLefZ4gQq4Nnq-MXy5cdrIJ1r2UM3QmrgvPMus35_QdLkqEYGQ> <xmx:dtV4XAhwsiw8vLD8V3NIIWXYR7BSnmj1QC6JfU_nEB2IGsyR2JPbzg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 962C47C1EB; Fri, 1 Mar 2019 01:47:17 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.5-925-g644bf8c-fmstable-20190228v5
X-Me-Personality: 92534000
Message-Id: <e17042ae-af33-4b86-8a99-086290a1e8c0@www.fastmail.com>
In-Reply-To: <ea61540a-20c7-0c3d-1f7d-4d702d9a5332@cisco.com>
References: <ec74675d-c576-f728-0481-c9488fb13beb@cisco.com> <ea61540a-20c7-0c3d-1f7d-4d702d9a5332@cisco.com>
Date: Fri, 01 Mar 2019 01:47:17 -0500
From: "Martin Thomson" <mt@lowentropy.net>
To: "Flemming Andreasen" <fandreas@cisco.com>, mmusic <mmusic@ietf.org>
Cc: draft-ietf-mmusic-sdp-uks@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/2YpqLxe0eiZEUKXAHxVOlVNdmpg>
Subject: Re: [MMUSIC] WGLC on draft-ietf-mmusic-sdp-uks-03
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2019 06:47:21 -0000

Thanks for the review Flemming,

I've made changes as suggested below, which you can review here: https://github.com/martinthomson/sdp-uks/pull/8

All the changes I have made are on https://github.com/martinthomson/sdp-uks/pull/9 if you want to see the entire batch of changes.

On Tue, Feb 26, 2019, at 15:45, Flemming Andreasen wrote:
> Hi Martin 
> 
>  I also took a closer look at the document and have a few additional 
> comments (as individual):
> 
>  Non-Editorial
>  =========
>  Section 2.3, second paragraph: The description on how 3PCC can work 
> with the proposed mechanism is a bit vague. It would be helpful to 
> expand it and provide an example.

Can do.

"For 3PCC to work with the proposed mechanisms, TLS peers need to be aware of the
signaling so that they can correctly generate (and check) the extension.  Peers
need access to any identity assertions present in signaling in order to perform
the checks in {{external_id_hash}}.  To perform the checks in
{{external_session_id}}, a 3PCC system needs to ensure that guarantee that peers
use the same SDP `tls-id` attribute value."

>  Section 3, last paragraph: The text seems out of place here. The text 
> implicitly refers to the previous paragraph, which doesn't seem to make 
> sense. 

Bo made the same comment.  I moved it up and expanded it a little.

>  Section 3.1, second paragraph: "In the first session, Patsy is 
> presented with the option to communicate with Norma"
>  How is that possible when the signaling originates from Mallory (I 
> thought we had signaling integrity and authenticated identity) ? 

The previous paragraph says "it is assumed that the attacker also controls the signaling channel."  As I mentioned in my other mail, when there is an identity binding, we assume that the signaling service is an attacker.  I've made some edits to the corresponding introductory text in response to Bo's review.  Let me know if you think that clears things up, or could be improved.