Re: [MMUSIC] Spencer Dawkins' Yes on draft-ietf-mmusic-sdp-mux-attributes-14: (with COMMENT)
"Ben Campbell" <ben@nostrum.com> Wed, 26 October 2016 16:15 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE2B212968F; Wed, 26 Oct 2016 09:15:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.331
X-Spam-Level:
X-Spam-Status: No, score=-2.331 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.431] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oQQIf4NwrwCm; Wed, 26 Oct 2016 09:15:03 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B7CF1295F2; Wed, 26 Oct 2016 09:15:02 -0700 (PDT)
Received: from [10.10.1.2] ([162.216.46.64]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id u9QGExmn029888 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 26 Oct 2016 11:15:00 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host [162.216.46.64] claimed to be [10.10.1.2]
From: Ben Campbell <ben@nostrum.com>
To: Suhas Nandakumar <suhasietf@gmail.com>
Date: Wed, 26 Oct 2016 09:14:58 -0700
Message-ID: <C4D71CF6-9871-4B7B-916A-1D5318114A91@nostrum.com>
In-Reply-To: <CAMRcRGTaexMuirQS=O=YWOUb379iyrPxKvWdvdzSTseX=WOGsQ@mail.gmail.com>
References: <147742756171.8565.11705230224719531567.idtracker@ietfa.amsl.com> <5A934910-073D-46A9-866C-EFA63956F3F3@iii.ca> <CAKKJt-cTAAiFa-TTwB70oxo2ia25QGrBwFacJkarnOD=NEtqBQ@mail.gmail.com> <CAMRcRGTaexMuirQS=O=YWOUb379iyrPxKvWdvdzSTseX=WOGsQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.5r5263)
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/7g0DLIqxiRetNJXAn10seSAwsbg>
Cc: mmusic-chairs@ietf.org, mmusic WG <mmusic@ietf.org>, draft-ietf-mmusic-sdp-mux-attributes@ietf.org, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, Cullen Jennings <fluffy@iii.ca>, The IESG <iesg@ietf.org>
Subject: Re: [MMUSIC] Spencer Dawkins' Yes on draft-ietf-mmusic-sdp-mux-attributes-14: (with COMMENT)
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2016 16:15:06 -0000
On 25 Oct 2016, at 21:11, Suhas Nandakumar wrote: > Thanks Spencer for the review and Thanks Cullen for the inputs. > > Given the discussion above, I can update the security considerations > section as suggested by Spencer and generate a new version whenever it > is > appropriate and just to double check on the outcome - the category TBD > stay > as it is. > > Spencer, please advise if i misunderstood anything > > Ben, please let me know procedures on generating the next version. Given that the telechat is tomorrow, and some other comments have already come in: I suggest addressing the comments via email, then submitting an update as soon after the telechat as is convenient. Thanks! Ben. > > Cheers > Suhas > > On Tue, Oct 25, 2016 at 8:15 PM, Spencer Dawkins at IETF < > spencerdawkins.ietf@gmail.com> wrote: > >> Hi, Cullen, >> >> On Tue, Oct 25, 2016 at 8:32 PM, Cullen Jennings <fluffy@iii.ca> >> wrote: >> >>> >>>> On Oct 25, 2016, at 1:32 PM, Spencer Dawkins < >>> spencerdawkins.ietf@gmail.com> wrote: >>>> >>>> Spencer Dawkins has entered the following ballot position for >>>> draft-ietf-mmusic-sdp-mux-attributes-14: Yes >>>> >>>> When responding, please keep the subject line intact and reply to >>>> all >>>> email addresses included in the To and CC lines. (Feel free to cut >>>> this >>>> introductory paragraph, however.) >>>> >>>> >>>> Please refer to https://www.ietf.org/iesg/stat >>> ement/discuss-criteria.html >>>> for more information about IESG DISCUSS and COMMENT positions. >>>> >>>> >>>> The document, along with other ballot positions, can be found here: >>>> https://datatracker.ietf.org/doc/draft-ietf-mmusic-sdp-mux-attributes/ >>>> >>>> >>>> >>>> ---------------------------------------------------------------------- >>>> COMMENT: >>>> ---------------------------------------------------------------------- >>>> >>>> This document is a work of art. Thank you folks for accepting the >>>> challenge, because it's important. >>>> >>>> I have a couple of observations, to go along with my Yes ballot. >>>> Please >>>> do the right thing. >>>> >>>> I know Mirja also pushed on the TBD category, but I find RFC 2119 >>> "SHOULD >>>> NOT" to be problematic. >>>> >>>> The attributes in the TBD category have not been analyzed under >>>> the >>>> proposed multiplexing framework and SHOULD NOT be multiplexed. >>>> >>>> The point of SHOULD (NOT) is that you don't do this unless you >>> understand >>>> the risks, and in this case, it seems to me that you don't know the >>>> risks. If you're determined to multiplex the TBD attribute >>>> "frommet=", >>>> won't you have to do your own analysis? Wouldn't that mean you >>>> might >>> make >>>> assumptions ("it's IDENTICAL") that conflict with the analysis >>>> other >>>> implementers are doing ("it's TRANSPORT")? >>>> >>>> I could imagine a couple of approaches that might be helpful here. >>>> >>>> Saying "MUST NOT be multiplexed" would avoid implementers doing >>>> their >>> own >>>> analysis and coming up with conflicting answers. Is it obvious why >>>> this >>>> is "SHOULD NOT" instead of "MUST NOT"? In other words, who needs to >>>> multiplex TBD attributes, and why? >>>> >>>> Saying "cannot be assumed to be safe when multiplexed" probably >>>> captures >>>> what I think you are saying. '' >>> >>> Yes, I think your summary is about right here. For better or worse >>> the >>> logic of SHOULD was that a later spec that correctly classified them >>> could >>> put them in the right category. I don't know what would be the best >>> (if >>> any) change to make to the spec but I wanted to agree with your >>> understanding. >> >> >> "Do the right thing" :-) >> >> >>>> >>>> Would it be clearer if the category was called UNKNOWN? >>> >>> We were trying to capture that it was not that future specs would >>> not be >>> able to figure out what to do with these, but more that this RFC had >>> not >>> classified them. >> >> >> I'm pretty sure I'm stumbling over something that is less clear now >> than >> it will be when the working group is using this framework (so, this >> makes >> sense to me). >> >> >>>> >>>> In this text, >>>> >>>> 16. Security Considerations >>>> >>>> This document does not add any new security considerations beyond >>>> the >>>> existing considerations in the RTP RFCs ([RFC3550] and [RFC3711]) >>>> that are referenced by this specification. >>>> >>>> I don't understand how the first paragraph ^^ and the third >>>> paragraph of >>>> the section are compatible, because you're referring to issues >>>> described >>>> in this specification. But if you delete the first paragraph, >>>> leaving >>>> only >>>> >>>> The primary security for RTP including the way it is used here is >>>> described in [RFC3550] and [RFC3711]. >>>> >>>> When multiplexing SDP attributes with the category "CAUTION", the >>>> implementations should be aware of possible issues as described >>>> in >>>> this specification. >>>> >>>> the security considerations would be consistent. >>> >>> Works For Me ... i think the text that is there goes back to early >>> boiler >>> plate text we took from somewhere... >>> >> >> Cool - and thanks for considering my comments. >> >> Spencer >> >> _______________________________________________ >> mmusic mailing list >> mmusic@ietf.org >> https://www.ietf.org/mailman/listinfo/mmusic >> >> > _______________________________________________ > mmusic mailing list > mmusic@ietf.org > https://www.ietf.org/mailman/listinfo/mmusic
- [MMUSIC] Spencer Dawkins' Yes on draft-ietf-mmusi… Spencer Dawkins
- Re: [MMUSIC] Spencer Dawkins' Yes on draft-ietf-m… Cullen Jennings
- Re: [MMUSIC] Spencer Dawkins' Yes on draft-ietf-m… Spencer Dawkins at IETF
- Re: [MMUSIC] Spencer Dawkins' Yes on draft-ietf-m… Suhas Nandakumar
- Re: [MMUSIC] Spencer Dawkins' Yes on draft-ietf-m… Ben Campbell