IETF Logo Mail Archive

Re: [MMUSIC] Review (by dhanes) of draft-holmberg-mmusic-udptl-dtls-02

Christer Holmberg <christer.holmberg@ericsson.com> Mon, 23 December 2013 13:09 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E00461ADFDD for <mmusic@ietfa.amsl.com>; Mon, 23 Dec 2013 05:09:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.851
X-Spam-Level:
X-Spam-Status: No, score=-3.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JdWsmrQxK7fT for <mmusic@ietfa.amsl.com>; Mon, 23 Dec 2013 05:09:03 -0800 (PST)
Received: from mailgw1.ericsson.se (mailgw1.ericsson.se [193.180.251.45]) by ietfa.amsl.com (Postfix) with ESMTP id CDE6C1ADFDC for <mmusic@ietf.org>; Mon, 23 Dec 2013 05:09:02 -0800 (PST)
X-AuditID: c1b4fb2d-b7f1c8e000005ceb-80-52b835eac5bd
Received: from ESESSHC024.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw1.ericsson.se (Symantec Mail Security) with SMTP id 39.62.23787.AE538B25; Mon, 23 Dec 2013 14:08:58 +0100 (CET)
Received: from ESESSMB209.ericsson.se ([169.254.9.201]) by ESESSHC024.ericsson.se ([153.88.183.90]) with mapi id 14.02.0347.000; Mon, 23 Dec 2013 14:08:56 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "David Hanes (dhanes)" <dhanes@cisco.com>, "mmusic@ietf.org" <mmusic@ietf.org>
Thread-Topic: Review (by dhanes) of draft-holmberg-mmusic-udptl-dtls-02
Thread-Index: AQHO/O75QCuznshz40mgGM8qEOtfl5phwtf/
Date: Mon, 23 Dec 2013 13:08:56 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1C5E28F7@ESESSMB209.ericsson.se>
References: <CED8B089.BDAD%dhanes@cisco.com>
In-Reply-To: <CED8B089.BDAD%dhanes@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.17]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrHLMWRmVeSWpSXmKPExsUyM+Jvre4r0x1BBp1XLSwurfjEYjF1+WMW ByaPKb83snosWfKTKYApissmJTUnsyy1SN8ugSvjyOMNzAX/lCoW7/vC0sC4X7KLkZNDQsBE YtLDDkYIW0ziwr31bF2MXBxCAocYJa7NO8kK4SxhlJh8cjGQw8HBJmAh0f1PG6RBRCBEov9U CxOILSzgJvHm8Wk2iLi7xPnd/xkhbCOJO6dngNWwCKhKbNl/mx3E5hXwldjSu48ZZKSQgI7E ulNxIGFOAV2J3fMvMIPYjED3fD+1BqyVWUBc4taT+UwQdwpILNlznhnCFpV4+fgf2GUSAooS y/vlIMp1JBbs/sQGYWtLLFv4mhliq6DEyZlPWCYwis5CMnUWkpZZSFpmIWlZwMiyipE9NzEz J73ccBMjMA4Obvmtu4Px1DmRQ4zSHCxK4rwf3joHCQmkJ5akZqemFqQWxReV5qQWH2Jk4uCU amCMcimKfBy5iXP2/5hZtbrCz4pYWPrmREeyPfGx1Ul8LSZesvHOasW/r+L1D977fjbnXimf yvPEF1lqWiGPA2tPvJ6dL7bzw7a648/nOV38b9AlzHjgfdmWXQe97MKXPet92lZVtyGc16v8 4M76Sp2S/dyubrUdT34rd8o1BP5fbZAewaPgLKXEUpyRaKjFXFScCAA2E+PgUQIAAA==
Subject: Re: [MMUSIC] Review (by dhanes) of draft-holmberg-mmusic-udptl-dtls-02
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Dec 2013 13:09:06 -0000

Hi David,

Again, thanks for your comments! Reply inline.

> 1) For some reason, I can't seem to get past the wording on this first sentence in Section 1. I feel like it could be stated a bit clearer. The point 
> I think is that there are means to send faxes across the PSTN in a secure manner but it was never a priority due to the barrier of physical 
> access. This is probably just personal preference but I feel a wording similar to the following gets the point across better:
>
>
> "While it is possible to transmit highly sensitive documents using traditional telephony encryption devices, secure fax on the Public Switched
> Telephone Network (PSTN) was never widely considered or prioritized. This was mainly because of the challenges involved with physical access to telephony equipment."

I am ok with your suggested change.


-----------------------


> 2) In the last sentence of the first paragraph of Section 1, the following statement is made "Some of the security mechanisms for securing fax include:" and then a T.30 and T.38 
> scheme is mentioned. I think that this has been brought up before but SRTP using fax passthrough is more widely deployed in my experience than either of the other secure 
> faxing methods. I realize that this document is written under the context of UDPTL-based fax but here in the introduction the topic so far is secure fax in a general sense and it 
> has yet to be narrowed down to just UDPTL-based fax. It seems like a glaring omission that SRTP fax solutions are not mentioned here. I think SRTP needs to be added if this is 
> kept in its present form and wording. Or this section could be changed in a manner similar to the following.  This will address the omission of SRTP from my perspective:


I am ok with your suggested rewrite.

Note, though, that  [ITU.T38.2010] does define the usage of T.38 over RTP.


>   While telephony encryption devices have been traditionally used for
>   highly sensitive documents, secure fax on the Public Switched
>   Telephone Network (PSTN) was not as widely considered or prioritized
>   because of the challenges involved with physical access to telephony
>   equipment.  As real-time communications transition to IP networks,
>   where information might potentially be intercepted or spoofed, an
>   appropriate level of security for fax that offers integrity and
>   confidentiality protection is vital.
>
>   The overwhelmingly predominant fax transport protocol today is
>   UDPTL-based. The protocol stack for fax transport using UDPTL is shown
>   in Table 1.
>
>
>                      +-----------------------------+
>
>                      |           Protocol          |
>
>                      +-----------------------------+
>
>                      | Internet facsimile protocol |
>
>                      +-----------------------------+
>
>                      |            UDPTL            |
>
>                      +-----------------------------+
>
>                      |             UDP             |
>
>                      +-----------------------------+
>
>                      |              IP             |
>
>                      +-----------------------------+
>
>
>                Table 1: Protocol stack for UDPTL over UDP
>
>
>   Implementations exist today for securing this fax transport type. Some of these
>   mechanisms are:
>
>
>   o  [ITU.T30.2005] Annex H specifies integrity and confidentiality
>      protection of fax in application layer, independent of protocol
>      for fax transport.
>
>   o  [ITU.T38.2010] specifies fax transport over RTP/SAVP which enables
>      integrity and confidentiality protection of fax in IP network.
>
>
>   Despite these mechanisms to secure fax, there is no transport layer
>   security offering integrity and confidentiality protection for UDPTL. This issue
>   was addressed in a study by the 3rd Generation Partnership Project (3GPP)
>   on how to provide secure fax in the IP Multimedia Subsystem (IMS). They
>   concluded that secure fax shall be transported using UDPTL over DTLS.


------------------


>3) Shouldn't the title for Table 2 be "Protocol stack for UDPTL over DTLS" and not "Protocol stack for UDPTL over UDP"?

I guess it should be "Protocol stack for UDPTL over DTLS over UDP"


Regards,

Christer

v2.23.0 | Report a Bug | By Email