Re: [MMUSIC] WGLC on draft-ietf-mmusic-sdp-uks-03

Bo Burman <bo.burman@ericsson.com> Fri, 01 March 2019 14:29 UTC

Return-Path: <bo.burman@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5098F130E7B for <mmusic@ietfa.amsl.com>; Fri, 1 Mar 2019 06:29:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=EqVr/4C+; dkim=pass (1024-bit key) header.d=ericsson.com header.b=fqNMSvZv
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TU5le_9Jwogc for <mmusic@ietfa.amsl.com>; Fri, 1 Mar 2019 06:29:27 -0800 (PST)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28EE0130E79 for <mmusic@ietf.org>; Fri, 1 Mar 2019 06:29:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1551450565; x=1554042565; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=fERmvVCpDjQDhKooRgcSpLTfewkR4pZHEj7YDzt70aU=; b=EqVr/4C+i0sLd6LzwZXdy0J3kkv/tJTnTFNX0mylTVSX8mzY6KPvnBFYEotJFul/ 8h1gm+dXAVka4Vpb+diPxtkAHnozuBHJcmJtZX8F2AjVHAe7lcHA+QPoWGYJxbwK zpUUCVAvAxQ7YdDJ3VyOzL8fjYMamLH0GLVEqUybDv8=;
X-AuditID: c1b4fb25-da1ff70000005ff7-e9-5c7941c54f02
Received: from ESESSMB505.ericsson.se (Unknown_Domain [153.88.183.123]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 22.9B.24567.5C1497C5; Fri, 1 Mar 2019 15:29:25 +0100 (CET)
Received: from ESESSMB502.ericsson.se (153.88.183.163) by ESESSMB505.ericsson.se (153.88.183.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Fri, 1 Mar 2019 15:29:24 +0100
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB502.ericsson.se (153.88.183.163) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Fri, 1 Mar 2019 15:29:24 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fERmvVCpDjQDhKooRgcSpLTfewkR4pZHEj7YDzt70aU=; b=fqNMSvZvBfm5GbXaQ6v13KnOMS3933Jw41c+ZwFyFlE5RPpz0b6E/Qn07QehZeQIZ9LvoSKVAO3POSni1GxXXbOW/Fh473RISw0M0Sqo+zvF4kSnN+Ss1xMpCJ28ylnWtk8F6H4ziuTrJQ4FnH9uCnWvrT9Dj042RsvNzFtSsAA=
Received: from HE1PR07MB3259.eurprd07.prod.outlook.com (10.170.246.26) by HE1PR07MB4250.eurprd07.prod.outlook.com (20.176.166.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.11; Fri, 1 Mar 2019 14:29:23 +0000
Received: from HE1PR07MB3259.eurprd07.prod.outlook.com ([fe80::31df:749d:121a:93f3]) by HE1PR07MB3259.eurprd07.prod.outlook.com ([fe80::31df:749d:121a:93f3%4]) with mapi id 15.20.1665.012; Fri, 1 Mar 2019 14:29:23 +0000
From: Bo Burman <bo.burman@ericsson.com>
To: Martin Thomson <mt@lowentropy.net>, mmusic <mmusic@ietf.org>
CC: "draft-ietf-mmusic-sdp-uks@ietf.org" <draft-ietf-mmusic-sdp-uks@ietf.org>
Thread-Topic: [MMUSIC] WGLC on draft-ietf-mmusic-sdp-uks-03
Thread-Index: AQHUppKYzbL9IIoclE+lDKCXhZBCwqW6bOuAgDZNm5CABeFhgIAAapZg
Date: Fri, 1 Mar 2019 14:29:22 +0000
Message-ID: <HE1PR07MB32597ED7D767C3FEF71309E48D760@HE1PR07MB3259.eurprd07.prod.outlook.com>
References: <ec74675d-c576-f728-0481-c9488fb13beb@cisco.com> <DB7PR07MB4988216B696D0E69ED14D5F095820@DB7PR07MB4988.eurprd07.prod.outlook.com> <1547691891.367836.1636707376.1C1427EE@webmail.messagingengine.com> <AM0PR07MB5793531D0F31BCDBEF95CE8695830@AM0PR07MB5793.eurprd07.prod.outlook.com> <1548111599.1648805.1640352152.40952394@webmail.messagingengine.com> <HE1PR07MB3259FFC36B8E84EA647982728D7A0@HE1PR07MB3259.eurprd07.prod.outlook.com> <bd9f46be-abee-438c-b3f8-52eafd7b1b2e@www.fastmail.com>
In-Reply-To: <bd9f46be-abee-438c-b3f8-52eafd7b1b2e@www.fastmail.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=bo.burman@ericsson.com;
x-originating-ip: [192.176.1.92]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5ffb83fe-11cc-455f-c27b-08d69e524cb5
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:HE1PR07MB4250;
x-ms-traffictypediagnostic: HE1PR07MB4250:
x-ms-exchange-purlcount: 1
x-microsoft-exchange-diagnostics: =?us-ascii?Q?1; HE1PR07MB4250; 23:I2IrnHkX7Y7r9KkFAQe2kAf773qzu11GaC0ZkjK+F?= =?us-ascii?Q?dfFZgYtCh9BA28ZqQ/tSkiidNpYqJdH+Uzwhy0lCFF110GDCD3I4jc5H2sgt?= =?us-ascii?Q?9lBS46VuBbve0MD/+RI82akOx6yWTpwjX+sT2ZMx+yae+/2eRqmDEjQk4KSZ?= =?us-ascii?Q?GQtGrtoDz/uAfhtXpWqdQ4l7tB7JbjEYYEwrZB391IoWfrR6yuwu78MCuys+?= =?us-ascii?Q?SXgqXcaTDzgyZ/iqU4BKM3NGwChYijMNx363y+D8ESVP7W5rJb4L9oEZwTkl?= =?us-ascii?Q?Q59RKYPgSd5qe0HBKcm6WNzUOYogDPRFVT4Y46UJr110wDADC2EHs+O63C/I?= =?us-ascii?Q?AVTDUpbLkTYcJgfGcnXSJEMpD+cLT4n+d8kvZIwXy29jgH6T5JUHXL99UXRv?= =?us-ascii?Q?JB/ltnr8HQaS8tXGdyunLEkUj1ylqxXODDJRc/QfE55CgwfGDZ0d8ig/V5Rs?= =?us-ascii?Q?icy7w0WI2dc/CAc8cfA97zr+eAsdd/cHm4g13cyMvIi0o+2yUIQgR1iqtW/c?= =?us-ascii?Q?azwZEzmuRT+PNqqHLH31BnyeeVjcXYudycRGAJzd1ASfYymt2otdNgt0Aa7D?= =?us-ascii?Q?OybtGKcz1JX80fgwNa7+kJPu4KbljG4g1addGaonKkRsJjqI72fQ2+9w8Uzu?= =?us-ascii?Q?fYyuHXBuV14n93AOP8wuDJpLtFkHfMm39EBC5t+pnjNiq5V8oIS+IStPx+lv?= =?us-ascii?Q?9Vro+Rtn9tQmkKV6S2aDrB8NCL6lyyn0LdWh6pV/0dAYzMeaOhS7oMZ5iVVf?= =?us-ascii?Q?o/MjpaUQdgImUnRFo0q3gniECiK+zjdncCXN+nncIHFJy+qimm8LUDFcJwri?= =?us-ascii?Q?DgguQCrv8C/l/U0LgDEHOdT+mRTmh6FfgsnRbb6mm38mJK12CrzA6cBgvLQN?= =?us-ascii?Q?tphkwvBhgsicQ/f/Yzn8lzpJydxmTbBWGEmn80Grb8m7lR+mku+FVl0gFIFy?= =?us-ascii?Q?44/EPvEgC+SKUcLu43pyB46wLn2Lxd9Zk4WlS6L730NpI31pBvwJyyaWPjYJ?= =?us-ascii?Q?oS8UNkOypxtvI/QiyHDUNjihH7M3X9JsPjkUckATbWTTv6eCvod3mjo+ln+w?= =?us-ascii?Q?Lmiq5x9ItIjJ7sVshsyy2UpwYChwmFxFBEFmrCA7znL97hWtVpqz3RX1E5Zy?= =?us-ascii?Q?U5wU/dtdRLD4+LJ/x+LRbdOro1PVrQMFihuy/6gdvbv88odOizII4PBrMVmq?= =?us-ascii?Q?spV9ThkaXbyEHmzONPo3q2Bk7b5vJ53CEULfNuGGOaIUM8fwjoBiowgZWDy9?= =?us-ascii?Q?l3jXiM3X1cpGEohsme0tP/IVkzdtV/wJxPNjiaeIlE5lOO6lBBbh3rFPtTyq?= =?us-ascii?Q?GJFmP3uxZzBIIglLID+xnp6PgQWsu+OMNOHyjuxLFIQ?=
x-microsoft-antispam-prvs: <HE1PR07MB42508393DEAF73D1E8993AFA8D760@HE1PR07MB4250.eurprd07.prod.outlook.com>
x-forefront-prvs: 09634B1196
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(366004)(346002)(136003)(376002)(39860400002)(189003)(199004)(13464003)(71200400001)(110136005)(25786009)(305945005)(4326008)(76176011)(86362001)(7696005)(71190400001)(52536013)(14444005)(256004)(66066001)(6506007)(478600001)(2906002)(6246003)(53546011)(5660300002)(966005)(102836004)(99286004)(14454004)(97736004)(81166006)(33656002)(44832011)(81156014)(8676002)(106356001)(6116002)(68736007)(6436002)(186003)(229853002)(486006)(74316002)(105586002)(7736002)(6306002)(55016002)(446003)(53936002)(316002)(26005)(9686003)(11346002)(3846002)(476003)(8936002)(93886005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4250; H:HE1PR07MB3259.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: fs9KwI8TqaG2H60q46ddsDlF/KE8mVM72U84v8fdWRs4fXsh0o8p3Mpz99cUzn5v8Xzyf5VDY1rXVMiVWC612FsC6RtXVfCXJyohgmxztfD+PdHOhH6s5CEPzo52Fn3O2X9Jt8f0VphlxnI5ZM67BWhvar7sGhyYVf/mNLtU6OLJRxD5hZ3Z0Of3cUhKDLNXHkoLtnF73XLjc582XXhDzTauIcd/7QU23igayDXYRWHrJX/wjqlXlY377sHwrKxEWzIK/bX+b6XyZeeYmAMfr9bV1AIra2nVX3A3wvOTBOnCaD1RI/MDstK3pkRdn1JOtIyMZTD5I1CAHQ6g+D0tHxh46d9jzKBK0STok6RfFgYl/FyGjr4dDR6QDUoEqOarFr5sXyurU5d2LhNvSplVsYBlETfDCQLE2tPZi4Cpr58=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 5ffb83fe-11cc-455f-c27b-08d69e524cb5
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Mar 2019 14:29:22.9650 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4250
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpnleLIzCtJLcpLzFFi42KZGbG9WveoY2WMwdEmTot3HzrYLaYuf8xi sfPsbCYHZo8lS34yeax7uY49gCmKyyYlNSezLLVI3y6BK+P0zZmsBSs9K7afbWduYGyy6mLk 5JAQMJH4duUeI4gtJHCEUeLeDX0I+yujxPeltV2MXED2YiaJxq3zWUESLAITmCVubq+GSExm kljzuxOq+yGjxJH7TiA2m4CGxPwdd8HiIgIOEtePb2cDsZkFfCX63k1hB7GFBawkzm6ZyApR Yy0xa81kqHo3iY13jjJBLFOR2LN/HjOIzSsQIzHzxXU2iMV/mCUmz5oJluAUcJHYNuMv2CBG AVmJ+9/vsUAsE5e49WQ+E8SbAhJL9pxnhrBFJV4+/gdVHykxeeJZdoi4gsSfS4/YIGxZiUvz u4EO4gCyfSVOLucB2SshcJNR4t+nRSwQcS2JU4vVIMqlJE5cPMoKUTOBT+LEtp+sEIlsiVlX TrNB1MtIrFhXC1Hzg1XizceVjBMY9WYhORXC1pFYsPsTG4StLbFs4WvmWWD/C0qcnPmEZQEj yypG0eLU4qTcdCNjvdSizOTi4vw8vbzUkk2MwORxcMtv1R2Ml984HmIU4GBU4uHd4FAZI8Sa WFZcmXuIUYKDWUmEd4YlUIg3JbGyKrUoP76oNCe1+BCjNAeLkjjvHyHBGCGB9MSS1OzU1ILU IpgsEwenVAOj9vsMmT9KcwV/TcpYU8+RyLJm78viskTVp2yXuFiSrN+937vR8Eufldmtucfa flQ6KcwqSjn++Zar2daH2QvLtc78tZf2vzT3Zty66Pq76stjXx5hVwsoWaPb9vJWu0ShqPqn iUVama90nxnat/XN85296v77H58XdS6qDZlszmMkkz5zpug5JZbijERDLeai4kQAWydyshoD AAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/AZPqvhyjSLlXH6W6CrcCWdRvnK8>
Subject: Re: [MMUSIC] WGLC on draft-ietf-mmusic-sdp-uks-03
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2019 14:29:31 -0000

Thanks, I believe that addresses almost all of my concerns (see also inline).

Just a final nit for section 4.1 (also listed in the below);
"...Once the second session completes, Mallory might cause DTLS packets
> sent by Norma to Patsy to be dropped.  It is likely that these DTLS packets will
> be discarded by Patsy as Patsy will already have a successful DTLS connection
> established."
[BoB] I think there can still be confusion what you mean with "Once the second session completes"; suggest changing to "Once the second session is established", if that was the intention.
Also, a couple of sentences before "Though Patsy...", there's one too many "is complete" in this sentence: "Once signaling is complete on a session, ostensibly between Mallory and Norma, is complete."

Cheers,
/Bo

> -----Original Message-----
> From: Martin Thomson <mt@lowentropy.net>;
> Sent: den 1 mars 2019 07:04
> To: Bo Burman <bo.burman@ericsson.com>;; mmusic <mmusic@ietf.org>;
> Cc: draft-ietf-mmusic-sdp-uks@ietf.org
> Subject: Re: [MMUSIC] WGLC on draft-ietf-mmusic-sdp-uks-03
> 
> Thanks for reviewing Bo,
> 
> I've got the changes I've made up at
> https://github.com/martinthomson/sdp-uks/pull/7
> 
> The changes look like a lot, but that is mostly because of some reordering of
> text.  I've reworded a few things to improve clarity.  I appreciate having a
> new set of eyes on this.  I find I tend to miss places where the text assumes
> too much prior knowledge.
> 
> I'll put a second PR up for Flemming's review shortly.  That will stack on top of
> this one.
> 
> On Tue, Feb 26, 2019, at 00:23, Bo Burman wrote:
> > Hi Martin,
> >
> > I've now also reviewed this and have a set of comments and questions,
> > after taking Magnus' comments and your suggested edits in response to
> > that into account:
> >
> > Section 2.1:
> > * In bullet 2, "complete communications" is slightly unclear (more so
> > if "complete" is used in other contexts further down in the text). Do
> > you with "complete" mean "accept", or perhaps "accept setting up"?
> 
> Yes, I can see how this could be confusing. Reworded to:
> 
> "2. No entity will successfully establish a session with a peer unless they are
>    willing to participate in a session with that peer."
[BoB] OK, good.

> 
> > * Don't understand what is meant with "...second condition..."; is it
> > bullet #2, or is it referring to "...joining two separate sessions"?
> 
> Bullet 2, but see below.
> 
> > * Also don't really understand in what way that second condition is
> > "not necessary"; to limit the attacker capabilities (related to bullet
> > #2), for the attacker to join two sessions, or something else like
> > "for the attack to succeed"?
> >
> > * Just to confirm, does "removing this constraint" refer to removing
> > use of an identity binding?
> 
> Does this make more sense?
> 
> "Systems that rely on strong identity bindings, such as those defined in
> {{WEBRTC}} or {{!SIP-ID}}, have a different threat model, which admits the
> possibility of attack by an entity with access to the signaling channel.
> Attacks under these conditions are more feasible as an attacker is assumed
> to be able to both observe and modify signaling messages."
[BoB] Yes, that's much better.

> 
> > Section 3:
> > * Is the "victim" of the first paragraph the same or another victim
> > compared to the one mentioned in the next paragraph?
> >
> > * Is "another entity of the attacker's choice" also to be considered a victim?
> 
> Yes, there are really two victims here, so I've reworded to use first victim and
> second victim.
> 
> "An attacker causes an
> identity binding to be created that binds an identity they control to the
> fingerprint of a first victim.
> 
> "An attacker can thereby cause a second victim to believe that they are
> communicating with an attacker-controlled identity, when they are really
> talking to the first victim.  The attacker only needs to create an identity
> assertion that covers a certificate fingerprint of the first victim."
[BoB] OK

> 
> > * The last paragraph in section 3, just before section 3.1 "The same
> > technique..." seems a bit misplaced, after text talking about a
> > solution. Should it perhaps be moved just before the paragraph "The
> > problem..." in section 3? Or, is this "same technique" referring to
> > what is described in section 4?
> 
> Yes, this was a little light.  I've moved it up with the attack synopsis.
> 
> "A variation on the same technique can be used to cause both victims to both
> believe they are talking to the attacker when they are talking to each other.
> In this case, the attacker performs the identity misbinding once for each
> victim."
[BoB] OK

> 
> > Section 4:
> > * First sentence, "similar attack"; similar to what?
> 
> Yeah, that lost context.  How about:
> 
> "Even where the integrity of session signaling can be relied upon, an attacker
> might still be able to create a session where there is confusion about the
> communicating endpoints by substituting the fingerprint of a communicating
> endpoint."
[BoB] OK

> 
> > Section 4.1:
> > * Believe it would be helpful for the reader to better understand why
> > "Mallory has no real interest in seeing that session complete"
> 
> The next sentence is intended to explain this point: Mallory needs Patsy to
> maintain her end of the communications, lest Norma believe that the session
> is broken.
> 
> > * Same sentence, does "session complete" mean "session setup
> complete"?
> > I first interpreted "complete" as "conclude" in the meaning "terminate".
> >
> > * Same paragraph, should "call completion" be "call setup completion",
> > and "session completes" be "session setup completes"?
> >
> > * Same paragraph, "will likely be discarded by Patsy"; believe it
> > would be helpful to say why.
> 
> Here's what I ended up with:
> 
> "Though Patsy needs to believe that the second signaling session has been
> successfully established, Mallory has no real interest in seeing that session
> also be established.  Mallory only needs to ensure that Patsy maintains the
> active session and does not abandon the session prematurely.  For this
> reason, it might be necessary to permit the signaling from Patsy to reach
> Norma to allow Patsy to receive a call setup completion signal, such as a SIP
> ACK.  Once the second session completes, Mallory might cause DTLS packets
> sent by Norma to Patsy to be dropped.  It is likely that these DTLS packets will
> be discarded by Patsy as Patsy will already have a successful DTLS connection
> established."
[BoB] I think there can still be confusion what you mean with "Once the second session completes"; suggest changing to "Once the second session is established", if that was the intention.
Also, a couple of sentences before "Though Patsy...", there seems to be one too many "is complete" in this sentence: "Once signaling is complete on a session, ostensibly between Mallory and Norma, is complete."


> 
> > Section 4.2:
> > * I believe the first paragraph ("An attack on... ...vulnerable to
> > attack.") would also be helpful as first text of section 4. Move? Copy?
> 
> Good suggestion.  I moved it up.
[BoB] OK

> 
> > * "Validating that peers..." -> "Successful validation that peers..."?
> 
> Yep.  Expanded to
> 
> "Successful validation that the identifier matches the expected value means
> that the connection corresponds to the signaled session and is therefore
> established between the correct two endpoints."
[BoB] Good

> 
> > Section 4.3:
> > * "When used with SDP, the value includes..." -> "When used with SDP,
> > the value MUST consist of..."?
> 
> Thanks.
> 
> > Section 5:
> > * "Use of the "external_session_id"
> >    does not guarantee that the identity of the peer at the TLS layer is
> >    the same as the identity of the signaling peer"; sounds a bit
> > strange - isn't this what the draft is supposed to solve? Is "... when
> > used with session concatenation" meant?
> 
> This is a fundamental restriction of the design and with DTLS-SRTP in the
> absence of some sort of identity bindings.  As described here, an attacker can
> establish two sessions, call them A and B, with two different parties, call
> them Alice and Bob if you like.  It can send Bob's connection parameters (ICE,
> fingerprints,etc...) to Alice, and forward Alice's details to Bob in the same
> way.  This creates two signaling sessions (or 3pcc if you like), one between
> Alice and Attacker, and one between Attacker and Bob.  But there is only one
> media session between Alice and Bob.
> 
> I've done some rearranging here in an attempt to improve the flow of the
> section.  There are a few more words.  Let me know if it makes sense.
[BoB] Had a look at the pull request and I think the resulting text looks good.

> 
> > * "Similarly, data from one TLS connection..."; I assume "data" means
> > "security-related information", not "user data" (TLS payload)?
> 
> Yep, thanks.
[BoB] Changed text looks good.