[MMUSIC] Alissa Cooper's No Objection on draft-ietf-mmusic-rfc4566bis-37: (with COMMENT)
Alissa Cooper via Datatracker <noreply@ietf.org> Tue, 20 August 2019 15:05 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: mmusic@ietf.org
Delivered-To: mmusic@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 746CB120948; Tue, 20 Aug 2019 08:05:27 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Alissa Cooper via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-mmusic-rfc4566bis@ietf.org, mmusic-chairs@ietf.org, fandreas@cisco.com, mmusic@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.100.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Alissa Cooper <alissa@cooperw.in>
Message-ID: <156631352746.394.9051884764407133474.idtracker@ietfa.amsl.com>
Date: Tue, 20 Aug 2019 08:05:27 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/H93ZRAAFI5xre-UKzgpqbB6uwec>
Subject: [MMUSIC] Alissa Cooper's No Objection on draft-ietf-mmusic-rfc4566bis-37: (with COMMENT)
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Aug 2019 15:05:31 -0000
Alissa Cooper has entered the following ballot position for draft-ietf-mmusic-rfc4566bis-37: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-mmusic-rfc4566bis/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for addressing my DISCUSS. Original COMMENT is below. ----- Section 5.1: Since both this document and RFC 4566 specify version 0 and this version makes semantic and syntactic changes, does that mean the protocol versioning is non-functional? Or if not, what kinds of changes would require a new version number? Section 7: "Use of the "k=" line poses a significant security risk, since it conveys session encryption keys in the clear. SDP MUST NOT be used to convey keying material, unless it can be guaranteed that the channel over which the SDP is delivered is both private and authenticated. Moreover, the "k=" line provides no way to indicate or negotiate cryptographic key algorithms. As it provides for only a single symmetric key, rather than separate keys for confidentiality and integrity, its utility is severely limited. The "k=" line MUST NOT be used, as discussed in Section 5.12." It's odd to me that this text was retained from RFC 4566 as-is, except for the last sentence. I would have expected this to lead with something like 'Use of the "k=" line is obsolete due to security risk.' And then perhaps some of the rest of the text could remain by way of explanation why it was obsoleted. Section 8.2.8: "IANA may refer any registration to the IESG for review, and may request revisions to be made before a registration will be made." This is trivially true and would be better left out, using RFC 8126 as the definitive guidance instead.
- [MMUSIC] Alissa Cooper's No Objection on draft-ie… Alissa Cooper via Datatracker