Re: [MMUSIC] Review (Rafferty) of draft-ietf-mmusic-udptl-dtls-02

"Gonzalo Salgueiro (gsalguei)" <gsalguei@cisco.com> Fri, 20 December 2013 22:41 UTC

Return-Path: <gsalguei@cisco.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A6181A1F5E for <mmusic@ietfa.amsl.com>; Fri, 20 Dec 2013 14:41:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.039
X-Spam-Level:
X-Spam-Status: No, score=-10.039 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UBXQcUmT37rH for <mmusic@ietfa.amsl.com>; Fri, 20 Dec 2013 14:41:31 -0800 (PST)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) by ietfa.amsl.com (Postfix) with ESMTP id 8D3971A1F3F for <mmusic@ietf.org>; Fri, 20 Dec 2013 14:41:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2932; q=dns/txt; s=iport; t=1387579289; x=1388788889; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=z0h40TloYT9zILkvIFLwHA9SAopg/mSM05DGmq9uSqU=; b=J1hsypNVOC21AtrxhAmesLA4nuyYaeGLqCIN8KDFuDgDg+W1GiqYkh9X Q4Mfp3aqUXa92/s4ka8yJwbnCdxim+9aAfK+TI1rMN8rjb8p+YqWHkDf6 RyJV0MT1eCorTsEPtzCmdqNGliwhmC4C076HewVG7tTgEIXYOeh3OM1tQ o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgIFAF7GtFKtJXG9/2dsb2JhbABPCoMLgQ25RIEfFnSCJQEBAQMBKVAFCwIBAgYOODIlAgQOBRQHh2EIyjkXjjYpMweDI4ETAQOJC4sog2OSFIMrgio
X-IronPort-AV: E=Sophos;i="4.95,523,1384300800"; d="scan'208";a="8278819"
Received: from rcdn-core2-2.cisco.com ([173.37.113.189]) by alln-iport-8.cisco.com with ESMTP; 20 Dec 2013 22:41:29 +0000
Received: from xhc-rcd-x08.cisco.com (xhc-rcd-x08.cisco.com [173.37.183.82]) by rcdn-core2-2.cisco.com (8.14.5/8.14.5) with ESMTP id rBKMfSjG000437 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 20 Dec 2013 22:41:28 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.230]) by xhc-rcd-x08.cisco.com ([173.37.183.82]) with mapi id 14.03.0123.003; Fri, 20 Dec 2013 16:41:28 -0600
From: "Gonzalo Salgueiro (gsalguei)" <gsalguei@cisco.com>
To: James Rafferty <jrafferty@humancomm.com>
Thread-Topic: [MMUSIC] Review (Rafferty) of draft-ietf-mmusic-udptl-dtls-02
Thread-Index: AQHO/dN3RKU0VvAAH0GrbZoZo9sdYZpeEiiA
Importance: high
X-Priority: 1
Date: Fri, 20 Dec 2013 22:41:27 +0000
Message-ID: <4F818DFA-15BE-4D25-B4A6-5D8EAB2F1277@cisco.com>
References: <52B4C55D.5060708@humancomm.com>
In-Reply-To: <52B4C55D.5060708@humancomm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.116.132.61]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <655FDA0BE38E2B4FB6C54B9B32CFBB73@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Christer Holmberg <christer.holmberg@ericsson.com>, mmusic <mmusic@ietf.org>
Subject: Re: [MMUSIC] Review (Rafferty) of draft-ietf-mmusic-udptl-dtls-02
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Dec 2013 22:41:33 -0000

Thanks very much, James.  We'll go through your review comments and respond to each of the individually.  Expect some delay in response due to the upcoming Holidays.

Happy Holidays!

Gonzalo


On Dec 20, 2013, at 5:31 PM, James Rafferty <jrafferty@humancomm.com> wrote:

> This is a review ofdraft-ietf-mmusic-udptl-dtls-02.   In general, the draft is in good shape.  My comments and suggestions are included below.
> 
> Section 1 - first bullet:  add "the" before application layer
> 
> Section 1, Page 2  - On the paragraph before Table 2, the current last sentence reads:  "The protocol stack for integrity and confidentiality protected fax transport using UDPTL over DTLS is shown in Table 2."
> 
> A couple of word changes would make it read more clearly:
> "The protocol stack which enhances fax transport to offer integrity and confidentiality using UDPTL over DTLS is shown in Table 2."
> 
> Section 1, Page 3:  Under the "primary motivations" , I'd suggest broadening the applicability of the last bullet point to read:
> 
> "3GPP and the IP fax community need a mechanism to transport UDPTL over DTLS  in order to provide secure fax in IMS and other SIP-based networks."
> 
> Section 2
> 
> for the 2nd sentence of the second paragraph, clarify by replacing "it" by "session"
> 
> Section 5 - Security Considerations
> 
> I think it would help to pull in material about the threat model before jumping directly into the solution (my latest draft got dinged in the IESG security review on this point).
> 
> From a fax community perspective, the relevant threats seem to be:
> 
> 1.  Confidentiality - Address potential for 3rd parties to intercept and decode messages
> 
> 2.  Integrity - Ensure that the parties exchanging the messages are properly authenticated and that the message has not been altered during transport.
> 
> These points are addressed somewhat in the body of this section, but it would be useful to start with the threats model and then identify how the solution meets the requirements.
> 
> Section 6 - IANA Considerations
> 
> For consistency with the IANA content for "proto"  in RFC 4566, it looks like the entry for the SDP name in Table 3 should be in quotes or "UDP/TLS/UDPTL"
> 
> Example A.3
> 
> This is an important example, since most (if not all) current UDPTL sessions will start as audio sessions.
> 
> To highlight this point, I'd suggest adding a second sentence in this section such as:
> 
> "By current conventions, most non-secured UDPTL sessions are initiated via a re-INVITE after the SIP session has begun as an audio session and this example shows to address this scenario for initiating UDPTL sessions secured via DTLS."
> 
> That concludes my comments on this draft.
> 
> Regards,
> 
> James
> 
>