Re: [MMUSIC] Review (by dhanes) of draft-holmberg-mmusic-udptl-dtls-02
Christer Holmberg <christer.holmberg@ericsson.com> Fri, 20 December 2013 13:07 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DF7C1AE272 for <mmusic@ietfa.amsl.com>; Fri, 20 Dec 2013 05:07:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BvAvQLi0ztBJ for <mmusic@ietfa.amsl.com>; Fri, 20 Dec 2013 05:07:52 -0800 (PST)
Received: from sesbmg20.ericsson.net (sesbmg20.ericsson.net [193.180.251.56]) by ietfa.amsl.com (Postfix) with ESMTP id 5E4AA1A1F6F for <mmusic@ietf.org>; Fri, 20 Dec 2013 05:07:51 -0800 (PST)
X-AuditID: c1b4fb38-b7f2c8e000006d25-0c-52b44124ce27
Received: from ESESSHC006.ericsson.se (Unknown_Domain [153.88.253.125]) by sesbmg20.ericsson.net (Symantec Mail Security) with SMTP id FA.B6.27941.42144B25; Fri, 20 Dec 2013 14:07:48 +0100 (CET)
Received: from ESESSMB209.ericsson.se ([169.254.9.201]) by ESESSHC006.ericsson.se ([153.88.183.36]) with mapi id 14.02.0347.000; Fri, 20 Dec 2013 14:07:29 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "David Hanes (dhanes)" <dhanes@cisco.com>, "mmusic@ietf.org" <mmusic@ietf.org>
Thread-Topic: Review (by dhanes) of draft-holmberg-mmusic-udptl-dtls-02
Thread-Index: AQHO/O75QCuznshz40mgGM8qEOtfl5pdDurw
Date: Fri, 20 Dec 2013 13:07:29 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1C5DBF8A@ESESSMB209.ericsson.se>
References: <CED8B089.BDAD%dhanes@cisco.com>
In-Reply-To: <CED8B089.BDAD%dhanes@cisco.com>
Accept-Language: en-US
Content-Language: fi-FI
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.148]
Content-Type: multipart/alternative; boundary="_000_7594FB04B1934943A5C02806D1A2204B1C5DBF8AESESSMB209erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrFLMWRmVeSWpSXmKPExsUyM+Jvra6K45Ygg4ePlSwurfjEYjF1+WMW ByaPKb83snosWfKTKYApissmJTUnsyy1SN8ugSvjwZ9XzAW37zBWnH9/kq2B8c4hxi5GTg4J AROJ5af2sELYYhIX7q1n62Lk4hASOMIosWZfGyOEs4RR4t3C18xdjBwcbAIWEt3/tEEaRARC JPpPtTCB2MICbhK7l01hhYi7S5zf/Z8RwjaS2LzpIBuIzSKgKnGo/w0ziM0r4Cvx4vgCdpCR QgI6EutOxYGEOQV0JXbPvwBWwgh0z/dTa8DGMwuIS3w4eJ0Z4k4BiSV7zkPZohIvH/+Dul9J onHJE1aI+nyJl/9mskCsEpQ4OfMJywRGkVlIRs1CUjYLSRlEXE/ixtQpbBC2tsQyoOchbF2J Gf8OsSCLL2BkX8XIUZxanJSbbmSwiREYPwe3/LbYwXj5r80hRmkOFiVx3o9vnYOEBNITS1Kz U1MLUovii0pzUosPMTJxcEo1MGafmL1NwS2qfrfwUq0NoRFO67Yu/mqqsqfMUL0+TPGsiKyE 5UvD6ebnLrD6P/NazZD74O+1SNe6yakWKoWnpyyQneiwKyZSzmPeRlFdTrE9e/9H/ObZZRWZ tcJ3nQvb0XvbeCKXdfE+VtzwuPpxmv4N1R8rOta9ext6n8tyep/AAamZQo9TjyixFGckGmox FxUnAgBd1AmebQIAAA==
Subject: Re: [MMUSIC] Review (by dhanes) of draft-holmberg-mmusic-udptl-dtls-02
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Dec 2013 13:07:55 -0000
Hi David, Thanks for your comments! Due to xmas/new year vacations, it may take a while before I get a chance to reply. Just to let you know :) Regards, Christer Lähettäjä: David Hanes (dhanes) [mailto:dhanes@cisco.com] Lähetetty: 19. joulukuuta 2013 21:18 Vastaanottaja: Christer Holmberg; mmusic@ietf.org Aihe: Review (by dhanes) of draft-holmberg-mmusic-udptl-dtls-02 Overall this is a well written document. It is clear and concise and the technical aspect is solid. My comments are below: -David 1) For some reason, I can't seem to get past the wording on this first sentence in Section 1. I feel like it could be stated a bit clearer. The point I think is that there are means to send faxes across the PSTN in a secure manner but it was never a priority due to the barrier of physical access. This is probably just personal preference but I feel a wording similar to the following gets the point across better: "While it is possible to transmit highly sensitive documents using traditional telephony encryption devices, secure fax on the Public Switched Telephone Network (PSTN) was never widely considered or prioritized. This was mainly because of the challenges involved with physical access to telephony equipment." 2) In the last sentence of the first paragraph of Section 1, the following statement is made "Some of the security mechanisms for securing fax include:" and then a T.30 and T.38 scheme is mentioned. I think that this has been brought up before but SRTP using fax passthrough is more widely deployed in my experience than either of the other secure faxing methods. I realize that this document is written under the context of UDPTL-based fax but here in the introduction the topic so far is secure fax in a general sense and it has yet to be narrowed down to just UDPTL-based fax. It seems like a glaring omission that SRTP fax solutions are not mentioned here. I think SRTP needs to be added if this is kept in its present form and wording. Or this section could be changed in a manner similar to the following. This will address the omission of SRTP from my perspective: While telephony encryption devices have been traditionally used for highly sensitive documents, secure fax on the Public Switched Telephone Network (PSTN) was not as widely considered or prioritized because of the challenges involved with physical access to telephony equipment. As real-time communications transition to IP networks, where information might potentially be intercepted or spoofed, an appropriate level of security for fax that offers integrity and confidentiality protection is vital. The overwhelmingly predominant fax transport protocol today is UDPTL-based. The protocol stack for fax transport using UDPTL is shown in Table 1. +-----------------------------+ | Protocol | +-----------------------------+ | Internet facsimile protocol | +-----------------------------+ | UDPTL | +-----------------------------+ | UDP | +-----------------------------+ | IP | +-----------------------------+ Table 1: Protocol stack for UDPTL over UDP Implementations exist today for securing this fax transport type. Some of these mechanisms are: o [ITU.T30.2005] Annex H specifies integrity and confidentiality protection of fax in application layer, independent of protocol for fax transport. o [ITU.T38.2010] specifies fax transport over RTP/SAVP which enables integrity and confidentiality protection of fax in IP network. Despite these mechanisms to secure fax, there is no transport layer security offering integrity and confidentiality protection for UDPTL. This issue was addressed in a study by the 3rd Generation Partnership Project (3GPP) on how to provide secure fax in the IP Multimedia Subsystem (IMS). They concluded that secure fax shall be transported using UDPTL over DTLS. My rewrite here simply places the current secure fax options for UDPTL after the introduction of UDPTL itself. I think this builds better from a general discussion on secure fax, to an introduction of UDPTL, to an explanation of current UDPTL secure fax offerings, to the 3GPP study recommendation. 3) Shouldn't the title for Table 2 be "Protocol stack for UDPTL over DTLS" and not "Protocol stack for UDPTL over UDP"?
- [MMUSIC] Review (by dhanes) of draft-holmberg-mmu… David Hanes (dhanes)
- Re: [MMUSIC] Review (by dhanes) of draft-holmberg… Christer Holmberg
- Re: [MMUSIC] Review (by dhanes) of draft-holmberg… Christer Holmberg