IETF Logo Mail Archive

Re: [MMUSIC] Roman Danyliw's Discuss on draft-ietf-mmusic-rfc4566bis-35: (with DISCUSS and COMMENT)

Paul Kyzivat <pkyzivat@alum.mit.edu> Wed, 19 June 2019 14:45 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3114C1205FD; Wed, 19 Jun 2019 07:45:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id puC2YsAZEu9Y; Wed, 19 Jun 2019 07:45:44 -0700 (PDT)
Received: from outgoing-alum.mit.edu (outgoing-alum.mit.edu [18.7.68.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BEC41205DC; Wed, 19 Jun 2019 07:45:41 -0700 (PDT)
Received: from PaulKyzivatsMBP.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id x5JEjZwT025700 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 19 Jun 2019 10:45:35 -0400
To: Roman Danyliw <rdd@cert.org>, "fandreas@cisco.com" <fandreas@cisco.com>, "draft-ietf-mmusic-rfc4566bis@ietf.org" <draft-ietf-mmusic-rfc4566bis@ietf.org>
Cc: "mmusic@ietf.org" <mmusic@ietf.org>, "mmusic-chairs@ietf.org" <mmusic-chairs@ietf.org>, The IESG <iesg@ietf.org>
References: <155915471104.5543.17843194441283384643.idtracker@ietfa.amsl.com> <359EC4B99E040048A7131E0F4E113AFC01B339B6C0@marathon>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <9fc12825-f961-4cf3-1e2f-e328b90cebbb@alum.mit.edu>
Date: Wed, 19 Jun 2019 10:45:34 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:60.0) Gecko/20100101 Thunderbird/60.7.0
MIME-Version: 1.0
In-Reply-To: <359EC4B99E040048A7131E0F4E113AFC01B339B6C0@marathon>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/wkXbea_mpLX1jRyFZ3ApIqRVSvY>
Subject: Re: [MMUSIC] Roman Danyliw's Discuss on draft-ietf-mmusic-rfc4566bis-35: (with DISCUSS and COMMENT)
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jun 2019 14:45:46 -0000

Roman,

On 6/19/19 5:11 AM, Roman Danyliw wrote:

> Thanks for the revision to Section 7 to clarify the language within the section.  I still see a conflict between the guidance in Section 5.12 and 7.
> 
> Section 5.12 says:
>     The "k=" line (key-field) is obsolete and MUST NOT be used.  It is
>     included in this document for legacy reasons.  One MUST NOT include a
>     "k=" line in an SDP, and MUST discard it if it is received in an SDP.
> 
> The new text in Section 7 says:
>     SDP MUST NOT be used to convey keying material (e.g., using
>     "a=crypto" [RFC4568]) unless it can be guaranteed that the channel
>     over which the SDP is delivered is both private and authenticated.
> 
> My read is that Section 5.12 says don't use k= and drop it if you see it; and Section 7 says don't use k= unless you can guarantee certain channel properties.  Consider the situation where one has the right channel properties (per Section 7), why would one use k= since Section 5.12 would dictate that this k= would get dropped?

The new section 7 uses a=crypto, which is a different mechanism from k=. 
So I don't see the conflict you are concerned with.

	Thanks,
	Paul

v2.23.0 | Report a Bug | By Email