Re: [Perc] AD Evaluation of draft-ietf-perc-srtp-ekt-diet-08
Ben Campbell <ben@nostrum.com> Thu, 09 August 2018 22:31 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB16F130E25; Thu, 9 Aug 2018 15:31:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.879
X-Spam-Level:
X-Spam-Status: No, score=-1.879 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CYp5yaTdSdeY; Thu, 9 Aug 2018 15:31:35 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9E1F1294D0; Thu, 9 Aug 2018 15:31:35 -0700 (PDT)
Received: from [10.0.1.95] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id w79MVUL2049117 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 9 Aug 2018 17:31:34 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.95]
From: Ben Campbell <ben@nostrum.com>
Message-Id: <1E962CD5-74C9-403B-A909-F317425F9DEE@nostrum.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_8F4103C9-E01D-4088-B570-7D2DEB0E7848"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Thu, 09 Aug 2018 17:31:29 -0500
In-Reply-To: <CC46EAEA-3588-41E2-B3A2-5A8C547FA410@nostrum.com>
Cc: perc@ietf.org
To: draft-ietf-perc-srtp-ekt-diet.all@ietf.org
References: <CC46EAEA-3588-41E2-B3A2-5A8C547FA410@nostrum.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/GnkaM6wNm8NjUcqChuDg4HCcg9w>
Subject: Re: [Perc] AD Evaluation of draft-ietf-perc-srtp-ekt-diet-08
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Aug 2018 22:31:38 -0000
Oops, missed a comment: Can we get an updated address and affiliation for Dan Wing? Thanks! Ben. > On Aug 9, 2018, at 5:28 PM, Ben Campbell <ben@nostrum.com> wrote: > > Hi, > > This is my AD Evaluation of draft-ietf-perc-srtp-ekt-diet-08. > > The document is mostly in good shape. It’s easy to read and understand. However, I have a few substantive comments/questions and some editorial comments. I would like to at least discuss the substantive comments before going to IETF LC. > > Thanks! > > Ben. > > ---------- > > *** Substantive Comments: *** > > > §3: Is there a reason not to use the RFC 8174 boilerplate? There are at least a few instances of lowercase keywords in places that don’t seem intended as normative. > > §4.2.1, first paragraph: Is there never a situation where you send neither version? Also, did I miss a description of the purpose and semantics for ShortEKTField, other than “send it when you don’t send the full version”? > > §4.2.2, step 3: "If the EKT decryption operation returns an authentication failure, then the packet processing stops.” > > ... and then what? > > - Step 6: "This applies in transforms such as [ I-D.ietf-perc-double] for replacing just half the key, but SHOULD return a processing error otherwise.” > > I don’t understand that sentence. Is the point to say that using a “too short” key to replace part of the old key is only valid for perc-double or similar transforms, and receiving one in other contexts is an error? > > - Next Sentence: "Outbound packets SHOULD continue to use the old SRTP Master Key for 250 ms after” Does that imply a normative requirement for recipients to keep old keys around for at least that long? There’s currently an implementation suggestion about that, but it doesn’t use MUST or SHOULD. > (Editorial: The sentence seems to belong in the “outbound” section, not the “inbound” section.) > > §4.3: > > - “ This ciphertext value MAY be cached by an SRTP > receiver to minimize computational effort by noting when the SRTP > master key is unchanged and avoiding repeating the steps defined in .” > > Are we really talking about the recipient? How would the recipient know that the key has not changed without processing the ciphertext value? (Also, the sentence is unfinished--maybe the answer would be clear if the rest of the sentence came out of hiding :-) ) > > - “ The receiver may want to have a sliding window to retain old SRTP > Master Keys (and related context) for some brief period of time, so > that out of order packets can be processed as well as packets sent > during the time keys are changing.” > > See comment to §4.2.2, step 6. “may want” seems weak given that the sender SHOULD keep using the old key for a period of time. > > §4.7: “A new sender SHOULD send a packet containing the FullEKTField as soon as possible...” > > Why not MUST? Would it ever make sense not to do this? It seems like the mechanism doesn’t work very well otherwise. > > §6, first paragraph: “or other” - what other? > > - paragraph 8: “ An endpoint MUST NOT encrypt more than T different FullEKTField values using the same EKTKey.” > > Is there a reciprocal requirement for decryption? > > - last paragraph: “...SHOULD be limited using the ekt_ttl” > > Why not MUST? > > §7.3: Should this cite RFC 5246 instead of RFC 4366? > > *** Editorial Comments: *** > > §2: “...each endpoint picks there own SRTP master key...: > s/their/its > > §4.1, first paragraph: Please reference figures by number. I can imagine some future RFC rendering failing to maintain the relative positions. (This occurs a few times throughout the document.) > > §4.2.2, step 3: > Should "The EKTCiphertext authentication is checked and is decrypted” be something like “ > The EKTCiphertext field authentication is checked and its contents decrypted” I assume you don’t mean to say its authentication is decrypted. > > Also, there’s a number of occurrences of “The [fieldname]...” that should probably say “The [fieldname] field...” > > - Step 6: s/crypto/cryptographic > > - Step 7: is the replay protection part relevant to the step? > > §4.3, third paragraph: This is the first mention of ekt_ttl. It would help to have a brief explanation or at least a forward reference. > > §4.6: s/ “other specification” / “another specification” ; or “other specifications” > > §4.7, third paragraph: Both occurrences of “which” need preceding commas. > > §5.2, paragraph after figure 4: “ ... the extensions defined in this session allows the DTLS server...” > Defined in this “session” or this “section”? > > §, paragraph 7: “... causing the receiving system will decrypt...” > s/will/to > > > >
- [Perc] AD Evaluation of draft-ietf-perc-srtp-ekt-… Ben Campbell
- Re: [Perc] AD Evaluation of draft-ietf-perc-srtp-… Ben Campbell
- Re: [Perc] AD Evaluation of draft-ietf-perc-srtp-… Richard Barnes
- Re: [Perc] AD Evaluation of draft-ietf-perc-srtp-… Ben Campbell
- Re: [Perc] AD Evaluation of draft-ietf-perc-srtp-… Ben Campbell