[Perc] Roman Danyliw's Discuss on draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Thu, 16 May 2019 01:52 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: perc@ietf.org
Delivered-To: perc@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C5A2D1200A1; Wed, 15 May 2019 18:52:36 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-perc-private-media-framework@ietf.org, Nils Ohlmeier <nohlmeier@mozilla.com>, perc-chairs@ietf.org, nohlmeier@mozilla.com, perc@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.96.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <155797155680.30599.3634623355394252682.idtracker@ietfa.amsl.com>
Date: Wed, 15 May 2019 18:52:36 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/KG6BWznZPr9lnY8t5ZP91VP9xGs>
Subject: [Perc] Roman Danyliw's Discuss on draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT)
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 May 2019 01:52:37 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-perc-private-media-framework-10: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-perc-private-media-framework/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- I support Magnus’s DISCUSS about the need to further discuss the impact of a compromised/rogue end-point. In addition to the impersonation of others in the conference, I am wondering about the impact (perhaps a DoS?) of rogue client flooding the conference with EKT Key updates. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- (1) Section 1. Per “Virtualized public cloud environments have been viewed as less secure since resources are not always physically controlled by those who use them and since there are usually several ports open to the public. This document aims to improve security so as to lower the barrier to taking advantage of those environments”, I stumbled over these sentences. Improve security relative to what – self hosted environments? Is the security target have fewer open ports and secure in the face of an adversary with physical access to the system? The latter seems like a very high bar and the corresponding Security Considerations doesn’t seem to rise to that. (2) Section 6.1. “Endpoints have to retain old keys for a period of time to ensure they can properly decrypt late-arriving or out-of-order packets” seems to restate what is stated in 4.5.2 using RFC2119 language. Here “endpoints have to retain”. In Section 4.5.2, “endpoints SHOULD retain”. Which one is correct? (3) Section 8.1. Per “Off-path attackers could try connecting to different PERC entities and send specifically crafted packets”, could you be more specific on the threat. Is this something different than any service being exposed on the Internet? (4) Editorial Nits: ** Section 3. Typo. s/the the/the/
- [Perc] Roman Danyliw's Discuss on draft-ietf-perc… Roman Danyliw via Datatracker
- Re: [Perc] Roman Danyliw's Discuss on draft-ietf-… Paul E. Jones
- Re: [Perc] Roman Danyliw's Discuss on draft-ietf-… Roman Danyliw
- Re: [Perc] Roman Danyliw's Discuss on draft-ietf-… Paul E. Jones