Re: [RAI] [dispatch] MSRP Expert Review of draft-pd-dispatch-msrp-websocket-04

Ben Campbell <ben@nostrum.com> Mon, 13 January 2014 22:43 UTC

Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Ben Campbell <ben@nostrum.com>
In-Reply-To: <CAEqTk6TQh=9kQF7ZGy4bvo9T0GrKF9EQ-avyvtD1JextbaU6Lw@mail.gmail.com>
Date: Mon, 13 Jan 2014 16:43:34 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <8DB83E85-08E6-44DB-AF0F-FE135687F8A2@nostrum.com>
References: <45B84D8F-AD8C-4B28-90DF-9B1C40771104@nostrum.com> <6833E320-7B45-4FC2-853B-62311DCF7E7B@nostrum.com> <CAEqTk6TQh=9kQF7ZGy4bvo9T0GrKF9EQ-avyvtD1JextbaU6Lw@mail.gmail.com>
To: Peter Dunkley <peter.dunkley@crocodilertc.net>
Received-SPF: pass (shaman.nostrum.com: 173.172.146.58 is authenticated by a trusted mechanism)
Cc: draft-pd-dispatch-msrp-websocket.all@tools.ietf.org, DISPATCH <dispatch@ietf.org>, rai@ietf.org
Subject: Re: [RAI] [dispatch] MSRP Expert Review of draft-pd-dispatch-msrp-websocket-04
Precedence: list

On Jan 13, 2014, at 3:41 AM, Peter Dunkley <peter.dunkley@crocodilertc.net> wrote:

> On 11 January 2014 21:54, Ben Campbell <ben@nostrum.com> wrote:
> 
> I don't have an answer for how to proceed, but at a minimum I would like to see considerably more discussion of the implications and any potential mitigation of this in the Security Considerations sections.
> 
> More discussion is certainly needed here.  The reason I chose to downgrade the security here was purely pragmatic.
> 
> As nice as it would be to make the security requirements for MSRP over WebSockets very strict it would also be utterly pointless as (right now and for the foreseeable future) it would not be possible to implement.

Understood. I think the conversation needs to cover the general case of "how do we handle things when new transport options take security decisions away from the application protocol implementations". MSRP is an especially interesting case due to the MUST USE requirement in RFC 4976.

Maybe that's already been discussed, but if so I've missed it.

Ben.

[RAI] MSRP Expert Review of draft-pd-dispatch-msr… Ben Campbell
[RAI] MSRP Expert Review of draft-pd-dispatch-msr… Ben Campbell
Re: [RAI] MSRP Expert Review of draft-pd-dispatch… Ben Campbell
Re: [RAI] [dispatch] MSRP Expert Review of draft-… Ben Campbell
Re: [RAI] MSRP Expert Review of draft-pd-dispatch… Cullen Jennings (fluffy)
Re: [RAI] [dispatch] MSRP Expert Review of draft-… Ben Campbell
Re: [RAI] [dispatch] MSRP Expert Review of draft-… Cullen Jennings (fluffy)
Re: [RAI] [dispatch] MSRP Expert Review of draft-… Mary Barnes
Re: [RAI] [dispatch] MSRP Expert Review of draft-… Mary Barnes
Re: [RAI] [dispatch] MSRP Expert Review of draft-… Cullen Jennings (fluffy)
Re: [RAI] [dispatch] MSRP Expert Review of draft-… Ben Campbell
Re: [RAI] [dispatch] MSRP Expert Review of draft-… Cullen Jennings (fluffy)
Re: [RAI] [dispatch] MSRP Expert Review of draft-… Cullen Jennings (fluffy)
Re: [RAI] [dispatch] MSRP Expert Review of draft-… Mary Barnes
Re: [RAI] [dispatch] MSRP Expert Review of draft-… DRAGE, Keith (Keith)
Re: [RAI] [dispatch] MSRP Expert Review of draft-… Olle E. Johansson
Re: [RAI] [dispatch] MSRP Expert Review of draft-… Olle E. Johansson
Re: [RAI] [dispatch] MSRP Expert Review of draft-… Cullen Jennings (fluffy)