IETF Logo Mail Archive

Re: [rtcweb] Adopting draft-muthu-behave-consent-freshness?

"Mishra, Sanjay" <sanjay.mishra@verizon.com> Wed, 11 September 2013 12:53 UTC

Return-Path: <sanjay.mishra@verizon.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2591111E8249 for <rtcweb@ietfa.amsl.com>; Wed, 11 Sep 2013 05:53:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HCaYCTjWApOz for <rtcweb@ietfa.amsl.com>; Wed, 11 Sep 2013 05:53:14 -0700 (PDT)
Received: from omzsmtpe01.verizonbusiness.com (omzsmtpe01.verizonbusiness.com [199.249.25.210]) by ietfa.amsl.com (Postfix) with ESMTP id E173611E8242 for <rtcweb@ietf.org>; Wed, 11 Sep 2013 05:53:07 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: false
Received: from unknown (HELO fldsmtpi01.verizon.com) ([166.68.71.143]) by omzsmtpe01.verizonbusiness.com with ESMTP; 11 Sep 2013 12:53:05 +0000
From: "Mishra, Sanjay" <sanjay.mishra@verizon.com>
X-IronPort-AV: E=Sophos;i="4.90,884,1371081600"; d="scan'208";a="555488954"
Received: from fhdp1lumxc7hb04.verizon.com (HELO FHDP1LUMXC7HB04.us.one.verizon.com) ([166.68.59.191]) by fldsmtpi01.verizon.com with ESMTP; 11 Sep 2013 12:53:05 +0000
Received: from fhdp1lumxc7v23.us.one.verizon.com ([166.68.59.159]) by FHDP1LUMXC7HB04.us.one.verizon.com ([166.68.59.191]) with mapi; Wed, 11 Sep 2013 08:53:05 -0400
To: "Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com>, "Dan Wing (dwing)" <dwing@cisco.com>, "Ram Mohan R (rmohanr)" <rmohanr@cisco.com>, "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
Date: Wed, 11 Sep 2013 08:53:03 -0400
Thread-Topic: [rtcweb] Adopting draft-muthu-behave-consent-freshness?
Thread-Index: Ac6tN+qfR6vXQELAQEiGliH2MY4jagBGN0NQABQuU4AAEOtJEA==
Message-ID: <900A1E2059ADB149B905E3C8FA0046A62C7986931A@FHDP1LUMXC7V23.us.one.verizon.com>
References: <522D88A8.3010209@ericsson.com> <900A1E2059ADB149B905E3C8FA0046A62C79869199@FHDP1LUMXC7V23.us.one.verizon.com> <E721D8C6A2E1544DB2DEBC313AF54DE224275BB8@xmb-rcd-x02.cisco.com>
In-Reply-To: <E721D8C6A2E1544DB2DEBC313AF54DE224275BB8@xmb-rcd-x02.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Adopting draft-muthu-behave-consent-freshness?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Sep 2013 12:53:20 -0000

On Tuesday, September 10, 2013 11:51 PM Muthu Arul Mozhi Perumal <mperumal@cisco.com> wrote:
>The "why" part is mentioned in the first paragraph of the abstract:
>  Verification of peer consent before sending traffic is necessary in
>  WebRTC deployments to ensure that a malicious JavaScript cannot use
>  the browser as a platform for launching attacks.

> Are you suggesting expanding this? The abstract needs to be concise, however.

I agree the first paragraph states the premise and that is good, however, the second paragraph which lays out the purpose of this document, and since the purpose is both how and why, the second paragraph could state something like this:

"This document describes both how and why a webRTC browser can and must verify peer consent to continue sending traffic and detect connection failure."

Thanks
Sanjay

-----Original Message-----
From: Muthu Arul Mozhi Perumal (mperumal) [mailto:mperumal@cisco.com] 
Sent: Tuesday, September 10, 2013 11:51 PM
To: Mishra, Sanjay; Dan Wing (dwing); Ram Mohan R (rmohanr); Tirumaleswar Reddy (tireddy)
Cc: rtcweb@ietf.org
Subject: RE: [rtcweb] Adopting draft-muthu-behave-consent-freshness?

|In the abstract, second paragraph, the text states "how" a WebRTC 
|browser can verify peer consent and as I read through the rest of the 
|document I also understood "why" this is needed. So, just a knit pick, 
|it may be clear to the reader if the statement also includes why within 
|the body of the Abstract.

The "why" part is mentioned in the first paragraph of the abstract:
   Verification of peer consent before sending traffic is necessary in
   WebRTC deployments to ensure that a malicious JavaScript cannot use
   the browser as a platform for launching attacks.

Are you suggesting expanding this? The abstract needs to be concise, however.

|One minor typo in section 7. Please change "in-intended" to "un-intended".

Will fix it.

Thanks for the review..

Muthu 

|-----Original Message-----
|From: Mishra, Sanjay [mailto:sanjay.mishra@verizon.com]
|Sent: Wednesday, September 11, 2013 12:38 AM
|To: Muthu Arul Mozhi Perumal (mperumal); Dan Wing (dwing); Ram Mohan R 
|(rmohanr); Tirumaleswar Reddy
|(tireddy)
|Cc: rtcweb@ietf.org
|Subject: RE: [rtcweb] Adopting draft-muthu-behave-consent-freshness?
|
|Muthu et al --
|
|
|In the abstract, second paragraph, the text states "how" a WebRTC 
|browser can verify peer consent and as I read through the rest of the 
|document I also understood "why" this is needed. So, just a knit pick, 
|it may be clear to the reader if the statement also includes why within the body of the Abstract.
|
|One minor typo in section 7. Please change "in-intended" to "un-intended".
|
|Thanks
|Sanjay
|
|-----Original Message-----
|From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On 
|Behalf Of Magnus Westerlund
|Sent: Monday, September 09, 2013 4:37 AM
|To: rtcweb@ietf.org
|Subject: [rtcweb] Adopting draft-muthu-behave-consent-freshness?
|
|WG,
|
|This is a call for WG adoption of STUN Usage for Consent Freshness 
|(draft-muthu-behave-consent- freshness-04). This document defines a 
|STUN usage for consent freshness. As this requires no protocol extensions we as intended users can define this usage in our WG. Such work also matches our charter.
|The draft-ietf-rtcweb-security-arch-07 is normatively dependent on this STUN usage.
|
|Document:
|https://datatracker.ietf.org/doc/draft-muthu-behave-consent-freshness/
|
|WG, please indicate your support or issues with adopting this document 
|as WG item with a proposed
|milestone:
|
|Mar 2014 Send STUN Usage for Consent Freshness to IESG for publication as proposed standard.
|
|Cheers
|
|Magnus Westerlund
|
|----------------------------------------------------------------------
|Multimedia Technologies, Ericsson Research EAB/TVM
|----------------------------------------------------------------------
|Ericsson AB                | Phone  +46 10 7148287
|Färögatan 6                | Mobile +46 73 0949079
|SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
|----------------------------------------------------------------------
|
|_______________________________________________
|rtcweb mailing list
|rtcweb@ietf.org
|https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email