Re: [rtcweb] Reminder: Working group last call for draft-ietf-rtcweb-security-arch
Richard Barnes <rlb@ipv.sx> Tue, 12 March 2013 22:23 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D50F211E812D for <rtcweb@ietfa.amsl.com>; Tue, 12 Mar 2013 15:23:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.352
X-Spam-Level:
X-Spam-Status: No, score=-2.352 tagged_above=-999 required=5 tests=[AWL=0.624, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o1dAJd+DIcre for <rtcweb@ietfa.amsl.com>; Tue, 12 Mar 2013 15:23:56 -0700 (PDT)
Received: from mail-oa0-f42.google.com (mail-oa0-f42.google.com [209.85.219.42]) by ietfa.amsl.com (Postfix) with ESMTP id 39A7111E812B for <rtcweb@ietf.org>; Tue, 12 Mar 2013 15:23:56 -0700 (PDT)
Received: by mail-oa0-f42.google.com with SMTP id i18so421264oag.1 for <rtcweb@ietf.org>; Tue, 12 Mar 2013 15:23:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=V8y4qkLni1cTmaTMjKhxe/Eu2/GUVY+j8RKje3ZTY6o=; b=ONZZ+IC81JF//gaaSNc5I7EyAryLamVSglS5sAhdl/A358+4REDUMpzBsojn1xpOcX wyoPRTDDyw6z612iTLEEo39NTd4BKAcNQdUvfyScA5OeMO0YcERSjWXf600rDNx02cs8 FAv9mF0Mitvv522aGVjyAs69cVCdPS4XZ0R8nniTRi81n4RO7D2bHEAkZq/ikR1efqqu qrKrrQFkHZ8+HZJAUAAX1DujeZ9B3GqenbP4U+XjTVpReHOyLJOfEJP4+09xChVlTbKc smyBsNJam0yK/GojVcaJ3/hwEVEZ2uPaKG3g6QYlEkihOD2Hz13tkZ0jTjpeD+PEcDsU uBAg==
MIME-Version: 1.0
X-Received: by 10.182.245.33 with SMTP id xl1mr13532643obc.91.1363127035728; Tue, 12 Mar 2013 15:23:55 -0700 (PDT)
Received: by 10.60.40.233 with HTTP; Tue, 12 Mar 2013 15:23:55 -0700 (PDT)
X-Originating-IP: [128.89.253.127]
In-Reply-To: <CA+9kkMATiwiFNyq3awr-EHwnWb3+ZEsP+Omgiwdev=8swgMrAQ@mail.gmail.com>
References: <CA+9kkMATiwiFNyq3awr-EHwnWb3+ZEsP+Omgiwdev=8swgMrAQ@mail.gmail.com>
Date: Tue, 12 Mar 2013 18:23:55 -0400
Message-ID: <CAL02cgQMvfW0ukb3WddcuMt+k_iSOtQq-X9r+emvQ4oG5GNGxA@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Ted Hardie <ted.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="14dae93a19a3bfb16b04d7c1be01"
X-Gm-Message-State: ALoCoQmAO10fE0Gh2SxQNBocEpS1Wf1j2xGD+h5mHkz8zlUU2QYCadG0uP4wQzpKweN8OGgWkHrp
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Reminder: Working group last call for draft-ietf-rtcweb-security-arch
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 22:23:56 -0000
I haven't had a chance to write up detailed comments, but my high-level comment is that it goes into a bit too much detail on how the security goals are accomplished. The main thing this document needs to do is lay out the high-level roles in the process (IdPs, calling sites, UAs) and what security guarantees they each provide. It does a good job of that Section 4 and the beginning of Section 5. Beginning around Section 5.6, it starts to veer off into technical details. Section 5.6 and Section 5.7.4 (and possibly others) should probably be moved to a separate document, not because I think they're wrong, but because there are some alternative models to be considered for how to meet the goals of the security architecture. --Richard On Mon, Feb 25, 2013 at 6:27 PM, Ted Hardie <ted.ietf@gmail.com> wrote: > This is a reminder that there is an ongoing last call for > draft-ietf-rtcweb-security-arch-06. Please send comments, including > those of the "reviewed and no issues" ilk, by March 9th, 2012. > > regards, > > Ted Hardie > > On Thu, Feb 14, 2013 at 8:35 AM, Ted Hardie <ted.ietf@gmail.com> wrote: > > This begins a working group last call for > > draft-ietf-rtcweb-security-arch. Please send comments to the list by > > March 9, 2013. > > > > regards, > > > > Ted, Cullen, Magnus > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb >
- [rtcweb] Reminder: Working group last call for dr… Ted Hardie
- Re: [rtcweb] Reminder: Working group last call fo… Colin Perkins
- Re: [rtcweb] Reminder: Working group last call fo… Ted Hardie
- Re: [rtcweb] Reminder: Working group last call fo… Justin Uberti
- Re: [rtcweb] Reminder: Working group last call fo… Eric Rescorla
- Re: [rtcweb] Reminder: Working group last call fo… Martin Thomson
- Re: [rtcweb] Reminder: Working group last call fo… Bernard Aboba
- Re: [rtcweb] Reminder: Working group last call fo… Oscar Ohlsson
- Re: [rtcweb] Reminder: Working group last call fo… Richard Barnes