Re: [rtcweb] Reminder: Working group last call for draft-ietf-rtcweb-security-arch

Richard Barnes <rlb@ipv.sx> Tue, 12 March 2013 22:23 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D50F211E812D for <rtcweb@ietfa.amsl.com>; Tue, 12 Mar 2013 15:23:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.352
X-Spam-Level:
X-Spam-Status: No, score=-2.352 tagged_above=-999 required=5 tests=[AWL=0.624, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o1dAJd+DIcre for <rtcweb@ietfa.amsl.com>; Tue, 12 Mar 2013 15:23:56 -0700 (PDT)
Received: from mail-oa0-f42.google.com (mail-oa0-f42.google.com [209.85.219.42]) by ietfa.amsl.com (Postfix) with ESMTP id 39A7111E812B for <rtcweb@ietf.org>; Tue, 12 Mar 2013 15:23:56 -0700 (PDT)
Received: by mail-oa0-f42.google.com with SMTP id i18so421264oag.1 for <rtcweb@ietf.org>; Tue, 12 Mar 2013 15:23:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=V8y4qkLni1cTmaTMjKhxe/Eu2/GUVY+j8RKje3ZTY6o=; b=ONZZ+IC81JF//gaaSNc5I7EyAryLamVSglS5sAhdl/A358+4REDUMpzBsojn1xpOcX wyoPRTDDyw6z612iTLEEo39NTd4BKAcNQdUvfyScA5OeMO0YcERSjWXf600rDNx02cs8 FAv9mF0Mitvv522aGVjyAs69cVCdPS4XZ0R8nniTRi81n4RO7D2bHEAkZq/ikR1efqqu qrKrrQFkHZ8+HZJAUAAX1DujeZ9B3GqenbP4U+XjTVpReHOyLJOfEJP4+09xChVlTbKc smyBsNJam0yK/GojVcaJ3/hwEVEZ2uPaKG3g6QYlEkihOD2Hz13tkZ0jTjpeD+PEcDsU uBAg==
MIME-Version: 1.0
X-Received: by 10.182.245.33 with SMTP id xl1mr13532643obc.91.1363127035728; Tue, 12 Mar 2013 15:23:55 -0700 (PDT)
Received: by 10.60.40.233 with HTTP; Tue, 12 Mar 2013 15:23:55 -0700 (PDT)
X-Originating-IP: [128.89.253.127]
In-Reply-To: <CA+9kkMATiwiFNyq3awr-EHwnWb3+ZEsP+Omgiwdev=8swgMrAQ@mail.gmail.com>
References: <CA+9kkMATiwiFNyq3awr-EHwnWb3+ZEsP+Omgiwdev=8swgMrAQ@mail.gmail.com>
Date: Tue, 12 Mar 2013 18:23:55 -0400
Message-ID: <CAL02cgQMvfW0ukb3WddcuMt+k_iSOtQq-X9r+emvQ4oG5GNGxA@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Ted Hardie <ted.ietf@gmail.com>
Content-Type: multipart/alternative; boundary=14dae93a19a3bfb16b04d7c1be01
X-Gm-Message-State: ALoCoQmAO10fE0Gh2SxQNBocEpS1Wf1j2xGD+h5mHkz8zlUU2QYCadG0uP4wQzpKweN8OGgWkHrp
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Reminder: Working group last call for draft-ietf-rtcweb-security-arch
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 22:23:56 -0000

I haven't had a chance to write up detailed comments, but my high-level
comment is that it goes into a bit too much detail on how the security
goals are accomplished.

The main thing this document needs to do is lay out the high-level roles in
the process (IdPs, calling sites, UAs) and what security guarantees they
each provide.  It does a good job of that Section 4 and the beginning of
Section 5.

Beginning around Section 5.6, it starts to veer off into technical details.
 Section 5.6 and Section 5.7.4 (and possibly others) should probably be
moved to a separate document, not because I think they're wrong, but
because there are some alternative models to be considered for how to meet
the goals of the security architecture.

--Richard




On Mon, Feb 25, 2013 at 6:27 PM, Ted Hardie <ted.ietf@gmail.com> wrote:

> This is a reminder that there is an ongoing last call for
> draft-ietf-rtcweb-security-arch-06.  Please send comments, including
> those of the "reviewed and no issues" ilk, by March 9th, 2012.
>
> regards,
>
> Ted Hardie
>
> On Thu, Feb 14, 2013 at 8:35 AM, Ted Hardie <ted.ietf@gmail.com> wrote:
> > This begins a working group last call for
> > draft-ietf-rtcweb-security-arch.  Please send comments to the list by
> > March 9, 2013.
> >
> > regards,
> >
> > Ted, Cullen, Magnus
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>