Re: [rtcweb] Ben Campbell's Yes on draft-ietf-rtcweb-security-arch-18: (with COMMENT)

Sean Turner <sean@sn3rd.com> Thu, 28 March 2019 13:51 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8136812045F for <rtcweb@ietfa.amsl.com>; Thu, 28 Mar 2019 06:51:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eQppGs6l-qlQ for <rtcweb@ietfa.amsl.com>; Thu, 28 Mar 2019 06:51:05 -0700 (PDT)
Received: from mail-yw1-xc36.google.com (mail-yw1-xc36.google.com [IPv6:2607:f8b0:4864:20::c36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E95D2120466 for <rtcweb@ietf.org>; Thu, 28 Mar 2019 06:51:04 -0700 (PDT)
Received: by mail-yw1-xc36.google.com with SMTP id l15so14661461ywe.8 for <rtcweb@ietf.org>; Thu, 28 Mar 2019 06:51:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ywUsfU4RPBymLHY1OPmxQws5knH5mlzcvGMayw9AwMI=; b=NCIW58l/2fhnLizPslULi8QHL4dPDYCh/3FIAwz33ni3Wv7drintfRj2TwyG2ErpFc b1Ya2gTbQtd/VOEJdmMuldAaz5vt99KflnMn4ztSQ0/ar9MKwUK6sl8sqRFkSch5YyPy reoMbV4DcRald+qakS/I7FoXqFjbyKgS3PGzY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ywUsfU4RPBymLHY1OPmxQws5knH5mlzcvGMayw9AwMI=; b=c/4nF8EWNQc3SAR0qwG5FQdN/ev4hhs3GywoOfnIgyqulEinP6yHpWZIBrmzZYEzbw 2+DWa0cYJmuQxL5GRqYTC70I1mUYM0vIhFr2l9w6zGcL+vT0n5xmC/BrsgH3FxYNOzn4 lx4ztDTAti5Q5cQ2SF6dM1m7hvYpiqnjSbtQG1N+h9M+BUweq3JxTDudjKOeZUBOdqJj LXUmH+fsXvlr1z105JoIVV5bhjPpKB7pDRapBkqiTFeSAJV2VBJNeLUdJxvfZ1m/hwJB TOfY8XbXq5NJ7lC+Zrl/MM6oQKgv9RXvkCPw0lFXB+UFwqgpffudNwnlQOo20Ml95cSG pfOQ==
X-Gm-Message-State: APjAAAVmjBOMwy1SIMucB4L3uarEJqqoiDD7f5rBYySnTJkWWZoyxCAF 0BH8dYGyh8JVAC+LL6XsjjvTwQ==
X-Google-Smtp-Source: APXvYqzWFtIEkQBqFbvIT4RjeO9xBVBGo+O0wY0B9Dsxgc05cJzkS9Gwm06+fcrsTfLwQ4pI1ziOMA==
X-Received: by 2002:a81:f85:: with SMTP id 127mr37430749ywp.348.1553781064173; Thu, 28 Mar 2019 06:51:04 -0700 (PDT)
Received: from ?IPv6:2001:67c:370:128:c1ec:6bbe:60d6:361d? ([2001:67c:370:128:c1ec:6bbe:60d6:361d]) by smtp.gmail.com with ESMTPSA id d196sm8977458ywh.105.2019.03.28.06.51.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 28 Mar 2019 06:51:03 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <0507911D-76A2-4D4F-92BC-6026A14F8305@sn3rd.com>
Date: Thu, 28 Mar 2019 14:51:00 +0100
Cc: The IESG <iesg@ietf.org>, draft-ietf-rtcweb-security-arch@ietf.org, rtcweb-chairs@ietf.org, rtcweb@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <19241E5A-1DEA-443A-8130-F3F0F7431156@sn3rd.com>
References: <155176110055.5301.9102355161357963697.idtracker@ietfa.amsl.com> <0507911D-76A2-4D4F-92BC-6026A14F8305@sn3rd.com>
To: Ben Campbell <ben@nostrum.com>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/C1u0hPbufc1sXFOJvVyyGSLT_XI>
Subject: Re: [rtcweb] Ben Campbell's Yes on draft-ietf-rtcweb-security-arch-18: (with COMMENT)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2019 13:51:11 -0000


> On Mar 27, 2019, at 11:06, Sean Turner <sean@sn3rd.com>; wrote:
> 
> 
> 
>> On Mar 5, 2019, at 13:45, Ben Campbell <ben@nostrum.com>; wrote:
>> 
>> Ben Campbell has entered the following ballot position for
>> draft-ietf-rtcweb-security-arch-18: Yes
>> 
>> When responding, please keep the subject line intact and reply to all
>> email addresses included in the To and CC lines. (Feel free to cut this
>> introductory paragraph, however.)
>> 
>> 
>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>> for more information about IESG DISCUSS and COMMENT positions.
>> 
>> 
>> The document, along with other ballot positions, can be found here:
>> https://datatracker.ietf.org/doc/draft-ietf-rtcweb-security-arch/
>> 
>> 
>> 
>> ----------------------------------------------------------------------
>> COMMENT:
>> ----------------------------------------------------------------------

>> §5.1.4:
>> - "In this
>> case, the established identity SHOULD be applied to existing DTLS
>> connections as well as new connections established using one of those
>> fingerprints."
>> 
>> Applied by the recipient? (consider active voice). Also, why not MUST? Don't
>> unexpected things happen if the recipient doesn't do this?
> 
> will get back to you on this one. 

MT seems to think we can just drop SHOULD and r/SHOULD/can
I reflected that in the PR.

>> §6.2:
>> - "Because HTTP origins cannot be securely established against network
>> attackers, implementations MUST NOT allow the setting of permanent
>> access permissions for HTTP origins. Implementations MUST refuse all
>> permissions grants for HTTP origins."
>> 
>> (nit-ish) - The MUST NOT seems non-constraining considering the last sentence.
>> Or am I reading that sentence wrong?
> 
> will get back to you on this one.

Chopped it to:
  Because HTTP origins cannot be securely established against network
  attackers, implementations MUSTrefuse all
  permissions grants for HTTP origins.