Re: [rtcweb] SDP directorate review of SDP Identity attribute (draft-ietf-rtcweb-security-arch-14)
Martin Thomson <martin.thomson@gmail.com> Mon, 09 July 2018 07:30 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 845B8130E20; Mon, 9 Jul 2018 00:30:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XngAjkWPYF10; Mon, 9 Jul 2018 00:30:21 -0700 (PDT)
Received: from mail-oi0-x22a.google.com (mail-oi0-x22a.google.com [IPv6:2607:f8b0:4003:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 780D61277CC; Mon, 9 Jul 2018 00:30:21 -0700 (PDT)
Received: by mail-oi0-x22a.google.com with SMTP id b15-v6so34022810oib.10; Mon, 09 Jul 2018 00:30:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=TS+kkcepuKnQ6pazCofBathc+EVObYRT0cvoypFAG6c=; b=qKUZpNIO6gC/zYPp8Gn2HO0HyYijXX8azDNqz3+i0ei83mQwYkHS/p5x9rczdGRMIW nYosw/JTslRGs5BGdUL8rbeJ63MfPciISH818F07+JjkJr6K+61lrIXrmCIFeQy88ZkG A/XMqM+dTo2iHjk4Z/5vrUMJcDewa4s6rHYUKbslHULaxquVOJbuRtYg8xfoq6FVFHOl yligKOkF58E9oPwN67GC5VOF3sbo/FVqxKYb57KXmiRkNIjBE4oVtddE2sgL9ZlDg1LE t4bQSXpt1r9WgCUDBWyQurax57C8ZVErL/cJcsom5JL1NAx1KY14UJ7OvuMagfVurgkJ iTbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=TS+kkcepuKnQ6pazCofBathc+EVObYRT0cvoypFAG6c=; b=JEBRNGvqMSwiRkVGf5INZ8KI5PSd5byPvktCNxnoMryARg+Xz8FwoKqVNPXKwROA39 zecBuds1PpZZ16hmUMtOFcQk/kuZt6OxGrJnpKXLuKBJAqZRo58v5HBQ/VSa+GD9fw6n 3K94BqUumEYXAY+exQ6sF0YtMDE54QSdmHveX8vdr9+kaxLj8TalgFJMDK3DdT3sQJnf Vl+57AWGbSGXDaa/QUIES6MkV+WVxIVhfwDJRWHg5cGu5AFI2XzfC+nr8u9xslStRTh0 6CybhYKUthlnT8clbnUC/GtlsgDwWdDKziC1VdJzrGZSpN6uu2D48hOSk0PkpupTv0+f ggLA==
X-Gm-Message-State: APt69E0ywr/lYOjw6kuyLVxOWMW7qparHG8f4Emael6tHUpUmWex5eCW 8AmHJZTl8MUKmeXLmePtcafIEhDVqInmv93w2EA=
X-Google-Smtp-Source: AAOMgpdvHPiKLrw779yOc+OQHLCAdvs2pepbLPTZUczkhzuY6iahYKIcvMF43armnKaulcndEd4v4e9p6rb+a/dcQ9M=
X-Received: by 2002:aca:120e:: with SMTP id 14-v6mr8715707ois.144.1531121420763; Mon, 09 Jul 2018 00:30:20 -0700 (PDT)
MIME-Version: 1.0
References: <7594FB04B1934943A5C02806D1A2204B72F048B9@ESESSMB109.ericsson.se>
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B72F048B9@ESESSMB109.ericsson.se>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 09 Jul 2018 17:30:10 +1000
Message-ID: <CABkgnnXAhD_fCEhJJ0QgAzy7wGzy4t=s2xeEO5RKEHPUUuWCJg@mail.gmail.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Cc: RTCWeb IETF <rtcweb@ietf.org>, sdp-directorate-private@ietf.org, mmusic-chairs@ietf.org, rtcweb-chairs@ietf.org, Ben Campbell <ben@nostrum.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/GOfZE1sj_jCpmL89og5CR8S8M64>
Subject: Re: [rtcweb] SDP directorate review of SDP Identity attribute (draft-ietf-rtcweb-security-arch-14)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2018 07:30:24 -0000
Hi Christer, I went through this review, and there are some changes that I think are useful. I'm not sure if there isn't some misunderstanding on some others. I have PRs up on the repo for the simple ones. The suggestion to include the usual section headers might take some more time to sort out. On Thu, May 24, 2018 at 6:20 PM Christer Holmberg <christer.holmberg@ericsson.com> wrote: > As the SDP attribute definition should be able to stand on its own legs, there should be a description/reference to the IdP solution that it is used for. I believe that context is sufficient for that purpose. > Also, if the usage of the attribute is scoped to devices implementing the WebRTC specification, that should be indicated. The mechanism isn't necessarily scoped to this particular usage domain. I've proposed some text, but I don't think that it's necessary. The use of JSON allows for many things, some of which might be extending this to other uses. > Q1 (Structure): > > The document lacks the offer/answer procedure structure used for SDP attributes. This is a fair criticism. That needs work. Not because the headings are valuable, but because there is missing information that those headings cause you to think about (which is why they exist, of course). For instance, we don't really say anything here about whether the value can change (it can, but the identity can't). > Q2. The mux category is missing. I couldn't find this in the draft or on the list, but I found a branch that adds this, so it's good. > Q3 (Grammar): > identity-attribute = "identity:" identity-assertion > *( SP identity-extension ) Sure. I'm going with this because anything else would break existing deployments (such as they are). ';' is now allowed in the extensions. > Q4 (Attribute definition): > Historically there have been problems with the definitions of new SDP attributes. Especially, the manner of defining the syntax was inconsistent. RFC4566 gave insufficient guidance on how to do this. draft-ietf-mmusic-rfc4566bis (especially section 8.2.4.1) has provided more guidance on how to do this. Please do your definitions in that style. For instance: How is the definition in the IANA considerations section insufficient? > Q5: > The draft says that, at minimum, the fingerprint needs to be bound to the identity. > > First, I assume this means that, for each assertion, the associated SDP fingerprint attribute must be included in the offer/answer. If so, please include text about that.. The text says: > The identity attribute attests to all "a=fingerprint" attributes in the session description. It is therefore a session-level attribute. > > Multiple "a=fingerprint" values can be used to offer alternative certificates for a peer. The "a=identity" attribute MUST include all fingerprint values that are included in "a=fingerprint" lines. That would seem to be sufficient for this purpose. > Second, it would be good to indicate that, in the SDP, there is no link between a given assertion and the associated fingerprint. I don't know what you are looking for here. If you are saying that the SDP doesn't include a pointer from a=identity to a=fingerprint, or vice versa, that's right. But - as defined - a=identity includes ALL a=fingerprint instances, so any pointer would be redundant. > Q6: > Section 5.6.4.1 says: > "The "a=identity" attribute MUST include all > fingerprint values that are included in "a=fingerprint" lines." > It is unclear what “attribute MUST include all fingerprint values” means. The previous section describes the construction of the value that is used for a=identity. I don't understand how that could be clearer. I've tried to clarify this in a PR. > It should also be clarified that, if the attribute is used on media-level in an m- section, it contains the assertion for each fingerprint associated with that m- section. It's session-level only. > Q7: > Section 5.6.4.2 says: > “The semantics of multiple identity attributes are undefined.” > First, I don’t see the difference in having a single attribute with multiple assertions, or multiple attributes with single assertions. Having said that, if we only want to allow one way, I would suggest to simply forbid multiple attributes. That's OK, but what is the usual policy for handling malformed attributes if you know the syntax of the attribute? What handling should we specify here? > Second, it needs to be clarified that the rule apply to a given m- section. It's session-level only. > Q8: > In the example in Section 5.6.4.1 the SDP fingerprint attribute is included as a session-level attribute. However, it is currently only defined as a media-level attribute. I can't find any evidence of this being defined as media-level. It says session-level (only) in several places.
- Re: [rtcweb] SDP directorate review of SDP Identi… Martin Thomson
- [rtcweb] SDP directorate review of SDP Identity a… Christer Holmberg
- Re: [rtcweb] SDP directorate review of SDP Identi… Ted Hardie
- Re: [rtcweb] SDP directorate review of SDP Identi… Christer Holmberg
- Re: [rtcweb] SDP directorate review of SDP Identi… Christer Holmberg