IETF Logo Mail Archive

[rtcweb] 答复: 答复: 答复: Fwd: I-D Action: draft-westerlund-rtcweb-codec-control-00.txt

邓灵莉/denglingli <denglingli@chinamobile.com> Tue, 22 May 2012 07:27 UTC

Return-Path: <denglingli@chinamobile.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED71121F84A6 for <rtcweb@ietfa.amsl.com>; Tue, 22 May 2012 00:27:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.786
X-Spam-Level: *
X-Spam-Status: No, score=1.786 tagged_above=-999 required=5 tests=[AWL=1.711, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RELAY_IS_221=2.222, SARE_SUB_ENC_UTF8=0.152]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sp006GKf5wzt for <rtcweb@ietfa.amsl.com>; Tue, 22 May 2012 00:27:23 -0700 (PDT)
Received: from imss.chinamobile.com (imss.chinamobile.com [221.130.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 6B92221F84A2 for <rtcweb@ietf.org>; Tue, 22 May 2012 00:27:22 -0700 (PDT)
Received: from imss.chinamobile.com (localhost [127.0.0.1]) by localhost.chinamobile.com (Postfix) with ESMTP id DFDC5E66C; Tue, 22 May 2012 15:27:20 +0800 (CST)
Received: from mail.chinamobile.com (unknown [10.1.28.22]) by imss.chinamobile.com (Postfix) with ESMTP id D30EEE434; Tue, 22 May 2012 15:27:20 +0800 (CST)
Received: from denglingli ([10.2.43.107]) by mail.chinamobile.com (Lotus Domino Release 6.5.6) with ESMTP id 2012052215271487-33144 ; Tue, 22 May 2012 15:27:14 +0800
From: 邓灵莉/denglingli <denglingli@chinamobile.com>
To: 'Magnus Westerlund' <magnus.westerlund@ericsson.com>
References: <20120516140228.4049.34228.idtracker@ietfa.amsl.com> <4FB3B55F.3080607@ericsson.com> <003f01cd36f3$5302aed0$f9080c70$@chinamobile.com> <4FB9E79C.1050300@ericsson.com> <CABkgnnUs4K3aP7Ge4+sQ7e6UDEwx-hGJi50Tn6hG4rEwiz98HQ@mail.gmail.com> <001901cd37b9$d66c9490$8345bdb0$@chinamobile.com> <4FBB3586.4050902@ericsson.com>
In-Reply-To: <4FBB3586.4050902@ericsson.com>
Date: Tue, 22 May 2012 15:24:05 +0800
Message-ID: <009c01cd37eb$de642640$9b2c72c0$@chinamobile.com>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFH7Hy2W/WGRSF2rP61qjwTRiq8KwG+VZYhAbFyGeYBiDdXHAHH0ykgAhJR97QC5/lQZ5eCLEow
X-MIMETrack: Itemize by SMTP Server on jtgsml01/servers/cmcc(Release 6.5.6|March 06, 2007) at 2012-05-22 15:27:14, Serialize by Router on jtgsml01/servers/cmcc(Release 6.5.6|March 06, 2007) at 2012-05-22 15:27:20, Serialize complete at 2012-05-22 15:27:20
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
Content-Language: zh-cn
X-TM-AS-Product-Ver: IMSS-7.0.0.8231-6.8.0.1017-18920.004
X-TM-AS-Result: No--29.598-7.0-31-10
X-imss-scan-details: No--29.598-7.0-31-10;No--29.598-7.0-31-10
X-TM-AS-User-Approved-Sender: No;No
X-TM-AS-User-Blocked-Sender: No;No
Cc: rtcweb@ietf.org
Subject: [rtcweb] 答复: 答复: 答复: Fwd: I-D Action: draft-westerlund-rtcweb-codec-control-00.txt
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 May 2012 07:27:25 -0000

Agreed. 

Thanks,
Lingli

-----邮件原件-----
发件人: Magnus Westerlund [mailto:magnus.westerlund@ericsson.com] 
发送时间: 2012年5月22日 14:43
收件人: 邓灵莉/denglingli
抄送: 'Martin Thomson'; rtcweb@ietf.org
主题: Re: 答复: [rtcweb] 答复: Fwd: I-D Action: draft-westerlund-rtcweb-codec-control-00.txt

On 2012-05-22 03:25, 邓灵莉/denglingli wrote:
> Hi, Martin
> 
> You are right. According to the current discussion, I would suggest two options about the security threat statement: 
> 1, remove the item c from Section 8; or

I don't think this is an appropriate choice. The reason is that it applies to multi-party cases where an given end-point targets the other participants. Mitigation in the media plane central node for this attack is something the implementation should have.

> 2, add a few words to notify what is left out and may be of concern in the field and people would know what to expect in reality.
> Would you agree?

I would like to make it clear that this documents security consideration is a short summary of the most important attacks. The COP drafts security consideration is not existing and that will be addressed in the next version. That will clearly discuss the SDP angle and at least point out the need for protection between the nodes. But also that in multi-party there exist a potential for down-grading the general constraints.

I will consider adding the SDP based downgrade into this document also.

Cheers

Magnus Westerlund

----------------------------------------------------------------------
Multimedia Technologies, Ericsson Research EAB/TVM
----------------------------------------------------------------------
Ericsson AB                | Phone  +46 10 7148287
Färögatan 6                | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------


__________ Information from ESET NOD32 Antivirus, version of virus signature database 7138 (20120515) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

v2.23.0 | Report a Bug | By Email