Re: [rtcweb] OPS-Dir review of draft-ietf-rtcweb-stun-consent-freshness-14
"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Wed, 10 June 2015 15:13 UTC
Return-Path: <tireddy@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6ED801ACE72; Wed, 10 Jun 2015 08:13:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N4SmqqyWyBZX; Wed, 10 Jun 2015 08:13:36 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 297F21A877D; Wed, 10 Jun 2015 08:13:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8092; q=dns/txt; s=iport; t=1433949216; x=1435158816; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=T4JSRmW1cBMLMZnh+/HSKY23mqUPmVGX0LaTWyHdo+Y=; b=fBpEbxa4dqTCruWEigfaXsYB/2XMn6Ytz4LRin29GMlA30ScTdZ6rU7r LMiTe8d4Si2Zb1ewSvISu65jAN1jiTqnUtLFYVPnfXj6sc1GKbcgTEXzC UosiYnTkkIllt9EZxgW0qjl8h0Iu8KR1/5aFl9MB2lMtRG1e1p3iTcaL4 g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0B7BABTU3hV/5JdJa1ZA4MQgTMGvRpmCYdbAoE2OBQBAQEBAQEBgQqEIgEBAQECASdSDAQCAQgRAwEBAQsdByERFAkIAQEEAQ0FCIgRAwoIy34NhUABAQEBAQEBAQEBAQEBAQEBAQEBAQEXikGBAoJNgWENGiEQBwYLgwaBFgEEhniFAyyHI4lWgxCDf4pWZIcSJGKDFm+BAwEfAiGBAQEBAQ
X-IronPort-AV: E=Sophos;i="5.13,588,1427760000"; d="scan'208";a="463889"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-8.cisco.com with ESMTP; 10 Jun 2015 15:13:34 +0000
Received: from xhc-rcd-x05.cisco.com (xhc-rcd-x05.cisco.com [173.37.183.79]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id t5AFDYIh015788 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 10 Jun 2015 15:13:35 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.253]) by xhc-rcd-x05.cisco.com ([173.37.183.79]) with mapi id 14.03.0195.001; Wed, 10 Jun 2015 10:13:34 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: "Black, David" <david.black@emc.com>, "muthu.arul@gmail.com" <muthu.arul@gmail.com>, "Dan Wing (dwing)" <dwing@cisco.com>, "Ram Mohan R (rmohanr)" <rmohanr@cisco.com>, "martin.thomson@gmail.com" <martin.thomson@gmail.com>, "ops-dir@ietf.org" <ops-dir@ietf.org>
Thread-Topic: OPS-Dir review of draft-ietf-rtcweb-stun-consent-freshness-14
Thread-Index: AdCi58lPi5K+gAtNQriBoM1GKpG0QgAqBvrw
Date: Wed, 10 Jun 2015 15:13:33 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A47867933@xmb-rcd-x10.cisco.com>
References: <CE03DB3D7B45C245BCA0D243277949360B365A93@MX104CL02.corp.emc.com>
In-Reply-To: <CE03DB3D7B45C245BCA0D243277949360B365A93@MX104CL02.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.39.73]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/Vwo8F-V5p60Gkx29ZJsbNhfaJls>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: [rtcweb] OPS-Dir review of draft-ietf-rtcweb-stun-consent-freshness-14
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2015 15:13:38 -0000
> -----Original Message----- > From: Black, David [mailto:david.black@emc.com] > Sent: Wednesday, June 10, 2015 12:39 AM > To: muthu.arul@gmail.com; Dan Wing (dwing); Ram Mohan R (rmohanr); > Tirumaleswar Reddy (tireddy); martin.thomson@gmail.com; ops-dir@ietf.org > Cc: rtcweb@ietf.org; ietf@ietf.org; Black, David > Subject: RE: OPS-Dir review of draft-ietf-rtcweb-stun-consent-freshness-14 > > As a result of lengthy ;-) discussion, the -14 version of this draft addresses all of > the concerns in the OPS-Dir review of the -13 version, as well as the subsequent > concern about whether this draft is an update to RFC 5245. That latter update > concern has been resolved with a conclusion that this draft does not update > RFC 5245 - the keepalive material in this draft has been revised to explain how > consent checks effectively serve as keepalives, removing any need to send > separate keepalives in a fashion that's compatible with RFC 5245. > > I noticed a minor editorial nit: > > - Section 1, top of p.3 > > Consent is obtained only by full ICE implementations. An ICE-lite > agent (as defined in Section 2.7 of [RFC5245]) does not generate > connectivity checks or run the ICE state machine. An ICE-lite agent > does not generate consent checks, it will only respond to any checks > that it receives. > > I'd change the start of latter sentence to better connect it to the previous > sentence: > > "An ICE-lite agent" -> "Hence, an ICE-lite agent" > > also: > > "consent checks, it will" -> "consent checks and will" Thanks, fixed in my local copy. -Tiru > > idnits 2.13.02 ran clean. > > Thanks, > --David > > > -----Original Message----- > > From: Black, David > > Sent: Thursday, May 14, 2015 7:21 PM > > To: muthu.arul@gmail.com; dwing@cisco.com; rmohanr@cisco.com; > > tireddy@cisco.com; martin.thomson@gmail.com; ops-dir@ietf.org > > Cc: rtcweb@ietf.org; Black, David; ietf@ietf.org > > Subject: OPS-Dir review of draft-ietf-rtcweb-stun-consent-freshness-13 > > > > I have reviewed this document as part of the Operational directorate's > > ongoing effort to review all IETF documents being processed by the IESG. > > These comments were written with the intent of improving the > > operational aspects of the IETF drafts. Comments that are not > > addressed in last call may be included in AD reviews during the IESG > > review. Document editors and WG chairs should treat these comments > > just like any other last call comments. > > > > Document: draft-ietf-rtcweb-stun-consent-freshness-13 > > Reviewer: David Black > > Review Date: May 14, 2015 > > IETF LC End Date: May 15, 2015 (on -11) > > > > Summary: This draft is on the right track, but has open issues > > described in the review. > > > > This draft describes use of STUN to obtain ongoing consent to send in > > a fashion that is secured by the use of cryptographically strong > > nonces as STUN transaction IDs. > > > > -- Major issues -- > > > > [1] The draft seems to be missing discussion of applicability - what > > environments and/or protocols is this mechanism intended for or > > applicable to? Is this generally applicable wherever ICE and STUN are > > used? I don't see any RFCs listed as updated by this draft, so I'm > > guessing that this is not intended to promulgate new requirements for > > all uses of ICE and STUN, but this should be clarified. The shepherd > > writeup implies that this draft is intended primarily for WebRTC. > > > > [2] The security considerations appear to be incomplete. > > There should be an explanation of why cryptographically strong STUN > > transaction IDs are required (e.g., there are no cryptographically > > strong IDs in the TCP consent mechanism noted on p.4), and there > > should be a discussion of how and why replays of previous consent > > responses are harmless (will be ignored by the recipient). The > > mechanism design appears to be ok, but this rationale should be > > provided in terms of attacks that are of concern and how they are > > prevented - a primary intent appears to be to resisting off-path attacks. > > > > -- Minor Issues -- > > > > [3] In Section 1, please explain what ICE-lite is. A suitable > > reference should suffice. > > > > [4] In Section 4.1, please explain or provide a reference for what "paced" > > means in "paced STUN connectivity checks or responses." > > > > -- Nits/Editorial Comments -- > > > > The SRTP paragraph in Section 8 (Security Considerations) feels out of > > place > > - this looks like design rationale material that would be better > > located in Section 3. > > > > idnits 2.13.02 found an unused reference: > > > > == Unused Reference: 'I-D.ietf-rtcweb-overview' is defined on line 320, but > > no explicit reference was found in the text > > > > That reference is likely to be useful to address the absence of > > discussion of applicability (major issue [1], above). > > > > --- Selected RFC 5706 Appendix A Q&A for OPS-Dir review --- > > > > This mechanism is an incremental modification to the STUN and ICE > > protocols, and can be implemented by one party to a communication > > session; ordinary response generation behavior (already required) > > reflects the cryptographically strong STUN transaction IDs on which > > the mechanism is based. As a result, the mechanism can be deployed at > > one end of a two-party communication session without impact on the > > other party. This is implied by section 3 of the draft, but would be > > useful to state explicitly. [A.1.1 - deployment] > > > > The mechanism has been defined to limit the amount of added traffic > > and to shut down unwanted traffic, plus contains a facility to > > desynchronize independent users of this protocol. Some rationale > > should be added for the choice of the 30 second timeout period. > > [A.1.5 - network impact] > > > > There is an obvious fault condition, namely that consent is lost or > > revoked causing immediate cessation of traffic. While the details > > depend on the environment in which this mechanism is used, it'd be > > helpful to add a sentence or two on reporting of the state of STUN > > consent-based connectivity and how that reporting should or may relate > > to reporting of the state of other forms of connectivity (e.g., TCP, > SRTP/SRTCP) that are mentioned in this draft. > > [A.1.8 - fault and threshold conditions] > > > > This mechanism is a simple extension to existing protocols, and should > > fit into existing configuration and management for those protocols. > > [A.1.9 - configuration, A.2 - Management (in general)] > > > > It might be useful to mention the utility of tracking frequency and > > duration of loss and re-establishment of consent-based connectivity, > > as such information has operational value. In particular, a > > discussion of how a server could infer loss of connectivity with a > > client that is using this mechanism might be useful to add, as the > > operational concerns may be more significant for servers and related > > networks than clients. [A.2.2 - management information, A.2.3 - fault > > management]. > > > > The primary operational impact of this protocol should be reduction in > > unwanted traffic, which is a benefit - the consent check traffic added > > by this protocol should not have significant impacts. The writeup > > indicates that implementers have reviewed the draft and > > implementations are in progress. [A.3 - Documentation] > > > > Thanks, > > --David > > ---------------------------------------------------- > > David L. Black, Distinguished Engineer EMC Corporation, 176 South St., > > Hopkinton, MA 01748 > > +1 (508) 293-7953 FAX: +1 (508) 293-7786 > > david.black@emc.com Mobile: +1 (978) 394-7754 > > ---------------------------------------------------- > >
- Re: [rtcweb] OPS-Dir review of draft-ietf-rtcweb-… Black, David
- Re: [rtcweb] OPS-Dir review of draft-ietf-rtcweb-… Tirumaleswar Reddy (tireddy)