Re: [rtcweb] Gen-ART Last Call review of draft-ietf-rtcweb-stun-consent-freshness-13
"Ram Mohan R (rmohanr)" <rmohanr@cisco.com> Tue, 19 May 2015 14:52 UTC
Return-Path: <rmohanr@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95CC01ACD0C; Tue, 19 May 2015 07:52:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PnIRHRWnm1Cc; Tue, 19 May 2015 07:51:59 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D5EA1B3004; Tue, 19 May 2015 07:49:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=16623; q=dns/txt; s=iport; t=1432046973; x=1433256573; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=GDmujqVjw/qTtmDIavT5NBk2dvoI1qPz1V6jwWF/Buc=; b=QiGfoYpFbz8J7yf5op25GCgfVJAC05HNvNGgnK6k6lp0DMoaHe0SXssh oucgTPbtrGViM8Uf6s39AVWm+ZHCKuCc5bWXGcgETeUF2OVg1d7pLI7lQ iBUiRVL3hqLGFCaaOsdtUJFGeZVu8uTXPZSdX3jSA7odxkmG0CQBQxkCt g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BaBAAOTFtV/4UNJK1cgxBUXgbFBwmBWoV2AoE8OBQBAQEBAQEBgQqEIgEBAQQnQBIMBAIBCBEDAQEBKAcyFAkIAgQOBQ6IHg3ScAEBAQEBAQEBAQEBAQEBAQEBAQEBAReLOoQiCgcBQBEHBgOEJAEEi3aGdoIPgiKGTYEnPoMrgn2LKoNZI2GBBSQcgVJvAYECCRcCIYEBAQEB
X-IronPort-AV: E=Sophos;i="5.13,458,1427760000"; d="scan'208";a="151483247"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by alln-iport-2.cisco.com with ESMTP; 19 May 2015 14:49:32 +0000
Received: from xhc-rcd-x14.cisco.com (xhc-rcd-x14.cisco.com [173.37.183.88]) by alln-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id t4JEnV5E029032 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 19 May 2015 14:49:31 GMT
Received: from xmb-aln-x05.cisco.com ([169.254.11.60]) by xhc-rcd-x14.cisco.com ([173.37.183.88]) with mapi id 14.03.0195.001; Tue, 19 May 2015 09:49:31 -0500
From: "Ram Mohan R (rmohanr)" <rmohanr@cisco.com>
To: Meral Shirazipour <meral.shirazipour@ericsson.com>
Thread-Topic: Gen-ART Last Call review of draft-ietf-rtcweb-stun-consent-freshness-13
Thread-Index: AQHQkYyj3TSzfN5u2U2hX6WyQgId5A==
Date: Tue, 19 May 2015 14:49:30 +0000
Message-ID: <D180B0BB.2FF13%rmohanr@cisco.com>
References: <ABCAA4EF18F17B4FB619EA93DEF7939A33239E08@eusaamb107.ericsson.se> <D17F9195.2FB1A%rmohanr@cisco.com> <ABCAA4EF18F17B4FB619EA93DEF7939A3329B53D@eusaamb107.ericsson.se>
In-Reply-To: <ABCAA4EF18F17B4FB619EA93DEF7939A3329B53D@eusaamb107.ericsson.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.7.141117
x-originating-ip: [10.65.39.182]
Content-Type: multipart/mixed; boundary="_002_D180B0BB2FF13rmohanrciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/X9AmvOBsTSy1JPplYaI_aHbqqAg>
Cc: "gen-art@ietf.org" <gen-art@ietf.org>, "draft-ietf-rtcweb-stun-consent-freshness.all@tools.ietf.org" <draft-ietf-rtcweb-stun-consent-freshness.all@tools.ietf.org>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Gen-ART Last Call review of draft-ietf-rtcweb-stun-consent-freshness-13
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 May 2015 14:52:04 -0000
Not sure why the email I received got truncated. Attached for reference the original email I received. Please see below for responses to your other comments: -----Original Message----- From: Meral Shirazipour <meral.shirazipour@ericsson.com> Date: Monday, 18 May 2015 11:31 pm To: Cisco Employee <rmohanr@cisco.com> Cc: "draft-ietf-rtcweb-stun-consent-freshness.all@tools.ietf.org" <draft-ietf-rtcweb-stun-consent-freshness.all@tools.ietf.org>, "gen-art@ietf.org" <gen-art@ietf.org>, "rtcweb@ietf.org" <rtcweb@ietf.org> Subject: RE: Gen-ART Last Call review of draft-ietf-rtcweb-stun-consent-freshness-13 >Hi Ram, > Thank you for the response. Please see in line. Also, I did not see >response to the rest of the comments, not sure if it was cut from the >email (please see below-I copy pasted the original email). > >Best regards, >Meral > >-----Original Message----- >From: Ram Mohan R (rmohanr) [mailto:rmohanr@cisco.com] >Sent: Monday, May 18, 2015 10:04 AM >To: Meral Shirazipour; >draft-ietf-rtcweb-stun-consent-freshness.all@tools.ietf.org; >gen-art@ietf.org; rtcweb@ietf.org >Subject: Re: Gen-ART Last Call review of >draft-ietf-rtcweb-stun-consent-freshness-13 > >Hi Meral, > >Thanks for your feedback. See inline > >-----Original Message----- >From: Meral Shirazipour <meral.shirazipour@ericsson.com> >Date: Saturday, 16 May 2015 1:47 am >To: "draft-ietf-rtcweb-stun-consent-freshness.all@tools.ietf.org" ><draft-ietf-rtcweb-stun-consent-freshness.all@tools.ietf.org>, >"gen-art@ietf.org" <gen-art@ietf.org> >Subject: Gen-ART Last Call review of >draft-ietf-rtcweb-stun-consent-freshness-13 >Resent-From: <meral.shirazipour@ericsson.com> >Resent-To: <draft-ietf-rtcweb-stun-consent-freshness.all@ietf.org> >Resent-Date: Saturday, 16 May 2015 1:48 am > >>I am the assigned Gen-ART reviewer for this draft. For background on >>Gen-ART, please see the FAQ at >>http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq. >> >>Please resolve these comments along with any other Last Call comments >>you may receive. >> >>Document: draft-ietf-rtcweb-stun-consent-freshness-13 >>Reviewer: Meral Shirazipour >>Review Date: 2015-05-15 >>IETF LC End Date: 2015-05-15 >>IESG Telechat date: NA >> >> >>Summary: >>This draft is ready to be published as Standards Track RFC but I have >>some comments . >> >> >> >>Major issues: >> >>Minor issues: >> >>Nits/editorial comments: >> >>-The abstract lacks context, please consider adding some more text. A >>suggestion: repeat the first sentence from the intro in the abstract: >>"To prevent attacks on peers, endpoints have to ensure the remote peer >>is willing to receive traffic." > >Sure we will add this text > >[Msh] thank you > >> >>-[Page 2] Intro: It was not clear if this document is specific to >>webRTC implementations. Is there any limitation to only use for webRTC? >>Maybe a sentence in the intro could clarify if there is or there is not >>such Limitation > >This document does not restrict itself to webRTC implementations alone >which is the reason we have not specified any where that Consent >freshness is for only webRTC clients. Any full ICE implementations can >use Consent freshness. We have this text at the end of introduction in >the current draft > >"This document defines what it takes to obtain, maintain, and lose > consent to send. Consent to send applies to a single 5-tuple. How > applications react to changes in consent is not described in this > document. > Consent is obtained only by full ICE implementations. An ICE-lite > implementation will not generate consent checks, but will just > respond to consent checks it receives." > >Is this not sufficient ? > >[Msh] Somehow I had to read twice to deduce that. If you think that is >sufficient and there is no need to specifically state not limited to >webRTC the I am ok with it too. We are planning to add a new section ³Applicability² that would cover some more details on this right after the introduction section. Here is the tentative proposed text. After discussing in WG I will refine this and add to document This document defines what it takes to obtain, maintain, and lose consent to send using ICE.Verification of peer consent before sending traffic is necessary in deployments like WebRTC to ensure that a malicious JavaScript cannot use the browser as a platform for launching attacks.Section 4.4 and section 5.3 of [I-D.ietf-rtcweb-security-arch] explains why webRTC application needs consent. Other Applications that have similar security requirement where it is required to verify peer's consent before sending non-ICE packets can use the consent mechanism described in this draft. > > > >Regards, >Ram > > >From: Gen-art [mailto:gen-art-bounces@ietf.org] On Behalf Of Meral >Shirazipour >Sent: Friday, May 15, 2015 1:18 PM >To: draft-ietf-rtcweb-stun-consent-freshness.all@tools.ietf.org; >gen-art@ietf.org >Subject: [Gen-art] Gen-ART Last Call review of >draft-ietf-rtcweb-stun-consent-freshness-13 > >I am the assigned Gen-ART reviewer for this draft. For background on >Gen-ART, please see the FAQ at >http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq. > >Please resolve these comments along with any other Last Call comments you >may receive. > >Document: draft-ietf-rtcweb-stun-consent-freshness-13 >Reviewer: Meral Shirazipour >Review Date: 2015-05-15 >IETF LC End Date: 2015-05-15 >IESG Telechat date: NA > > >Summary: >This draft is ready to be published as Standards Track RFC but I have >some comments . > > > >Major issues: > >Minor issues: > >Nits/editorial comments: > >-The abstract lacks context, please consider adding some more text. A >suggestion: repeat the first sentence from the intro in the abstract: >"To prevent attacks on peers, endpoints have to ensure the remote peer is >willing to receive traffic." Sure. As mentioned above, we will add this text in abstract > >-[Page 2] Intro: It was not clear if this document is specific to webRTC >implementations. Is there any limitation to only use for webRTC? Maybe a >sentence in the intro could clarify if there is or there is not such >limitation. > >-[Page 2] Intro, it would be good if the intro section could give a good >example (use case, application) of when a receiving end would revoke the >consent during the session.(why closing the session is not enough) Section 4.2 has some details on when Consent is revoked. one use-case is mentioned in 4.2 is immediate revocation when we receive a TLS Alert. > > >-[Page 3], Section2, "Transport Address" definition. It would be good to >clarify this wrt 5-tuple. The two terms are used interchangeably, yet >Transport address carries only destination IP protocol port, not the >sender's (as carried in 5-tuple). >e.g. [Page 4]:"....the remote peer's transport address, the endpoint MUST >cease transmission on that 5-tuple." Terminology section defines Transport address. >-[Page 4] "Initial consent to send traffic is obtained using ICE. >Consent expires after 30 seconds." >Is this value specified by [RFC6062] or this document? not clear. 30 second timeout period was selected so that consent checks could be sent between 7 to 5 times (to handle packet loss) . This was discussed a lot in WG and it was agreed to make 30 seconds as consent expiry. > >-[Page 4-5]Section 4.1 addresses security issues. Section 8 adds >additional content on security. It would be best to consolidate or at >least have Section 8 point back to 4.1. Sure we will add some back reference from security considerations to 4.1 > > > >nits: > >-[Page 5], "can not cause"--->"cannot cause" >-[Page 6], "each others keys"--->"each other's keys" >-[Page 7], typo "through review"--->"thorough review" >-SRTCP,DTLs, etc. please spell out acronyms at first use. Thanks. Will take care of these nits. Regards, Ram > >Best Regards, >Meral >--- >Meral Shirazipour >Ericsson >Research >www.ericsson.com > >
--- Begin Message ---I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq. Please resolve these comments along with any other Last Call comments you may receive. Document: draft-ietf-rtcweb-stun-consent-freshness-13 Reviewer: Meral Shirazipour Review Date: 2015-05-15 IETF LC End Date: 2015-05-15 IESG Telechat date: NA Summary: This draft is ready to be published as Standards Track RFC but I have some comments . Major issues: Minor issues: Nits/editorial comments: -The abstract lacks context, please consider adding some more text. A suggestion: repeat the first sentence from the intro in the abstract: "To prevent attacks on peers, endpoints have to ensure the remote peer is willing to receive traffic." -[Page 2] Intro: It was not clear if this document is specific to webRTC implementations. Is there any limitation to only use for webRTC? Maybe a sentence in the intro could clarify if there is or there is not such limitation--- End Message ---
- Re: [rtcweb] Gen-ART Last Call review of draft-ie… Ram Mohan R (rmohanr)
- Re: [rtcweb] Gen-ART Last Call review of draft-ie… Meral Shirazipour
- Re: [rtcweb] Gen-ART Last Call review of draft-ie… Ram Mohan R (rmohanr)
- Re: [rtcweb] Gen-ART Last Call review of draft-ie… Meral Shirazipour