[rtcweb] security-arch: Identity Assertions

Michael Procter <michael@voip.co.uk> Tue, 15 July 2014 12:07 UTC

Return-Path: <michael@voip.co.uk>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 9CF571B2884 for <rtcweb@ietfa.amsl.com>; Tue, 15 Jul 2014 05:07:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.379
X-Spam-Status: No, score=-2.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_111=0.6, J_CHICKENPOX_18=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id butLjGuUdYxg for <rtcweb@ietfa.amsl.com>; Tue, 15 Jul 2014 05:07:51 -0700 (PDT)
Received: from mail-wi0-f177.google.com (na3sys009aog120.obsmtp.com []) by ietfa.amsl.com (Postfix) with SMTP id BFD441B286C for <rtcweb@ietf.org>; Tue, 15 Jul 2014 05:07:50 -0700 (PDT)
Received: from mail-wi0-f177.google.com ([]) (using TLSv1) by na3sys009aob120.postini.com ([]) with SMTP ID DSNKU8UZlk6ALLDGyqdALb8UqAQLFVY9Mn07@postini.com; Tue, 15 Jul 2014 05:07:50 PDT
Received: by mail-wi0-f177.google.com with SMTP id ho1so4186362wib.10 for <rtcweb@ietf.org>; Tue, 15 Jul 2014 05:07:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=a1USM5uCWRICid80YlXYXvamQW9qlhRW/2z+WwISSi8=; b=ag4eO6T5HB1f+XO6mMcgrM9KnAqRYxjy/YWWf1yatbGzhKyo6mL3k9w8UX1/3ldgy3 Rj7UmFawtQOsuAUUI+rVuj0xJRIybC42e4xbSVvu2XiSTgV8TUkgLHl5D8eOHupjIWBV JASBzRG3j+H6K/7R5ge9B0I4bPVtqoVXh4cEVQnl5tIiRA7I8KVsw+nas48Fk+FLxP24 /BGTUvtbN82hcQ8sblRNbSaE6IfVlsbFla6OsuNpixVI+8L5gLs6nDGl/eYfEP8R/QtK gwSu1GSJ5t8b1Qpl+GuCBWq8BKzdVkHiH/Fv5J0uIav89ePdISmz3QoKHJeT0Nf/YCas Z1Eg==
X-Gm-Message-State: ALoCoQkq1g7s+iZaS8BiYBYU6mzLJIomyqM3QDRFh/ZOpnxILI6htXr4oQ3nFIqoWzb7ZK+t/xIVKrTaGDMzGDQSo8OUiy6CdwkI7V53NYuf+SL4Xjma7fY0YNwyKB6qGfbvbPg5jqul
X-Received: by with SMTP id lt16mr5232694wic.32.1405426069261; Tue, 15 Jul 2014 05:07:49 -0700 (PDT)
MIME-Version: 1.0
X-Received: by with SMTP id lt16mr5232682wic.32.1405426069159; Tue, 15 Jul 2014 05:07:49 -0700 (PDT)
Received: by with HTTP; Tue, 15 Jul 2014 05:07:49 -0700 (PDT)
Date: Tue, 15 Jul 2014 13:07:49 +0100
Message-ID: <CAPms+wTM=z1--PaimYW51Q4Ou9A1u+HuXEjZ=3dVY6WJL2=4=g@mail.gmail.com>
From: Michael Procter <michael@voip.co.uk>
To: "<rtcweb@ietf.org>" <rtcweb@ietf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/aVBzDEHZFGRcpcBKif2Wxd1XUH8
Subject: [rtcweb] security-arch: Identity Assertions
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jul 2014 12:08:00 -0000

I've been reading the security-arch draft, and I think there is a part
that should be removed.  In section, the second paragraph

   Each identity attribute should be paired (and attests to) with an
   a=fingerprint attribute and therefore can exist either at the session
   or media level. Multiple identity attributes may appear at either level,
   though it is RECOMMENDED that implementations not do this, [...]

This conflicts with the next section which begins:

  The identity attribute is session level only.

The notion of pairing identity with fingerprint attributes also seems
to conflict with the third paragraph which contains:

   The a=identity attribute MUST include all fingerprint values that are
   included in a=fingerprint lines

I think the whole of the second paragraph can be removed without loss,
since the parts that don't conflict appear to be addressed in the
third paragraph of anyway.