Re: [rtcweb] AD evaluation: draft-ietf-rtcweb-alpn-02
Martin Thomson <martin.thomson@gmail.com> Fri, 18 March 2016 02:53 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7A8712DAEB for <rtcweb@ietfa.amsl.com>; Thu, 17 Mar 2016 19:53:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d3kYrSgMSw2Z for <rtcweb@ietfa.amsl.com>; Thu, 17 Mar 2016 19:53:11 -0700 (PDT)
Received: from mail-ig0-x22f.google.com (mail-ig0-x22f.google.com [IPv6:2607:f8b0:4001:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73D5112DAD1 for <rtcweb@ietf.org>; Thu, 17 Mar 2016 19:53:11 -0700 (PDT)
Received: by mail-ig0-x22f.google.com with SMTP id av4so29511189igc.1 for <rtcweb@ietf.org>; Thu, 17 Mar 2016 19:53:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-transfer-encoding; bh=q4OoeSM3boqJETjNqX5GVEdJixI89ImoD+E9z63zBiY=; b=CmMe9SLQm0zD/Thd1mw9fse3maM72OX5J85PpfgiUSdIa3Wqzi2PzvO5Yp2BvMTPLt shnelPtvNPyk2YOhNltoDRUEGLjIHDf4nmTrNgRYtRrOLBu0GjdPWYzbgkjUyZCI0HvD Fu9ChOj+wYToPB1qZqAuS6JB1WW1z8ml1+udFeJ6u2bdGY+VvsHRYr5Dp9xahiC+YWoV dUiBneG6WsZp3XWBNtLXqCiewIfLEsWQzsbZa85J7R8mMCu1QQ3PQ1k9kxzHLA3B7ptZ 1hn+5rmf4d6Uz7VTKWL7C84CyHQUV7rcibw4SXUKckEwxjSAljzm0HEEZcWukdD6K+QM ycEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-transfer-encoding; bh=q4OoeSM3boqJETjNqX5GVEdJixI89ImoD+E9z63zBiY=; b=Evdva+hMQOnIKImTiQewYqjV6V1miY6YNKePJ8L0cOYwoFEkX3MsgkdRpQr7Up+pJV QRDFsKbLbTIhAYzZ7xqiFJWBbGjUD9GS9QY24mcZbFzdE3qLfQ6x7ghYRbemjKwoyNXF PfxhYvNcSV41RBZudx0MXXZrABUWBUS03hMG453xv6661JKkZas9PH6ffnnNiDmtTZOm qY5i6e+8ukfHKvrc71d0X78T34TgQ+lYs5HC/nChxFPsd9L6RhvenkuR/4c469mz/ec9 ToqUnYbIM5/YpufJtezVFFs/u+nWaTGJijpHQk4lwU4gObixi4N2aKVl5oSy763LcivG vMbg==
X-Gm-Message-State: AD7BkJI/mnuyk5qzkC6lxB/n7RZFTGOL3Nrqh3SAxDlAtujUuDNAha/z/kxGGNQnqjhhHpHNNsK5rmqk2jveZw==
MIME-Version: 1.0
X-Received: by 10.50.60.34 with SMTP id e2mr16100376igr.77.1458269590689; Thu, 17 Mar 2016 19:53:10 -0700 (PDT)
Received: by 10.36.43.5 with HTTP; Thu, 17 Mar 2016 19:53:10 -0700 (PDT)
In-Reply-To: <6B474A50-6399-472F-BD7B-5286DCD209BA@cooperw.in>
References: <6B474A50-6399-472F-BD7B-5286DCD209BA@cooperw.in>
Date: Fri, 18 Mar 2016 13:53:10 +1100
Message-ID: <CABkgnnX8Sf+DjNMZWm1d0tg-hOr8LdYzBwJHByJSGgjuX8s28Q@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Alissa Cooper <alissa@cooperw.in>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/ghe0fgQbngeRqVeAPg7UwNzprbs>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] AD evaluation: draft-ietf-rtcweb-alpn-02
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Mar 2016 02:53:14 -0000
Thanks for the review Alissa, I've put the changes up here: https://github.com/martinthomson/drafts/pull/30 I realize that you won't get a lot of time to look at this before I want to push -03, but I thought that I'd offer you the chance at least. On 6 March 2016 at 09:44, Alissa Cooper <alissa@cooperw.in> wrote: > “Confidentiality protection” is a fairly general term, but it seems to be used throughout this document to mean something much more specific, i.e., media that is confidential to two peers in a webrtc connection. I think this needs to be clarified in the abstract and Sections 1, 2, and 5 where the more specific meaning is intended. Otherwise this document makes it sound as though data is being sent in the clear when it is not. E.g., in Section 2 this text should be more specific to confidentiality vis a vis the application: "However, data provided over data channels does not receive confidentiality protection.” Yes, the early sections only implicitly rely on the definition in Section 3, and that isn't particularly strong. I've given this a spin. > = Section 3 = > > "Any entity that forwards > content, or records content for later access by entities other than > the authenticated peer, SHOULD NOT offer or accept a session with the > "c-webrtc" identifier.” > > Acknowledging the there are other recommendations in this draft that basically up to the implementation to follow, why is this requirement a SHOULD NOT rather than a MUST NOT? Made it a MUST. > Nits: > > = Section 1.1 = > > Since this document uses RFC 2119 keywords, why does it not include the standard disclaimer recommended by RFC 2119? I think it’s fine to add further words to indicate that the normative requirements are aimed at implementation behavior, but the standard text shouldn’t be omitted. OK, should that be the post-erratum boilerplate? > Also, I’m not sure what it means for the document to "fall back on shorthands for establishing interoperability requirements on implementations.” What is the alternative that it is falling back from? Actually saying what is meant using words. > = Section 6.3 = > > Is there a reason this reference is listed this way? Blame the tools, which are a mystery to me. I wanted to cite a specific section of the HTML5 spec, because finding a specific section in there is a nightmare.
- [rtcweb] AD evaluation: draft-ietf-rtcweb-alpn-02 Alissa Cooper
- Re: [rtcweb] AD evaluation: draft-ietf-rtcweb-alp… Martin Thomson
- Re: [rtcweb] AD evaluation: draft-ietf-rtcweb-alp… Alissa Cooper