Re: [rtcweb] Ben Campbell's Yes on draft-ietf-rtcweb-stun-consent-freshness-15: (with COMMENT)
"Ram Mohan R (rmohanr)" <rmohanr@cisco.com> Tue, 11 August 2015 09:48 UTC
Return-Path: <rmohanr@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89FFC1A6EF0; Tue, 11 Aug 2015 02:48:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MfTX5L8YjSkv; Tue, 11 Aug 2015 02:48:14 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10A6C1A6EEC; Tue, 11 Aug 2015 02:48:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7187; q=dns/txt; s=iport; t=1439286494; x=1440496094; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=oeXbO/wyssJzQ1TvPx5MKIIABltim3228Vc6XmKRLdU=; b=ZZwtDzlZlGAxNVuFmsLdvlyc+lFe7+9GQhg/sN8cY3pHkfFTV54o+b/D 6IEmp19cXtUBHd8RFM5XbSAa/ADsaSnfrIwK9U0N1JNKix7oxe+qkbXjw vsEWJR0RptbGEY709XUtJoRI3ORQpZR9aYbyoGY87zCi6vKFnsVytEIBl Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AeAwAyxMlV/4wNJK1dgxtUaQa9UAmCB4UtSgKBNjgUAQEBAQEBAYEKhCMBAQEEOj8MBAIBCBEBAgECHxAyFwYIAgQBDQWILg3OfgEBAQEBAQEBAQEBAQEBAQEBAQEBARMEi1GEJhEBUQIFBoQmBYccjXQBhQOHZoFJhCaQNYNmJoJAgT5xAYEEAgMCAhcHHIEEAQEB
X-IronPort-AV: E=Sophos;i="5.15,652,1432598400"; d="scan'208";a="19503375"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by rcdn-iport-4.cisco.com with ESMTP; 11 Aug 2015 09:48:13 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id t7B9mC6m011199 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 11 Aug 2015 09:48:12 GMT
Received: from xch-rcd-003.cisco.com (173.37.102.13) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 11 Aug 2015 04:48:11 -0500
Received: from xhc-aln-x12.cisco.com (173.36.12.86) by xch-rcd-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1104.5 via Frontend Transport; Tue, 11 Aug 2015 04:48:11 -0500
Received: from xmb-aln-x05.cisco.com ([169.254.11.9]) by xhc-aln-x12.cisco.com ([173.36.12.86]) with mapi id 14.03.0248.002; Tue, 11 Aug 2015 04:48:11 -0500
From: "Ram Mohan R (rmohanr)" <rmohanr@cisco.com>
To: Ben Campbell <ben@nostrum.com>, The IESG <iesg@ietf.org>
Thread-Topic: Ben Campbell's Yes on draft-ietf-rtcweb-stun-consent-freshness-15: (with COMMENT)
Thread-Index: AQHQ1BrVr8kbfba+WkijIl0HeusmsA==
Date: Tue, 11 Aug 2015 09:48:10 +0000
Message-ID: <D1EFBF1D.3C09D%rmohanr@cisco.com>
References: <20150804220823.6096.97126.idtracker@ietfa.amsl.com> <D1E8E13F.3B992%rmohanr@cisco.com>
In-Reply-To: <D1E8E13F.3B992%rmohanr@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.3.150624
x-originating-ip: [173.36.7.24]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <6DC563B7690FE547AABB2F99667467DE@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/r5684kLOhnxr6JNkRArA_rSrF3A>
Cc: "draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org" <draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org>, "rtcweb@ietf.org" <rtcweb@ietf.org>, "draft-ietf-rtcweb-stun-consent-freshness@ietf.org" <draft-ietf-rtcweb-stun-consent-freshness@ietf.org>, "rtcweb-chairs@ietf.org" <rtcweb-chairs@ietf.org>, "draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org" <draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org>
Subject: Re: [rtcweb] Ben Campbell's Yes on draft-ietf-rtcweb-stun-consent-freshness-15: (with COMMENT)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2015 09:48:16 -0000
Hi Ben, Here is the diffs with your comments updated. https://github.com/Draft-Mafia/Consentfreshness/compare/ConsentDraftBenComm ents Once other comments from Stephen are resolved, I will send a consolidated diff. Ram -----Original Message----- From: Cisco Employee <rmohanr@cisco.com> Date: Thursday, 6 August 2015 10:26 am To: Ben Campbell <ben@nostrum.com>, The IESG <iesg@ietf.org> Cc: "draft-ietf-rtcweb-stun-consent-freshness@ietf.org" <draft-ietf-rtcweb-stun-consent-freshness@ietf.org>, "rtcweb-chairs@ietf.org" <rtcweb-chairs@ietf.org>, "draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org" <draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org>, "draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org" <draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org>, "rtcweb@ietf.org" <rtcweb@ietf.org> Subject: Re: Ben Campbell's Yes on draft-ietf-rtcweb-stun-consent-freshness-15: (with COMMENT) >Hi Ben, > >Thanks for your feedback. Please see my responses inline > >-----Original Message----- >From: Ben Campbell <ben@nostrum.com> >Date: Wednesday, 5 August 2015 3:38 am >To: The IESG <iesg@ietf.org> >Cc: "draft-ietf-rtcweb-stun-consent-freshness@ietf.org" ><draft-ietf-rtcweb-stun-consent-freshness@ietf.org>, >"rtcweb-chairs@ietf.org" <rtcweb-chairs@ietf.org>, >"draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org" ><draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org>, >"draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org" ><draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org>, "rtcweb@ietf.org" ><rtcweb@ietf.org> >Subject: Ben Campbell's Yes on >draft-ietf-rtcweb-stun-consent-freshness-15: (with COMMENT) > >>Ben Campbell has entered the following ballot position for >>draft-ietf-rtcweb-stun-consent-freshness-15: Yes >> >>When responding, please keep the subject line intact and reply to all >>email addresses included in the To and CC lines. (Feel free to cut this >>introductory paragraph, however.) >> >> >>Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >>for more information about IESG DISCUSS and COMMENT positions. >> >> >>The document, along with other ballot positions, can be found here: >>https://datatracker.ietf.org/doc/draft-ietf-rtcweb-stun-consent-freshness >>/ >> >> >> >>---------------------------------------------------------------------- >>COMMENT: >>---------------------------------------------------------------------- >> >>This looks good overall. I have a few minor comments: >> >>-- General: >> >>After re-reading this, and the relevant parts of >>rtcweb-security-architecture, I think a novice reader might find the >>meaning of "consent" a bit vague, especially in terms of how it might >>differ from "reachability". Can you offer an example of when an otherwise >>reachable peer might choose to withdraw consent? > >Reachability of a endpoint does not indicate that it is willing to receive >traffic. >So if a peer has to continue sending data it must do consent. >If the peer does not intend to send data, it can stop consent and later >resume Whenever it wants to send data again. >An example would be "As with a teacher in a classroom who grants consent >to each student to speak words, consent is granted to each sender to >transmit packets." > > > >> >>-- section 1, first paragraph: >> >>I think readers are going to stumble over why we think a device that >>plans to attack a peer is going to worry about consent. This makes more >>sense in section 2. It might be helpful to move (or copy) the bit about >>"... deployments of WebRTC..." and "... malicious javascript" forward to >>the intro. > >Sure. I will move the text related to malicious javascript to first para >of intro. > >OLD: >To prevent attacks on peers, endpoints have to ensure the remote peer > is willing to receive traffic. This is performed both when the > session is first established to the remote peer using Interactive > Connectivity Establishment ICE [RFC5245] connectivity checks, and > periodically for the duration of the session using the procedures > defined in this document. > > >NEW: >To prevent attacks on peers, endpoints have to ensure the remote peer > is willing to receive traffic. Verification of peer consent before >sending traffic is necessary in deployments like WebRTC to ensure that >a malicious JavaScript cannot use the browser as a platform for launching >attacks. This is performed both when the session is first established to >the > remote peer using Interactive Connectivity Establishment ICE [RFC5245] >connectivity checks, and periodically for the duration of the session >using the procedures defined in this document. > > > >> >>- 4, 3rd paragraph: >> >>Should the reader infer that the receipt of a package that is strongly >>assured to have come from a party implies consent from that party? If so, >>it might be worth an explicit mention. > >No. Even in that case consent is needed. > > > >> >>-- 5.1, first paragraph: >> >>The normative MUST feels wrong here, (and is probably redundant with >>other normative language further down in the section.) For example, could >>a sender just choose to stop sending? > >Sender can stop sending data on that pair at anytime. If >the sender continues to send data, it must do consent other wise consent >will expire. That is the reason the document says that consent >must be maintained when application sends data. The other usage of >normative statements are for timer selection which is needed >to ensure that every implementation derives the timers based >on the suggested range. > > >> >>-- 5.1, 5th paragraph: >> >>>From the next paragraph, I infer that you mean consent expires after 30 >>seconds when you have been sending binding request every few seconds, not >>30 seconds after sending any particular binding request. If that's >>correct it might be helpful to add a few words to that effect. > >The next para discusses how the endpoint has to pace the bind requests for >consent. >It mentions that the interval is between 4 - 6. > > > > >> >>-- 5.1, 6th paragraph: >> >>Does the "MUST NOT" refer to the general interval between checks prior to >>randomization, or to the specific interval between a pair of checks after >>Randomization? > >It is between a pair of checks after randomization. So essentially each >request should be paced between 4 - 6 seconds after initial consent >obtained (via ICE validation) > > >> >>Nits: >> >>-- 2, 2nd paragraph: "verify peer's consent" >> >>Missing article (or "verify peer consent") >> >>-- 5.1, paragraph 3: >> >>s/sending an stun binding/sending a stun binding >> >>-- 5.1, 7th paragraph: "Each STUN binding request for consent MUST use a >>new STUN transaction >> identifier for every consent binding request..." >> >>That's sort of redundant. I suggest something to the effect of "each >>consent binding request MUST use a new stun transaction identifier. " > >Thanks. Will address all the nits above. > >Regards, >Ram > > >> >> >
- [rtcweb] Ben Campbell's Yes on draft-ietf-rtcweb-… Ben Campbell
- Re: [rtcweb] Ben Campbell's Yes on draft-ietf-rtc… Ram Mohan R (rmohanr)
- Re: [rtcweb] Ben Campbell's Yes on draft-ietf-rtc… Ram Mohan R (rmohanr)