Re: [secdir] [Sipbrandy] Secdir last call review of draft-ietf-sipbrandy-osrtp-09
Andy Hutton <andyhutton.ietf@gmail.com> Mon, 17 June 2019 16:04 UTC
Return-Path: <andyhutton.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A5831202C6; Mon, 17 Jun 2019 09:04:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nRPDqsfbpvU4; Mon, 17 Jun 2019 09:04:28 -0700 (PDT)
Received: from mail-vs1-xe2d.google.com (mail-vs1-xe2d.google.com [IPv6:2607:f8b0:4864:20::e2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 524911202DF; Mon, 17 Jun 2019 09:04:23 -0700 (PDT)
Received: by mail-vs1-xe2d.google.com with SMTP id 190so6450986vsf.9; Mon, 17 Jun 2019 09:04:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2CNVjeEokIn1F/ibRD6MNIkwo35+rXUvXxaB2U7R5x4=; b=px6vSa36qveaLC7cVURcQILjfVH1J3HwquIXSy9HDLnuq85wyFPX60W1GFwBzD92o0 hyaasIUCkfa3mmorFYKCebFrBvdS3Nd9neYbffxotrOFm7q1zVbS0wpbfslcSr6EnCGx LkmY3u1badSta2I1QrzGU8DGAG1+kwBW+VnyYavlXnHX1hDJ5FyhDYxiCVCNPCkDNMUr hKBkNrTVAcxdbB/wzn5u8iMQlib1r1rcb69QBvFxnzCT1yMqr4b+gFm3b9OpQ8rnSf7m hSKxqn2S0m/UQlZh8ZVCKe4hxHOuopz8qgkc1NxxIbyZw/7YIrqFBcpNZVzD8yL1+1YY CFQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2CNVjeEokIn1F/ibRD6MNIkwo35+rXUvXxaB2U7R5x4=; b=hLt/3Va1/cBLuxG+fbPg6i5bi0qVMAy8OPOS+hCvGmdDbdNgIQkR7tDUUcHX3s6GrV XPwWPMiA87Kki+CqD2beeOEHe61aZY0cP00PocfjBI/7yljbJbIYjd+QsP2B1X07o+Y3 P9CNvoL8fIYXdh6CfuJz80BmppMKvi4ZZTRNFwhdwf1Mnxrz+TRgawQjF48JRJTaXJq3 9OyJy9yHzLch3sb/RjHGwP9b7aRCpEkWtVSaKYftCxSCii1VGvTIfo30kC+V1+5PSAsf cVay/KZv9znuLK53VB310JFZb4KePR8SdwuZnQPUxM+deqMVdh0aui++TgobTQkagoWv /Wdw==
X-Gm-Message-State: APjAAAWpmyaCcoIyi9dL59wGG9kc/BSEj2vjYcmO80SAw7M65IBBEo/m wnYDdvE/TZv2V6uur/c3yWcMlO4lwnMpT17xl4o=
X-Google-Smtp-Source: APXvYqxsJ5k9wgrWuBSi0M1XQg23BgXTuhY1ynZIT+IYM2+URTzyQU0pDvx6t+Qrx4Tw+e6xZ5dun6cA+g3/37+9/UA=
X-Received: by 2002:a67:7d83:: with SMTP id y125mr25936498vsc.126.1560787462296; Mon, 17 Jun 2019 09:04:22 -0700 (PDT)
MIME-Version: 1.0
References: <155900970362.650.8194184838834826261@ietfa.amsl.com>
In-Reply-To: <155900970362.650.8194184838834826261@ietfa.amsl.com>
From: Andy Hutton <andyhutton.ietf@gmail.com>
Date: Mon, 17 Jun 2019 17:04:15 +0100
Message-ID: <CAB7PXwS6TSzyi0+SrRXAR_V9cRi_gQt16w29E31dv5K=coxLZw@mail.gmail.com>
To: Sean Turner <sean@sn3rd.com>
Cc: secdir@ietf.org, sipbrandy@ietf.org, draft-ietf-sipbrandy-osrtp.all@ietf.org, ietf@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/-nB8y3V3Zkkti-BSm3kWQ_3BqJ0>
Subject: Re: [secdir] [Sipbrandy] Secdir last call review of draft-ietf-sipbrandy-osrtp-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jun 2019 16:04:30 -0000
Thanks for the comments, see below. Andy On Tue, 28 May 2019 at 03:15, Sean Turner via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Sean Turner > Review result: Has Issues > > I had a read of the draft as well as the GENART and TSVART reviews (to avoid > duplicating comments). > > Summary: Ready with (minor) issues > > Issues: > > 0) I assume that the mismatch the TSVART refers to in the security > considerations has to do with 1) changing 4568 to require encryption but not > fail if authentication is not available, 2) pointing out that 4568's > requirement is routinely ignore for end-to-end encryption because using TLS > with intermediaries won't protect the SDP key, and 3) and reference errors (see > the next issue). On 1, that's kind the point of OSRTP - take the encryption > you can get. On 2, because it's the security considerations this document is > just saying don't expect to get end-to-end. Assuming, I've interpreted this I > think this draft is okay. > > 1) I think these are just reference errors, but it would be good to double > check these (and I hadn't seen a response yet - might have missed it): > > S4: Not sure about these references too RFC7435. Maybe they should be to RFC > 4568 instead? > > s/The security considerations of [RFC7435] apply to OSRTP, > /The security considerations of [RFC4568] apply to OSRTP, > > s/Section 8.3 of [RFC7435]/Section 8.3 of [RFC4568] > > s/understood that the [RFC7435]/understood that the [RFC4568] > Yes these are reference errors and I will fix as you describe. > Bikesheds: > > 0) The fact that it's Informational struck me as odd. > > 1) The fact there are no updates listed also strikes me as odd. > Ben Campbell gave the answer to this in his mail on 28th May it is a very long story and we were made to jump through many hoops and and in the end this is what had to be done. > Nits: > > 0) s2: Nits reports an error with the para. I think it's: > > s/RFC 2119 [RFC2119] RFC 8174 [RFC8174] > /RFC 2119 [RFC2119] [RFC8174] > > 1) s1, 2nd para: s/[RFC5939] ./[RFC5939]. Thanks. > > _______________________________________________ > Sipbrandy mailing list > Sipbrandy@ietf.org > https://www.ietf.org/mailman/listinfo/sipbrandy
- [secdir] Secdir last call review of draft-ietf-si… Sean Turner via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Benjamin Kaduk
- Re: [secdir] [Sipbrandy] Secdir last call review … Andy Hutton