Re: [secdir] Secdir review of draft-ietf-mmusic-latching-05.txt

"Takeshi Takahashi" <takeshi_takahashi@nict.go.jp> Fri, 30 May 2014 00:06 UTC

Return-Path: <takeshi_takahashi@nict.go.jp>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE9841A06FC; Thu, 29 May 2014 17:06:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.043
X-Spam-Level:
X-Spam-Status: No, score=-0.043 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 313qAZfo_a5e; Thu, 29 May 2014 17:06:54 -0700 (PDT)
Received: from ns1.nict.go.jp (ns1.nict.go.jp [IPv6:2001:df0:232:300::1]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE3691A06D5; Thu, 29 May 2014 17:06:53 -0700 (PDT)
Received: from gw1.nict.go.jp (gw1 [133.243.18.250]) by ns1.nict.go.jp with ESMTP id s4U06lQk001024; Fri, 30 May 2014 09:06:47 +0900 (JST)
Received: from VAIO (ssh.nict.go.jp [133.243.3.49]) by gw1.nict.go.jp with ESMTP id s4U06l5H000400; Fri, 30 May 2014 09:06:47 +0900 (JST)
From: "Takeshi Takahashi" <takeshi_takahashi@nict.go.jp>
To: "'Emil Ivov'" <emcho@jitsi.org>, <iesg@ietf.org>, <secdir@ietf.org>, <mmusic-chairs@tools.ietf.org>, <draft-ietf-mmusic-latching@tools.ietf.org>
References: <000001cf759b$d1250a40$736f1ec0$@nict.go.jp> <53875DAA.7040300@jitsi.org>
In-Reply-To: <53875DAA.7040300@jitsi.org>
Date: Fri, 30 May 2014 09:06:46 +0900
Message-ID: <006d01cf7b9b$0c5c5a00$25150e00$@nict.go.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
thread-index: AQGpdc4eCM3X30+OF6FplBz+SBLqigGqk0X0m5bxE8A=
Content-Language: ja
X-Virus-Scanned: clamav-milter 0.97.8 at zenith1
X-Virus-Status: Clean
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/3rsb2mqhpaApIyO2DYaf-9D3ZFI
Subject: Re: [secdir] Secdir review of draft-ietf-mmusic-latching-05.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 May 2014 00:06:56 -0000

Hi Emil,

I've browsed the new version (-06).
IMHO, this is a nice draft, and I am hoping to see this draft to be
published soon.

> Right. SDP and SIP were indeed transgressing (fixed now) but all of the
> others seem to be expanded on first use. Or am I missing something?

Thank you for checking. I believe you are correct, and the current version
is fine for me.

> Well, they actually refer to quite different things. RTC, as you point
out,
> refers to real-time communication. SBC on the other hand stands for
session
> border controller (which is a signalling entity used by some RTC
services).
> 
> Did I misunderstand the question, or do you believe the text is somehow
> misleading?

Thank you for the clarification.
The texts were very fine, the texts were very easy to follow even for the
people who does not know this area of work (like me) throughout the draft,
and it is me who misinterpreted the texts.
I misinterpreted the very first sentence of the draft in the abstract, and I
believe no change is needed at all.
(From the first sentence, I interpreted as "RTC = SBCs", but I should have
interpreted as "signaling intermediaries in RTC = SBCs").

I personally like this draft very much.
Thank you for writing this document.

Take

> -----Original Message-----
> From: Emil Ivov [mailto:emcho@jitsi.org]
> Sent: Friday, May 30, 2014 1:18 AM
> To: Takeshi Takahashi; iesg@ietf.org; secdir@ietf.org;
> mmusic-chairs@tools.ietf.org; draft-ietf-mmusic-latching@tools.ietf.org
> Subject: Re: Secdir review of draft-ietf-mmusic-latching-05.txt
> 
> Hey Takeshi,
> 
> Thank you for your review. Comments inline:
> 
> On 22.05.14, 10:57, Takeshi Takahashi wrote:
> > Hello,
> >
> > I have reviewed this document as part of the security directorate's
> > ongoing effort to review all IETF documents being processed by the
> > IESG.  These comments were written primarily for the benefit of the
> > security area directors.  Document editors and WG chairs should treat
> > these comments just like any other last call comments.
> >
> > This document describes the behavior of signaling intermediaries in RTC
> > deployments when performing hosted NAT traversal (HNT).
> > The document begins with summarizing the problems with NAT traversal
> > for protocols such as SIP, and then outlines HNT and the latching
> > mechanism that approach the problems.
> > Nevertheless, this document is not recommending the use of latching.
> > Instead, the document alerts its use and elaborates its security
> > concerns in Section 5 "Security considerations" by showing several
> examples.
> > The security consideration covers issues such as
> > DoS-resistance/resource exhaustion, impersonation and addresses the use
> of encryption mechanism.
> >
> > It is an interesting, tutorial-like document, and I think this
> > document is ready.
> >
> > According to the mmusic mailing list, the security consideration
> > section has been discussed from the early stage of this draft, so the
> > section also seems to be mature, IMHO.
> > A bit of editorial review would be helpful.
> >
> > 1. It could be helpful if you could spell out the abbreviations when
> > they appear at the first time (e.g., UAC, UAS, SIP, SDP, and SBC), not
> > at the second time.
> 
> Right. SDP and SIP were indeed transgressing (fixed now) but all of the
> others seem to be expanded on first use. Or am I missing something?
> 
> > 2. In section 1: " and described in [RFC3424]" should be "as described
> > in [RFC3424]"?
> 
> Fixed.
> 
> > 3. In section 4: "from from" -> "from" ?
> 
> Fixed.
> 
> > The review was based on the document uploaded at
> > https://datatracker.ietf.org/doc/draft-ietf-mmusic-latching/ .
> >
> > By the way, if RTC and SBC are used as the identical terms in this
> > document, why do we use the term RTC (Real Time Communication) in the
> > document tile while we use the term SBC in the main body texts?
> 
> Well, they actually refer to quite different things. RTC, as you point
out,
> refers to real-time communication. SBC on the other hand stands for
session
> border controller (which is a signalling entity used by some RTC
services).
> 
> Did I misunderstand the question, or do you believe the text is somehow
> misleading?
> 
> > In any case, it is a very minor comment, and I think the draft is
> > ready to move forward.
> >
> > Take
> 
> Thanks again, all fixes will be available in the next submission.
> 
> Emil
> 
> --
> https://jitsi.org