IETF Logo Mail Archive

Re: [secdir] Secdir last call review of draft-ietf-mops-streaming-opcons-10

Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Fri, 05 August 2022 13:06 UTC

Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0A08C13CCD2; Fri, 5 Aug 2022 06:06:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I6xxIougOlkL; Fri, 5 Aug 2022 06:06:42 -0700 (PDT)
Received: from mail-qt1-x835.google.com (mail-qt1-x835.google.com [IPv6:2607:f8b0:4864:20::835]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 314ECC13CCFE; Fri, 5 Aug 2022 06:06:42 -0700 (PDT)
Received: by mail-qt1-x835.google.com with SMTP id u12so2006992qtk.0; Fri, 05 Aug 2022 06:06:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=fg7W/GRVHoD+o80fvpCopvexs5BAdpk7isBN+AUjSuE=; b=JNKAuy5+ChLNXkVLLDO895cCUA6lR0pZoXMstVRUNTzFHOOh0VloiomIaFiafO7VWY 4dTY8Y9KkwwJ1fPZj5FbKEFdduVvPV3ioLrH+TGU4RjPgkTUGWLLDvInxm8iR82SQsM2 s0TTaeGtxRc60Pfbcan6vSha0occl8kzGwyoZAcuKxKO9WX1u3wPJIO1gwD3za1snvPf TmnDGq529xJurHwJuUn43/34obrLLzV84sBjrHO3izTguCnA9C27hZaQ6gvoX/CsFaly JHpqNymP9+/h2tvILoQFm0Ch0eeWtr59QnqAWzlMVTW1fS4P5ThKe/AH0ne0mA+UI5PV 67kg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=fg7W/GRVHoD+o80fvpCopvexs5BAdpk7isBN+AUjSuE=; b=w0fgv3IYUDflzY/3e8I2r6gKq4A8Z3gWOqYJyqoTBDsivouqH8JbnIDJtXrCpONyGp Hc6iqd3gld/0/aESWUtYLl13NXJBqeK/ErrDdVnJP6IKepoxJ35cvzNX4Ru4W24tYUhh RDaqT38OngrmE/pvgS8Zdy6KtgewVgBGyT8OZaE2hJFxudX9J00mHzlSdyKO5p+njwe7 VDH0o1L7qosHKMiGOvp/wl2zq5aPcNFLEhqjRPvHd+JAkI6yZgTmFFo+OX8MktUJ02P9 NA9iLhZFKreNEzJ32YD7Nb/MfopysAsS82olj5EpcrFutZ8cFc7iCJkeSCKQz4BfG9FW H/IQ==
X-Gm-Message-State: ACgBeo0TQ5JByLtJq6pa9IhVZs0y9E/ZW2rN6xMrnN2Sg9cJO7EiVRnf 5HXnPdvZ9yqrfsMCyQOyVB4YzLlHZilG41HN0UsbPKj4
X-Google-Smtp-Source: AA6agR5jNJBuxbWwST9UEZGIap4fvSE3DrBL/z4WGF55RXw0Oj47z+ihk/ZQtZVvcUxySm+UfOajNu9XpHUbafXmxeo=
X-Received: by 2002:a05:622a:101:b0:326:5e0e:96f0 with SMTP id u1-20020a05622a010100b003265e0e96f0mr5657750qtw.49.1659704801154; Fri, 05 Aug 2022 06:06:41 -0700 (PDT)
MIME-Version: 1.0
References: <165661488135.26118.14604600979606244296@ietfa.amsl.com> <CAKKJt-em=iMpFhZ+nr=zL+R2iehtV-cRaLTerEgvw95mJe8Bog@mail.gmail.com> <BYAPR11MB29190A2D23064391B09C42BFD69E9@BYAPR11MB2919.namprd11.prod.outlook.com>
In-Reply-To: <BYAPR11MB29190A2D23064391B09C42BFD69E9@BYAPR11MB2919.namprd11.prod.outlook.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Fri, 05 Aug 2022 08:06:15 -0500
Message-ID: <CAKKJt-c2aZh21HLCpbHeshRqG4dD7OAW-rGkO4G0HN8TY=yDsQ@mail.gmail.com>
To: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
Cc: "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-mops-streaming-opcons.all@ietf.org" <draft-ietf-mops-streaming-opcons.all@ietf.org>, "mops@ietf.org" <mops@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001add2005e57e23e1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Dpohf-MQzfSrXQMnOAIOLHafLLE>
Subject: Re: [secdir] Secdir last call review of draft-ietf-mops-streaming-opcons-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2022 13:06:46 -0000

Nancy,

On Thu, Aug 4, 2022 at 9:25 PM Nancy Cam-Winget (ncamwing) <
ncamwing@cisco.com> wrote:

> Hi Spencer,
>
> Just took a quick skim at comment resolutions with closer inspection of
> section 5.4 which is
>
> much improved.  I’ve added a similar comment to the GitHub as well.
>

Thank you very much for the feedback! I'll close this issue as resolved in
GitHub,

That gets us down to one open issue, with Roman still proposing text to
resolve his Discuss ballot.

Best,

Spencer


> Thanks!
>
>    Nancy
>
>
>
> *From: *Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
> *Date: *Thursday, August 4, 2022 at 1:03 PM
> *To: *Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com>
> *Cc: *secdir@ietf.org <secdir@ietf.org>,
> draft-ietf-mops-streaming-opcons.all@ietf.org <
> draft-ietf-mops-streaming-opcons.all@ietf.org>, mops@ietf.org <
> mops@ietf.org>
> *Subject: *Re: Secdir last call review of
> draft-ietf-mops-streaming-opcons-10
>
> Hi, Nancy,
>
>
>
> Thank you for your review (and text suggestions).
>
>
>
> I think we've been able to address all of your comments on -10, but your
> comment on 5.4 may have already been addressed in -11. We were working on
> this section, because Roman had also pointed to it in his IESG Evaluation
> ballot, so the -10 text about personalized ads has been changed
> significantly.
>
>
>
> Could I ask you to take a look at section 5.4 in
> https://www.ietf.org/rfcdiff?url2=draft-ietf-mops-streaming-opcons-11.txt,
> and see what you think?
>
>
>
> You can reply here, or in the Github issue I created for this comment in
> your review, at
> https://github.com/ietf-wg-mops/draft-ietf-mops-streaming-opcons/issues/181
> .
>
>
>
> Best,
>
>
>
> Spencer
>
>
>
> On Thu, Jun 30, 2022 at 1:48 PM Nancy Cam-Winget via Datatracker <
> noreply@ietf.org> wrote:
>
> Reviewer: Nancy Cam-Winget
> Review result: Ready
>
> Ready with Nits
>
> Reviewer: Nancy Cam-Winget
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
> This document describes how streaming applications may use network and
> transport protocol and presents some challenges or issues as either or both
> the use cases and protocols continue to evolve.  The goal of the authors is
> to provide a snapshot overview of the requirements and challenges current
> streaming applications on the network protocols to serve as a reference
> for future design and protocol proposals.
>
> I have reviewed the document from the perspective of security requirements/
> considerations. Section 7 focuses on this topic and scopes the description
> to
> how media is encrypted at the transport layer only and asserts that it
> does not
> validate the encryption goals.  With that in mind, the subsections do
> provide
> a cursory view of how encryption is applied.  As it is not a security
> considerations
> section (or security focused document) it lacks depth in the security and
> privacy
> requirements or challenges.  For instance, no mention to the use of
> specific
> cipher suites nor requiring strong authentication and
> key management mechanisms when using the encryption.
>
> I have a couple of nits that can help clarify intent and descriptions in
> the
> document:
> -       Section 3.2: I believe the last paragraph is trying to point out
> that there
> bottlenecks can exist at both different nodes/hops in the network, endpoint
> and service but I believe there are also bottlenecks that can exist or be
> addressed
> by proper configuration at the different levels of the OSI stack
> (e.g. Wifi/cellular/ethernet link layer, TCP/UDP to application layer).
> But the
> reference to a “link” can benefit from including better qualification.
>
> -       Section 4.1: better quantification of the number of users it can
> serve is needed
> as better guidance (vs. “…do not need to scale to more than a few users at
> a time”)
> As I can see live media events (like conference calls?) where there could
> be up to
> a hundred users (whether recommended or not!) attempting to hold a
> collaborative
> conversation (e.g. live video, audio and other resources like
> whiteboarding)
>
> -       Section 5.4 2nd paragraph pg. 20 speaks to potential privacy (and
> security)
> violations as ad fraud.  As a non-expert in the full live-streaming
> workflow with ads
> but a security expert, a better description of the current workflow or
> mention that the
> misreporting is out of scope (?) is needed.  If the intent is to provide
> guidance for future
> design and protocol improvements, at least a reference to how current
> solutions work
> and fail is required.
>
> -       Section 5.5.3 – have the authors considered how QoS signaling at
> the link layer
> like 802.11e and 802.11u help or affect performance?
>
> Editorial nits:
> -       Section 3.4 pg 10 last paragraph.  The 2nd sentence “For example,
> with the
> emergence of ultra-low-latency streaming…..” is an awkward sentence.  I
> suggest
> To break it into two sentences.
> -       Secion 5.5.3: typo “detection” is misspelled
>
>
>

v2.23.0 | Report a Bug | By Email