[secdir] SECDIR Review of draft-pd-dispatch-msrp-websocket-12

Donald Eastlake <d3e3e3@gmail.com> Tue, 05 July 2016 03:19 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8580C12D0B8; Mon, 4 Jul 2016 20:19:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.45
X-Spam-Level:
X-Spam-Status: No, score=-2.45 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cNtMfPP_0L3P; Mon, 4 Jul 2016 20:19:03 -0700 (PDT)
Received: from mail-oi0-x22d.google.com (mail-oi0-x22d.google.com [IPv6:2607:f8b0:4003:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 110CE12D0DD; Mon, 4 Jul 2016 20:19:03 -0700 (PDT)
Received: by mail-oi0-x22d.google.com with SMTP id r2so213767737oih.2; Mon, 04 Jul 2016 20:19:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:cc; bh=Vftd3XDVh3dnH1IPixq7Jsr1de0jR+otI2EuNJvXagg=; b=nIvPEAS0doPhIiQTUgLPbxJgI4AEJX3rH33z2/CSCyWbRZR1wHtKtHM+ceo6v2CirQ UjMahY+TKcmPtNn+P1OTAgkqqzgm6OkcKHwqy1YGhrlgseliANgRhIqBW5xLM+wd6p/h RhKbq3L0G0rr3JMghv89S57kbU1DVgPujJHV7lZjlurJf75OxLLh87i8d93mh91Piv5w O2pXYWCzf8D/wCBZAgHP9ysRkbhGVYxhFZhnQr/oDim3yA8ZeFOZOJiPlbzUt3QxX67V l8JBEfJarWDIw26reQB6QRie0wbHVmKqsFq0u1Hfbw8rQ+QV2qOMYVmca9HLuOt47trl P6GQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=Vftd3XDVh3dnH1IPixq7Jsr1de0jR+otI2EuNJvXagg=; b=ZvxvlyiAfbHTTUvq5pmlFkJpdvynk9aUja1RDE28iK5Ax0cNmDBqYntz77mZQ1VuP3 4+cj5VyQkOuhQNxFXUim+HtB/gXZ1BuOEjb/04ReMtZWAKEYQKQCsHXxtImkp0LH0n0/ 43C8plRfX8vP5bRmPEq/YcDy70qE2y7WQlse0DrI2VqaF2Fej8PIoILA5qOYNWB/F1XU +bmgkz3dScTfKrwVbvW7RdUHNvVXPzHjrzMKy75nLVBmuWG/NKxr04a0BqrNzX5gDveN 0mZkZLLA7Y/8Ze1mZw76tJYSG2So+S0Gz/TxlexkKkhXVdp4LBIb+jjplz4CWHEGA0dn OXYg==
X-Gm-Message-State: ALyK8tI2XaR0E8l8tn/FCnxsLwegvN+pogS5KNtStbyRjjlhbwYj5cTPg9eMJ7pPoirqSKxC9LX8viD3+JPvsg==
X-Received: by 10.202.229.66 with SMTP id c63mr8785521oih.81.1467688742369; Mon, 04 Jul 2016 20:19:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.52.242 with HTTP; Mon, 4 Jul 2016 20:18:47 -0700 (PDT)
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Mon, 4 Jul 2016 23:18:47 -0400
Message-ID: <CAF4+nEGxcon=cSo9sZeTep+2Xu4+s06kziNNsfy60C0Xds2G5w@mail.gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>, draft-pd-dispatch-msrp-websocket.all@ietf.org
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Nclx0eMV-H8I01Xvsjt0feaX6BA>
Cc: "secdir@ietf.org" <secdir@ietf.org>
Subject: [secdir] SECDIR Review of draft-pd-dispatch-msrp-websocket-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2016 03:19:04 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This draft specifies a new WebSocket sub-protocol as a reliable
transport mechanism between MSRP (Message Session Relay Protocol)
clients and relays. It depends on the use of secure WebSocket
connections (TLS) and existing authentication mechanisms. I am not
particularly familiar with WebSockets or MSRP but the Security
Considerations section looks adequate to me.

There are a lot of example message flows in this document that i don't
really know enough to evaluate.

Nits:

It is peculiar that Sections 10, Section 11, and Appendix A have only
a single subsection aa their entire content. In the case of Sections
10 and 11, I think the 10.1 and 11.1 headers should just be
eliminated. In the case of Appendix A, probably the A.1 heading should
be moved up to the A level.

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3@gmail.com