IETF Logo Mail Archive

Re: [secdir] Secdir review of draft-ietf-avtcore-idms-12

Magnus Westerlund <magnus.westerlund@ericsson.com> Tue, 13 August 2013 12:02 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6197821E80D8; Tue, 13 Aug 2013 05:02:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.249
X-Spam-Level:
X-Spam-Status: No, score=-106.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y18DK5JIqkXv; Tue, 13 Aug 2013 05:02:30 -0700 (PDT)
Received: from mailgw1.ericsson.se (mailgw1.ericsson.se [193.180.251.45]) by ietfa.amsl.com (Postfix) with ESMTP id 023FB11E8160; Tue, 13 Aug 2013 05:02:29 -0700 (PDT)
X-AuditID: c1b4fb2d-b7f1c8e000000f62-04-520a20533c7e
Received: from ESESSHC011.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw1.ericsson.se (Symantec Mail Security) with SMTP id B0.66.03938.3502A025; Tue, 13 Aug 2013 14:02:27 +0200 (CEST)
Received: from [127.0.0.1] (153.88.183.150) by smtp.internal.ericsson.com (153.88.183.53) with Microsoft SMTP Server id 14.2.328.9; Tue, 13 Aug 2013 14:02:27 +0200
Message-ID: <520A208F.6050104@ericsson.com>
Date: Tue, 13 Aug 2013 14:03:27 +0200
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: "Brandenburg, R. (Ray) van" <ray.vanbrandenburg@tno.nl>
References: <F7B404A0-9D49-4BC7-A284-B0F0DC984DA8@inria.fr> <FCC100FC8D6B034CB88CD8173B2DA1581F439A1F@EXC-MBX03.tsn.tno.nl>
In-Reply-To: <FCC100FC8D6B034CB88CD8173B2DA1581F439A1F@EXC-MBX03.tsn.tno.nl>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrBLMWRmVeSWpSXmKPExsUyM+JvrW6wAleQwZ7XVha3bv5is5jxZyKz xbfN1xktPix8yGLRs6qfxYHVY8mSn0wek14cYvE4uO4Cs8eXy5/ZAliiuGxSUnMyy1KL9O0S uDI+XFvPWHCXo+LM/hssDYzT2bsYOTgkBEwkdqyx7GLkBDLFJC7cW8/WxcjFISRwmFHi9LKF rCAJIYHljBKdz/lAbF4BbYlTtw+DxVkEVCV6t/1lB7HZBCwkbv5oZAOxRQWCJdq3f2WDqBeU ODnzCQuILSJgLXHlchczyAJmgSOMEt+PdoI1CwM1f5y/iAnkICGBaonOXmaQMKeAj8Tz06fZ II6TlNi26BhYObOAnsSUqy2MELa8RPPW2cwQd2pLNDR1sE5gFJqFZPUsJC2zkLQsYGRexcie m5iZk15uuIkRGNoHt/zW3cF46pzIIUZpDhYlcd5NemcChQTSE0tSs1NTC1KL4otKc1KLDzEy cXBKNTBal8fdkGRyOfD+0Pfkt/GZ3MHHSyTV1+uLV5+4vnhi7J+o5Iwp0QeeHgn9Pqu8Ir96 s5ljyrYL75blfPBbuzgxb+rvD0aPFP0OmovNZv++sPnSgoJtuzlatxRmnYuc8+dmrPB9VjuZ A6qaL0sPsq9fM+FBwdOvBYY5ka3Bwru8DtuvWHthMu8RJZbijERDLeai4kQAHZBX2TsCAAA=
Cc: "secdir@ietf.org" <secdir@ietf.org>, IESG <iesg@ietf.org>, "draft-ietf-avtcore-idms.all@tools.ietf.org" <draft-ietf-avtcore-idms.all@tools.ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-avtcore-idms-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Aug 2013 12:02:36 -0000

Vincent and Ray,


>>
>> A reference to SRTP is missing. Please add.> 
> 
> Thanks. Will do.

I think referencing SRTP here is to narrow. I think the appropriate
thing to point out is the need for source authentication and message
integrity and then point to the need for a security solution that
provide this. SRTP is a transport security solution, without
key-management. So pointing at this to resolve this issue is
insufficient and also not deployable. I think a better reference now
that it exist and is getting closer to publication might be:

https://datatracker.ietf.org/doc/draft-ietf-avtcore-rtp-security-options/

Cheers

Magnus Westerlund

----------------------------------------------------------------------
Multimedia Technologies, Ericsson Research EAB/TVM
----------------------------------------------------------------------
Ericsson AB                | Phone  +46 10 7148287
Färögatan 6                | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email