Re: [secdir] SecDir review of draft-ietf-straw-b2bua-rtcp-13
Lorenzo Miniero <lorenzo@meetecho.com> Tue, 11 October 2016 16:53 UTC
Return-Path: <lorenzo@meetecho.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC47612965A for <secdir@ietfa.amsl.com>; Tue, 11 Oct 2016 09:53:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.898
X-Spam-Level:
X-Spam-Status: No, score=-0.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_SBL=1.623, URIBL_SBL_A=0.1] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gBcDYiUPXI18 for <secdir@ietfa.amsl.com>; Tue, 11 Oct 2016 09:53:45 -0700 (PDT)
Received: from smtpcmd05149.aruba.it (smtpweb149.aruba.it [62.149.158.149]) by ietfa.amsl.com (Postfix) with ESMTP id 4291712965E for <secdir@ietf.org>; Tue, 11 Oct 2016 09:53:41 -0700 (PDT)
Received: from lminiero ([93.44.60.74]) by smtpcmd05.ad.aruba.it with bizsmtp id uGtg1t0071c60R101GtgwA; Tue, 11 Oct 2016 18:53:40 +0200
Date: Tue, 11 Oct 2016 18:53:39 +0200
From: Lorenzo Miniero <lorenzo@meetecho.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Message-ID: <20161011185339.51bd9947@lminiero>
In-Reply-To: <08FE41B8-679D-45A7-855D-C6C51780D278@gmail.com>
References: <BD4F5033-7DF8-4D3C-996B-7DB06EB0CC88@gmail.com> <20161011184627.19a46214@lminiero> <08FE41B8-679D-45A7-855D-C6C51780D278@gmail.com>
Organization: Meetecho
X-Mailer: Claws Mail 3.13.1 (GTK+ 2.24.29; x86_64-redhat-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/UA6qSM0gVtImKRZFU94D-62PHIM>
Cc: secdir <secdir@ietf.org>, The IESG <iesg@ietf.org>, draft-ietf-straw-b2bua-rtcp.all@tools.ietf.org
Subject: Re: [secdir] SecDir review of draft-ietf-straw-b2bua-rtcp-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2016 16:53:48 -0000
On Tue, 11 Oct 2016 19:51:29 +0300 Yoav Nir <ynir.ietf@gmail.com> wrote: > > On 11 Oct 2016, at 19:46, Lorenzo Miniero <lorenzo@meetecho.com> > > wrote: > > > > Hello Yoav, > > > > sorry for this late reply... thanks for reviewing the document! As > > to the points you raised in your review, I've added a couple of > > comments inline. > > > > > > On Sun, 9 Oct 2016 09:57:26 +0300 > > Yoav Nir <ynir.ietf@gmail.com <mailto:ynir.ietf@gmail.com>> wrote: > > > >> Hello, > >> > >> I have reviewed this document as part of the security directorate’s > >> ongoing effort to review all IETF documents being processed by the > >> IESG. These comments were written primarily for the benefit of the > >> security area directors. Document editors and WG chairs should > >> treat these comments just like any other last call comments. > >> > >> Summary: Ready with nits > >> > >> The document defines the proper behavior for B2BUAs that, in > >> addition to being on-path for SIP, are also on-path for the media > >> traffic, whether RTP or RTCP. Section 3 describes different > >> scenarios for B2BUAs operating on the media, and if features > >> considerations of the type “if you change this, you also have to > >> change that, otherwise this bad thing could happen.” The document > >> is easy to read and understandable even to someone who is not well > >> versed in SIP terminology. > >> > >> The security considerations section claims that the considerations > >> are similar to those of the standards documents such as RFC 7667 > >> (RTP topologies) and RFC 7656 (A Taxonomy of Semantics and > >> Mechanisms for Real-Time Transport Protocol (RTP) Sources). This > >> seems reasonable. It also describes why encryption is not an issue > >> (if the B2BUA can make some changes to the media stream, then it > >> can also make the changes described in this document, otherwise, > >> it can’t make the original changes either), and how failing to > >> follow this document might be indistinguishable from an attack > >> (that’s the “bad things happen” part) > >> > >> Two nits: > >> > >> - The Abstract says: “[B2BUAs] are often envisaged to also be on > >> the media path...This means that B2BUAs often implement an RTP/RTCP > >> stack...”. That doesn’t make sense with the dictionary definition > >> of “envisage”. Perhaps “designed”? > >> > > > > > > Fair point, we'll fix this in next version. > > > > > >> - The first paragraph of the Security Considerations is pasted > >> below. I don’t think there is much semantic difference between > >> "considerations" and “aspects”. This paragraph denies that there > >> are considerations, and then goes on to state some. I think the > >> whole first paragraph can go. > >> > >> Yoav > >> > > > > > > What we wanted to stress out in this section is that we didn't have > > any specific behaviour to mandate in that sense, as other related > > documents do, but that we mostly wanted to underline some aspects > > to be wary of. I guess that a "Security Considerations" section can > > itself be even just about considerations, rather than rules, so I > > agree that it might be worthwhile to rephrase that first sentence > > to make what we meant clearer than it currently is. Do you think > > that something like > > > > [..] does not specify any additional rule [..] > > > > rather than > > > > [..] does not introduce any additional consideration [..] > > Sure. Although dropping that paragraph would also work. > > Yoav > Thanks! I'll do that in the next version of the document, then. Lorenzo
- [secdir] SecDir review of draft-ietf-straw-b2bua-… Yoav Nir
- Re: [secdir] SecDir review of draft-ietf-straw-b2… Lorenzo Miniero
- Re: [secdir] SecDir review of draft-ietf-straw-b2… Yoav Nir
- Re: [secdir] SecDir review of draft-ietf-straw-b2… Lorenzo Miniero