[secdir] Secdir review of draft-ietf-mmusic-latching-05.txt
"Takeshi Takahashi" <takeshi_takahashi@nict.go.jp> Thu, 22 May 2014 08:57 UTC
Return-Path: <takeshi_takahashi@nict.go.jp>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62EC21A015E; Thu, 22 May 2014 01:57:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.043
X-Spam-Level:
X-Spam-Status: No, score=-0.043 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JbuocYpX-5Wg; Thu, 22 May 2014 01:57:17 -0700 (PDT)
Received: from ns2.nict.go.jp (ns2.nict.go.jp [IPv6:2001:df0:232:300::2]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CF921A0060; Thu, 22 May 2014 01:57:16 -0700 (PDT)
Received: from gw2.nict.go.jp (gw2 [133.243.18.251]) by ns2.nict.go.jp with ESMTP id s4M8vB4K027671; Thu, 22 May 2014 17:57:11 +0900 (JST)
Received: from VAIO (ssh.nict.go.jp [133.243.3.49]) by gw2.nict.go.jp with ESMTP id s4M8vAxA026048; Thu, 22 May 2014 17:57:10 +0900 (JST)
From: Takeshi Takahashi <takeshi_takahashi@nict.go.jp>
To: iesg@ietf.org, secdir@ietf.org, mmusic-chairs@tools.ietf.org, draft-ietf-mmusic-latching@tools.ietf.org
Date: Thu, 22 May 2014 17:57:09 +0900
Message-ID: <000001cf759b$d1250a40$736f1ec0$@nict.go.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac91myTSon1TjPO7TGaWOLcNF+OSxA==
Content-Language: ja
X-Virus-Scanned: clamav-milter 0.97.8 at zenith2
X-Virus-Status: Clean
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/UtUys3sEjaPNGrF0q_n5_Pc_0K8
Subject: [secdir] Secdir review of draft-ietf-mmusic-latching-05.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 May 2014 08:57:21 -0000
Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes the behavior of signaling intermediaries in RTC deployments when performing hosted NAT traversal (HNT). The document begins with summarizing the problems with NAT traversal for protocols such as SIP, and then outlines HNT and the latching mechanism that approach the problems. Nevertheless, this document is not recommending the use of latching. Instead, the document alerts its use and elaborates its security concerns in Section 5 "Security considerations" by showing several examples. The security consideration covers issues such as DoS-resistance/resource exhaustion, impersonation and addresses the use of encryption mechanism. It is an interesting, tutorial-like document, and I think this document is ready. According to the mmusic mailing list, the security consideration section has been discussed from the early stage of this draft, so the section also seems to be mature, IMHO. A bit of editorial review would be helpful. 1. It could be helpful if you could spell out the abbreviations when they appear at the first time (e.g., UAC, UAS, SIP, SDP, and SBC), not at the second time. 2. In section 1: " and described in [RFC3424]" should be "as described in [RFC3424]"? 3. In section 4: "from from" -> "from" ? The review was based on the document uploaded at https://datatracker.ietf.org/doc/draft-ietf-mmusic-latching/ . By the way, if RTC and SBC are used as the identical terms in this document, why do we use the term RTC (Real Time Communication) in the document tile while we use the term SBC in the main body texts? In any case, it is a very minor comment, and I think the draft is ready to move forward. Take
- [secdir] Secdir review of draft-ietf-mmusic-latch… Takeshi Takahashi
- Re: [secdir] Secdir review of draft-ietf-mmusic-l… Takeshi Takahashi
- Re: [secdir] Secdir review of draft-ietf-mmusic-l… Emil Ivov