Re: [secdir] Review of draft-ietf-sip-media-security-requirements-07.txt
"Fries, Steffen" <steffen.fries@siemens.com> Fri, 07 November 2008 15:53 UTC
Return-Path: <secdir-bounces@ietf.org>
X-Original-To: secdir-archive@ietf.org
Delivered-To: ietfarch-secdir-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9138D28C11E; Fri, 7 Nov 2008 07:53:30 -0800 (PST)
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DDFC13A6A49; Fri, 7 Nov 2008 06:46:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.273
X-Spam-Level:
X-Spam-Status: No, score=-5.273 tagged_above=-999 required=5 tests=[AWL=0.976, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tjMMavbVB+ps; Fri, 7 Nov 2008 06:46:16 -0800 (PST)
Received: from goliath.siemens.de (goliath.siemens.de [192.35.17.28]) by core3.amsl.com (Postfix) with ESMTP id A20163A694C; Fri, 7 Nov 2008 06:46:14 -0800 (PST)
Received: from mail1.siemens.de (localhost [127.0.0.1]) by goliath.siemens.de (8.12.11.20060308/8.12.11) with ESMTP id mA7Ek8Zr010311; Fri, 7 Nov 2008 15:46:09 +0100
Received: from mchp7wta.ww002.siemens.net (mchp7wta.ww002.siemens.net [139.25.131.193]) by mail1.siemens.de (8.12.11.20060308/8.12.11) with ESMTP id mA7Ejx5q020299; Fri, 7 Nov 2008 15:46:06 +0100
Received: from MCHP7IEA.ww902.siemens.net ([139.25.131.156]) by mchp7wta.ww002.siemens.net with Microsoft SMTPSVC(6.0.3790.3959); Fri, 7 Nov 2008 15:44:38 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Fri, 07 Nov 2008 15:44:22 +0100
Message-ID: <B13E851D00E14E4F8B1C2750D952FD5B4C1069@MCHP7IEA.ww902.siemens.net>
In-Reply-To: <200810291237.m9TCbFow003149@fireball.kivinen.iki.fi>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Review of draft-ietf-sip-media-security-requirements-07.txt
Thread-Index: Ack5wxqBGLrvTnWMTXmZIfmDQtKkVQHJANlQ
References: <200810291237.m9TCbFow003149@fireball.kivinen.iki.fi>
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: Tero Kivinen <kivinen@iki.fi>, draft-ietf-sip-media-security-requirements-07@tools.ietf.org, sip-chairs@tools.ietf.org
X-OriginalArrivalTime: 07 Nov 2008 14:44:38.0211 (UTC) FILETIME=[5C034130:01C940E7]
X-Mailman-Approved-At: Fri, 07 Nov 2008 07:53:29 -0800
Cc: iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] Review of draft-ietf-sip-media-security-requirements-07.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: secdir-bounces@ietf.org
Errors-To: secdir-bounces@ietf.org
Hi Tero, thnk you for the review, in version 08 we addressed the points you raised, except the numbering of the requirements. Nevertheless, we have included references in section 3 that show, were the requirements are explained (section 5). Reagards Steffen > -----Original Message----- > From: Tero Kivinen [mailto:kivinen@iki.fi] > Sent: Wednesday, October 29, 2008 1:37 PM > To: > draft-ietf-sip-media-security-requirements-07@tools.ietf.org; > sip-chairs@tools.ietf.org > Cc: secdir@ietf.org; iesg@ietf.org > Subject: Review of draft-ietf-sip-media-security-requirements-07.txt > Importance: High > > I have reviewed this document as part of the security > directorate's ongoing effort to review all IETF documents > being processed by the IESG. These comments were written > primarily for the benefit of the security area directors. > Document editors and WG chairs should treat these comments > just like any other last call comments. > > This draft talks about security requirements of the SIP > media. As such the whole document talks about security. I do > not have any security comments for it, but I have some other > comments and notes about it. > > The biggest problem I had when I was reading the document, > was that section 3, suddenly starts listing different > requirements like R-PASS-MEDIA, R-PASS-SIG etc, and there is > no indication where those are described. I tried to look for > them in the table of contents, but couldn't find them listed there. > > Reading forward I finally found those in the section 5, but > as they are not as separate sections there, they were not > listed in the table of contents. It would be better to move > each of those requirement to separate subsection, i.e. make > "5.1.1 R-FORK-RETARGET" and so on, so those references > earlier could point to section 5.1.1 and those would also be > listed in the table of contents. > > There is also unexpanded acronym of UAC in section 4.2, and I > do not what it means and it is not expanded or described in > any way. There seemed to be also quite a lot of other > acronyms, so it would be useful to check out if those are > really described (or expanded) somewhere in the document. > > Also it would be useful to expand HERFP also in the section > 5.1 when describing R-HERFP, not only section 4.2. Now the > description of R-HERFP does not tell that much: "The media > security key management protocol MUST function securely even > in the presence of HERFP behavior." especially if reader > doesn't remember what HERFP stands for... > > The description of R-RTP-VALID seems bit odd. It says that > "...key negotiation packets MUST NOT pass the RTP validity > check...". That seems bit odd considering that the name is > R-RTP-VALID and it says MUST NOT pass validity check. Is that > description really correct? > > Some nits: > > Section 8. Acknowledgements has Richard Barnes twice. > > Section A.4.3. SSRC and ROC has typo in word binding: > "Another, used by Security Descriptions, is to use "late > bindng" -- ... > -- > kivinen@safenet-inc.com > _______________________________________________ secdir mailing list secdir@ietf.org https://www.ietf.org/mailman/listinfo/secdir
- [secdir] Review of draft-ietf-sip-media-security-… Tero Kivinen
- Re: [secdir] Review of draft-ietf-sip-media-secur… Dean Willis
- Re: [secdir] Review of draft-ietf-sip-media-secur… Fries, Steffen
- Re: [secdir] Review of draft-ietf-sip-media-secur… Fries, Steffen
- Re: [secdir] Review of draft-ietf-sip-media-secur… Tero Kivinen
- Re: [secdir] Review of draft-ietf-sip-media-secur… Fries, Steffen