[secdir] Review of draft-ietf-straw-b2bua-dtls-srtp
Paul Wouters <paul@nohats.ca> Fri, 20 November 2015 02:35 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D55D41A1EEA; Thu, 19 Nov 2015 18:35:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.185
X-Spam-Level:
X-Spam-Status: No, score=-1.185 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.585] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gnYKQ9XTukQh; Thu, 19 Nov 2015 18:35:16 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 084BA1A1EB7; Thu, 19 Nov 2015 18:35:16 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3p22686cXrz1HG; Fri, 20 Nov 2015 03:35:12 +0100 (CET)
Authentication-Results: mx.nohats.ca; dkim=pass (1024-bit key) header.d=nohats.ca header.i=@nohats.ca header.b=APnPkbwA
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id JU4qVo4akaoP; Fri, 20 Nov 2015 03:35:12 +0100 (CET)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Fri, 20 Nov 2015 03:35:12 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPS id 256CF8008F; Thu, 19 Nov 2015 21:35:10 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1447986910; bh=8RvOg+l3E5sZDnqmgnH/BYOQONRlJ7JIN2WHbRC5q/w=; h=Date:From:To:Subject; b=APnPkbwAyN1a1q8xAe4sHLS+SqqAnlinhXb4yoT/sMavvf1nZ3qsU9zgBat6Jdpdp 9egFprum4AQvcVndKUjjNNXlpD2CuwpVSXfVvztih09W4a2I7RYu93qXJhiD0NLMtc p/xnxVjDatw7tLlFTVGLsvD2XRIJ7/TIPp68I1vM=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.15.2/8.15.2/Submit) with ESMTP id tAK2Z9FC031773; Thu, 19 Nov 2015 21:35:09 -0500
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Thu, 19 Nov 2015 21:35:09 -0500
From: Paul Wouters <paul@nohats.ca>
To: secdir <secdir@ietf.org>, iesg@ietf.org, draft-ietf-straw-b2bua-dtls-srtp.all@tools.ietf.org
Message-ID: <alpine.LFD.2.20.1511192126580.30363@bofh.nohats.ca>
User-Agent: Alpine 2.20 (LFD 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/s15RyxZBIkHfbGYDLYWdqM7V8KE>
Subject: [secdir] Review of draft-ietf-straw-b2bua-dtls-srtp
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Nov 2015 02:35:18 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. As far as I understood the document and its dependancies (I'm not very familiar with the sip/srtp world), the document is Ready. One minor nit: Section 1.2 has a broken link for RFC-7092. This document describes how a "middle man" relaying connections between two sip endpoints should behave so it will not break the connection between the sip endpoints. The security section clearly lists the defenses the sip endpoints should take to ensure this "middle man" is not maliciously decrypting/re-encrypting the content of the connection it forwards between the endpoints. Paul
- [secdir] Review of draft-ietf-straw-b2bua-dtls-sr… Paul Wouters
- Re: [secdir] Review of draft-ietf-straw-b2bua-dtl… Ram Mohan R (rmohanr)