Re: [secdir] secdir review of draft-ietf-simple-msrp-sessmatch
Ben Campbell <ben@estacado.net> Wed, 08 September 2010 21:36 UTC
Return-Path: <ben@estacado.net>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 604543A67FA for <secdir@core3.amsl.com>; Wed, 8 Sep 2010 14:36:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GWbGmNOnHBmg for <secdir@core3.amsl.com>; Wed, 8 Sep 2010 14:36:44 -0700 (PDT)
Received: from estacado.net (estacado-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:266::2]) by core3.amsl.com (Postfix) with ESMTP id 62FBC3A6960 for <secdir@ietf.org>; Wed, 8 Sep 2010 14:36:33 -0700 (PDT)
Received: from dn3-174.estacado.net (dn3-174.estacado.net [172.16.3.174]) (authenticated bits=0) by estacado.net (8.14.3/8.14.2) with ESMTP id o88LarDN040332 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 8 Sep 2010 16:36:54 -0500 (CDT) (envelope-from ben@estacado.net)
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset="us-ascii"
From: Ben Campbell <ben@estacado.net>
In-Reply-To: <7F2072F1E0DE894DA4B517B93C6A0585015BCA1D@ESESSCMS0356.eemea.ericsson.se>
Date: Wed, 08 Sep 2010 16:36:48 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <0B7E7D8D-CBC0-48C8-B642-A5E7A2D48BF2@estacado.net>
References: <7F2072F1E0DE894DA4B517B93C6A0585015BCA1D@ESESSCMS0356.eemea.ericsson.se>
To: Christer Holmberg <christer.holmberg@ericsson.com>
X-Mailer: Apple Mail (2.1081)
X-Mailman-Approved-At: Thu, 09 Sep 2010 08:57:29 -0700
Cc: Ted Hardie <ted.ietf@gmail.com>, The IETF <ietf@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-simple-msrp-sessmatch@tools.ietf.org" <draft-ietf-simple-msrp-sessmatch@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-simple-msrp-sessmatch
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Sep 2010 21:36:49 -0000
I wanted to make a quick response to one part of this discussion--see below: On Aug 31, 2010, at 12:39 PM, Christer Holmberg wrote: >>>> To highlight one particular aspect, RFC 4975 does not require >>>> session-ids to be present, a fact noted both in the ABNF and in this >>>> text: >>>> >>>> 4. The session-id part is compared as case sensitive. A URI without >>>> a session-id part is never equivalent to one that includes one. >>>> >>>> A matching scheme which relies on a URI section which is not >>>> guaranteed to be present has some interesting problems ahead of it. If >>>> this effectively makes their use mandatory, that requires a change to >>>> the fundamental ABNF and text. >>> >>> An MSRP URI in an SDP offer or answer for an MSRP session MUST include a >>> session-id part, so I believe the comment is >>> based on incorrect assumptions. >> >> This is not indicated in the URI matching section > > We will clarify that sessmatch conformant UAs do not use MSRP URI matching in > order to perform MSRP session matching. In fact, RFC4975 does require an MSRP URI in and SDP offer or answer to include a session ID part. Unfortunately, it does so rather obliquely. Section 6 contains the following language: > The MSRP URI authority field identifies a participant in a particular > MSRP session. If the authority field contains a numeric IP address, > it MUST also contain a port. The session-id part identifies a > particular session of the participant. The absence of the session-id > part indicates a reference to an MSRP host device, but does not refer > to a particular session at that device. Section 8.2, in the last paragraph, says the following about the rightmost URI placed in a path attribute in the SDP (Note that 4975 does not specify MSRP relay behavior, so only the rightmost URI is in scope) > It MUST be assigned for this particular session, and MUST NOT duplicate > any URI in use for any other session in which the endpoint is > currently participating. It SHOULD be hard to guess, and protected > from eavesdroppers. This is discussed in more detail in > Section 14. > This, taken together, create a requirement for a session-ID for MSRP URIs used to identify a session in the SDP. I agree this should have been more strongly worded. An errata entry is probably in order. Thanks! Ben.
- [secdir] secdir review of draft-ietf-simple-msrp-… Richard L. Barnes
- Re: [secdir] secdir review of draft-ietf-simple-m… Ted Hardie
- Re: [secdir] secdir review of draft-ietf-simple-m… Christer Holmberg
- Re: [secdir] secdir review of draft-ietf-simple-m… Richard L. Barnes
- Re: [secdir] secdir review of draft-ietf-simple-m… Ted Hardie
- Re: [secdir] secdir review of draft-ietf-simple-m… Christer Holmberg
- Re: [secdir] secdir review of draft-ietf-simple-m… Christer Holmberg
- Re: [secdir] secdir review of draft-ietf-simple-m… Ted Hardie
- Re: [secdir] secdir review of draft-ietf-simple-m… Cullen Jennings
- Re: [secdir] secdir review of draft-ietf-simple-m… Christer Holmberg
- Re: [secdir] secdir review of draft-ietf-simple-m… Christer Holmberg
- Re: [secdir] secdir review of draft-ietf-simple-m… Gonzalo Camarillo
- Re: [secdir] secdir review of draft-ietf-simple-m… Christer Holmberg
- Re: [secdir] secdir review of draft-ietf-simple-m… Ben Campbell
- Re: [secdir] secdir review of draft-ietf-simple-m… Ben Campbell
- [secdir] Draft new version: draft-ietf-simple-msr… Christer Holmberg
- Re: [secdir] secdir review of draft-ietf-simple-m… Gonzalo Camarillo
- Re: [secdir] secdir review of draft-ietf-simple-m… Ted Hardie
- Re: [secdir] secdir review of draft-ietf-simple-m… Ted Hardie
- Re: [secdir] secdir review of draft-ietf-simple-m… Ted Hardie
- Re: [secdir] secdir review of draft-ietf-simple-m… Cullen Jennings
- Re: [secdir] secdir review of draft-ietf-simple-m… Ben Campbell
- Re: [secdir] [Simple] secdir review of draft-ietf… Adrian Georgescu
- Re: [secdir] [Simple] secdir review of draft-ietf… Ben Campbell
- Re: [secdir] [Simple] secdir review of draft-ietf… Adrian Georgescu
- Re: [secdir] secdir review of draft-ietf-simple-m… Gonzalo Camarillo
- Re: [secdir] [Simple] secdir review of draft-ietf… Ben Campbell