[secdir] secdir review of draft-ietf-rtcweb-alpn-03
Benjamin Kaduk <kaduk@MIT.EDU> Thu, 21 April 2016 21:25 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F418012E8D8; Thu, 21 Apr 2016 14:25:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.197
X-Spam-Level:
X-Spam-Status: No, score=-5.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T4HvybpjwCMI; Thu, 21 Apr 2016 14:25:37 -0700 (PDT)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C35C812E8B6; Thu, 21 Apr 2016 14:25:36 -0700 (PDT)
X-AuditID: 12074423-57bff7000000258f-88-5719454faba3
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id E5.25.09615.F4549175; Thu, 21 Apr 2016 17:25:35 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id u3LLPY5j031435; Thu, 21 Apr 2016 17:25:35 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id u3LLPV1W011509 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 21 Apr 2016 17:25:34 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id u3LLPVRP018516; Thu, 21 Apr 2016 17:25:31 -0400 (EDT)
Date: Thu, 21 Apr 2016 17:25:31 -0400
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-rtcweb-alpn.all@ietf.org
Message-ID: <alpine.GSO.1.10.1604211724430.26829@multics.mit.edu>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrDIsWRmVeSWpSXmKPExsUixCmqrOvvKhlucPWRtMX8Pj6LGX8mMlt8 WPiQxYHZY8mSn0wBjFFcNimpOZllqUX6dglcGS0PFQqO8VR8WvucuYFxFVcXIyeHhICJxNXu a2xdjFwcQgJtTBI95x6wQDgbGSW+7FkKlTnEJLGxZyIzhNPAKNHyGMTh5GAR0JZY+v0IE4jN JqAiMfPNRjYQW0TAXWLSwU3sILawgLHEh693wWp4BRwlDu84AtYrKqAjsXr/FBaIuKDEyZlP wGxmAS2J5dO3sUxg5J2FJDULSWoBI9MqRtmU3Crd3MTMnOLUZN3i5MS8vNQiXTO93MwSvdSU 0k2MoEBid1Hewfiyz/sQowAHoxIPL4e8RLgQa2JZcWXuIUZJDiYlUd61ipLhQnxJ+SmVGYnF GfFFpTmpxYcYJTiYlUR45zkB5XhTEiurUovyYVLSHCxK4ryMDAwMQgLpiSWp2ampBalFMFkZ Dg4lCV5jF6BGwaLU9NSKtMycEoQ0EwcnyHAeoOHLQWp4iwsSc4sz0yHypxgVpcR560ASAiCJ jNI8uF5wpO9mUn3FKA70ijBvJ0gVDzBJwHW/AhrMBDSY/64oyOCSRISUVAOjzDXJ9+kfl6Sd SFc68lB32z32olkrfm8LcmPw1UoIm6PywY9zcddSznNPyzrPBDDUyHOvakiYn5WhdlrhHvvE D9y/MxoXWK0xnuz/MPHksT1XasyFPUpz7gj5ruiMkROKz8lzn/VCfMVnjxBl3UkL4q/MnMfy bdcVh1Dm2Ae1Jl4SSq3u07mUWIozEg21mIuKEwFDWDDczwIAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/xCrPKNn1NVKJKlbo45FGLcSSve4>
Subject: [secdir] secdir review of draft-ietf-rtcweb-alpn-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Apr 2016 21:25:39 -0000
[My apologies to those receiving this twice; I do not know why typing draft names seems to be so hard.] Hi all, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I think this document is ready. The main goal is to provide an authenticated indicator to the webrtc peers that confidentiality is needed for the "media" (video, audio) streams of that webrtc session (or that it is not needed); ALPN, which is bound to the DTLS handshake, is used to do so. The only potentially interesting direct consequence that I see is that this constrains any other (future) usage of ALPN by webrtc, since only one ALPN label can be selected for a given DTLS association. Should a need arise, presumably additional ALPN labels can be defined that describe the appropriate combination of confidentiality and any future protocol needs. This document is not intended to cover the details of how the actual webrtc sessions are established and cryptographically protected (if necessary), so there does not seem to be a need for it to discuss the security considerations relevant to those parts of the protocol. -Ben _______________________________________________ secdir mailing list secdir@ietf.org https://www.ietf.org/mailman/listinfo/secdir wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
- [secdir] secdir review of draft-ietf-rtcweb-alpn-… Benjamin Kaduk
- [secdir] secdir review of draft-ietf-rtcweb-alpn-… Benjamin Kaduk