Re: [secdir] Secdir Last Call Review of draft-ietf-mmusic-data-channel-sdpneg-24
"Steve Hanna" <steve01@hannas.com> Mon, 11 March 2019 15:20 UTC
Return-Path: <steve01@hannas.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6378131188; Mon, 11 Mar 2019 08:20:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o802RQMfWe3Q; Mon, 11 Mar 2019 08:20:08 -0700 (PDT)
Received: from smtprelay.hostedemail.com (smtprelay0105.hostedemail.com [216.40.44.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35C7E13119B; Mon, 11 Mar 2019 08:19:58 -0700 (PDT)
Received: from filter.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay05.hostedemail.com (Postfix) with ESMTP id D50281803A126; Mon, 11 Mar 2019 15:19:56 +0000 (UTC)
X-Session-Marker: 737465766530314068616E6E61732E636F6D
X-Spam-Summary: 40, 2.5, 0, , d41d8cd98f00b204, steve01@hannas.com, :::::::::, RULES_HIT:10:41:355:379:541:542:599:800:960:973:982:988:989:1155:1260:1277:1311:1313:1314:1345:1359:1381:1437:1515:1516:1518:1534:1543:1587:1593:1594:1711:1730:1747:1777:1792:2198:2199:2393:2551:2553:2559:2562:2692:2693:2894:2895:2906:2911:2924:2926:3138:3139:3140:3141:3142:3355:3622:3865:3866:3867:3868:3870:3871:3872:3874:4250:4362:4425:5007:6119:7576:7903:8660:9545:10011:10400:10848:11658:11914:11984:12043:12048:12050:12109:12114:12663:12679:12760:12895:13019:13071:13095:13148:13161:13163:13229:13230:13439:13846:14040:14096:14097:14180:14181:14195:14721:21060:21080:21212:21324:21433:21451:21627:30006:30045:30054:30063:30070:30090:30091, 0, RBL:error, CacheIP:none, Bayesian:0.5, 0.5, 0.5, Netcheck:none, DomainCache:0, MSF:not bulk, SPF:fn, MSBL:0, DNSBL:neutral, Custom_rules:0:1:0, LFtime:33, LUA_SUMMARY:none
X-HE-Tag: map49_56b97d027765d
X-Filterd-Recvd-Size: 4184
Received: from DESKTOP1IV8FA2 (184-088-010-175.res.spectrum.com [184.88.10.175]) (Authenticated sender: steve01@hannas.com) by omf10.hostedemail.com (Postfix) with ESMTPA; Mon, 11 Mar 2019 15:19:55 +0000 (UTC)
Reply-To: steve@hannas.com
From: Steve Hanna <steve01@hannas.com>
To: "'Roni Even (A)'" <roni.even@huawei.com>, steve@hannas.com, iesg@ietf.org, secdir@ietf.org, draft-ietf-mmusic-data-channel-sdpneg.all@ietf.org
References: <03dd01d4d7a3$23a209d0$6ae61d70$@hannas.com> <6E58094ECC8D8344914996DAD28F1CCD18CC58D1@dggemm526-mbx.china.huawei.com>
In-Reply-To: <6E58094ECC8D8344914996DAD28F1CCD18CC58D1@dggemm526-mbx.china.huawei.com>
Date: Mon, 11 Mar 2019 11:19:55 -0400
Message-ID: <049c01d4d81d$e3549750$a9fdc5f0$@hannas.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AQKBpg92gi45b3wQuPvusgxbCadv6wFksx+TpKHIPIA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/yiO5OO4tE6OGoKcA48Sb9cqkylI>
Subject: Re: [secdir] Secdir Last Call Review of draft-ietf-mmusic-data-channel-sdpneg-24
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2019 15:20:16 -0000
Roni, Thanks for taking my feedback in such a positive manner. That's just how I intended it. The document is well written and pretty easy to understand. I especially appreciated Appendix A, which helped me avoid needing to read many other documents. I can't provide any technical feedback because I'm not an expert in your domain. But I can say that from a security perspective, your explanation makes sense to me. As for the English language nits, there seem to be 1-2 in every paragraph. If your co-authors don't see many, please invite someone who does copyediting or proofreading to review the document. They'll find lots more like the ones that I cited. These don't substantially impeded the comprehension of the document but they slow down the reader and in some cases could lead to confusion (especially with agreement errors like the first and third nit that I cited). Thanks, Steve -----Original Message----- From: Roni Even (A) <roni.even@huawei.com> Sent: Monday, March 11, 2019 9:07 AM To: steve@hannas.com; iesg@ietf.org; secdir@ietf.org; draft-ietf-mmusic-data-channel-sdpneg.all@ietf.org Subject: RE: Secdir Last Call Review of draft-ietf-mmusic-data-channel-sdpneg-24 HI Steve, Thanks for the review. I will update the document. As for the nits, it is my fault for not noticing these nits, will fix all of them and some of the co-authors are native English speakers. Roni -----Original Message----- From: Steve Hanna [mailto:steve01@hannas.com] Sent: Monday, March 11, 2019 2:41 AM To: iesg@ietf.org; secdir@ietf.org; draft-ietf-mmusic-data-channel-sdpneg.all@ietf.org Subject: Secdir Last Call Review of draft-ietf-mmusic-data-channel-sdpneg-24 Review result: Ready with nits Reviewer: Steve Hanna I reviewed this document as part of the Security Directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the Security Area Directors. Document authors, document editors, and WG chairs should treat these comments just like any other IETF Last Call comments. This document specifies how the SDP (Session Description Protocol) offer/answer exchange can be used to achieve an out-of-band non-DCEP negotiation for establishing a data channel. Major Concerns: None Minor Concerns: The last sentence in the Security Considerations section says: Error cases like the use of unknown parameter values or violation the odd/even rule must be handled by closing the corresponding Data Channel. I suspect that the "must" in this sentence should be "MUST". Nothing else in the document seems to state this requirement but it does seem necessary. Nits: This document has many small English language errors. For example, the first paragraph of the Introduction has three things that need to be corrected: - s/a bi-directional data channels/bi-directional data channels/ - s/prtocols/protocols/ - s/an endpoint applications/endpoint applications/ Please enlist a native English speaker as a proofreader.
- [secdir] Secdir Last Call Review of draft-ietf-mm… Steve Hanna
- Re: [secdir] Secdir Last Call Review of draft-iet… Roni Even (A)
- Re: [secdir] Secdir Last Call Review of draft-iet… Steve Hanna