IETF Logo Mail Archive

Re: [Sframe] Publication has been requested for draft-ietf-sframe-enc-06

Richard Barnes <rlb@ipv.sx> Thu, 29 February 2024 18:15 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46852C14F697 for <sframe@ietfa.amsl.com>; Thu, 29 Feb 2024 10:15:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 41t7TeM24E-z for <sframe@ietfa.amsl.com>; Thu, 29 Feb 2024 10:15:47 -0800 (PST)
Received: from mail-il1-x136.google.com (mail-il1-x136.google.com [IPv6:2607:f8b0:4864:20::136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F01E9C14F5FF for <sframe@ietf.org>; Thu, 29 Feb 2024 10:15:42 -0800 (PST)
Received: by mail-il1-x136.google.com with SMTP id e9e14a558f8ab-365337ad3e7so4174785ab.0 for <sframe@ietf.org>; Thu, 29 Feb 2024 10:15:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20230601.gappssmtp.com; s=20230601; t=1709230542; x=1709835342; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=TqrKgesu2h7M8NjAJ4DcBeoCRKonPsR4ldQAwt6Uw5Q=; b=XXSRDZDpcY8NRUayT6II8kk910IhjbojNPdo8wMkLqlQRzQkDgjqe18Y+GbXQf9Env /p3GuYuTt2ml1b5tGow6I8+l1mxquf7bjmryMlKrvCaahap7Ckt+LOSBEBlGbCZIWPh/ dO2gm4/CnLl7dad8Jt8lMNBzgXIkQ0XSY/RZDl+RoCfAeMkySYKS6Y9KKhMwJhczQjZe J8sAnSg4OBAT8YKrtugXvqL44kGyDCeWRQIa1KIn3OBqKX7vzo32VWHlFn48+iFamvF2 cDL5jeiurDZg8EaorVjXDJeD5v34ReXQjLZdEYRZMahGc6imezD8hAB6kxk+kRCk+0ix EIjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709230542; x=1709835342; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TqrKgesu2h7M8NjAJ4DcBeoCRKonPsR4ldQAwt6Uw5Q=; b=Os0lQbICJN1tqeIIX97LU5lW1S38RAjXhIxv1sQEUgRz7r0RhB3NFEsCJ/oC+/EowR 0ZZK9/jHR8HsAz3jHzhLoBEJ0XSq6HEWcaqyFTQpPH6ZMbcqhP4fmGqDFoWLEhi+GPoN fh9CYai6FFY/tv1qYK8hQNNLcyELkdwAjJDO/oPO7aChpKI4P6CNMQ8Ptsu90iBvbjrm Vtm/ibO+856G/U6ed1m3ztWVubfQgs76ewUHnsAfplQsuCRuirBigqa1GLAMnzPcz29f lki3IkpfFSy0UTsnPvfhw5r/lJNPzwKXqVf60B3nqituVwbTwsHuT1SNvhPfSOEnhMz9 /y7w==
X-Gm-Message-State: AOJu0Yy4D1RuE7zkaScuLZY8KTImMXmDiP92IVj5CsjFEuJVgqdvUy8q mJlQu0tkub9nzP6eRna6ksjGC1T6s86wj8IH/PcVKAOS4kyLBeoiZunRTEJao3qFqnpaablgJrX kJK2YFBRc+xIOWPrgWfHHFR7c14f0B/Pi4QBsqQ==
X-Google-Smtp-Source: AGHT+IF92p59zS2z1n3c3dc2sNOoFro8XbUE+ViLk91265xB/WSeoWe9lGPJTjms8a1/H99Sc3OQaGYXeskt6ZEMepM=
X-Received: by 2002:a92:2912:0:b0:364:279c:4a08 with SMTP id l18-20020a922912000000b00364279c4a08mr3417525ilg.23.1709230542027; Thu, 29 Feb 2024 10:15:42 -0800 (PST)
MIME-Version: 1.0
References: <170182043936.679.4345250232615285561@ietfa.amsl.com> <CAL0qLwa+73QryfCxGEG_0FSGRK06sJDsNjq2JZH3X4J9_JeUZg@mail.gmail.com> <CAL02cgTV62U7pRcnJ3EmPn93CmPqH3iyi6m-wERQkz3jWK2wxg@mail.gmail.com> <CAL0qLwbnRm9yKygbS=96dxufmVOhpsH8bTXcYi_ButHrCsdn3Q@mail.gmail.com> <CAL0qLwauKox5hNMzJYfMuU5s_Hxt3nsHVVCB2Do1kF_nu=QghQ@mail.gmail.com> <CAL02cgRYd8QyKo+uA3D4q7MCDDu50SxHGpu8uFG5YurBZNMxvQ@mail.gmail.com>
In-Reply-To: <CAL02cgRYd8QyKo+uA3D4q7MCDDu50SxHGpu8uFG5YurBZNMxvQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Thu, 29 Feb 2024 11:15:30 -0700
Message-ID: <CAL02cgRXFvNk8KzU0J+rVf9tu7B8GYH6C6e_Z8d9A=_WeVkdXw@mail.gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: sframe@ietf.org
Content-Type: multipart/alternative; boundary="0000000000004c145e0612893f22"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/I98DiB9AM-xhvai-bPIGOvrUUhY>
Subject: Re: [Sframe] Publication has been requested for draft-ietf-sframe-enc-06
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Feb 2024 18:15:51 -0000

Just posted draft-07.  To the IESG!


On Thu, Feb 29, 2024 at 9:58 AM Richard Barnes <rlb@ipv.sx> wrote:

> We have pull requests covering all the reviews so far.
>
> https://github.com/sframe-wg/sframe/pulls
>
> I'll get them reviewed and merged ASAP, then send you a new draft.
>
> On Thu, Feb 29, 2024 at 9:52 AM Murray S. Kucherawy <superuser@gmail.com>
> wrote:
>
>> ...and, I guess, any necessary responses to the other directorate reviews
>> (SEC, ART)?
>>
>> -MSK
>>
>> On Thu, Feb 29, 2024 at 8:52 AM Murray S. Kucherawy <superuser@gmail.com>
>> wrote:
>>
>>> Thanks for these; can we expect a -07 with that PR incorporated before I
>>> send it to the IESG?
>>>
>>> -MSK
>>>
>>> On Thu, Feb 1, 2024 at 2:37 PM Richard Barnes <rlb@ipv.sx> wrote:
>>>
>>>> Inline...
>>>>
>>>> On Wed, Jan 31, 2024 at 7:48 PM Murray S. Kucherawy <
>>>> superuser@gmail.com> wrote:
>>>>
>>>>>
>>>>> Hello all,
>>>>>
>>>>
>>>> Hello Murray!
>>>>
>>>>
>>>>> Sorry this has taken me so long to get through.  Overall I think it's
>>>>> quite well done and what I've managed to come up with is mostly minor.  So,
>>>>> here's what I've got so far; rather than have you keep waiting on more
>>>>> comments or questions, I'm going to request Last Call now in parallel with
>>>>> me finishing my review.  We can deal with these alongside any Last Call
>>>>> feedback and directorate reviews if you like.
>>>>>
>>>>
>>>> Sounds good to me.  I filed a PR for your comments:
>>>> https://github.com/sframe-wg/sframe/pull/183
>>>>
>>>>
>>>>> In no particular order:
>>>>>
>>>>> Section 8:
>>>>>
>>>>> This kind of reads like at one point you were asking for multiple
>>>>> registries, but only one remains.  Some of the grammar mismatches should be
>>>>> tidied up.
>>>>>
>>>>
>>>> Done.
>>>>
>>>>
>>>>> Per RFC 8126, a "Specification Required" registry strongly encourages
>>>>> advice to the Designated Expert about what one should consider when
>>>>> deciding if the reference being offered is satisfactory, but no such advice
>>>>> is present here.  Do we need any?
>>>>>
>>>>
>>>> I think the RFC's guidance is sufficient. ("documented in a permanent
>>>> and readily available public specification, in sufficient detail so that
>>>> interoperability between independent implementations is possible")
>>>>
>>>>
>>>>> Section 4.4.1:
>>>>>
>>>>> I'm a stickler for correct use of SHOULD, so I'm going to test a
>>>>> couple of these.  In this section, there's a SHOULD mark keys one way or
>>>>> the other, but never both.  Since SHOULD allows a choice, is there ever a
>>>>> reason to mark a key as both?  Or should that really be a MUST?
>>>>>
>>>>
>>>> I think you're right on this one.
>>>>
>>>>
>>>>> Section 4.4.4:
>>>>>
>>>>> Same SHOULD question.
>>>>>
>>>>
>>>> This one is "SHOULD" as in "it's complicated". For example:
>>>>
>>>> * Not all crypto libraries are constant-time in this way
>>>> * In some systems, failures will manifest to higher layers as dropped
>>>> packets, which may end up in things like RTCP reports.
>>>>
>>>> The attacks that would be enabled by failing to meet the requirement
>>>> are conditional in some similarly complicated ways.  So it's not an
>>>> "absolute requirement"; thus SHOULD.
>>>>
>>>> There's also a SHOULD in Section 7.3, which is conditional in a similar
>>>> way.  The desired FS/PCS properties vary among applications, and it's not
>>>> up to this specification to enforce a specific set of properties at this
>>>> level.
>>>>
>>>>
>>>>> Section 9.3:
>>>>>
>>>>> Are there any informative references that might be offered regarding
>>>>> the mitigations suggested here?
>>>>>
>>>>
>>>> Added a citation to the SRTP algorithm.
>>>>
>>>>
>>>>>
>>>>> Section 7.5:
>>>>>
>>>>> The first bullet appears to be one sentence that's been broken into
>>>>> two.
>>>>>
>>>>
>>>> So you don't like the initial "So".  Reworded.
>>>>
>>>> --RLB
>>>>
>>>>
>>>>
>>>>>
>>>>> -MSK
>>>>>
>>>>>
>>>>> --
>>>>> Sframe mailing list
>>>>> Sframe@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/sframe
>>>>>
>>>>

v2.23.0 | Report a Bug | By Email