Re: [Sframe] Publication has been requested for draft-ietf-sframe-enc-06
Richard Barnes <rlb@ipv.sx> Thu, 29 February 2024 18:15 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46852C14F697 for <sframe@ietfa.amsl.com>; Thu, 29 Feb 2024 10:15:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 41t7TeM24E-z for <sframe@ietfa.amsl.com>; Thu, 29 Feb 2024 10:15:47 -0800 (PST)
Received: from mail-il1-x136.google.com (mail-il1-x136.google.com [IPv6:2607:f8b0:4864:20::136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F01E9C14F5FF for <sframe@ietf.org>; Thu, 29 Feb 2024 10:15:42 -0800 (PST)
Received: by mail-il1-x136.google.com with SMTP id e9e14a558f8ab-365337ad3e7so4174785ab.0 for <sframe@ietf.org>; Thu, 29 Feb 2024 10:15:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20230601.gappssmtp.com; s=20230601; t=1709230542; x=1709835342; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=TqrKgesu2h7M8NjAJ4DcBeoCRKonPsR4ldQAwt6Uw5Q=; b=XXSRDZDpcY8NRUayT6II8kk910IhjbojNPdo8wMkLqlQRzQkDgjqe18Y+GbXQf9Env /p3GuYuTt2ml1b5tGow6I8+l1mxquf7bjmryMlKrvCaahap7Ckt+LOSBEBlGbCZIWPh/ dO2gm4/CnLl7dad8Jt8lMNBzgXIkQ0XSY/RZDl+RoCfAeMkySYKS6Y9KKhMwJhczQjZe J8sAnSg4OBAT8YKrtugXvqL44kGyDCeWRQIa1KIn3OBqKX7vzo32VWHlFn48+iFamvF2 cDL5jeiurDZg8EaorVjXDJeD5v34ReXQjLZdEYRZMahGc6imezD8hAB6kxk+kRCk+0ix EIjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709230542; x=1709835342; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TqrKgesu2h7M8NjAJ4DcBeoCRKonPsR4ldQAwt6Uw5Q=; b=Os0lQbICJN1tqeIIX97LU5lW1S38RAjXhIxv1sQEUgRz7r0RhB3NFEsCJ/oC+/EowR 0ZZK9/jHR8HsAz3jHzhLoBEJ0XSq6HEWcaqyFTQpPH6ZMbcqhP4fmGqDFoWLEhi+GPoN fh9CYai6FFY/tv1qYK8hQNNLcyELkdwAjJDO/oPO7aChpKI4P6CNMQ8Ptsu90iBvbjrm Vtm/ibO+856G/U6ed1m3ztWVubfQgs76ewUHnsAfplQsuCRuirBigqa1GLAMnzPcz29f lki3IkpfFSy0UTsnPvfhw5r/lJNPzwKXqVf60B3nqituVwbTwsHuT1SNvhPfSOEnhMz9 /y7w==
X-Gm-Message-State: AOJu0Yy4D1RuE7zkaScuLZY8KTImMXmDiP92IVj5CsjFEuJVgqdvUy8q mJlQu0tkub9nzP6eRna6ksjGC1T6s86wj8IH/PcVKAOS4kyLBeoiZunRTEJao3qFqnpaablgJrX kJK2YFBRc+xIOWPrgWfHHFR7c14f0B/Pi4QBsqQ==
X-Google-Smtp-Source: AGHT+IF92p59zS2z1n3c3dc2sNOoFro8XbUE+ViLk91265xB/WSeoWe9lGPJTjms8a1/H99Sc3OQaGYXeskt6ZEMepM=
X-Received: by 2002:a92:2912:0:b0:364:279c:4a08 with SMTP id l18-20020a922912000000b00364279c4a08mr3417525ilg.23.1709230542027; Thu, 29 Feb 2024 10:15:42 -0800 (PST)
MIME-Version: 1.0
References: <170182043936.679.4345250232615285561@ietfa.amsl.com> <CAL0qLwa+73QryfCxGEG_0FSGRK06sJDsNjq2JZH3X4J9_JeUZg@mail.gmail.com> <CAL02cgTV62U7pRcnJ3EmPn93CmPqH3iyi6m-wERQkz3jWK2wxg@mail.gmail.com> <CAL0qLwbnRm9yKygbS=96dxufmVOhpsH8bTXcYi_ButHrCsdn3Q@mail.gmail.com> <CAL0qLwauKox5hNMzJYfMuU5s_Hxt3nsHVVCB2Do1kF_nu=QghQ@mail.gmail.com> <CAL02cgRYd8QyKo+uA3D4q7MCDDu50SxHGpu8uFG5YurBZNMxvQ@mail.gmail.com>
In-Reply-To: <CAL02cgRYd8QyKo+uA3D4q7MCDDu50SxHGpu8uFG5YurBZNMxvQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Thu, 29 Feb 2024 11:15:30 -0700
Message-ID: <CAL02cgRXFvNk8KzU0J+rVf9tu7B8GYH6C6e_Z8d9A=_WeVkdXw@mail.gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: sframe@ietf.org
Content-Type: multipart/alternative; boundary="0000000000004c145e0612893f22"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/I98DiB9AM-xhvai-bPIGOvrUUhY>
Subject: Re: [Sframe] Publication has been requested for draft-ietf-sframe-enc-06
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Feb 2024 18:15:51 -0000
Just posted draft-07. To the IESG! On Thu, Feb 29, 2024 at 9:58 AM Richard Barnes <rlb@ipv.sx> wrote: > We have pull requests covering all the reviews so far. > > https://github.com/sframe-wg/sframe/pulls > > I'll get them reviewed and merged ASAP, then send you a new draft. > > On Thu, Feb 29, 2024 at 9:52 AM Murray S. Kucherawy <superuser@gmail.com> > wrote: > >> ...and, I guess, any necessary responses to the other directorate reviews >> (SEC, ART)? >> >> -MSK >> >> On Thu, Feb 29, 2024 at 8:52 AM Murray S. Kucherawy <superuser@gmail.com> >> wrote: >> >>> Thanks for these; can we expect a -07 with that PR incorporated before I >>> send it to the IESG? >>> >>> -MSK >>> >>> On Thu, Feb 1, 2024 at 2:37 PM Richard Barnes <rlb@ipv.sx> wrote: >>> >>>> Inline... >>>> >>>> On Wed, Jan 31, 2024 at 7:48 PM Murray S. Kucherawy < >>>> superuser@gmail.com> wrote: >>>> >>>>> >>>>> Hello all, >>>>> >>>> >>>> Hello Murray! >>>> >>>> >>>>> Sorry this has taken me so long to get through. Overall I think it's >>>>> quite well done and what I've managed to come up with is mostly minor. So, >>>>> here's what I've got so far; rather than have you keep waiting on more >>>>> comments or questions, I'm going to request Last Call now in parallel with >>>>> me finishing my review. We can deal with these alongside any Last Call >>>>> feedback and directorate reviews if you like. >>>>> >>>> >>>> Sounds good to me. I filed a PR for your comments: >>>> https://github.com/sframe-wg/sframe/pull/183 >>>> >>>> >>>>> In no particular order: >>>>> >>>>> Section 8: >>>>> >>>>> This kind of reads like at one point you were asking for multiple >>>>> registries, but only one remains. Some of the grammar mismatches should be >>>>> tidied up. >>>>> >>>> >>>> Done. >>>> >>>> >>>>> Per RFC 8126, a "Specification Required" registry strongly encourages >>>>> advice to the Designated Expert about what one should consider when >>>>> deciding if the reference being offered is satisfactory, but no such advice >>>>> is present here. Do we need any? >>>>> >>>> >>>> I think the RFC's guidance is sufficient. ("documented in a permanent >>>> and readily available public specification, in sufficient detail so that >>>> interoperability between independent implementations is possible") >>>> >>>> >>>>> Section 4.4.1: >>>>> >>>>> I'm a stickler for correct use of SHOULD, so I'm going to test a >>>>> couple of these. In this section, there's a SHOULD mark keys one way or >>>>> the other, but never both. Since SHOULD allows a choice, is there ever a >>>>> reason to mark a key as both? Or should that really be a MUST? >>>>> >>>> >>>> I think you're right on this one. >>>> >>>> >>>>> Section 4.4.4: >>>>> >>>>> Same SHOULD question. >>>>> >>>> >>>> This one is "SHOULD" as in "it's complicated". For example: >>>> >>>> * Not all crypto libraries are constant-time in this way >>>> * In some systems, failures will manifest to higher layers as dropped >>>> packets, which may end up in things like RTCP reports. >>>> >>>> The attacks that would be enabled by failing to meet the requirement >>>> are conditional in some similarly complicated ways. So it's not an >>>> "absolute requirement"; thus SHOULD. >>>> >>>> There's also a SHOULD in Section 7.3, which is conditional in a similar >>>> way. The desired FS/PCS properties vary among applications, and it's not >>>> up to this specification to enforce a specific set of properties at this >>>> level. >>>> >>>> >>>>> Section 9.3: >>>>> >>>>> Are there any informative references that might be offered regarding >>>>> the mitigations suggested here? >>>>> >>>> >>>> Added a citation to the SRTP algorithm. >>>> >>>> >>>>> >>>>> Section 7.5: >>>>> >>>>> The first bullet appears to be one sentence that's been broken into >>>>> two. >>>>> >>>> >>>> So you don't like the initial "So". Reworded. >>>> >>>> --RLB >>>> >>>> >>>> >>>>> >>>>> -MSK >>>>> >>>>> >>>>> -- >>>>> Sframe mailing list >>>>> Sframe@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/sframe >>>>> >>>>
- [Sframe] Publication has been requested for draft… Martin Thomson via Datatracker
- Re: [Sframe] Publication has been requested for d… Murray S. Kucherawy
- Re: [Sframe] Publication has been requested for d… Richard Barnes
- Re: [Sframe] Publication has been requested for d… Murray S. Kucherawy
- Re: [Sframe] Publication has been requested for d… Murray S. Kucherawy
- Re: [Sframe] Publication has been requested for d… Richard Barnes
- Re: [Sframe] Publication has been requested for d… Richard Barnes