IETF Logo Mail Archive

Re: [Sframe] Publication has been requested for draft-ietf-sframe-enc-06

"Murray S. Kucherawy" <superuser@gmail.com> Thu, 29 February 2024 16:52 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0CF1C14F6B4 for <sframe@ietfa.amsl.com>; Thu, 29 Feb 2024 08:52:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T4c3ik5FH3VP for <sframe@ietfa.amsl.com>; Thu, 29 Feb 2024 08:52:51 -0800 (PST)
Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9505C14F5FF for <sframe@ietf.org>; Thu, 29 Feb 2024 08:52:51 -0800 (PST)
Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-a4462fbf098so14102066b.1 for <sframe@ietf.org>; Thu, 29 Feb 2024 08:52:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709225570; x=1709830370; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=zaiHawRUYltj7DZ0ZEN7CYYNg45gpW5P/CMDpmJL8DA=; b=bFesqklcEz8sZ2zmf5Zhd0hmwVjMN34iROg5s5/OffG1JVAK33pG5ubmtfXg4s5kKI R7f+AkqxV4Oshjd3nS9YjKpeULz2pAlpVEV2tlZ+0cBt0VEzxdiMEhpJnyGvMIw4GWHn xl054Hp+B7lVIdCXCzjx8lrzQZr2TakdhhFYvNwC2LPKirrWMPprJlgheRVuQu12rQu1 kuASgzgvFPl8WStgnbAi/YS4OFawFvaiEJ/i5cNYBx2gcmyHCBrElYpvamuxDDJ6dy04 qYiTDPeQKykJh0hUp8DIVGx8uKqhDeHsGAnyNqA/gFSpRVAL1sOpusoWepq3f371ZYLl hSHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709225570; x=1709830370; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zaiHawRUYltj7DZ0ZEN7CYYNg45gpW5P/CMDpmJL8DA=; b=dnU0oMDouj54/70TGdiyagoTKM1+nWskN4OEhJMWghLWBM3wBBKFP/rPJwhpDahn/j UIc56KPGhYF7Swfe4CcS18LVTy77zE97Fw44DwpeiesuQhxpTVWbVKEzVBx4qjEg+Xcl Nmhupz0ep9K5CEUWcyuooNnimz6Gnk2f4goKNPsyVRepKsESdFpG0I30HkVmZeRb81Sd RSQTlMTkoSruLBu0Oy+LqZhe2+5JER2/uBOUTKqQ0ZtXhZSURAjCHHBzle7JlDua6FgG 72hNwl5PExMG1NQQ1QryFXEjuYApt6q5IwQpOWedbnaL3zsaT3remoi0HNJ6r+hEh6PI w6cQ==
X-Gm-Message-State: AOJu0YyHhXQsbHBnZiJSOVQo+oOAx5vtE/kI1B3q/G3oEHsTdBQNvZTI 8t2LCMecCDfDQ4faTzl5BEvhGoe8aFIDYFhAV1iB8lyK9Nvy6TEp4WqdEXCNtGbp6xISLcdV+HD xgmsCJRA7VuZu7GGpfr6Zc1GzDBg=
X-Google-Smtp-Source: AGHT+IFR/lvnJIFtIHYCCUcf4RtNx6ro/umt6GaW+0NIf6Py5+jz0XXUI5zoK/GUT/4Fyr1nJH1kb1vNj4rdxOq6PQo=
X-Received: by 2002:a17:906:3110:b0:a3e:9a90:7f68 with SMTP id 16-20020a170906311000b00a3e9a907f68mr1844736ejx.7.1709225569968; Thu, 29 Feb 2024 08:52:49 -0800 (PST)
MIME-Version: 1.0
References: <170182043936.679.4345250232615285561@ietfa.amsl.com> <CAL0qLwa+73QryfCxGEG_0FSGRK06sJDsNjq2JZH3X4J9_JeUZg@mail.gmail.com> <CAL02cgTV62U7pRcnJ3EmPn93CmPqH3iyi6m-wERQkz3jWK2wxg@mail.gmail.com> <CAL0qLwbnRm9yKygbS=96dxufmVOhpsH8bTXcYi_ButHrCsdn3Q@mail.gmail.com>
In-Reply-To: <CAL0qLwbnRm9yKygbS=96dxufmVOhpsH8bTXcYi_ButHrCsdn3Q@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Thu, 29 Feb 2024 08:52:37 -0800
Message-ID: <CAL0qLwauKox5hNMzJYfMuU5s_Hxt3nsHVVCB2Do1kF_nu=QghQ@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Cc: sframe@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f0656d06128816af"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/Wkjsk-MYBCuuGU_kF9oNLmeLZ_c>
Subject: Re: [Sframe] Publication has been requested for draft-ietf-sframe-enc-06
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Feb 2024 16:52:55 -0000

...and, I guess, any necessary responses to the other directorate reviews
(SEC, ART)?

-MSK

On Thu, Feb 29, 2024 at 8:52 AM Murray S. Kucherawy <superuser@gmail.com>
wrote:

> Thanks for these; can we expect a -07 with that PR incorporated before I
> send it to the IESG?
>
> -MSK
>
> On Thu, Feb 1, 2024 at 2:37 PM Richard Barnes <rlb@ipv.sx> wrote:
>
>> Inline...
>>
>> On Wed, Jan 31, 2024 at 7:48 PM Murray S. Kucherawy <superuser@gmail.com>
>> wrote:
>>
>>>
>>> Hello all,
>>>
>>
>> Hello Murray!
>>
>>
>>> Sorry this has taken me so long to get through.  Overall I think it's
>>> quite well done and what I've managed to come up with is mostly minor.  So,
>>> here's what I've got so far; rather than have you keep waiting on more
>>> comments or questions, I'm going to request Last Call now in parallel with
>>> me finishing my review.  We can deal with these alongside any Last Call
>>> feedback and directorate reviews if you like.
>>>
>>
>> Sounds good to me.  I filed a PR for your comments:
>> https://github.com/sframe-wg/sframe/pull/183
>>
>>
>>> In no particular order:
>>>
>>> Section 8:
>>>
>>> This kind of reads like at one point you were asking for multiple
>>> registries, but only one remains.  Some of the grammar mismatches should be
>>> tidied up.
>>>
>>
>> Done.
>>
>>
>>> Per RFC 8126, a "Specification Required" registry strongly encourages
>>> advice to the Designated Expert about what one should consider when
>>> deciding if the reference being offered is satisfactory, but no such advice
>>> is present here.  Do we need any?
>>>
>>
>> I think the RFC's guidance is sufficient. ("documented in a permanent and
>> readily available public specification, in sufficient detail so that
>> interoperability between independent implementations is possible")
>>
>>
>>> Section 4.4.1:
>>>
>>> I'm a stickler for correct use of SHOULD, so I'm going to test a couple
>>> of these.  In this section, there's a SHOULD mark keys one way or the
>>> other, but never both.  Since SHOULD allows a choice, is there ever a
>>> reason to mark a key as both?  Or should that really be a MUST?
>>>
>>
>> I think you're right on this one.
>>
>>
>>> Section 4.4.4:
>>>
>>> Same SHOULD question.
>>>
>>
>> This one is "SHOULD" as in "it's complicated". For example:
>>
>> * Not all crypto libraries are constant-time in this way
>> * In some systems, failures will manifest to higher layers as dropped
>> packets, which may end up in things like RTCP reports.
>>
>> The attacks that would be enabled by failing to meet the requirement are
>> conditional in some similarly complicated ways.  So it's not an "absolute
>> requirement"; thus SHOULD.
>>
>> There's also a SHOULD in Section 7.3, which is conditional in a similar
>> way.  The desired FS/PCS properties vary among applications, and it's not
>> up to this specification to enforce a specific set of properties at this
>> level.
>>
>>
>>> Section 9.3:
>>>
>>> Are there any informative references that might be offered regarding the
>>> mitigations suggested here?
>>>
>>
>> Added a citation to the SRTP algorithm.
>>
>>
>>>
>>> Section 7.5:
>>>
>>> The first bullet appears to be one sentence that's been broken into two.
>>>
>>
>> So you don't like the initial "So".  Reworded.
>>
>> --RLB
>>
>>
>>
>>>
>>> -MSK
>>>
>>>
>>> --
>>> Sframe mailing list
>>> Sframe@ietf.org
>>> https://www.ietf.org/mailman/listinfo/sframe
>>>
>>

v2.23.0 | Report a Bug | By Email