[Sframe] Deb Cooley's No Objection on draft-ietf-sframe-enc-07: (with COMMENT)
Deb Cooley via Datatracker <noreply@ietf.org> Tue, 02 April 2024 22:46 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: sframe@ietf.org
Delivered-To: sframe@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A5509C14F5E4; Tue, 2 Apr 2024 15:46:32 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Deb Cooley via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-sframe-enc@ietf.org, sframe-chairs@ietf.org, sframe@ietf.org, mt@lowentropy.net, mt@lowentropy.net
X-Test-IDTracker: no
X-IETF-IDTracker: 12.9.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Deb Cooley <debcooley1@gmail.com>
Message-ID: <171209799266.2693.8564336183700396722@ietfa.amsl.com>
Date: Tue, 02 Apr 2024 15:46:32 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/m3MtznwVsv7h20L0cWdbFYddSXM>
Subject: [Sframe] Deb Cooley's No Objection on draft-ietf-sframe-enc-07: (with COMMENT)
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2024 22:46:32 -0000
Deb Cooley has entered the following ballot position for draft-ietf-sframe-enc-07: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sframe-enc/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks to Carl Wallace for his review. I checked some of his nits, and they appear to be addressed, even though there was nothing on the mailing list to indicate that (at least not directly). I thought this was well written. I view these as pretty minor comments. I'm happy to discuss them, and adjust. Section 4.1, 7.1: "an E2EE layer over an underlying HBH-encrypted transport". It would be clearer to say "an E2EE layer inside a HBH-encrypted transport". Obviously the HBH encryption has to be on the outside, right? I'm assuming that 'over' means above it in the protocol stack. If this is a common way to say this in the IETF, then it is fine (I'll get used to it eventually). Section 4.4.1, para 2: Potential re-use of counter values would be reduced in implementations if the previous counter value was stored (currently next counter is stored). The client increments (and stores) at the start vice after the counter is used. It eliminates a failure to store the next value. Only my opinion... If there are many implementations already, then I withdraw the comment. Confusion caused mid implementation is worse than leaving it alone. Section 4.4.2: If 'sframe_key_label' and 'sframe_salt_label' is 'info' in the HKDF computation, that should be stated somewhere (or replace 'info' with the label name). Section 4.4.3/4.4.4: Metadata is both encrypted and appended in the clear (visible to the SFU)? If so, is the decrypted metatdata compared with the appended metadata? Assuming that the metadata is encrypted to provide integrity... Is this stated somewhere? Section 4.4.4: Does the decryptor keep track of CTR state? If so, what happens if a CTR value is re-used by the encryptor? Is the sframe rejected? Is there an error sent? maybe out of band (through the signaling channel)? Section 4.5.1: For "enc_key_sframe_key[..Nka]" add a comment stating that this is picking the first Nka bytes. Also add a comment to "auth_key = sframe_key[Nka..]" stating to skip Nka bytes to pick the last Nh bytes. (this is done as a comment later in the document, so do it here too) Section 5: Key management is the responsibility of the application. And then there is section 5.1 and 5.2. Are they options? Suggestions? Perhaps add 'Section 5.1 and 5.2 provide two options for partial key management frameworks.' (framework might not be the right word, because neither 5.1 nor 5.2 discuss how the base_key gets generated.)
- [Sframe] Deb Cooley's No Objection on draft-ietf-… Deb Cooley via Datatracker