IETF Logo Mail Archive

Re: [Sframe] Publication has been requested for draft-ietf-sframe-enc-06

Richard Barnes <rlb@ipv.sx> Thu, 01 February 2024 22:37 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C60B8C14F5FA for <sframe@ietfa.amsl.com>; Thu, 1 Feb 2024 14:37:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vpJd1VVyMoSp for <sframe@ietfa.amsl.com>; Thu, 1 Feb 2024 14:37:02 -0800 (PST)
Received: from mail-il1-x129.google.com (mail-il1-x129.google.com [IPv6:2607:f8b0:4864:20::129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D05D3C14F6FD for <sframe@ietf.org>; Thu, 1 Feb 2024 14:37:02 -0800 (PST)
Received: by mail-il1-x129.google.com with SMTP id e9e14a558f8ab-36396ae2361so5949205ab.1 for <sframe@ietf.org>; Thu, 01 Feb 2024 14:37:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20230601.gappssmtp.com; s=20230601; t=1706827021; x=1707431821; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=aUAkwz41Szz4wjpf+D3AiIWMGDqZgIx/qTu2ALN/3Sc=; b=V+suKO5PRJGJ+v7ybyhyHdkPtATmnmLir6DHDEAtFRr6Lx6HcHG9YgkZQCpyDLbL/J /YMqWYlDhBUxnoGU40su7ookzcLBVwq75LtqndMt35cJVBRMiz1z/GMXW6POX7v6Ijbb +B5J98BOO2zgo06gISwO5oEcdwdf0N6doybuLDhz8Q7bDiiPnGN+HPNZYvX3uLXY/4Be 7S32RRnOBJhPLsEaaS52qXGTV0Dy+htSRTsKEAGvR6wMtFFpWx7qqE0AdkTFyHqnAeF5 sPiwyxvVX1QULkrrR8al0igDs5mw/lQwmitVGpyhH9JabAQrPmLf2Fe2jkQu/nilo6eS tlNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706827021; x=1707431821; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=aUAkwz41Szz4wjpf+D3AiIWMGDqZgIx/qTu2ALN/3Sc=; b=BMyIc8hzSHpu4g0gM+nitFXFIIEPTB3HC+tzg26tXAMSnhfCkwI0PBAfXwjAMRETew 6BZgpj9tpnA1jzCpCyn46xndKeVWatZsgvSso/dfp+g4AnIkmvxVCfhuHUCIieOaCE5b o3e1Y+Pmh18PPAkznQ0/h+yjz85Cvg/CAbUxTwnCNRmMBlXup/cUWPTIhmXe1kiuiYxq mcd7qNu40yFG2kx7nmlmvDfl7aCiPxZI++ksl+BkKWlWo0NeYSlGHLCYl2PYKKFA/rPe KvQmKUPT9CA5g8iYnNtiweQJlhADEpXFH5JbeoMJL3mIv9w9EFA0qxwinG+4qNG4u2fh q32A==
X-Gm-Message-State: AOJu0YzpLro76nu18J77khrNIVjeVbJ98/TjBiCH/YnCtbSnL5tmvNNT MmuCoPY/UDUZZXnJ/E+jv/7CcCQpMuftTXzBztN93tgBzsO4hT+MEXb4diFiM4ap5dNNLXUpvoU N+9XR1mE71fvmosHr26+MXedo9INkC+MRHGU3Kg==
X-Google-Smtp-Source: AGHT+IEYbtfPs4lxAMaqCBEtXRVswbDUqw5LOcKcl+YBDz4/5T9un7yhzOcC7nD5sfXgTgMUBqAJ36Jgiwci5DHfpvk=
X-Received: by 2002:a92:c743:0:b0:363:b13d:3277 with SMTP id y3-20020a92c743000000b00363b13d3277mr459603ilp.20.1706827021693; Thu, 01 Feb 2024 14:37:01 -0800 (PST)
MIME-Version: 1.0
References: <170182043936.679.4345250232615285561@ietfa.amsl.com> <CAL0qLwa+73QryfCxGEG_0FSGRK06sJDsNjq2JZH3X4J9_JeUZg@mail.gmail.com>
In-Reply-To: <CAL0qLwa+73QryfCxGEG_0FSGRK06sJDsNjq2JZH3X4J9_JeUZg@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Thu, 01 Feb 2024 12:36:57 -1000
Message-ID: <CAL02cgTV62U7pRcnJ3EmPn93CmPqH3iyi6m-wERQkz3jWK2wxg@mail.gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: sframe@ietf.org
Content-Type: multipart/alternative; boundary="0000000000005248a0061059a2fa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/mExo4JbkpPVUpbk_7iptxVgIIaM>
Subject: Re: [Sframe] Publication has been requested for draft-ietf-sframe-enc-06
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Feb 2024 22:37:04 -0000

Inline...

On Wed, Jan 31, 2024 at 7:48 PM Murray S. Kucherawy <superuser@gmail.com>
wrote:

>
> Hello all,
>

Hello Murray!


> Sorry this has taken me so long to get through.  Overall I think it's
> quite well done and what I've managed to come up with is mostly minor.  So,
> here's what I've got so far; rather than have you keep waiting on more
> comments or questions, I'm going to request Last Call now in parallel with
> me finishing my review.  We can deal with these alongside any Last Call
> feedback and directorate reviews if you like.
>

Sounds good to me.  I filed a PR for your comments:
https://github.com/sframe-wg/sframe/pull/183


> In no particular order:
>
> Section 8:
>
> This kind of reads like at one point you were asking for multiple
> registries, but only one remains.  Some of the grammar mismatches should be
> tidied up.
>

Done.


> Per RFC 8126, a "Specification Required" registry strongly encourages
> advice to the Designated Expert about what one should consider when
> deciding if the reference being offered is satisfactory, but no such advice
> is present here.  Do we need any?
>

I think the RFC's guidance is sufficient. ("documented in a permanent and
readily available public specification, in sufficient detail so that
interoperability between independent implementations is possible")


> Section 4.4.1:
>
> I'm a stickler for correct use of SHOULD, so I'm going to test a couple of
> these.  In this section, there's a SHOULD mark keys one way or the other,
> but never both.  Since SHOULD allows a choice, is there ever a reason to
> mark a key as both?  Or should that really be a MUST?
>

I think you're right on this one.


> Section 4.4.4:
>
> Same SHOULD question.
>

This one is "SHOULD" as in "it's complicated". For example:

* Not all crypto libraries are constant-time in this way
* In some systems, failures will manifest to higher layers as dropped
packets, which may end up in things like RTCP reports.

The attacks that would be enabled by failing to meet the requirement are
conditional in some similarly complicated ways.  So it's not an "absolute
requirement"; thus SHOULD.

There's also a SHOULD in Section 7.3, which is conditional in a similar
way.  The desired FS/PCS properties vary among applications, and it's not
up to this specification to enforce a specific set of properties at this
level.


> Section 9.3:
>
> Are there any informative references that might be offered regarding the
> mitigations suggested here?
>

Added a citation to the SRTP algorithm.


>
> Section 7.5:
>
> The first bullet appears to be one sentence that's been broken into two.
>

So you don't like the initial "So".  Reworded.

--RLB



>
> -MSK
>
>
> --
> Sframe mailing list
> Sframe@ietf.org
> https://www.ietf.org/mailman/listinfo/sframe
>

v2.23.0 | Report a Bug | By Email