Re: [Sframe] Publication has been requested for draft-ietf-sframe-enc-06
Richard Barnes <rlb@ipv.sx> Thu, 29 February 2024 16:58 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36EF7C14F6BD for <sframe@ietfa.amsl.com>; Thu, 29 Feb 2024 08:58:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.904
X-Spam-Level:
X-Spam-Status: No, score=-6.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id flNYGWYxQqkG for <sframe@ietfa.amsl.com>; Thu, 29 Feb 2024 08:58:43 -0800 (PST)
Received: from mail-il1-x130.google.com (mail-il1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 248F7C14F6A3 for <sframe@ietf.org>; Thu, 29 Feb 2024 08:58:42 -0800 (PST)
Received: by mail-il1-x130.google.com with SMTP id e9e14a558f8ab-3651b948db6so4444275ab.0 for <sframe@ietf.org>; Thu, 29 Feb 2024 08:58:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20230601.gappssmtp.com; s=20230601; t=1709225922; x=1709830722; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=kLpw1aJlmKF4yG2unqX4ESTtX3UR5y/gopEyanvuXHU=; b=zqkjkbjQ6H8KzuUmZ/gZPm1yEGmA4hbihwjz+7fV5R2wT9l5zaLs0Io+2I9ds4vIQP z/C44T+tIr8zBUj3/6ZHdDcuhNX9XSEUzj6q/hoe9Dxw1PwE4dFexXJ6mzLuVRlOEH/Z BzjaFvEAKhkpNC9GqaPGnaxD5Z4Lav1GgHndHy0mFi4kWRCpZt/E8a5Qo97XxziMpPL0 T8rtmesgE0lrn3gjz+UscB7VCR7XpRzo3xYri/7hsQfLKZhvyCCiDE1A4U4w9KbXZjvh GWmyyc9HDHIPO/7Ax7NfknC/HU3kx+no9Xrc1pksfVnI9QAPotx/8gJSGyeva8qaECgu 2gYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709225922; x=1709830722; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=kLpw1aJlmKF4yG2unqX4ESTtX3UR5y/gopEyanvuXHU=; b=Z+g7b//7yTyv3mfOzIqm9oa9WzEYgSOBURwvkKyA7fD4LwU2Svu48GwAuKmMfDgEh3 XspQW1gPTAfmpyQ/7TnZx2LV/JNIIJpo7ZIkudbCN+myUw1htU5kPVJTS7IpvnSrk8oK 9h2c8Mf/LZDfftxUEIZcccrVsCXsNV8VIIHRFeQKqR3iKa+HfmyfCKIafO1kyTU7o0Cm eHp4wUNcA4AVecO1x+50/EHm/E1Fr4eMIfREvwoPgKOFiuJ5LzM75yaDiE9u3QSwm3wf zrYKolkzz5OD2szPa/9KCGHUprd4LfIdtPjiwXFVYOw+CMdZpQri1Ad7GDZFRk45UAWX QEEQ==
X-Gm-Message-State: AOJu0YxRVlEAFQ8gvlDJZH8u/SmOkNaGszX51hZhp16YfSfSdnnr+bHQ otdaXgDoIoQnqnhWLd7nYFXBj3XcUEqYKR9m61ZgmqJoLL5kG/pN+G1jTu3aXqWk1H/ajIC+4Au 1IqgWzLEQz7z5j88sXIyI4XuvY/1H05EuJSaxRQ==
X-Google-Smtp-Source: AGHT+IF9I8grq05ed4/b7c+SrVk2OggSlP7/tOAZivcZ6gmwQx8XIykdKmZWAUev3Zgrb7Zq5cs+PuPXyRNQWgmQeL8=
X-Received: by 2002:a92:dcc7:0:b0:365:2f3f:846 with SMTP id b7-20020a92dcc7000000b003652f3f0846mr3103433ilr.23.1709225922030; Thu, 29 Feb 2024 08:58:42 -0800 (PST)
MIME-Version: 1.0
References: <170182043936.679.4345250232615285561@ietfa.amsl.com> <CAL0qLwa+73QryfCxGEG_0FSGRK06sJDsNjq2JZH3X4J9_JeUZg@mail.gmail.com> <CAL02cgTV62U7pRcnJ3EmPn93CmPqH3iyi6m-wERQkz3jWK2wxg@mail.gmail.com> <CAL0qLwbnRm9yKygbS=96dxufmVOhpsH8bTXcYi_ButHrCsdn3Q@mail.gmail.com> <CAL0qLwauKox5hNMzJYfMuU5s_Hxt3nsHVVCB2Do1kF_nu=QghQ@mail.gmail.com>
In-Reply-To: <CAL0qLwauKox5hNMzJYfMuU5s_Hxt3nsHVVCB2Do1kF_nu=QghQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Thu, 29 Feb 2024 09:58:30 -0700
Message-ID: <CAL02cgRYd8QyKo+uA3D4q7MCDDu50SxHGpu8uFG5YurBZNMxvQ@mail.gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: sframe@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ec81970612882b0e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/w_L9hE5DLphC7ZQC5NFZi2nKBYU>
Subject: Re: [Sframe] Publication has been requested for draft-ietf-sframe-enc-06
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Feb 2024 16:58:44 -0000
We have pull requests covering all the reviews so far. https://github.com/sframe-wg/sframe/pulls I'll get them reviewed and merged ASAP, then send you a new draft. On Thu, Feb 29, 2024 at 9:52 AM Murray S. Kucherawy <superuser@gmail.com> wrote: > ...and, I guess, any necessary responses to the other directorate reviews > (SEC, ART)? > > -MSK > > On Thu, Feb 29, 2024 at 8:52 AM Murray S. Kucherawy <superuser@gmail.com> > wrote: > >> Thanks for these; can we expect a -07 with that PR incorporated before I >> send it to the IESG? >> >> -MSK >> >> On Thu, Feb 1, 2024 at 2:37 PM Richard Barnes <rlb@ipv.sx> wrote: >> >>> Inline... >>> >>> On Wed, Jan 31, 2024 at 7:48 PM Murray S. Kucherawy <superuser@gmail.com> >>> wrote: >>> >>>> >>>> Hello all, >>>> >>> >>> Hello Murray! >>> >>> >>>> Sorry this has taken me so long to get through. Overall I think it's >>>> quite well done and what I've managed to come up with is mostly minor. So, >>>> here's what I've got so far; rather than have you keep waiting on more >>>> comments or questions, I'm going to request Last Call now in parallel with >>>> me finishing my review. We can deal with these alongside any Last Call >>>> feedback and directorate reviews if you like. >>>> >>> >>> Sounds good to me. I filed a PR for your comments: >>> https://github.com/sframe-wg/sframe/pull/183 >>> >>> >>>> In no particular order: >>>> >>>> Section 8: >>>> >>>> This kind of reads like at one point you were asking for multiple >>>> registries, but only one remains. Some of the grammar mismatches should be >>>> tidied up. >>>> >>> >>> Done. >>> >>> >>>> Per RFC 8126, a "Specification Required" registry strongly encourages >>>> advice to the Designated Expert about what one should consider when >>>> deciding if the reference being offered is satisfactory, but no such advice >>>> is present here. Do we need any? >>>> >>> >>> I think the RFC's guidance is sufficient. ("documented in a permanent >>> and readily available public specification, in sufficient detail so that >>> interoperability between independent implementations is possible") >>> >>> >>>> Section 4.4.1: >>>> >>>> I'm a stickler for correct use of SHOULD, so I'm going to test a couple >>>> of these. In this section, there's a SHOULD mark keys one way or the >>>> other, but never both. Since SHOULD allows a choice, is there ever a >>>> reason to mark a key as both? Or should that really be a MUST? >>>> >>> >>> I think you're right on this one. >>> >>> >>>> Section 4.4.4: >>>> >>>> Same SHOULD question. >>>> >>> >>> This one is "SHOULD" as in "it's complicated". For example: >>> >>> * Not all crypto libraries are constant-time in this way >>> * In some systems, failures will manifest to higher layers as dropped >>> packets, which may end up in things like RTCP reports. >>> >>> The attacks that would be enabled by failing to meet the requirement are >>> conditional in some similarly complicated ways. So it's not an "absolute >>> requirement"; thus SHOULD. >>> >>> There's also a SHOULD in Section 7.3, which is conditional in a similar >>> way. The desired FS/PCS properties vary among applications, and it's not >>> up to this specification to enforce a specific set of properties at this >>> level. >>> >>> >>>> Section 9.3: >>>> >>>> Are there any informative references that might be offered regarding >>>> the mitigations suggested here? >>>> >>> >>> Added a citation to the SRTP algorithm. >>> >>> >>>> >>>> Section 7.5: >>>> >>>> The first bullet appears to be one sentence that's been broken into two. >>>> >>> >>> So you don't like the initial "So". Reworded. >>> >>> --RLB >>> >>> >>> >>>> >>>> -MSK >>>> >>>> >>>> -- >>>> Sframe mailing list >>>> Sframe@ietf.org >>>> https://www.ietf.org/mailman/listinfo/sframe >>>> >>>
- [Sframe] Publication has been requested for draft… Martin Thomson via Datatracker
- Re: [Sframe] Publication has been requested for d… Murray S. Kucherawy
- Re: [Sframe] Publication has been requested for d… Richard Barnes
- Re: [Sframe] Publication has been requested for d… Murray S. Kucherawy
- Re: [Sframe] Publication has been requested for d… Murray S. Kucherawy
- Re: [Sframe] Publication has been requested for d… Richard Barnes
- Re: [Sframe] Publication has been requested for d… Richard Barnes