IETF Logo Mail Archive

Re: [Sipbrandy] AD Evaluation of draft-ietf-sipbrandy-osrtp-07

Andy Hutton <andyhutton.ietf@gmail.com> Mon, 25 March 2019 21:26 UTC

Return-Path: <andyhutton.ietf@gmail.com>
X-Original-To: sipbrandy@ietfa.amsl.com
Delivered-To: sipbrandy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 127FA1200B9; Mon, 25 Mar 2019 14:26:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jwb00Pjm57Qv; Mon, 25 Mar 2019 14:26:26 -0700 (PDT)
Received: from mail-vs1-xe30.google.com (mail-vs1-xe30.google.com [IPv6:2607:f8b0:4864:20::e30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACE911200B7; Mon, 25 Mar 2019 14:26:26 -0700 (PDT)
Received: by mail-vs1-xe30.google.com with SMTP id s2so5047896vsi.5; Mon, 25 Mar 2019 14:26:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=xNb33/8F2twtS+XSCKPhnQv45jWcPHLMgOCgbvdZBec=; b=Gjz2NSN7ayiW0VpjuS7mBk3K7GUouy4JTEnmrPHm+SBnOlapbGpmYXFZ4tCMHz8tfZ rd3ipXtQ2ZFkDdKXvpXUDfauHhLmqE15DOYuCrCB1HRGHFVYfqEu+hq7+U5qqGTJG9HG QesT/kTyNvthhsV5GmEaKXpT9KHC0WcCHqAz3GsjIWpSOCcYAYJQN4XTyQYv5kpjvkRz HrUtxfoOyPdMin5spYvTfBZldRGQtIhDt0DSc50kV436tS378GOgvGzetJXyEHZ7UMqq JVf150pUJ0tAZ5xHL2d/id4ViSah2VOR0HApvlPIgGvfGtGt4za+6AB6Btz/jI3C49Pj JM3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=xNb33/8F2twtS+XSCKPhnQv45jWcPHLMgOCgbvdZBec=; b=KRT/1m6Xl0NSP77tG46z4u6umfo5xUS5rhLA+7h/lqfjFcpmJwQFnK7iWnLG+wSURC sBsyAyhL58hx94Eksqbn6Fw4cB+p6xpQX538NCEc3QEH4yc4c1D5KYL5km3YxbhEo6xw Y6h8KZLFgrYvr1UfdV6sYeLtWC7GKF3J7pVerNizjoc3bCO5LRzHa2jGjdKwCY3MiJLx RYVDQUISDNRK8eXC6mgm8k+hUrsF+23TiYzxUQT5ZFvAAJRyUZDq1+NExy49jTkxj+F1 os1k7nGLlG0LMT7R6y7FuFFhm8cy2fAM0/39RNM5TrDmJ9dIOv+Cp2mAh7OHxei8MEyO P01A==
X-Gm-Message-State: APjAAAUKmLqsIdIYYyWORwl6lYwQb7MzeKo/jhE8D5GBeQxjkSzms4pW XpIT/GQTOH0F2pK2mbI5FH+RW7moiL3gswBjCN4=
X-Google-Smtp-Source: APXvYqwwoFCi1ae//NAOLDkAUw+9DyRaZc1CpECTRUCkkVkTNA/9iMc0SVmyzYZaidI3pv+cdfjgG50QTf7OYTIAYCM=
X-Received: by 2002:a67:828f:: with SMTP id e137mr16523245vsd.131.1553549185713; Mon, 25 Mar 2019 14:26:25 -0700 (PDT)
MIME-Version: 1.0
References: <72C42C63-D5C4-403D-A895-429CB2238AC3@nostrum.com> <e6724bd0-1ea0-3014-8836-60dc454c2982@ericsson.com>
In-Reply-To: <e6724bd0-1ea0-3014-8836-60dc454c2982@ericsson.com>
From: Andy Hutton <andyhutton.ietf@gmail.com>
Date: Mon, 25 Mar 2019 22:26:23 +0100
Message-ID: <CAB7PXwTUXUa1Euar+hXY4EzOqZ0_U-eru=e1ApjTy4a2FCBYJg@mail.gmail.com>
To: Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>
Cc: Ben Campbell <ben@nostrum.com>, "draft-ietf-sipbrandy-osrtp.all@ietf.org" <draft-ietf-sipbrandy-osrtp.all@ietf.org>, "sipbrandy@ietf.org" <sipbrandy@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipbrandy/Pjm3s5Gcg0535ERRrCeGaGdSSkM>
Subject: Re: [Sipbrandy] AD Evaluation of draft-ietf-sipbrandy-osrtp-07
X-BeenThere: sipbrandy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIPBRANDY working group discussion list <sipbrandy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipbrandy>, <mailto:sipbrandy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipbrandy/>
List-Post: <mailto:sipbrandy@ietf.org>
List-Help: <mailto:sipbrandy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipbrandy>, <mailto:sipbrandy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2019 21:26:30 -0000

Sorry about the delay.

See below.

I will update the draft.

Andy

On Fri, 15 Feb 2019 at 08:46, Gonzalo Camarillo
<gonzalo.camarillo@ericsson.com> wrote:
>
> Thanks for the quick review, Ben!
>
> Authors, please address Ben's comments below.
>
> Cheers,
>
> Gonzalo
>
> On 14-Feb-19 22:46, Ben Campbell wrote:
> > Hi,
> >
> > This is my AD Evaluation of draft-ietf-sipbrandy-osrtp-07.
> >
> > Thank you for a readable and easy to understand document.There is one comment I would like to resolve prior to IETF LC. The others can be resolved along with any last call feedback.
> >
> > *** Please resolve prior to IETF LC ***
> >
> > §4: The relaxation of authentication requirements for DTLS-SRTP and SDES could use some elaboration on why this acceptable. I _think_ the answer is that, since OSRTP doesn’t guaranty authentication, there’s no need for such a guaranty from the signaling channel. Is that correct?
> >
> > OTOH, §1 says "third mode for security between "cleartext” and "comprehensive protection" that allows encryption and authentication to be used if supported…”. That suggests that that authentication is sometimes provided. Is there a distinction between the authenticated case and unauthenticated case that should be mentioned somewhere? (For example, is there a need to indicate the distinction to the user?)
> >

$1 should I think say "allows encryption and authenticated media" but
I cannot remember why we said the signalling authentication
requirements are relaxed this has been in the draft from day 1 and I
guess it is consistent with the best effort approach.

Anyone else want to comment?


> > *** Other Substantive Comments ***
> >
> > §2: Please use the new boilerplate from RFC 8174.

Will do.

> >
> > §3.1: Please clarify that that the offer can contain more than one key management attribute. This is mentioned in §3.1, but not actually in the section on generating the offer.

Will do.

> >
> > *** Editorial Comments ***
> >
> > §3: "As discussed in [RFC7435], this is
> > the "comprehensive protection" for media mode.”
> > s/this/that

Thanks

> >
> > §3.4: "meaning that the decision to
> > create an OSRTP type offer or something else should not be influenced”
> > That’s referring to the decision to create a _new_ offer, right? Not the original offer?

Correct.

> >
> >
> >
> > _______________________________________________
> > Sipbrandy mailing list
> > Sipbrandy@ietf.org
> > https://www.ietf.org/mailman/listinfo/sipbrandy
> >
> _______________________________________________
> Sipbrandy mailing list
> Sipbrandy@ietf.org
> https://www.ietf.org/mailman/listinfo/sipbrandy

v2.23.0 | Report a Bug | By Email