[Sipbrandy] Comments on draft-peterson-sipbrandy-rtpsec-00
Alan Johnston <alan.b.johnston@gmail.com> Sun, 17 July 2016 08:55 UTC
Return-Path: <alan.b.johnston@gmail.com>
X-Original-To: sipbrandy@ietfa.amsl.com
Delivered-To: sipbrandy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F71612B01B for <sipbrandy@ietfa.amsl.com>; Sun, 17 Jul 2016 01:55:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EOnNKiB6zNOV for <sipbrandy@ietfa.amsl.com>; Sun, 17 Jul 2016 01:55:18 -0700 (PDT)
Received: from mail-qk0-x22b.google.com (mail-qk0-x22b.google.com [IPv6:2607:f8b0:400d:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DEBC12D0E1 for <sipbrandy@ietf.org>; Sun, 17 Jul 2016 01:55:18 -0700 (PDT)
Received: by mail-qk0-x22b.google.com with SMTP id s63so135385117qkb.2 for <sipbrandy@ietf.org>; Sun, 17 Jul 2016 01:55:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=aFpSzDnSw0Nd0IuQwpkDELu++pfr2OZhCB22LCjhIDw=; b=nZt9wCLokStpROgldLhPm/u3lLViPIwTR6OLEw/6+9ZVSMZQNxcyIuupRg33eyKtyn daP+0zyDcYlhi+U5xRE0aVyJCH0PYFRsQETDmX7ZM1ciDxJQ5ytkFzF/vDex/0Lj4H39 DJ4/nhdJbFURu01JdBatT/yX9K6IvBejVscVrndV67esy19yTcGJODyMAX4DbrlOeqXz CVqwPmdrbm7dNRYjXtLKGOKy49wSedX/VP9cyYCahY1+A2VyuxXdRAxqJpMWYP/gDfL2 w/T7vzsVWkwUIUJC/8ypVhKbws8p0M2DZKHITAx4tGtkzEZHsZSAmsvjOLEyo98PwOfW /jHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=aFpSzDnSw0Nd0IuQwpkDELu++pfr2OZhCB22LCjhIDw=; b=fm/KuLpDNehA6tYpjQAnSSiC9jK8rT6ftcPlaqY466q51Xu+OgzmoutovsnL21Q0Hh y26job8UEGBXb1cr1BqZZsCVeMjNB7RT2JIq6vrhKdhYvpPJjQdY4eNBWAjh5IzMiqLI BsAOuuNwMSzr2HCrhGLXG8twlrjjhbPJU+Q1fg003z/bj2cUi5RpIdY0NYItn+yNVCUE jPLzpkQjngKeFaKPBh9yUVxs11E1M77nTEu0398ljhhR8NgiMBHnczEkV8hSyY9mPT4O +XElJr5TneI4xt0BbtheIztDNY+y4FcEkY1GBWd6I/O+10vrDFHxfURaMA4xSmGdTO98 1RQQ==
X-Gm-Message-State: ALyK8tJm44JlI+cChUjkwJlju0Ch61nY//jXnhrAQdKgfSuaJknfmUjBkME0BC2fWClo/DdsVJaxqVGj0A73gA==
X-Received: by 10.55.26.11 with SMTP id a11mr35309468qka.205.1468745717320; Sun, 17 Jul 2016 01:55:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.3.138 with HTTP; Sun, 17 Jul 2016 01:55:16 -0700 (PDT)
From: Alan Johnston <alan.b.johnston@gmail.com>
Date: Sun, 17 Jul 2016 01:55:16 -0700
Message-ID: <CAKhHsXEpSxpg1KxH8ijORaoOw1_yWEcfK5kCu=w2RsNHvqPu8Q@mail.gmail.com>
To: sipbrandy@ietf.org
Content-Type: multipart/alternative; boundary="001a1147195cbf18530537d102a6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipbrandy/VgIq4xTg7gRyWkoigeCgX6Ohu_E>
Subject: [Sipbrandy] Comments on draft-peterson-sipbrandy-rtpsec-00
X-BeenThere: sipbrandy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SIPBRANDY working group discussion list <sipbrandy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipbrandy>, <mailto:sipbrandy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipbrandy/>
List-Post: <mailto:sipbrandy@ietf.org>
List-Help: <mailto:sipbrandy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipbrandy>, <mailto:sipbrandy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jul 2016 08:55:20 -0000
All, I've reviewed draft-peterson-sipbrandy-rtpsec-00 and have a few comments. Overall, the content seems OK, although I'm surprised at the number of open issues and Internet-Drafts referenced. It is hard to believe that this is our situation after 15 years of SIP (RFC 3261) and 12 years of SRTP (RFC 3711)... Section 3.2 begins with: Work is already underway on defining approaches to opportunistic media security for SIP in [I-D.johnston-dispatch-osrtp], which builds on the prior efforts of [I-D.kaplan-mmusic-best-effort-srtp]. Instead of a reference to the Kaplan draft, which is already referenced and credited in the OSRTP draft, perhaps it would be better to say: Work is already underway on defining approaches to opportunistic media security for SIP in [I-D.johnston-dispatch-osrtp], which reflects common industry implementations. In Section 5, this statement: Both DTLS-SRTP and ZRTP instead provide hashes which are carried in SDP, and thus require only integrity protection rather than confidentiality. isn't quite accurate, since it implies that ZRTP requires integrity protected signaling. It would be better to say: DTLS-SRTP provides a hash which is carried in SDP, and thus requires only integrity protection rather than confidentiality. ZRTP can also provide a hash to make use of integrity protected signaling, however, it does not rely on it. One nit: The short title seems to be "RTP Security" - probably this should mention SIP as well. - Alan -
- Re: [Sipbrandy] Comments on draft-peterson-sipbra… Gonzalo Camarillo
- [Sipbrandy] Comments on draft-peterson-sipbrandy-… Alan Johnston