Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-rtpsec-03
"Peterson, Jon" <jon.peterson@team.neustar> Thu, 11 January 2018 16:52 UTC
Return-Path: <prvs=8549ee2806=jon.peterson@team.neustar>
X-Original-To: sipbrandy@ietfa.amsl.com
Delivered-To: sipbrandy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E124F12D86E for <sipbrandy@ietfa.amsl.com>; Thu, 11 Jan 2018 08:52:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=team.neustar
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AD-FPZ7DTCvI for <sipbrandy@ietfa.amsl.com>; Thu, 11 Jan 2018 08:52:54 -0800 (PST)
Received: from mx0b-0018ba01.pphosted.com (mx0b-0018ba01.pphosted.com [67.231.157.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAD9512D7F5 for <sipbrandy@ietf.org>; Thu, 11 Jan 2018 08:52:52 -0800 (PST)
Received: from pps.filterd (m0049401.ppops.net [127.0.0.1]) by mx0b-0018ba01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w0BGh79g023495; Thu, 11 Jan 2018 11:52:49 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=team.neustar; h=from : to : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=selector1; bh=gaNFRQso7CfJBEUTL/E+ssikxxQGW0XNY4x64uKI3bM=; b=YkHSSIYmQi7ktLIlB45WE2TgGvWrK/5MboL8in0IZcrPIO7q8wr8fU18cQpKtvy4cEuN q1bLYhZTBT7IK3vOwakuYsmCyxSlr7s3tiq4zNFQxabqsj0oSiRDEYi5gccAaV1uDU3l zQR2guGNYI31J8qS+ZAiFltBBC/HyB3tdzeT3/riYwN3Jblco8z+ROqslPCQxSD3/11i fLVl7ZDDgz6XZb07+XdbjPwi/jQvmNnER1+sfZfJ4fk6S4CaL4a3f70ircVMo2a4zR2d CaLuUwTYQkRaL7s+nySDujWyixKnNqtmh1o06epLxByx+KbQNWk2N/HpiuMwerOUDtTs Qg==
Received: from stntexhc10.cis.neustar.com ([156.154.17.216]) by mx0b-0018ba01.pphosted.com with ESMTP id 2febnug0nf-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 11 Jan 2018 11:52:49 -0500
Received: from STNTEXMB11.cis.neustar.com ([169.254.1.47]) by stntexhc10.cis.neustar.com ([169.254.4.133]) with mapi id 14.03.0279.002; Thu, 11 Jan 2018 11:52:48 -0500
From: "Peterson, Jon" <jon.peterson@team.neustar>
To: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>, "sipbrandy@ietf.org" <sipbrandy@ietf.org>
Thread-Topic: [Sipbrandy] WGLC: draft-ietf-sipbrandy-rtpsec-03
Thread-Index: AQHTivycTxaQmrhrbEygpflIxnrr7g==
Date: Thu, 11 Jan 2018 16:52:48 +0000
Message-ID: <D67CC47F.1F50AC%jon.peterson@neustar.biz>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.3.160329
x-originating-ip: [10.96.12.106]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <4F6140CF2AA7D54F845A5FAB769E3E0C@neustar.biz>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-01-11_06:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801110231
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipbrandy/lidcBTyHyWW9UpaUPNvjjU4tmyk>
Subject: Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-rtpsec-03
X-BeenThere: sipbrandy@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SIPBRANDY working group discussion list <sipbrandy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipbrandy>, <mailto:sipbrandy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipbrandy/>
List-Post: <mailto:sipbrandy@ietf.org>
List-Help: <mailto:sipbrandy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipbrandy>, <mailto:sipbrandy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jan 2018 16:52:56 -0000
Thanks for these notes Gonzalo. A few replies here. > >I have a few initial WGLC comments on this draft. The draft mentions a >few protocols (e.g., SDP) without providing a reference to them. Please, >expand acronyms and add a reference on first use throughout the document. > >In section 3.1, "Real-time Protocol" should be something along the >following lines: "RTP (Real-time Transport Protocol) [RFC3550]". No problem, will expand those. > >Section 3.1 talks about STIR as the "current target mechanism". I would >remove "current", or rephrase it and talk about the mechanism we >recommend to use instead. > >I guess at this point changes in STIR may still trigger modifications in >this draft, right? No, I think (hope) STIR is a stable reference, at this point. > >Section 4 says: > >> The SIPBRANDY deployment profile of STIR >> for media confidentiality thus shifts these responsibilities to the >> endpoints rather than the intermediaries. > >I would rephrase it so that the text is more explicit. If intermediaries >MUST NOT provide the verification service, the text should say so. It's not that they MUST NOT provide it... It's that if they do provide it, it has to be redundant with the endpoint providing it. There are a few potential pitfalls though: if, for example, the verification service does not trust the signing credential but the endpoint does, we wouldn't want an intermediary to drop the call, say. In general, in STIR, we don't encourage that sort of behavior from intermediaries, but, we could certainly clarify all this with a bit of text here. Will add something. > >Section 5 says: > >> In [I-D.johnston-dispatch-osrtp], opportunistic approaches considered >> include DTLS-SRTP, security descriptions [RFC4568], and ZRTP >> [RFC6189]. >> >> DTLS-SRTP is the only Standards Track Internet protocol for media >> security. For that reason, this specification REQUIRES support for >> DTLS-SRTP. > >But RFC 4568 is also Standards Track: > >https://tools.ietf.org/html/rfc4568 The AD responsible for that at the time clearly dropped the ball. But I'll fix the text here, thanks. Jon Peterson Neustar, Inc. > >Cheers, > >Gonzalo > > >On 12/12/2017 3:46 PM, Gonzalo Camarillo wrote: >> Folks, >> >> I would like to start a WGLC on the following draft. This WGLC will >> end on January 12th: >> >> https://datatracker.ietf.org/doc/draft-ietf-sipbrandy-rtpsec/ >> >> Thanks, >> >> Gonzalo >> > >_______________________________________________ >Sipbrandy mailing list >Sipbrandy@ietf.org >https://www.ietf.org/mailman/listinfo/sipbrandy
- [Sipbrandy] WGLC: draft-ietf-sipbrandy-rtpsec-03 Gonzalo Camarillo
- Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-rtpsec… Gonzalo Camarillo
- Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-rtpsec… Russ Housley
- Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-rtpsec… Gonzalo Camarillo
- Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-rtpsec… Peterson, Jon
- Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-rtpsec… Peterson, Jon
- Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-rtpsec… Russ Housley