[Sipbrandy] Tsvart last call review of draft-ietf-sipbrandy-osrtp-09

Allison Mankin via Datatracker <noreply@ietf.org> Fri, 17 May 2019 03:47 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: sipbrandy@ietf.org
Delivered-To: sipbrandy@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 62880120347; Thu, 16 May 2019 20:47:48 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Allison Mankin via Datatracker <noreply@ietf.org>
To: <tsv-art@ietf.org>
Cc: sipbrandy@ietf.org, draft-ietf-sipbrandy-osrtp.all@ietf.org, ietf@ietf.org, allison.mankin@gmail.com
X-Test-IDTracker: no
X-IETF-IDTracker: 6.96.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Allison Mankin <allison.mankin@gmail.com>
Message-ID: <155806486830.19511.11021785086259621978@ietfa.amsl.com>
Date: Thu, 16 May 2019 20:47:48 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipbrandy/sepGyJy8zYOPiBEIQLpDhUrnbek>
Subject: [Sipbrandy] Tsvart last call review of draft-ietf-sipbrandy-osrtp-09
X-BeenThere: sipbrandy@ietf.org
X-Mailman-Version: 2.1.29
List-Id: SIPBRANDY working group discussion list <sipbrandy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipbrandy>, <mailto:sipbrandy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipbrandy/>
List-Post: <mailto:sipbrandy@ietf.org>
List-Help: <mailto:sipbrandy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipbrandy>, <mailto:sipbrandy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 May 2019 03:47:48 -0000

Reviewer: Allison Mankin
Review result: Ready with Nits

This document has been reviewed as part of the transport area review team's
ongoing effort to review key IETF documents. These comments were written
primarily for the transport area directors, but are copied to the document's
authors and WG to allow them to address any issues raised and also to the IETF
discussion list for information.

When done at the time of IETF Last Call, the authors should consider this
review as part of the last-call comments they receive. Please always CC
tsv-art@ietf.org if you reply to or forward this review.

This document doesn't raise any specifically transport-focused questions 
for me.  I appreciated the clear discussion of the types of security 
arrangements that can be made by Offer-Answer SIP and I found the draft 
a valuable read.  The implementation section is quite interesting.

I have a couple of issues with Section 4, though they are not about transport. 
So I'm going to mention them, but defer to the Security Area beyond just 
flagging them. Hence, I've marked the draft Ready with Nits rather than 
Ready with Issues.  

1. I find the two sentences below inconsistent with each other, with a small-m 
"must" and a cited "SHOULD" for the same issue:

      For SDP Security Descriptions key agreement [RFC4568], an
      authenticated signaling channel does not need to be used with
      OSRTP if it is not available, although an encrypted signaling
      channel must still be used.

      Section 8.3 of [RFC7435] requires that any messages that contain SRTP keys be
      encrypted, and further says that encryption "SHOULD" provide end-to-
      end confidentiality protection if intermediaries that could inspect
      the SDP message are present.

Also, there isn't a section 8.3 of RFC7435.  Is this an incorrect reference or a reference
to a pre-publication version of RFC7435?

2. I feel the sentence below misrepresents RFC7435 with its wording "requirement 
for end-to-end confidentiality."  RFC7435 has a preference for confidentiality of 
authentication if there is authentication, but TOFU means there isn't a requirement.  
The sentence is too general.

   At the time of this writing, it is
   understood that the [RFC7435] requirement for end-to-end
   confidentiality protection is commonly ignored.

The section 4 reference to section 8.3 of RFC7435 needs to be fixed.