Re: [siprec] Stephen Farrell's Discuss on draft-ietf-siprec-metadata-20: (with DISCUSS and COMMENT)
"Ram Mohan R (rmohanr)" <rmohanr@cisco.com> Wed, 02 March 2016 17:51 UTC
Return-Path: <rmohanr@cisco.com>
X-Original-To: siprec@ietfa.amsl.com
Delivered-To: siprec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72E331B2FA0; Wed, 2 Mar 2016 09:51:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.507
X-Spam-Level:
X-Spam-Status: No, score=-14.507 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cihCkck34c_q; Wed, 2 Mar 2016 09:51:40 -0800 (PST)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0FD31B2FF6; Wed, 2 Mar 2016 09:51:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4043; q=dns/txt; s=iport; t=1456941100; x=1458150700; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=UTJQVbd8I2Jx2oI5x4D0zbyKZdfxz7o0+GJCXlfIMCs=; b=ValMPwsfcxdaIIe+6n0SsuqH759yPyU0T9DC+ozdm044c/IWt0YgTpwt zqs8ieEs4ypJS3/36ArXIPfikp57zvdpJBe5jFqFcqlGPIdcV+92uyTqS xc/+/QV/fXmIAWZ5LLUtRTjjiCCOdl2q1jIxmKgeqIwSlyoAjfkqTQ6p1 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AJAgBNJ9dW/5RdJa1egzpSbQa4A4ITAQ2BZyGFJEoCgUc4FAEBAQEBAQFkJ4RBAQEBBA4sKwISDAQCAQgRAwECHxAyHQgCBAENBYghDrsVAQEBAQEBAQEBAQEBAQEBAQEBAQEBEQSKTIQFEAIBB0iECAWHWI86AYVZiAmBYIREiFKOSwEeAQFCggMZFIE0agGHJTx+AQEB
X-IronPort-AV: E=Sophos;i="5.22,529,1449532800"; d="scan'208";a="82541026"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Mar 2016 17:51:39 +0000
Received: from XCH-ALN-020.cisco.com (xch-aln-020.cisco.com [173.36.7.30]) by rcdn-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id u22Hpd8o012068 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 2 Mar 2016 17:51:39 GMT
Received: from xch-rcd-017.cisco.com (173.37.102.27) by XCH-ALN-020.cisco.com (173.36.7.30) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 2 Mar 2016 11:51:38 -0600
Received: from xch-rcd-017.cisco.com ([173.37.102.27]) by XCH-RCD-017.cisco.com ([173.37.102.27]) with mapi id 15.00.1104.009; Wed, 2 Mar 2016 11:51:39 -0600
From: "Ram Mohan R (rmohanr)" <rmohanr@cisco.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
Thread-Topic: Stephen Farrell's Discuss on draft-ietf-siprec-metadata-20: (with DISCUSS and COMMENT)
Thread-Index: AQHRdKwsv2yNZDyHu0OwD+7FeeyClA==
Date: Wed, 02 Mar 2016 17:51:39 +0000
Message-ID: <D2FD2694.5326B%rmohanr@cisco.com>
References: <20160302110853.23213.23639.idtracker@ietfa.amsl.com>
In-Reply-To: <20160302110853.23213.23639.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.1.160122
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.65.80.219]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <78BBAF7774783D4CA5A803C349C1349B@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/siprec/P3MkuB-lv4FtHzD846NDpY5Q_Yw>
Cc: "draft-ietf-siprec-metadata@ietf.org" <draft-ietf-siprec-metadata@ietf.org>, "siprec@ietf.org" <siprec@ietf.org>, "siprec-chairs@ietf.org" <siprec-chairs@ietf.org>
Subject: Re: [siprec] Stephen Farrell's Discuss on draft-ietf-siprec-metadata-20: (with DISCUSS and COMMENT)
X-BeenThere: siprec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SIP Recording Working Group Discussion List <siprec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/siprec>, <mailto:siprec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/siprec/>
List-Post: <mailto:siprec@ietf.org>
List-Help: <mailto:siprec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/siprec>, <mailto:siprec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2016 17:51:45 -0000
Hi Stephen, See inline -----Original Message----- From: Stephen Farrell <stephen.farrell@cs.tcd.ie> Date: Wednesday, 2 March 2016 at 4:38 PM To: The IESG <iesg@ietf.org> Cc: "draft-ietf-siprec-metadata@ietf.org" <draft-ietf-siprec-metadata@ietf.org>, Brian Rosen <br@brianrosen.net>, "siprec-chairs@ietf.org" <siprec-chairs@ietf.org>, Brian Rosen <br@brianrosen.net>, "siprec@ietf.org" <siprec@ietf.org> Subject: Stephen Farrell's Discuss on draft-ietf-siprec-metadata-20: (with DISCUSS and COMMENT) >Stephen Farrell has entered the following ballot position for >draft-ietf-siprec-metadata-20: Discuss > >When responding, please keep the subject line intact and reply to all >email addresses included in the To and CC lines. (Feel free to cut this >introductory paragraph, however.) > > >Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >for more information about IESG DISCUSS and COMMENT positions. > > >The document, along with other ballot positions, can be found here: >https://datatracker.ietf.org/doc/draft-ietf-siprec-metadata/ > > > >---------------------------------------------------------------------- >DISCUSS: >---------------------------------------------------------------------- > > > >(1) In section 10 you have a MUST for integrity and confid, >which is good, but then RECOMMEND S/MIME, which is, I think, >mythical. Wouldn't it be better to reflect reality >(hop-by-hop TLS) and then say what actual security >considerations arise, e.g. who might be on the path and how >can they (mis)behave? Yes. This needs some changes. After the discussions with SecDir we thought it would be good to refer to Security Consideration section of protocol draft (section 12 general and 12.1 of https://tools.ietf.org/html/draft-ietf-siprec-protocol-18#page-38) 12.1 covers the TLS the mutual Authentication and also talk about who else can be in the path (para 2). Since the metadata is always going to be carried as a body in the protocol, all the considerations there are equally applicable here. With this the proposed text for Security consideration in this draft would be: NEW: The procedures mentioned in security consideration section of [I-D.ietf-siprec-protocol] MUST be implemented by SRC and SRS for mutual authentication. Some implementations may have the SRC choose parts of metadata that can be sent to the SRS. In other cases, SRCs may send metadata that is not appropriate for the SRS to record. Which metadata is actually recorded by the SRS must be carefully considered to balance privacy concerns with usability. Implementations MUST control what metadata is recorded, and MUST NOT save metadata sent by the SRC that does not conform to the recording policy of the SRS. Metadata in storage needs to be provided with a level of security that is comparable to that of the recording session. Would this be better ? Or else we will have to replicate most of the text from Protocol to here again. Ram > >(2) 6.10: Don't you need to say to use UUID version 4 with >random numbers and to not use MAC addresses? IOW, refer to >RFC4122, Section 4.4 for how to generate UUIDs. > >Note that issues related to both of the above were part >of the discussion that ensued from the secdir review. [1] > > [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06370.html > > >---------------------------------------------------------------------- >COMMENT: >---------------------------------------------------------------------- > > > >- section 4, last para: How could an SRC know this and hence >what it's safe to omit? > >- 6.9: I would have thought that more precision about >fractional seconds support would be useful here, or else, to >just say that you're limiting to single-second granularity. >Wouldn't doing one or the other be better? Otherwise you >might get different s/w ordering events in different orders >unexpectedly. > >
- [siprec] Stephen Farrell's Discuss on draft-ietf-… Stephen Farrell
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Paul Kyzivat
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Paul Kyzivat
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Paul Kyzivat
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Ram Mohan R (rmohanr)
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Ram Mohan R (rmohanr)
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Ram Mohan R (rmohanr)
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Ram Mohan R (rmohanr)
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Ram Mohan R (rmohanr)
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Ram Mohan R (rmohanr)
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Paul Kyzivat
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Ram Mohan R (rmohanr)
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Ram Mohan R (rmohanr)
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Paul Kyzivat
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Ram Mohan R (rmohanr)
- Re: [siprec] Stephen Farrell's Discuss on draft-i… Paul Kyzivat