IETF Logo Mail Archive

[Taps] AD review of draft-ietf-taps-transport-security-08

Magnus Westerlund <magnus.westerlund@ericsson.com> Thu, 26 September 2019 08:02 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: taps@ietfa.amsl.com
Delivered-To: taps@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04AC31200FB; Thu, 26 Sep 2019 01:02:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N8rUtFWDXz0S; Thu, 26 Sep 2019 01:02:02 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50051.outbound.protection.outlook.com [40.107.5.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC02A1200DF; Thu, 26 Sep 2019 01:01:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PbEYXMOck18Q2k+k9z0s3GQxWyR8R5ggGx5dtHpI47CJa+PO53Zdf9X1CyrmU6pRln7Cx2t/w9qJvN80pFY73KDZ6/7srZLSG3IpKfHwJbDHhW7TIEq51i6S1Qr/PQ4Vgy0ytvxwd3V4HUdweZFpxxBaLVr8SUfYl0zsOcrAIDk9V6Y6itC7tPGkpMtFWOEhQ6Ts+iZ4Nad1CdDztpageY/fJ0DUXnvfZZj9Btkh11ro9XemwF5A0us+bO+xu+wRaLq7dIPd9W4urhwJD+TTlOq9HEjCcPUY0mYDyjlfhXUUIxJD39ch2+Z7abqJ9jptBtDpKiIE1yU/e4kiffdSvQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LxQkf2/ma1GUA0x1kFrw6tfEwKSMiu2EFaQ/bflgHok=; b=ZFLPmkzvldjDtmlBFgtsqfLZDS/zXW0ST7367AbFIztvl5Z5z9ax3gCTb8ZVRtJTcg35lA8yazNlAkMdA+SpF4gJ3C0Yzk5gsjsAiPHXdfFG+j7ubSerFWBIgME8i5bH9xC/9A3T9moGCFvGVu/suNsQZ+HfrJt2fxjrfI0L9KGiUTGo61W9DLGdONth4B5v55U0WtUFoU0xzml/8VDPJ/CSidm7m/mtScMEVxGSODQrsdyJHyJwLSusdSIPyjcCSj+xlT0tpt6/avzJJZV3CbAe3YEPrfv0P2fF/gY/uaOexj+PDvlRWUs/mFTNqhmVirrcabLH7v0ISFpWzGnA1A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LxQkf2/ma1GUA0x1kFrw6tfEwKSMiu2EFaQ/bflgHok=; b=dy60kHhBrw0lXq/DGrZm7A8uzexJSgqpgvygDcTMGfZgLXfo0qHWayWHNQrfQ7AGyPkR8iRb4tVU+9v2ClxzFfH33ucNbpt6Dk8nKX38muHSFRh79Nadmm1XUq1Zh4fzmjCKqqUc/L6MYPnPYRe2g6p87X2aL95UiYMkE6Z+BKQ=
Received: from DB7PR07MB5736.eurprd07.prod.outlook.com (20.177.194.155) by DB7PR07MB4762.eurprd07.prod.outlook.com (52.135.134.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.14; Thu, 26 Sep 2019 08:01:54 +0000
Received: from DB7PR07MB5736.eurprd07.prod.outlook.com ([fe80::e48c:a942:9682:2ce4]) by DB7PR07MB5736.eurprd07.prod.outlook.com ([fe80::e48c:a942:9682:2ce4%7]) with mapi id 15.20.2305.017; Thu, 26 Sep 2019 08:01:54 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "draft-ietf-taps-transport-security.all@ietf.org" <draft-ietf-taps-transport-security.all@ietf.org>, "taps@ietf.org" <taps@ietf.org>
Thread-Topic: AD review of draft-ietf-taps-transport-security-08
Thread-Index: AdVzDTwWSyDxyrCQRGKUhFVUKpeSOw==
Date: Thu, 26 Sep 2019 08:01:54 +0000
Message-ID: <DB7PR07MB57363FEBD350EBB0A73A7F9695860@DB7PR07MB5736.eurprd07.prod.outlook.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com;
x-originating-ip: [158.174.130.76]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 95bb0068-35c6-40cc-c592-08d74257cbf7
x-ms-traffictypediagnostic: DB7PR07MB4762:
x-microsoft-antispam-prvs: <DB7PR07MB47622051939E445A229DFC2D95860@DB7PR07MB4762.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0172F0EF77
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(376002)(39860400002)(366004)(396003)(136003)(189003)(199004)(7736002)(6436002)(476003)(71200400001)(6506007)(26005)(54896002)(5660300002)(52536014)(55016002)(256004)(14444005)(74316002)(186003)(9686003)(102836004)(790700001)(8676002)(6116002)(3846002)(71190400001)(6306002)(2906002)(99936001)(81166006)(81156014)(66946007)(64756008)(66446008)(66556008)(66476007)(66616009)(66066001)(15650500001)(2420400007)(2501003)(110136005)(76116006)(478600001)(7696005)(8936002)(7110500001)(450100002)(25786009)(99286004)(14454004)(33656002)(316002)(44832011)(486006)(86362001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR07MB4762; H:DB7PR07MB5736.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5k303TicQYN8Hjji0sAR94lJyqqZduhIM5Hx0/OpaJVjawhpli0ickLlBA7Y/B0JUjWA5FBRBTvh1YqxzUzQDq5g5XJq5ttGZmsGxV3LxFcjQze5up3QwrnGG+QX60ysPIlXBuoEYFCYH4dHStZDfVOkzTSXBENzbvuy3IJcJUSrAVHeAWaQ0oi/gja6NKnqHo3LyLFvvvTfywy7El9Y4c3eA/C/bTncFOPRTR1ltUQg3bApjU1KdMUPFcdomKPrXUHUaeYDDXoLgswW0yr2PdSomKPUC+IvWiZwiH6j4sSjnOYwmfCDIG5cJifA5aaPtmEjfvxihPqU/l/B69VUtW9SsKJiABubecovLpZaYUSGA+tiICVmLOPNcG30CNYPspAf7sN2NjJc81MGC/qyx24Nay+UGTNPnhh+rzg8TyY=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; micalg="SHA1"; protocol="application/x-pkcs7-signature"; boundary="----=_NextPart_000_00AB_01D57451.6B90EA90"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 95bb0068-35c6-40cc-c592-08d74257cbf7
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Sep 2019 08:01:54.6266 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ZeZFkIV0fYv7koaGzLd3cklU7S/ANZR5Nw0p5nqimTBZUOk6dYqV0ZiGkgfsALp/P3LV8VyXqg+xaXU6wUZfXe2igG0bOuxdmmuRPHF2TSQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB4762
Archived-At: <https://mailarchive.ietf.org/arch/msg/taps/_mhRJSAQAx_l-y2Cl7YtRpp7j4s>
Subject: [Taps] AD review of draft-ietf-taps-transport-security-08
X-BeenThere: taps@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IETF Transport Services \(TAPS\) Working Group" <taps.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/taps>, <mailto:taps-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/taps/>
List-Post: <mailto:taps@ietf.org>
List-Help: <mailto:taps-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/taps>, <mailto:taps-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Sep 2019 08:02:05 -0000

Hi,

 

Sorry about the delay in getting the AD review done. Below are my comments
and questions. Note the questions are truly questions and after answering we
can discuss if there needed to be any changes or not. 

 

 

1. Section 4.1: Is there a reason to use TLS 1.2 specification (RFC5246)
rather than TLS 1.3 as the general reference? 

 

2. Comment on the writeup: Considering that ID nits results in the below
relevant references warning I would expect some comment in the writeup if
they are intentional. If not please update the references. If they are
intentional, please update the writeup to note them. 

 

 

 

  -- Obsolete informational reference (is this intentional?): RFC 2385

     (Obsoleted by RFC 5925)

 

  -- Obsolete informational reference (is this intentional?): RFC 4474

     (Obsoleted by RFC 8224)

 

  -- Obsolete informational reference (is this intentional?): RFC 5246

     (Obsoleted by RFC 8446)

 

  -- Obsolete informational reference (is this intentional?): RFC 7539

     (Obsoleted by RFC 8439)

 

3.  Section 4.1.2: Is there a point to mention that TLS forward secrecy are
dependent on cipher suit for the key exchange and not ensured prior to 1.3? 

 

4. Section 4.1.2: Second to last paragraph: Broken reference to DTLS 1.3
draft: "(Note that this extension is only supported in

   DTLS 1.2 and 1.3 {{?I-D.ietf-tls-dtls13}.)"

 

5. Section 4.3.3: "QUIC transport relies on UDP." Although QUIC is targeting
UDP as its main deployment vessel, isn't QUIC in fact dependent on a
unreliable datagram service. But, maybe writing UDP is more straightforward?
 
6. Section 4.5.4: When it comes to variants of SRTP. I think referencing RFC
7201 would actually be reasonable, as in the many different options hide
some transport security options that so far is not discussed in this
document. Like securing multicasted / broadcasted RTP. 
 
7. Section 4.5.4: So are ZRTP included as variant because it provides new
security features? Is that session continuity, or something else? 
 
8. Section 11: There are a number of references here that I don't think
meets the requirement for references. These are the ones that only have a
title and n.d. All these could include a URL a date when these pages was
visited and contained the information you want to reference. 
 
 
Cheers
 
Magnus Westerlund

v2.23.0 | Report a Bug | By Email