Re: [Taps] AD review of draft-ietf-taps-transport-security-08
"Christopher Wood" <caw@heapingbits.net> Sat, 28 September 2019 00:59 UTC
Return-Path: <caw@heapingbits.net>
X-Original-To: taps@ietfa.amsl.com
Delivered-To: taps@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 713B312004E for <taps@ietfa.amsl.com>; Fri, 27 Sep 2019 17:59:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=FMgN7pLq; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=VjBTQdMp
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YacwTVXl8n0C for <taps@ietfa.amsl.com>; Fri, 27 Sep 2019 17:59:18 -0700 (PDT)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E208D12002E for <taps@ietf.org>; Fri, 27 Sep 2019 17:59:18 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id 3E1874AF for <taps@ietf.org>; Fri, 27 Sep 2019 20:59:18 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute6.internal (MEProxy); Fri, 27 Sep 2019 20:59:18 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm2; bh=FgkoD waqluPoW37d8Px+4AU7bQ/YqSvQugE7hciqimw=; b=FMgN7pLqhaYmxsXOJd2F8 kz6MaR008WmFiAEovtLTntmiXfn9m+TJu+/zGwyR3ezQlUEDTtjvo07pLVOT6FNQ uUwieuVT+3wgfTtHlOMgOaUF60Ds2fx/Qo1hVo/eeiWZOmUcfKU23dFVbKcq43M/ kEV+J4wubVV3EQmCbGvGbsq71mXazYV/sw7IMC4u/G25npiLU0ytke5q0L5b8KFV KTX/KxNtxjTc+CHfrxxyVlC5pZ4OfAK0kBZ9M0Kq+5m1BGxp+Zr89DZqSL0+BTa3 mWtZc4J6fHCtuH0VrHFxH5BSIoUVFkKhs+99F9HMkLXSGvT72VMFqBtqAiPStJK8 g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=FgkoDwaqluPoW37d8Px+4AU7bQ/YqSvQugE7hciqi mw=; b=VjBTQdMpLtvbipSd5yiBV2vjJfPDd4mBYM/blBjGZ/hvS1K8KYzNEYJY8 qhLS7Z6Eq32zQ0DzM6DRWqLy2JOK4HwBtqW87z9xylp9/lCNqO41igbuKW/8FmiE zMPblhpSOmMECW6md5W5VyOLQGJjAYk/38tvyFj4eRZXsKExGKp86laLqEQ0BwvC GQ/fthR1scS3HZoY2U32ZH11GYobj6KAaijCdRVI36V8J7blr82z+gzTbXTbhkmI CM2Zl/lKI3VIrNEQPt/5c9yd4It+R4w8VbLPMC10K8ZrOLnkvzKvpMRvRlNUmG5I 7w1RO//IJsFdOb/GDYgAEFLuMoMAQ==
X-ME-Sender: <xms:ZbCOXeX3onGCY2xcPec51TUNFlaa_28_R7tWk79l2P94BBURsH0u-Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrfeejgdeflecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgfgsehtqh ertderreejnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgif sehhvggrphhinhhgsghithhsrdhnvghtqeenucfrrghrrghmpehmrghilhhfrhhomheptg grfieshhgvrghpihhnghgsihhtshdrnhgvthenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:ZbCOXWbJWfmmnClx8AIYO3HV_KCTJKENuup3f9DwJw1qp3YVNen_gQ> <xmx:ZbCOXZuSES8-4MpIx17Y4RfruVOho4dpoYL47JcxUA8egfAIFtM3Pw> <xmx:ZbCOXYmRoWJNq6Re70rk_AZewCz2AHAC2dwH4XBp3osYPfyH5aiFCA> <xmx:ZbCOXT9_MAmqUhd8PEwSJcsQnGSdSFsH8HiVa_LLg7z47f0aG3i41g>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 730FA3C00A1; Fri, 27 Sep 2019 20:59:17 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-305-g4111847-fmstable-20190924v1
Mime-Version: 1.0
Message-Id: <ad75f5ea-c007-4992-a7ce-34bd2588c6ec@www.fastmail.com>
In-Reply-To: <DB7PR07MB57363FEBD350EBB0A73A7F9695860@DB7PR07MB5736.eurprd07.prod.outlook.com>
References: <DB7PR07MB57363FEBD350EBB0A73A7F9695860@DB7PR07MB5736.eurprd07.prod.outlook.com>
Date: Fri, 27 Sep 2019 17:58:57 -0700
From: Christopher Wood <caw@heapingbits.net>
To: taps@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/taps/jfL6RN1sXYtWhKR0H8yHOVirRak>
Subject: Re: [Taps] AD review of draft-ietf-taps-transport-security-08
X-BeenThere: taps@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IETF Transport Services \(TAPS\) Working Group" <taps.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/taps>, <mailto:taps-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/taps/>
List-Post: <mailto:taps@ietf.org>
List-Help: <mailto:taps-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/taps>, <mailto:taps-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Sep 2019 00:59:21 -0000
Hi Magnus,
Thanks for the feedback! Please see inline below.
On Thu, Sep 26, 2019, at 1:01 AM, Magnus Westerlund wrote:
> 1. Section 4.1: Is there a reason to use TLS 1.2 specification
> (RFC5246) rather than TLS 1.3 as the general reference?
Nope! We'll fix this. It was an oversight.
> 2. Comment on the writeup: Considering that ID nits results in the
> below relevant references warning I would expect some comment in the
> writeup if they are intentional. If not please update the references.
> If they are intentional, please update the writeup to note them.
>
<snip>
Philipp answered these. (Thanks, Philipp!)
> 3. Section 4.1.2: Is there a point to mention that TLS forward secrecy
> are dependent on cipher suit for the key exchange and not ensured prior
> to 1.3?
Are you asking if we *should* mention that? If so, I think not. That's probably too much detail.
> 4. Section 4.1.2: Second to last paragraph: Broken reference to DTLS
> 1.3 draft: “(Note that this extension is only supported in
>
> DTLS 1.2 and 1.3 {{?I-D.ietf-tls-dtls13}.)”
Oops, good catch. We'll fix this, too.
> 5. Section 4.3.3: “QUIC transport relies on UDP.” Although QUIC is
> targeting UDP as its main deployment vessel, isn’t QUIC in fact
> dependent on a unreliable datagram service. But, maybe writing UDP is
> more straightforward?
Indeed! How about, "QUIC transport assumes an unreliable transport, e.g., UDP"?
> 6. Section 4.5.4: When it comes to variants of
> SRTP. I think referencing RFC 7201 would actually be reasonable, as in
> the many different options hide some transport security options that so
> far is not discussed in this document. Like securing multicasted /
> broadcasted RTP.
I'm not sure those are new security features, though. Colin, what do you think?
> 7. Section 4.5.4: So are ZRTP included as variant
> because it provides new security features? Is that session continuity,
> or something else?
Colin answered this. (Thanks, Colin!)
> 8. Section 11: There are a number of references
> here that I don’t think meets the requirement for references. These are
> the ones that only have a title and n.d. All these could include a URL
> a date when these pages was visited and contained the information you
> want to reference.
We can fix these in the next revision.
Thanks again for the review!
Best,
Chris
- [Taps] AD review of draft-ietf-taps-transport-sec… Magnus Westerlund
- Re: [Taps] AD review of draft-ietf-taps-transport… Colin Perkins
- Re: [Taps] AD review of draft-ietf-taps-transport… Philipp S. Tiesel
- Re: [Taps] AD review of draft-ietf-taps-transport… Christopher Wood
- Re: [Taps] AD review of draft-ietf-taps-transport… Magnus Westerlund
- Re: [Taps] AD review of draft-ietf-taps-transport… Philipp S. Tiesel