Re: [Tsv-art] Tsvart last call review of draft-ietf-perc-private-media-framework-08
"Paul E. Jones" <paulej@packetizer.com> Sat, 16 February 2019 04:08 UTC
Return-Path: <paulej@packetizer.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23642131057; Fri, 15 Feb 2019 20:08:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=packetizer.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hr6yfvw1BRQv; Fri, 15 Feb 2019 20:08:31 -0800 (PST)
Received: from dublin.packetizer.com (dublin.packetizer.com [IPv6:2600:1f18:24d6:2e01:e842:9b2b:72a2:d2c6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF7BD130E92; Fri, 15 Feb 2019 20:08:29 -0800 (PST)
Received: from authuser (localhost [127.0.0.1])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=packetizer.com; s=dublin; t=1550290102; bh=78kkfcbmqNfrOHaIo+R9in2EU0mU5fQ7PTq2X2zjJ8Q=; h=From:To:Subject:Cc:Date:In-Reply-To:References:Reply-To; b=uW55yl8ix6OapZr0Lbkudn5VL+0xlwJYoKyMzZOhs4qCFru8GZprSj3ZjMNlcS37g GfJhVlRgtrFYlVfwkVEex+Xo2jM7OJidGn4zWjOWD40gQlmEayydRgmTs8MbCJkayY wr+PtSH36PCCkbg0Y0PpvhKZRvPGFUKFhiNG824M=
From: "Paul E. Jones" <paulej@packetizer.com>
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>, tsv-art@ietf.org
Cc: ietf@ietf.org, draft-ietf-perc-private-media-framework.all@ietf.org, perc@ietf.org
Date: Sat, 16 Feb 2019 04:08:17 +0000
Message-Id: <em99f9a1ec-e503-4a74-a0c9-0b58b55d0a1e@sydney>
In-Reply-To: <154930159870.28630.16457371613620717540@ietfa.amsl.com>
References: <154930159870.28630.16457371613620717540@ietfa.amsl.com>
Reply-To: "Paul E. Jones" <paulej@packetizer.com>
User-Agent: eM_Client/7.2.34208.0
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/2oPFl6h9_TwNI-8Wp2-ozsaTKu4>
Subject: Re: [Tsv-art] Tsvart last call review of draft-ietf-perc-private-media-framework-08
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Feb 2019 04:08:33 -0000
Gorry, Thanks for your review. Please see comment/questions in-line. >General comments > >Some keywords appear not defined before first used - whilst these are likely >to be well-known by the coimmunity of interest, it would none-the-less >be helpful to define these: > >SRTP; RTCP; SIP; SDP. Most of these have a reference that follows them (RTCP was the one exception, I think). Are you saying we should fully state what SRTP stands for, for example, or are you saying references were missing? >In section 8.1, there is a sentence starting "Off-path atttackers may" ... while this >is lower case, the authors may wish toi consider using "could" to remove any >possibility of this being regarded as permissive. Agreed. Changed as suggested. >In 8.1, the text "could incorrectly assuming their packets..." probably ought to >read could incorrectly assume their packets..." Thanks. Fixed that and another small grammatical error there. >In section 8.2.1. there is a dscription of a resource consumption attack, but >no miitigation is described. It could be possible to consider using rate-limiting >of requests to reduce the impact - a mthod commonly suggested in other >attacks on the transport endpoints Good point. We cannot stop this entirely, but there are certainly implementation-specific approaches that could be employed. I appended that paragraph with the following: "While resource consumption attacks cannot be mitigated entirely, rate-limiting packets might help reduce the effectiveness of such attacks." I'm open to alternative wording, but I think that should suffice. Thanks, Paul
- [Tsv-art] Tsvart last call review of draft-ietf-p… Gorry Fairhurst
- Re: [Tsv-art] Tsvart last call review of draft-ie… Paul E. Jones
- Re: [Tsv-art] Tsvart last call review of draft-ie… Ben Campbell
- Re: [Tsv-art] [Perc] Tsvart last call review of d… Paul E. Jones
- Re: [Tsv-art] Tsvart last call review of draft-ie… Gorry Fairhurst
- Re: [Tsv-art] Tsvart last call review of draft-ie… Paul E. Jones