IETF Logo Mail Archive

Re: [Tsv-art] Tsvart last call review of draft-ietf-mmusic-msrp-usage-data-channel-23

Christer Holmberg <christer.holmberg@ericsson.com> Wed, 12 August 2020 20:22 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A36DD3A0B57; Wed, 12 Aug 2020 13:22:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sOyiTLmsEjsJ; Wed, 12 Aug 2020 13:22:52 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80078.outbound.protection.outlook.com [40.107.8.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2384C3A0B55; Wed, 12 Aug 2020 13:22:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hdq4a9b28SpFpi+2I4yMPJqIWphWg45+T8dZRk1xfB1CvQGOd7iyKzRsn6Qklzf/UBS7f8Q7adCC96kSUWiiNNzxhT6Au2ukmiUD5CiyW2rkWu8Y+7cdVZ8TDlLtJIcEPvtoObcNqtBUf+XTfjvH03+qBG0ncPJJvCBjHkWkzKhXU7fmKU1Gl/otbihhXKlTzq7fi2L6pUyMClQl7sI1QUty0fcsvnUZCdJRmrs/0kiTExMuoCO7OimyPxr89JmWw2l8ibkswKb4bPFuaZla03Degu2YWjgjj1e+BB7WN7/hAaU6t+sZEYtiG4ZSK0q6sy7LAzIXUOvvvhioYehBqA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=koBmxSMJXz0QeDYlYBdGhN+7M1eu2Ai74iSBxUw0A8o=; b=Xhfbm/OckMEXBDNLTb5FSSHGPosfCKj5QDeuYtSYQOj6s+hPnpm8lW4vMfHil8IhyuaEX/IQzK1eW8MRBl+2jrTF5mz5A4pwLwDLMnHxyg0rTy7i06rC7uOA7qhCI12kGx+apJaoeJBBy+u1HZUfnILQjDkdGvsD9EQIDFTS/iYAxn65Wzg9JaA+S/3/lFIZrlzeGv6k+SvT1cfJZShID248zbR6TGtCPgSU+64sNJsXpOjCb8Kg067pGot2k0nva7BE7YLhC2tAMdH0YUQcCeYlDwmvLUfSjllYMBBv/A16iMnoVXRQKZSMnYGBSEwGk9K698cOMznYtvk/8xzKNA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=koBmxSMJXz0QeDYlYBdGhN+7M1eu2Ai74iSBxUw0A8o=; b=msZ1V9ZbifRoy+wztlEcSw0hzVXevaeLW9kMTElkprIOD5oku6/AmJGAjmvzD8wXylS/wbuMAyfxTeuNDZoN50A6IU+91CwtKAMRQnzRE+utkSDaOS5yD9ff7ZIXi/HS2aZulyEepgwqWPbHeLHS7yNwsPtJRIj1LBrNXsKR/iA=
Received: from AM0PR07MB3860.eurprd07.prod.outlook.com (2603:10a6:208:4c::18) by AM0PR07MB5828.eurprd07.prod.outlook.com (2603:10a6:208:118::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.13; Wed, 12 Aug 2020 20:22:49 +0000
Received: from AM0PR07MB3860.eurprd07.prod.outlook.com ([fe80::187b:7fe6:cc5a:eb00]) by AM0PR07MB3860.eurprd07.prod.outlook.com ([fe80::187b:7fe6:cc5a:eb00%5]) with mapi id 15.20.3283.015; Wed, 12 Aug 2020 20:22:49 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Yoshifumi Nishida <nsd.ietf@gmail.com>, "tsv-art@ietf.org" <tsv-art@ietf.org>
CC: "last-call@ietf.org" <last-call@ietf.org>, "mmusic@ietf.org" <mmusic@ietf.org>, "draft-ietf-mmusic-msrp-usage-data-channel.all@ietf.org" <draft-ietf-mmusic-msrp-usage-data-channel.all@ietf.org>
Thread-Topic: Tsvart last call review of draft-ietf-mmusic-msrp-usage-data-channel-23
Thread-Index: AQHWcOA9R0YWMYTFSES34pJmJP8De6k0459A
Date: Wed, 12 Aug 2020 20:22:49 +0000
Message-ID: <AM0PR07MB38606E636828DE0C77B3071A93420@AM0PR07MB3860.eurprd07.prod.outlook.com>
References: <159726112563.26648.17930656676102307453@ietfa.amsl.com>
In-Reply-To: <159726112563.26648.17930656676102307453@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [188.127.223.154]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7359d95c-f9ba-4886-7e42-08d83efd7b92
x-ms-traffictypediagnostic: AM0PR07MB5828:
x-microsoft-antispam-prvs: <AM0PR07MB5828F55421B4868BA12D1F5593420@AM0PR07MB5828.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: xkMd2ERrAqsFWQ7lAY3LkImCFdEK+LneackNzjXgdgRbMWkcwfP3z1U3VY6eKGgvjqRJuTfP8ul5aAvXkyj7MqljAFceWm2BYrVCOjkdGritDqmdhXWvPUKbQ2nxDbpA51OR9SL0M35GU7rgCY7xjdgK43Sq6/xDCqXYR/yujyh0TeUmuV/G/C2F/pzvGR3OWAmFHzpDkGlkvGUKkfLvZnxOcLidrrxkZwGMKXKJJngyDcbcezdgbDh/0QVKd237pinHwl2m+bDNbl2g9exjC6Gz2kC1DjGwsPSqqs7HcTqb9A+7A+jQ+WUQqNJyyL5GBG1KTJnbooV+2Lsoavf3aQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR07MB3860.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(346002)(376002)(366004)(39860400002)(396003)(136003)(8676002)(83380400001)(186003)(5660300002)(7696005)(316002)(110136005)(66446008)(33656002)(44832011)(26005)(64756008)(8936002)(66946007)(76116006)(86362001)(66556008)(66476007)(52536014)(2906002)(6506007)(4326008)(55016002)(54906003)(9686003)(71200400001)(478600001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: fiXwEab3oLdjYQxS70bDDAT+ZDVtW3nSequ1v/4sUsAehoXSBBZO6TC8BWEmtVnGZcNOrF+sMJv09wih0AqG+bAm4kMyxA0gEBGoOdsEoeC26bo7fbfVJ3yt5pWltI68awJlk3V7bjDnKjC7kYmkAu7vc76gtHhM+OMHNQ509Fs/6THTOtL13NPwFhAgOPKIth7Fpyz16TSBtZLkj+DyO2ARk5mgREzFLvwrTkKwsO69uajcrIsO8ux9f4Qzey13uFrLYEEf+5UaOOV2UBlndQD63l2EhpaMgNjRoMBN95q6Lg3jDX6J8sVn8tPHOevgsa8RQjzGpUqs5bUEkX69oPOemPEdwWOZAFWKpUB3p8DAyBZaviRgwP+H8odeCIuCIOSAKPbnaUVdAw/pvVcEaFBGSCGLs8lJZ0KYa2vG9OXRhMamkrerbKSIo+kQNZtaynC1KQETWMnUi2q5ilNWhY8c0qVbkl0UXxi+q6XTbZN0+hGGu1Y6fZ39yfovy4XTpN6nQl7cIC27AxoryWsI5sFGyL7wTjcL+vJixWc+C9VWkAEzx3lvGwgaoG1S6zYyXMo21sNnPGdsemVyXxHRXy9DYlJIIK2dytVHDXZwCArSfL/zuIOKfTA8F6hRTSic2z5fTHzKOGWkNMQqViwiWA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR07MB3860.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7359d95c-f9ba-4886-7e42-08d83efd7b92
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Aug 2020 20:22:49.2721 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ZlWNCH9ljcYsXCQvXljudOfhCwJHHCU8InzARD9X2LKeZOGVPVdmzRnlDlm1AV7P9lv3/Dq75fQWLJ/aXDDqUZ8bHct9FJtafLADDTXWJZM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB5828
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/DnQojqJ6elygnEIJhQL_y9XFKVs>
Subject: Re: [Tsv-art] Tsvart last call review of draft-ietf-mmusic-msrp-usage-data-channel-23
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Aug 2020 20:22:54 -0000

Hi Yoshifumi,

Thank You for the review! Please see inline.

>Summary: This document is almost ready for publication, but I think it will be better to clarify the following points.
>
>1: If the other endpoints is on a TCP connection, It seems to me that it can look downgrading the security level of the connection.
>   If this is the case, do we need some guidance here?

I assume you are talking about the gateway.

It is true that "legacy" MSRP allows TCP transport. RFC 4975 describe the security issues associated with that.

I suggest to add the following text to the Security Considerations.

OLD:

   "MSRP traffic over data channels is secured, including
   confidentiality, integrity and source authentication, as specified by
   [I-D.ietf-rtcweb-data-channel]."

NEW:

   "MSRP traffic over data channels is secured, including
   confidentiality, integrity and source authentication, as specified by
   [I-D.ietf-rtcweb-data-channel]. However, [RFC4975] allows transport of
   MSRP traffic over non-secured TCP connections. In a gateway scenario,
   unless the operator mandates usage of TLS, the MSRP traffic will not be
   secured all the way between the MSRP endpoints. [RFC4975] describes
   the security considerations associated with non-secured MSRP traffic."

---

> 2: 'If the non-data channel endpoint does not support MSRP CEMA, transport level interworking mode is not possible,
>   it needs to act as an MSRP B2BUA.'
>   -> This may sound like it falls back to B2BUA when CEMA is not available.
>        But, I guess there might be a case where users don't want fallback.

I don't think the users really care. CEMA is a transport connection establishment feature. Even with legacy MSRP, there
could be a fallback if one of the endpoints don't support CEMA, but users are not informed about whether CEMA is used or not. 
---

> 3: As the doc mentions the use of B2BUA, it might be useful to refer security consideration in RFC7092 in Section 9.

I assume you mean Section 6?

I can add an informative reference to RFC7092:

OLD:

   "In one model, the gateway performs as an MSRP Back-to-Back User Agent
   (B2BUA) to interwork all the procedures as necessary between the
   endpoints.  No further specification is needed for this model."

NEW:

   "In one model, the gateway performs as an MSRP Back-to-Back User Agent
   (B2BUA) [RFC7092] to interwork all the procedures as necessary between the
   endpoints.  No further specification is needed for this model."

---

Regards,

Christer

v2.23.0 | Report a Bug | By Email