Re: [Wish] WG Last Call for draft-ietf-wish-whip
Adam Roach <adam@nostrum.com> Mon, 11 July 2022 22:40 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: wish@ietfa.amsl.com
Delivered-To: wish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 409A7C157B3F for <wish@ietfa.amsl.com>; Mon, 11 Jul 2022 15:40:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nostrum.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6l6jC21mdlso for <wish@ietfa.amsl.com>; Mon, 11 Jul 2022 15:40:09 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C49E3C14F73A for <wish@ietf.org>; Mon, 11 Jul 2022 15:40:09 -0700 (PDT)
Received: from [172.17.121.48] (76-218-40-253.lightspeed.dllstx.sbcglobal.net [76.218.40.253]) (authenticated bits=0) by nostrum.com (8.17.1/8.17.1) with ESMTPSA id 26BMe7Nq088126 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Mon, 11 Jul 2022 17:40:08 -0500 (CDT) (envelope-from adam@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1657579209; bh=Idpvm2BD2MQcP7ijGG9pd2rIb1+3U6lje/y5Kr3eiE0=; h=Subject:To:References:From:Date:In-Reply-To; b=bqoZ4l38TM4XaXhcsUqkUsX9c3v2sRrTvukcoR8q1FugEth/iqknX/DD8TcJVmrSr oqZCll3703z1BITwI+YAWPkiSXWniz9+gfu2f6nPgJ2IfNEfTzn+nSNQ9ure8rd1FV WIO6aNHqJGx7+t6E5crdyDFCXRvVMFLaUJvndscA=
X-Authentication-Warning: raven.nostrum.com: Host 76-218-40-253.lightspeed.dllstx.sbcglobal.net [76.218.40.253] claimed to be [172.17.121.48]
To: Sean Turner <sean@sn3rd.com>, WISH List <wish@ietf.org>
References: <3F10BA6F-FF16-4D76-BD48-375ABCDF76A4@sn3rd.com> <F8F7BE43-FA48-4954-9099-500341BFA4E0@sn3rd.com>
From: Adam Roach <adam@nostrum.com>
Message-ID: <81022e90-1e3e-ee0a-97ed-18179958754a@nostrum.com>
Date: Mon, 11 Jul 2022 17:40:03 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.12.1
MIME-Version: 1.0
In-Reply-To: <F8F7BE43-FA48-4954-9099-500341BFA4E0@sn3rd.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/wish/29Qe8y8fV9-uns8TOUbHc_rhAiM>
Subject: Re: [Wish] WG Last Call for draft-ietf-wish-whip
X-BeenThere: wish@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: WebRTC Ingest Signaling over HTTPS <wish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wish>, <mailto:wish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wish/>
List-Post: <mailto:wish@ietf.org>
List-Help: <mailto:wish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wish>, <mailto:wish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jul 2022 22:40:14 -0000
On 6/29/2022 9:31 AM, Sean Turner wrote: > Hi! We are going to extend the WG last call period by two weeks because of the low number of reviews. Please note that you can also say that you are fine with the I-D progressing. I think the document is nearly ready for the IESG to consider, once we have dispositions for the items that Julisz and Christer have raised (to be clear, I don't necessarily think we need changes for all of their raised points; just that we need to drive each one to conclusion). I have submitted a PR with suggested editorial changes at <https://github.com/wish-wg/webrtc-http-ingest-protocol/pull/65>. Aside from those editorial suggestions and a select few of the outstanding comments, the only concern I have is the length of the "Security Considerations" section: I guarantee that this document will not progress through IESG review without additional text. I think we need to address items such as: * Sensitivity of authentication information, including how long authentication tokens should remain valid * A brief discussion of the properties of media keys (e.g., the use of DTLS-SRTP means that media keying information is not visible to any HTTP intermediaries, such as TLS processors in CDNs) * A discussion of potential resource exhaustion attacks if unauthenticated requests are allowed, along with mitigation suggestions * The importance of servers requiring proper consent freshness processing to avoid certain classes of DDoS attacks * Servers potentially limiting the number of simultaneous streams that can be sent with the same token, to prevent (e.g.) a user's authentication token being distributed widely and used in a DDoS attack that passes consent checks /a
- [Wish] WG Last Call for draft-ietf-wish-whip Sean Turner
- Re: [Wish] WG Last Call for draft-ietf-wish-whip Sean Turner
- Re: [Wish] WG Last Call for draft-ietf-wish-whip Sean Turner
- Re: [Wish] WG Last Call for draft-ietf-wish-whip Alex Converse
- Re: [Wish] WG Last Call for draft-ietf-wish-whip Sean Turner
- Re: [Wish] WG Last Call for draft-ietf-wish-whip Juliusz Chroboczek
- Re: [Wish] WG Last Call for draft-ietf-wish-whip Christer Holmberg
- Re: [Wish] WG Last Call for draft-ietf-wish-whip Sergio Garcia Murillo
- Re: [Wish] WG Last Call for draft-ietf-wish-whip Sergio Garcia Murillo
- Re: [Wish] WG Last Call for draft-ietf-wish-whip Christer Holmberg
- Re: [Wish] WG Last Call for draft-ietf-wish-whip Christer Holmberg
- Re: [Wish] WG Last Call for draft-ietf-wish-whip Sean Turner
- Re: [Wish] WG Last Call for draft-ietf-wish-whip Sergio Garcia Murillo
- Re: [Wish] WG Last Call for draft-ietf-wish-whip Juliusz Chroboczek
- Re: [Wish] WG Last Call for draft-ietf-wish-whip Christer Holmberg
- Re: [Wish] WG Last Call for draft-ietf-wish-whip Sergio Garcia Murillo
- Re: [Wish] WG Last Call for draft-ietf-wish-whip Adam Roach
- Re: [Wish] WG Last Call for draft-ietf-wish-whip Adam Roach