Re: [MMUSIC] Review (by dhanes) of draft-holmberg-mmusic-udptl-dtls-02
Christer Holmberg <christer.holmberg@ericsson.com> Mon, 23 December 2013 13:09 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E00461ADFDD for <mmusic@ietfa.amsl.com>; Mon, 23 Dec 2013 05:09:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.851
X-Spam-Level:
X-Spam-Status: No, score=-3.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JdWsmrQxK7fT for <mmusic@ietfa.amsl.com>; Mon, 23 Dec 2013 05:09:03 -0800 (PST)
Received: from mailgw1.ericsson.se (mailgw1.ericsson.se [193.180.251.45]) by ietfa.amsl.com (Postfix) with ESMTP id CDE6C1ADFDC for <mmusic@ietf.org>; Mon, 23 Dec 2013 05:09:02 -0800 (PST)
X-AuditID: c1b4fb2d-b7f1c8e000005ceb-80-52b835eac5bd
Received: from ESESSHC024.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw1.ericsson.se (Symantec Mail Security) with SMTP id 39.62.23787.AE538B25; Mon, 23 Dec 2013 14:08:58 +0100 (CET)
Received: from ESESSMB209.ericsson.se ([169.254.9.201]) by ESESSHC024.ericsson.se ([153.88.183.90]) with mapi id 14.02.0347.000; Mon, 23 Dec 2013 14:08:56 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "David Hanes (dhanes)" <dhanes@cisco.com>, "mmusic@ietf.org" <mmusic@ietf.org>
Thread-Topic: Review (by dhanes) of draft-holmberg-mmusic-udptl-dtls-02
Thread-Index: AQHO/O75QCuznshz40mgGM8qEOtfl5phwtf/
Date: Mon, 23 Dec 2013 13:08:56 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1C5E28F7@ESESSMB209.ericsson.se>
References: <CED8B089.BDAD%dhanes@cisco.com>
In-Reply-To: <CED8B089.BDAD%dhanes@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.17]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrHLMWRmVeSWpSXmKPExsUyM+Jvre4r0x1BBp1XLSwurfjEYjF1+WMW ByaPKb83snosWfKTKYApissmJTUnsyy1SN8ugSvjyOMNzAX/lCoW7/vC0sC4X7KLkZNDQsBE YtLDDkYIW0ziwr31bF2MXBxCAocYJa7NO8kK4SxhlJh8cjGQw8HBJmAh0f1PG6RBRCBEov9U CxOILSzgJvHm8Wk2iLi7xPnd/xkhbCOJO6dngNWwCKhKbNl/mx3E5hXwldjSu48ZZKSQgI7E ulNxIGFOAV2J3fMvMIPYjED3fD+1BqyVWUBc4taT+UwQdwpILNlznhnCFpV4+fgf2GUSAooS y/vlIMp1JBbs/sQGYWtLLFv4mhliq6DEyZlPWCYwis5CMnUWkpZZSFpmIWlZwMiyipE9NzEz J73ccBMjMA4Obvmtu4Px1DmRQ4zSHCxK4rwf3joHCQmkJ5akZqemFqQWxReV5qQWH2Jk4uCU amCMcimKfBy5iXP2/5hZtbrCz4pYWPrmREeyPfGx1Ul8LSZesvHOasW/r+L1D977fjbnXimf yvPEF1lqWiGPA2tPvJ6dL7bzw7a648/nOV38b9AlzHjgfdmWXQe97MKXPet92lZVtyGc16v8 4M76Sp2S/dyubrUdT34rd8o1BP5fbZAewaPgLKXEUpyRaKjFXFScCAA2E+PgUQIAAA==
Subject: Re: [MMUSIC] Review (by dhanes) of draft-holmberg-mmusic-udptl-dtls-02
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Dec 2013 13:09:06 -0000
Hi David, Again, thanks for your comments! Reply inline. > 1) For some reason, I can't seem to get past the wording on this first sentence in Section 1. I feel like it could be stated a bit clearer. The point > I think is that there are means to send faxes across the PSTN in a secure manner but it was never a priority due to the barrier of physical > access. This is probably just personal preference but I feel a wording similar to the following gets the point across better: > > > "While it is possible to transmit highly sensitive documents using traditional telephony encryption devices, secure fax on the Public Switched > Telephone Network (PSTN) was never widely considered or prioritized. This was mainly because of the challenges involved with physical access to telephony equipment." I am ok with your suggested change. ----------------------- > 2) In the last sentence of the first paragraph of Section 1, the following statement is made "Some of the security mechanisms for securing fax include:" and then a T.30 and T.38 > scheme is mentioned. I think that this has been brought up before but SRTP using fax passthrough is more widely deployed in my experience than either of the other secure > faxing methods. I realize that this document is written under the context of UDPTL-based fax but here in the introduction the topic so far is secure fax in a general sense and it > has yet to be narrowed down to just UDPTL-based fax. It seems like a glaring omission that SRTP fax solutions are not mentioned here. I think SRTP needs to be added if this is > kept in its present form and wording. Or this section could be changed in a manner similar to the following. This will address the omission of SRTP from my perspective: I am ok with your suggested rewrite. Note, though, that [ITU.T38.2010] does define the usage of T.38 over RTP. > While telephony encryption devices have been traditionally used for > highly sensitive documents, secure fax on the Public Switched > Telephone Network (PSTN) was not as widely considered or prioritized > because of the challenges involved with physical access to telephony > equipment. As real-time communications transition to IP networks, > where information might potentially be intercepted or spoofed, an > appropriate level of security for fax that offers integrity and > confidentiality protection is vital. > > The overwhelmingly predominant fax transport protocol today is > UDPTL-based. The protocol stack for fax transport using UDPTL is shown > in Table 1. > > > +-----------------------------+ > > | Protocol | > > +-----------------------------+ > > | Internet facsimile protocol | > > +-----------------------------+ > > | UDPTL | > > +-----------------------------+ > > | UDP | > > +-----------------------------+ > > | IP | > > +-----------------------------+ > > > Table 1: Protocol stack for UDPTL over UDP > > > Implementations exist today for securing this fax transport type. Some of these > mechanisms are: > > > o [ITU.T30.2005] Annex H specifies integrity and confidentiality > protection of fax in application layer, independent of protocol > for fax transport. > > o [ITU.T38.2010] specifies fax transport over RTP/SAVP which enables > integrity and confidentiality protection of fax in IP network. > > > Despite these mechanisms to secure fax, there is no transport layer > security offering integrity and confidentiality protection for UDPTL. This issue > was addressed in a study by the 3rd Generation Partnership Project (3GPP) > on how to provide secure fax in the IP Multimedia Subsystem (IMS). They > concluded that secure fax shall be transported using UDPTL over DTLS. ------------------ >3) Shouldn't the title for Table 2 be "Protocol stack for UDPTL over DTLS" and not "Protocol stack for UDPTL over UDP"? I guess it should be "Protocol stack for UDPTL over DTLS over UDP" Regards, Christer
- [MMUSIC] Review (by dhanes) of draft-holmberg-mmu… David Hanes (dhanes)
- Re: [MMUSIC] Review (by dhanes) of draft-holmberg… Christer Holmberg
- Re: [MMUSIC] Review (by dhanes) of draft-holmberg… Christer Holmberg