Re: [MMUSIC] Review (Rafferty) of draft-ietf-mmusic-udptl-dtls-02

Christer Holmberg <christer.holmberg@ericsson.com> Thu, 09 January 2014 12:25 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73C291ADDCA for <mmusic@ietfa.amsl.com>; Thu, 9 Jan 2014 04:25:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.851
X-Spam-Level:
X-Spam-Status: No, score=-3.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PXEwGdMvFcLh for <mmusic@ietfa.amsl.com>; Thu, 9 Jan 2014 04:25:19 -0800 (PST)
Received: from mailgw7.ericsson.se (mailgw7.ericsson.se [193.180.251.48]) by ietfa.amsl.com (Postfix) with ESMTP id 8F0011ADFD8 for <mmusic@ietf.org>; Thu, 9 Jan 2014 04:25:16 -0800 (PST)
X-AuditID: c1b4fb30-b7f228e000003e6c-ad-52ce95222c5a
Received: from ESESSHC009.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw7.ericsson.se (Symantec Mail Security) with SMTP id CB.79.15980.2259EC25; Thu, 9 Jan 2014 13:25:06 +0100 (CET)
Received: from ESESSMB209.ericsson.se ([169.254.9.201]) by ESESSHC009.ericsson.se ([153.88.183.45]) with mapi id 14.02.0347.000; Thu, 9 Jan 2014 13:25:02 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: James Rafferty <jrafferty@humancomm.com>, "mmusic@ietf.org" <mmusic@ietf.org>, Gonzalo Salgueiro <gsalguei@cisco.com>
Thread-Topic: [MMUSIC] Review (Rafferty) of draft-ietf-mmusic-udptl-dtls-02
Thread-Index: AQHO/dNH5N4ZiaonFEabHHN0Tl+8lJp6+rPg
Date: Thu, 09 Jan 2014 12:25:02 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1C5F29CF@ESESSMB209.ericsson.se>
References: <52B4C55D.5060708@humancomm.com>
In-Reply-To: <52B4C55D.5060708@humancomm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.20]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrBLMWRmVeSWpSXmKPExsUyM+Jvja7S1HNBBg3LhC3mTvGzWHLzJYvF 1OWPWRyYPab83sjq0b3lMrPHkiU/mQKYo7hsUlJzMstSi/TtErgybp48xlawRbbi0YGbLA2M 88S7GDk5JARMJM5cvMQOYYtJXLi3nq2LkYtDSOAQo0Tnx4WsEM5iRolJmzcDVXFwsAlYSHT/ 0wZpEBGolrh9/zYbiC0s4CVxcso9FpASEQFviVXfgiFKjCSWPbjKDGKzCKhITPhwmwXE5hXw lVh67xxYq5CAjkTfwvNgcU4BXYmT82eAxRmB7vl+ag0TiM0sIC5x68l8Jog7BSSW7DnPDGGL Srx8/I8VwlaUuDp9OVS9jsSC3Z/YIGxtiWULXzND7BWUODnzCcsERtFZSMbOQtIyC0nLLCQt CxhZVjGy5yZm5qSXm29iBMbGwS2/DXYwbrovdohRmoNFSZz3w1vnICGB9MSS1OzU1ILUovii 0pzU4kOMTBycUg2MIpOtFp8zmTz5DLMNj77Pt8NyH584HKtVDBSNrbdm23dS9fvvvz2frBTZ F1x1OR219LFDRsYpvTezrsoWxSrMUXlydorTrbPJ7tUnQhe8MtXZKXHRXdFL1HiKxnN/RoOz 8T2Lvdka039PeHwguSWj6+PKBxVc1bktEu8+udz0WPv1k4LstzRfJZbijERDLeai4kQA71xw PFsCAAA=
Subject: Re: [MMUSIC] Review (Rafferty) of draft-ietf-mmusic-udptl-dtls-02
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jan 2014 12:25:21 -0000

Hi James,

Thanks for your review! Comments inline.

> This is a review ofdraft-ietf-mmusic-udptl-dtls-02.   In general, the 
> draft is in good shape.  My comments and suggestions are included below.
>
> Section 1 - first bullet:  add "the" before application layer

Ok.

------------------------

> Section 1, Page 2  - On the paragraph before Table 2, the current last sentence reads:  "The protocol stack for integrity and confidentiality protected fax transport using UDPTL over DTLS is shown in Table 2."
>
> A couple of word changes would make it read more clearly:
> "The protocol stack which enhances fax transport to offer integrity and confidentiality using UDPTL over DTLS is shown in Table 2."

Looks ok.

------------------------

> Section 1, Page 3:  Under the "primary motivations" , I'd suggest broadening the applicability of the last bullet point to read:
>
> "3GPP and the IP fax community need a mechanism to transport UDPTL over DTLS  in order to provide secure fax in IMS and other SIP-based networks."

Looks ok.

------------------------

> Section 2
>
> for the 2nd sentence of the second paragraph, clarify by replacing "it"  by "session"

Ok.

------------------------

> Section 5 - Security Considerations
>
> I think it would help to pull in material about the threat model before jumping directly into the solution (my latest draft got dinged in the IESG security review on this point).
>
> From a fax community perspective, the relevant threats seem to be:
>
> 1.  Confidentiality - Address potential for 3rd parties to intercept and decode messages
>
> 2.  Integrity - Ensure that the parties exchanging the messages are properly authenticated and that the message has not been altered during transport.
>
> These points are addressed somewhat in the body of this section, but it would be useful to start with the threats model and then identify how the solution meets the requirements.

We'll look into it.

------------------------

> Section 6 - IANA Considerations
>
> For consistency with the IANA content for "proto"  in RFC 4566, it looks like the entry for the SDP name in Table 3 should be in quotes or "UDP/TLS/UDPTL"

Ok.

------------------------

> Example A.3
>
> This is an important example, since most (if not all) current UDPTL sessions will start as audio sessions.
>
> To highlight this point, I'd suggest adding a second sentence in this section such as:
>
> "By current conventions, most non-secured UDPTL sessions are initiated via a re-INVITE after the SIP session has begun as an audio session and this example shows to address this scenario for initiating UDPTL sessions secured via DTLS."

In general I am ok with the suggestion, but perhaps we could replace "By current conventions" with "Traditionally". Because, we don't know how things will be done in the future.

I also suggest some other editorial changes to the sentence. Something like:

OLD:

	Figure 6 focuses on T.38 fax securely transported using UDPTL over
   	DTLS replacing audio media stream in an existing audio-only session.


NEW:

	Traditionally, most session with non-secure transport of T.38 fax,
	transported using UDPTL, are established by modifying an ongoing 
	audio session into a fax session.
	Figure 6 shows an example message flow of modifying
	an existing audio session into a session with T.38 fax 
	securely transported using UDPTL over DTLS.

...or something like that. I'll need to make it "fit" into the existing text :)

------------------------

> That concludes my comments on this draft.

Thank You very much! :)

Regards,

Christer