SDP: Session Description Protocol
draft-ietf-mmusic-sdp-new-26

IANA Comments:
The following message was sent to Jon.
Not sure if there was any follow-up to these questions.


-----Original Message-----
From: Michelle Cotton [mailto:michelle.cotton@icann.org]
Sent: Thursday, December 01, 2005 4:09 PM
To: 'jon.peterson@neustar.biz'
Subject: IANA Comments: draft-ietf-mmusic-sdp-new-25.txt

Hi Jon,

So I just reviewed draft-ietf-mmusic-sdp-new-25.txt and have a couple questions.

I can't find if there is anything new that IANA needs to do.

Do the references need change in the sdp-parameters registry for those registrations mentioned in this document?

I can't find the Encryption Key Access Methods registry...any ideas where this is or if it ever got set up?

I'm not super clear that what the IANA registration rules are.
Is RFC3388 still the document that is the official document describing the registration rules for sdp parameters?

RFC3388 say a Standards track document is needed.

This document says the following as well:

  IANA may refer any registration to the IESG Transport Area Directors
  for review, and may request revisions to be made before a
  registration will be made.


Sorry if these questions are all over the place.  I'm at the ICANN meeting right now...I'm super tired (esp after going through all those docs for the telechat today!)

:)

Let me know if I can clarify anything.  Looking forward to your response.
Thanks,

Michelle
IANA

[Ballot discuss]
Please expand the security considerations to include the following
  points:

  - It is generally a good idea to indicate the algorithm that a
    cryptographic key is intended to support.  However, the k= field
    does not provide this tagging.

  - Many security protocols require two keys, one for confidentiality
    and another for integrity.  However, the k= field can only provide
    a single key.

[Ballot discuss]
Please expand the security considerations to include the following
  points:

  - It is generally a good idea to indicate the algorithm that a
    cryptographic key is intended to support.  However, the k= field
    does not provide this tagging.  Please tell implementors how
    to deal with this shortcoming.

  - Many security protocols require two keys, one for confidentiality
    and another for integrity.  However, the k= field can only provide
    a single key.  Please tell implementors how to deal with this
    shortcoming.  Is there a particular security protocol and algorithm
    for which this mechanism works well?

[Ballot comment]
I've looked at Ned's old discuss and believe it has been addressed.

The normative reference to RFC 2234 should be updated to 4234, but I assume that'll be done by the RFC Editor.

[Ballot comment]
Long editorial comments are in the Gen-ART review by
Spencer Dawkins. I wouldn't mind seeing a new version
that takes account of these.

Review will be placed at
http://www.alvestrand.no/ietf/gen/reviews/draft-ietf-mmusic-sdp-new-25-dawkins.txt

[Ballot comment]
I've decided to move to no-objection for this, and to enter the previous DISCUSS text
as a comment.  I still think the issues should be fixed, but I've decided it is better not
to hold the draft for them.

n Section 5, for the description of u=

          I'd suggest eliminating "as used by WWW clients." and adding a citation
          to draft-fielding-uri-rfc2396bis (or at least rfc2396). Note that this
          definition seems to presume that all URIs used will be dereferencable,
          which is not true for all URIs. If this is a limitation, then it should
          be stated.

          The k= also seems to presume that the URI is dereferencable.
          If this is a limitation of the URI, it should be made explicit
which schemes
          are appropriate here. Frankly, it seems to mean http:; if that is the
          case, specifying it seems like a good idea. Even for dereferencable
          URI schemes, not all will use MIME to mark the reply (think of an
          ftp: URI, for example). When they do, the mime content-encoding
          specifies the encoding of the _message_, so reusing the word
          "encoding" here seems problematic. How would "For those URI
          schemes which use MIME, the content-encoding and content-type
          headers of the reply may provide guidance on the format of the key."
          work?

          On that same hobby horse, the ABNF in the appendix has:
            ; sub-rules of 'u='
              uri = URI-reference; see RFC1630 and RFC2732

            I think this should be a pointer to 2396 or the 2396bis draft.

          For the a= inactive designation, we've discussed what addresses to use
          for sessions which are being set up but for which addresses are
not yet known.
            It was suggested apps use something like "sdp.inactive" so that
the .inactive
            TLD could reinforce the a=inactive flag. In that instance,
would the presence
            of that TLD be a condition under which the RTCP SHOULD is appropriately
            not done, and no RTCP sent? If so, is mentioning that case
appropriate here?

            In the IANA considerations, it looks the draft should specify that the
            IANA must update the MIME media type registration to point to this
            doc instead of RFC 2327.

Notes:

Having Section 5 contain so much without sub-headers made it hard to
give pointers to sections in the comments; that may be true for others
using the spec as well.

In section 5, in the section describing the first subfield of c=
          Just as a query, has anyone considered using a specific marker of
          private address realms for SDP? That is, using a network type other
          than IN to indicate that the domain name or address given are
          not globally unique/globally reachable?

In the Security considerations, "Many different protocols may be used
to distribute session description," looks like session description should
be plural.

[Ballot comment]
Comment transferred from old ballot:

Intro/abstract doesn't say the document obsoletes RFC 2137, which
I think is the intent.

The text on internationalization says UTF-8 only applies to informational
fields. Does this mean it isn't required to perform any normalization
whatsoever on the UTF-8?
Would it make sense to explicitly state that normalization isn't needed.

Typo:
                removed. It is assumed that transports of SDP specify will
                specify this.
s/specify//

[Ballot discuss]
Discuss comment transferred from old ballot:

k= strikes me as almost useless. It doesn't have enough information
(such as algorithm) to really be usable. I see no protection against
replay prevention, nor any mention of that as a requirement for secure
transport of SDP announcements. In fact, nothing is said about channel
requirements in this context other than "secure and trusted". Is k=
really used? Should it be deleted in favor of a pointer to
draft-ietf-mmusic-sdescriptions?

The Security Consideration section says that automatic mechanisms
SHOULD NOT be used to start up interactive applications without user
knowledge. I'd prefer MUST NOT, and I'd ask for consent, not simplhy
knowledge. See the /dev/audio part of http://www.cert.org/advisories/CA-1993-15.html
for why this is a problem...

[Ballot discuss]
Discuss comment transferred from old ballot:

This document should explicitly say it obsoletes RFC 2327.

This document apparently defines the application/sdp media type, replacing the
definition in RFC 2327, but contains no media type registration form nor any
IANA action associated with the registration. (This was also true of RFC 2327.)

A 44 page document REALLY needs a table of contents. (I realize the RFC Editor
is supposed to deal with this, but RFC 2327 is 42 pages and didn't have a
TOC either.)

That's it!

[Ballot comment]
Comments transferred from old style text ballot:
Thanks for your comments Ted - some notes below.

- J

> -----Original Message-----
> From: hardie@qualcomm.com [mailto:hardie@qualcomm.com]
> Sent: Tuesday, June 24, 2003 4:01 PM
> To: iesg-secretary@ietf.org; iesg@ietf.org
> Subject: Evaluation: draft-ietf-mmusic-sdp-new-13
>
>
> Ted Hardie [ ] [ ] [ X ] [ ]
>
> DISCUSS:
> In Section 5, for the description of u=
>
> I'd suggest eliminating "as used by WWW clients." and adding a
citation
> to draft-fielding-uri-rfc2396bis (or at least rfc2396). Note that
this
> definition seems to presume that all URIs used will be
dereferencable,
> which is not true for all URIs. If this is a limitation, then it
should
> be stated.
>

OK.

> The k= also seems to presume that the URI is dereferencable.
> If this is a limitation of the URI, it should be made explicit which
schemes
> are appropriate here. Frankly, it seems to mean http:; if that is
the
> case, specifying it seems like a good idea. Even for dereferencable
> URI schemes, not all will use MIME to mark the reply (think of an
> ftp: URI, for example). When they do, the mime content-encoding
> specifies the encoding of the _message_, so reusing the word
> "encoding" here seems problematic. How would "For those URI
> schemes which use MIME, the content-encoding and content-type
> headers of the reply may provide guidance on the format of the key."
> work?
>

Yes, I think it would be good to be explicit that this SHOULD be http: or
even preferably https: - I guess I can imagine LDAP or something as well,
but it would be good to encourage something.

I think your wording above on MIME headers is good as well.

> On that same hobby horse, the ABNF in the appendix has:
> ; sub-rules of 'u='
> uri = URI-reference; see RFC1630 and RFC2732
>
> I think this should be a pointer to 2396 or the 2396bis draft.
>

Agreed.

> For the a= inactive designation, we've discussed what addresses to
use
> for sessions which are being set up but for which addresses are not
yet known.
> It was suggested apps use something like "sdp.inactive" so that the
.inactive
> TLD could reinforce the a=inactive flag. In that instance, would
the presence
> of that TLD be a condition under which the RTCP SHOULD is
appropriately
> not done, and no RTCP sent? If so, is mentioning that case
appropriate here?
>

Um... that's a trickier case. Agreed, of course, that sending RTCP in this
case is pointless. I don't think we've as yet identified any particular
magic word (like 'address.invalid') that we'd be into the SDP to signify
that this SDP is an IOU. I guess it's the case, though, that if the
domainname in the c= line cannot be reached, you can't send RTCP to it - so
I'm not sure that there's a danger that RTCP will be sent needlessly that
could be prevented here with some additional language.

> In the IANA considerations, it looks the draft should specify that
the
> IANA must update the MIME media type registration to point to this
> doc instead of RFC 2327.
>

True enough.

> Notes:
>
> Having Section 5 contain so much without sub-headers made it hard to
> give pointers to sections in the comments; that may be true for others
> using the spec as well.
>

Fair.

> In section 5, in the section describing the first subfield of c=
> Just as a query, has anyone considered using a specific marker of
> private address realms for SDP? That is, using a network type other
> than IN to indicate that the domain name or address given are
> not globally unique/globally reachable?
>

Well, whether or not a private address is reachable wrt a particular
recipient of SDP is of course a matter of placement and context. The
question is what the recipient would do with if it had a different marker
for 1918 addrs. If the marker were able to tell the recipient whether or not
it could reach the address in question, then it would be useful, sure. But
barring that I'm not sure how useful this would be.

> In the Security considerations, "Many different protocols may be used
> to distribute session description," looks like session description should
> be plural.
>

I'll pass these along.

[Ballot discuss]
Discuss transferred from old style text ballot:
In the ABNF, the definition of "m1" ends with an extra ).


The text says that type characters are case-sensitive.
Unfortunately, this means that ASCII values have to be
used in the ABNF instead of strings, since ABNF strings
are case-insensitive. e.g.

            proto-version = "v=" 1*DIGIT CRLF

really has to be something like

            proto-version = %x76 "=" 1*DIGIT CRLF
or
            proto-version = %x76.3d 1*DIGIT CRLF

since both "v=0" and "V=0" match the one with "v=".

I realize that this latter error is copied from RFC 2327. If this is
the only objection I'm not going to stand on it too strongly.

[Ballot discuss]
Discuss Transferred from old style text ballot:
In Section 5, for the description of u=

          I'd suggest eliminating "as used by WWW clients." and adding a citation
          to draft-fielding-uri-rfc2396bis (or at least rfc2396). Note that this
          definition seems to presume that all URIs used will be dereferencable,
          which is not true for all URIs. If this is a limitation, then it should
          be stated.

          The k= also seems to presume that the URI is dereferencable.
          If this is a limitation of the URI, it should be made explicit
which schemes
          are appropriate here. Frankly, it seems to mean http:; if that is the
          case, specifying it seems like a good idea. Even for dereferencable
          URI schemes, not all will use MIME to mark the reply (think of an
          ftp: URI, for example). When they do, the mime content-encoding
          specifies the encoding of the _message_, so reusing the word
          "encoding" here seems problematic. How would "For those URI
          schemes which use MIME, the content-encoding and content-type
          headers of the reply may provide guidance on the format of the key."
          work?

          On that same hobby horse, the ABNF in the appendix has:
            ; sub-rules of 'u='
              uri = URI-reference; see RFC1630 and RFC2732

            I think this should be a pointer to 2396 or the 2396bis draft.

          For the a= inactive designation, we've discussed what addresses to use
          for sessions which are being set up but for which addresses are
not yet known.
            It was suggested apps use something like "sdp.inactive" so that
the .inactive
            TLD could reinforce the a=inactive flag. In that instance,
would the presence
            of that TLD be a condition under which the RTCP SHOULD is appropriately
            not done, and no RTCP sent? If so, is mentioning that case
appropriate here?

            In the IANA considerations, it looks the draft should specify that the
            IANA must update the MIME media type registration to point to this
            doc instead of RFC 2327.

Notes:

Having Section 5 contain so much without sub-headers made it hard to
give pointers to sections in the comments; that may be true for others
using the spec as well.

In section 5, in the section describing the first subfield of c=
          Just as a query, has anyone considered using a specific marker of
          private address realms for SDP? That is, using a network type other
          than IN to indicate that the domain name or address given are
          not globally unique/globally reachable?

In the Security considerations, "Many different protocols may be used
to distribute session description," looks like session description should
be plural.

[Ballot discuss]
Discuss transferred from old style text ballot:
      Section 4.3 talks about private sessions. It says:

            "The details of how encryption is performed are dependent on the
            mechanism used to convey SDP - e.g. mechanisms are defined for SDP
            transported using SAP [RFC2974] and SIP [RFC3261]."

      Why aren't S/MIME for email and TLS for WWW included here?

      In section 5, the discussion of encryption keys says:

            "k=clear:

              The encryption key is included untransformed in this key field.
              This method MUST NOT be used unless it can be guaranteed that
              the SDP is conveyed over a secure channel.

              k=base64:

              The encryption key is included in this key field but has been
              base64 encoded because it includes characters that are
              prohibited in SDP. This method MUST NOT be used unless it can
              be guaranteed that the SDP is conveyed over a secure channel."

      These restrictions are necessary but not sufficient. You must also
ensure that the secure channel is with the party that is authorized to join
the session, not an intermediary. If a caching server is used, there ought
to be a way to keep the server from accessing the key.

      Also, it is generally a good idea to indicate the algorithm that a
cryptographic key is intended to support. I suggest that the encryption
key type be revised to specify the key as well as the algorithm that the
key will be used with.

      Finally, many security protocols require two keys, one for
confidentiality and another for integrity. This specification does not
support the transfer of two keys.

      In section 6, the document says:

            "Use of the "k=" field poses a significant security risk, since it
            conveys session encryption keys in the clear. SDP MUST NOT be used
            to convey key material, unless it can be guaranteed that the channel
            over which the SDP is delivered is both private and authenticated."

      I agree. It would therefore be desirable for the "k=" field to support
two other alternatives. First, it would be nice to name the key without
actually including the key. In PEM (see RFC 1040), the Recipient-ID was
used to name key-encryption keys, and a similar scheme could be employed
here. Second, it would be nice to encrypt the session key in a key that is
not included in SDP. PEM also includes a mechanism for wrapped symmetric keys.

State Changes to Wait for Writeup                                  from Last Call Issued                                  by scoya

State Changes to Last Call Issued                                  from Last Call Requested                              by jhargest