Unknown Key Share Attacks on uses of TLS with the Session Description Protocol (SDP)
draft-ietf-mmusic-sdp-uks-07

Note: This ballot was opened for revision 06 and is now closed.

Adam Roach Yes

Deborah Brungard No Objection

Alissa Cooper No Objection

Comment (2019-08-06 for -06)
Section 2.3: s/This attack/The unknown key share attack/

Section 3: s/Neither SIP nor WebRTC identity providers are not required/Neither SIP nor WebRTC identity providers are required/

Roman Danyliw (was Discuss) No Objection

Comment (2019-08-12)
Thank you for addressing my DISCUSS and COMMENTs.

Benjamin Kaduk (was Discuss) No Objection

Comment (2019-08-09)
Thanks for these updates; they are a big improvement.

In Section 3.2

   The absence of an identity binding does not relax this requirement;
   if a peer provided no identity binding, a zero-length extension MUST
   be present to be considered valid.

For some reason my brain keeps trying to tell me that this could be
misinterpreted somehow, as implying that if the peer doesn't implement
this extension it would be considered invalid.  But I don't see any
actual specific problems with this text, so it's probably fine.

   An "external_id_hash" extension that is any length other than 0 or 32
   is invalid and MUST cause the receiving endpoint to generate a fatal
   "decode_error" alert.

Very pedantic here, but the numbers aren't quite right, as the 
"external_id_hash" extension would be length 1 or 33 due to the length
octet.  We'd have to say that the "binding_hash" is length 0 or 32 to be
pedantically correct.

Section 6

   Without identity assertions, the mitigations in this document prevent
   the session splicing attack described in Section 4.  Defense against
   session concatenation (Section 5) additionally requires protocol
   peers are not able to claim the certificate fingerprints of other
   entities.

nit: "requires that".

Suresh Krishnan No Objection

Warren Kumari No Objection

Mirja K├╝hlewind No Objection

Barry Leiba No Objection

Alexey Melnikov No Objection

Alvaro Retana No Objection