Session Traversal Utilities for NAT (STUN) Usage for Consent Freshness
draft-ietf-rtcweb-stun-consent-freshness-16
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2015-10-16
|
16 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2015-10-14
|
16 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2015-10-14
|
16 | (System) | Notify list changed from draft-ietf-rtcweb-stun-consent-freshness@ietf.org, rtcweb-chairs@ietf.org, draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org, draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org to (None) |
2015-10-06
|
16 | (System) | RFC Editor state changed to RFC-EDITOR from AUTH48 |
2015-08-17
|
16 | (System) | RFC Editor state changed to EDIT |
2015-08-17
|
16 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2015-08-17
|
16 | (System) | Announcement was received by RFC Editor |
2015-08-13
|
16 | (System) | IANA Action state changed to No IC |
2015-08-13
|
16 | Cindy Morgan | IESG state changed to Approved-announcement sent from IESG Evaluation::AD Followup |
2015-08-13
|
16 | Cindy Morgan | IESG has approved the document |
2015-08-13
|
16 | Cindy Morgan | Closed "Approve" ballot |
2015-08-13
|
16 | Cindy Morgan | Ballot approval text was generated |
2015-08-13
|
16 | Cindy Morgan | Ballot writeup was changed |
2015-08-13
|
16 | Stephen Farrell | [Ballot comment] Thanks for putting up with my partly silly discuss/comments. |
2015-08-13
|
16 | Stephen Farrell | [Ballot Position Update] Position for Stephen Farrell has been changed to No Objection from Discuss |
2015-08-13
|
16 | Ram R | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2015-08-13
|
16 | Ram R | New version available: draft-ietf-rtcweb-stun-consent-freshness-16.txt |
2015-08-06
|
15 | Cindy Morgan | IESG state changed to IESG Evaluation::AD Followup from IESG Evaluation |
2015-08-06
|
15 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2015-08-06
|
15 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2015-08-05
|
15 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2015-08-05
|
15 | Terry Manderson | [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson |
2015-08-05
|
15 | Cindy Morgan | Changed consensus to Yes from Unknown |
2015-08-05
|
15 | Stephen Farrell | [Ballot discuss] Apologies that these discuss points are maybe asking fairly fundamental questions. That could be that this is really the first of the new … [Ballot discuss] Apologies that these discuss points are maybe asking fairly fundamental questions. That could be that this is really the first of the new security things required by rtcweb to get to the IESG. Or maybe I'm misreading stuff here, if so, sorry;-) (1) Why call this "consent?" That term is (ab)used in many ways on the web, and adding another variation without a definition that distinguishes this from "click ok to my 200 page anti-privacy policy" or "remember that example.com is allowed use my camera/mic" seems like a terrible idea. I also don't see how this can ever be something to which a normal person can "consent" (i.e. consciously agree while fully understanding) so the term is IMO very misleading, and will I fear be used to mislead further. (See also some of the comments below - I do not think we ought be as fast and loose with this aleady terribly badly used term.) To summarise: I'd love if you did s/consent/anything-else/g but if not, please define consent here in a way that clearly and unambiguously distinguishes this usage from other abuses of the term. (2) WebRTC does not require STUN or TURN servers for some calls, even if it does for many. Why is it ok to require such a server be present in all calls (which I think this means) espcially when that means exposing additional meta-data (calling parties in a case where the servers weren't needed and call duration in all cases) to those servers when that is not always necessary? (3) (end of p5) You have a MUST NOT here that is depenedent on current browser implementations. Why is that an IETF thing and not a W3C thing? But more interestingly, can one securely use this protocol without the kind of JS vs. browser sandboxing etc that's needed in the web? If the answer is "no" then don't you need to say that this protocol can only safely be used for such implementations? (In section 2, which almost but not quite says that.) (4) Cleared. (5) Cleared. |
2015-08-05
|
15 | Stephen Farrell | [Ballot comment] (Was discuss point#4) "Section 8: Where are these 96 bits defined? I think this "requires..." statement needs a precise reference to the place … [Ballot comment] (Was discuss point#4) "Section 8: Where are these 96 bits defined? I think this "requires..." statement needs a precise reference to the place in some ICE/TURN/STUN RFC where it's defined. (And I forget where that is, sorry:-) This should be an easy fix." Alissa gave me the reference [1] sothat's grand. It might be an idea to make that clearer if it wasn't just me missing it as I read, which is very possible;-) [1] https://tools.ietf.org/html/rfc5389#section-6 - abstract: why is only sending "media" mentioned here? What about data channels? And the body of the document in fact says this all applies to any non-ICE data and not only media. - intro: "initial consent to send by performing STUN" I do not find the word consent in either rfc5245 or 3489, but perhaps it is used somewhere else. Where? And with what meaning? - section 4, 2nd last para - I think the conclusion is bogus. An implementation knows when the keying it's using can not involve >1 (nominally operating) party. - 5.1, 3rd para: "Explicit consent to send is obtained..." is misleading. That is not a concept that an implementation of STUN will embody. - 5.1, What is the "Note" about TCP for? Why is this needed? |
2015-08-05
|
15 | Stephen Farrell | Ballot comment and discuss text updated for Stephen Farrell |
2015-08-05
|
15 | Alia Atlas | [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas |
2015-08-05
|
15 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2015-08-05
|
15 | Stephen Farrell | [Ballot discuss] Apologies that these discuss points are maybe asking fairly fundamental questions. That could be that this is really the first of the new … [Ballot discuss] Apologies that these discuss points are maybe asking fairly fundamental questions. That could be that this is really the first of the new security things required by rtcweb to get to the IESG. Or maybe I'm misreading stuff here, if so, sorry;-) (1) Why call this "consent?" That term is (ab)used in many ways on the web, and adding another variation without a definition that distinguishes this from "click ok to my 200 page anti-privacy policy" or "remember that example.com is allowed use my camera/mic" seems like a terrible idea. I also don't see how this can ever be something to which a normal person can "consent" (i.e. consciously agree while fully understanding) so the term is IMO very misleading, and will I fear be used to mislead further. (See also some of the comments below - I do not think we ought be as fast and loose with this aleady terribly badly used term.) To summarise: I'd love if you did s/consent/anything-else/g but if not, please define consent here in a way that clearly and unambiguously distinguishes this usage from other abuses of the term. (2) WebRTC does not require STUN or TURN servers for some calls, even if it does for many. Why is it ok to require such a server be present in all calls (which I think this means) espcially when that means exposing additional meta-data (calling parties in a case where the servers weren't needed and call duration in all cases) to those servers when that is not always necessary? (3) (end of p5) You have a MUST NOT here that is depenedent on current browser implementations. Why is that an IETF thing and not a W3C thing? But more interestingly, can one securely use this protocol without the kind of JS vs. browser sandboxing etc that's needed in the web? If the answer is "no" then don't you need to say that this protocol can only safely be used for such implementations? (In section 2, which almost but not quite says that.) (4) Section 8: Where are these 96 bits defined? I think this "requires..." statement needs a precise reference to the place in some ICE/TURN/STUN RFC where it's defined. (And I forget where that is, sorry:-) This should be an easy fix. (5) Why is it ok to approve this while the rtcweb-security-arch and rtcweb-security are still developing? There are section-specific references here along the lines of: "doing this is ok because of section x.x" of both of those drafts. Why is it ok to approve this now, when the underlying architecture and overall security model on which this depends are still in-flux? I'm not asking about editorial changes here nor about timing, but about why it's ok to approve this when the basic security concepts have yet to undergo IETF last call, and so could change significantly. I do not think it would be acceptable for a comment/discuss on the security documents to be received with "yes, but you approved consent-freshness and so we implemented and deployed that so you're too late to make that comment/discuss and expect some change." |
2015-08-05
|
15 | Stephen Farrell | [Ballot comment] - abstract: why is only sending "media" mentioned here? What about data channels? And the body of the document in fact says this … [Ballot comment] - abstract: why is only sending "media" mentioned here? What about data channels? And the body of the document in fact says this all applies to any non-ICE data and not only media. - intro: "initial consent to send by performing STUN" I do not find the word consent in either rfc5245 or 3489, but perhaps it is used somewhere else. Where? And with what meaning? - section 4, 2nd last para - I think the conclusion is bogus. An implementation knows when the keying it's using can not involve >1 (nominally operating) party. - 5.1, 3rd para: "Explicit consent to send is obtained..." is misleading. That is not a concept that an implementation of STUN will embody. - 5.1, What is the "Note" about TCP for? Why is this needed? |
2015-08-05
|
15 | Stephen Farrell | [Ballot Position Update] New position, Discuss, has been recorded for Stephen Farrell |
2015-08-04
|
15 | Ben Campbell | [Ballot comment] This looks good overall. I have a few minor comments: -- General: After re-reading this, and the relevant parts of rtcweb-security-architecture, I think … [Ballot comment] This looks good overall. I have a few minor comments: -- General: After re-reading this, and the relevant parts of rtcweb-security-architecture, I think a novice reader might find the meaning of "consent" a bit vague, especially in terms of how it might differ from "reachability". Can you offer an example of when an otherwise reachable peer might choose to withdraw consent? -- section 1, first paragraph: I think readers are going to stumble over why we think a device that plans to attack a peer is going to worry about consent. This makes more sense in section 2. It might be helpful to move (or copy) the bit about "... deployments of WebRTC..." and "... malicious javascript" forward to the intro. - 4, 3rd paragraph: Should the reader infer that the receipt of a package that is strongly assured to have come from a party implies consent from that party? If so, it might be worth an explicit mention. -- 5.1, first paragraph: The normative MUST feels wrong here, (and is probably redundant with other normative language further down in the section.) For example, could a sender just choose to stop sending? -- 5.1, 5th paragraph: From the next paragraph, I infer that you mean consent expires after 30 seconds when you have been sending binding request every few seconds, not 30 seconds after sending any particular binding request. If that's correct it might be helpful to add a few words to that effect. -- 5.1, 6th paragraph: Does the "MUST NOT" refer to the general interval between checks prior to randomization, or to the specific interval between a pair of checks after randomization? Nits: -- 2, 2nd paragraph: "verify peer's consent" Missing article (or "verify peer consent") -- 5.1, paragraph 3: s/sending an stun binding/sending a stun binding -- 5.1, 7th paragraph: "Each STUN binding request for consent MUST use a new STUN transaction identifier for every consent binding request..." That's sort of redundant. I suggest something to the effect of "each consent binding request MUST use a new stun transaction identifier. " |
2015-08-04
|
15 | Ben Campbell | [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell |
2015-08-04
|
15 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2015-08-04
|
15 | Spencer Dawkins | [Ballot Position Update] New position, Yes, has been recorded for Spencer Dawkins |
2015-08-03
|
15 | Kathleen Moriarty | [Ballot comment] Thank you for your response to the SecDir review. https://www.ietf.org/mail-archive/web/secdir/current/msg05760.html |
2015-08-03
|
15 | Kathleen Moriarty | [Ballot Position Update] New position, No Objection, has been recorded for Kathleen Moriarty |
2015-07-28
|
15 | Barry Leiba | [Ballot comment] A couple of very minor comments only: FWIW, I think rtcweb-security-arch need only be an informative reference; it seems only explanatory. I also … [Ballot comment] A couple of very minor comments only: FWIW, I think rtcweb-security-arch need only be an informative reference; it seems only explanatory. I also think that about RFC 6263. -- Section 5.1 -- A full ICE implementation obtains consent to send using ICE. After ICE concludes on a particular candidate pair and whenever the endpoint sends application data on that pair consent MUST be maintained following the procedure described in this document. I don't understand the "MUST" here, given that Section 4 says this is "an optional extension". Why "MUST", then, rather than "can be"? |
2015-07-28
|
15 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2015-07-16
|
15 | Alissa Cooper | Ballot has been issued |
2015-07-16
|
15 | Alissa Cooper | [Ballot Position Update] New position, Yes, has been recorded for Alissa Cooper |
2015-07-16
|
15 | Alissa Cooper | Created "Approve" ballot |
2015-07-16
|
15 | Alissa Cooper | Ballot writeup was changed |
2015-07-16
|
15 | Alissa Cooper | Ballot writeup was changed |
2015-07-16
|
15 | Alissa Cooper | Placed on agenda for telechat - 2015-08-06 |
2015-07-16
|
15 | Alissa Cooper | IESG state changed to IESG Evaluation from Waiting for Writeup |
2015-07-16
|
15 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2015-07-13
|
15 | (System) | IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed |
2015-07-13
|
15 | Pearl Liang | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-rtcweb-stun-consent-freshness-15, which is currently in Last Call, and has the following comments: We understand that, upon … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-rtcweb-stun-consent-freshness-15, which is currently in Last Call, and has the following comments: We understand that, upon approval of this document, there are no IANA Actions that need completion. While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, IANA does not object. If this assessment is not accurate, please respond as soon as possible. |
2015-07-02
|
15 | Cindy Morgan | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (STUN Usage for Consent Freshness) … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (STUN Usage for Consent Freshness) to Proposed Standard The IESG has received a request from the Real-Time Communication in WEB-browsers WG (rtcweb) to consider the following document: - 'STUN Usage for Consent Freshness' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-07-16. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. This document was previously last called on May 1 and has been updated as a result of comments submitted during that last call. Abstract To prevent WebRTC applications, such as browsers, from launching attacks by sending media to unwilling victims, periodic consent to send needs to be obtained from remote endpoints. This document describes a consent mechanism using a new Session Traversal Utilities for NAT (STUN) usage. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-rtcweb-stun-consent-freshness/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-rtcweb-stun-consent-freshness/ballot/ No IPR declarations have been submitted directly on this I-D. |
2015-07-02
|
15 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2015-07-02
|
15 | Alissa Cooper | Last call was requested |
2015-07-02
|
15 | Alissa Cooper | IESG state changed to Last Call Requested from Waiting for Writeup |
2015-07-02
|
15 | Alissa Cooper | Last call announcement was changed |
2015-07-02
|
15 | Alissa Cooper | Last call announcement was generated |
2015-07-02
|
15 | Ted Hardie | As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated … As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated 24 February 2012. (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? Proposed Standard is requested, and standards track is noted in the header. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary In WebRTC contexts, peers send media traffic to each other. To prevent attacks on peers, endpoints have to ensure the remote peer is willing to receive traffic. This is performed both when the session is first established to the remote peer and periodically for the duration of the session. This document defines a method for confirming consent using a new STUN usage. Working Group Summary Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough? One of the consistent issues within the WebRTC ecosystem is the extent to which requirements from deployed systems impact the working of the protocol. In this context, discussion of how ICE-lite entities should behave consumed a good bit of time, but I believe that the document represents the WG's general understanding. After a set of external reviews by directorates the documented was updated and a new working group last call issued. No new issues were identified during the final working group last call. Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted? The document was reviewed by a number of implementors and implementations are planned or under way. This document did not require expert review of the type mentioned above, but Christer Holmberg's review is called out in the document for its thoroughness. Personnel Who is the Document Shepherd? Who is the Responsible Area Director? Ted Hardie is the Document Shepherd; Richard Barnes is the Responsible Area Director. (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The document was re-reviewed and the mailing list traffic from the working group last call forward reviewed to ensure that issues raised were addressed. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? No conerns. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. Because this describes a security mechanism, additional review would be welcome, but a number of security folks are authors or reviewers. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. No specific concerns. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why. Yes. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. No disclosures have been filed. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? Consensus appears general. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) There are no threatened appeals or other discontent of which I am aware. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. This document passes ID-nits, with only one warning of an unused reference. This can be removed by the RFC Editor, I believe, and need not hold the document. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. As noted above, these reviews do not apply to this document. (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? All normative references are at appropriate levels for advancement. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. None needed for this document. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. It will not change the status of any existing RFC. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). This document makes no requests of IANA. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. This document makes no requests of IANA. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. This document does not use a formal grammar. |
2015-06-22
|
15 | Tirumaleswar Reddy.K | New version available: draft-ietf-rtcweb-stun-consent-freshness-15.txt |
2015-06-10
|
14 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Has Issues. Reviewer: Steve Hanna. |
2015-06-08
|
14 | Tirumaleswar Reddy.K | New version available: draft-ietf-rtcweb-stun-consent-freshness-14.txt |
2015-06-03
|
13 | Alissa Cooper | Removed from agenda for telechat |
2015-05-26
|
13 | Alissa Cooper | Telechat date has been changed to 2015-06-11 from 2015-05-28 |
2015-05-21
|
13 | Meral Shirazipour | Request for Last Call review by GENART Completed: Ready. Reviewer: Meral Shirazipour. |
2015-05-21
|
13 | Meral Shirazipour | Request for Last Call review by GENART Completed: Ready with Nits. Reviewer: Meral Shirazipour. |
2015-05-21
|
13 | Jean Mahoney | Request for Last Call review by GENART is assigned to Meral Shirazipour |
2015-05-21
|
13 | Jean Mahoney | Request for Last Call review by GENART is assigned to Meral Shirazipour |
2015-05-21
|
13 | Ted Hardie | Notification list changed to draft-ietf-rtcweb-stun-consent-freshness@ietf.org, rtcweb-chairs@ietf.org, draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org, draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org from ted.hardie@nominum.com, draft-ietf-rtcweb-stun-consent-freshness@ietf.org, rtcweb-chairs@ietf.org, draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org, draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org |
2015-05-15
|
13 | Gunter Van de Velde | Request for Last Call review by OPSDIR Completed: Serious Issues. Reviewer: David Black. |
2015-05-15
|
13 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2015-05-13
|
13 | Ram R | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2015-05-13
|
13 | Ram R | New version available: draft-ietf-rtcweb-stun-consent-freshness-13.txt |
2015-05-13
|
12 | Alissa Cooper | Placed on agenda for telechat - 2015-05-28 |
2015-05-13
|
12 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2015-05-13
|
12 | Pearl Liang | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-rtcweb-stun-consent-freshness-11, which is currently in Last Call, and has the following comments: We understand that, upon … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-rtcweb-stun-consent-freshness-11, which is currently in Last Call, and has the following comments: We understand that, upon approval of this document, there are no IANA Actions that need completion. While it is helpful for the IANA Considerations section of the document to remain in place upon publication, if the authors prefer to remove it, IANA doesn't object. If this assessment is not accurate, please respond as soon as possible. |
2015-05-07
|
12 | Jean Mahoney | Request for Last Call review by GENART is assigned to Meral Shirazipour |
2015-05-07
|
12 | Jean Mahoney | Request for Last Call review by GENART is assigned to Meral Shirazipour |
2015-05-04
|
12 | Ram R | New version available: draft-ietf-rtcweb-stun-consent-freshness-12.txt |
2015-05-04
|
11 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Steve Hanna |
2015-05-04
|
11 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Steve Hanna |
2015-05-04
|
11 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to David Black |
2015-05-04
|
11 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to David Black |
2015-05-01
|
11 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2015-05-01
|
11 | Amy Vezza | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (STUN Usage for Consent Freshness) … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (STUN Usage for Consent Freshness) to Proposed Standard The IESG has received a request from the Real-Time Communication in WEB-browsers WG (rtcweb) to consider the following document: - 'STUN Usage for Consent Freshness' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-05-15. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract To prevent sending excessive traffic to an endpoint, periodic consent needs to be obtained from that remote endpoint. This document describes a consent mechanism using a new Session Traversal Utilities for NAT (STUN) usage. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-rtcweb-stun-consent-freshness/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-rtcweb-stun-consent-freshness/ballot/ No IPR declarations have been submitted directly on this I-D. |
2015-05-01
|
11 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
2015-05-01
|
11 | Amy Vezza | Last call announcement was changed |
2015-04-30
|
11 | Alissa Cooper | Last call was requested |
2015-04-30
|
11 | Alissa Cooper | Last call announcement was generated |
2015-04-30
|
11 | Alissa Cooper | Ballot approval text was generated |
2015-04-30
|
11 | Alissa Cooper | Ballot writeup was generated |
2015-04-30
|
11 | Alissa Cooper | IESG state changed to Last Call Requested from AD Evaluation |
2015-04-30
|
11 | Alissa Cooper | IESG state changed to AD Evaluation from Publication Requested |
2015-03-25
|
11 | Cindy Morgan | Shepherding AD changed to Alissa Cooper |
2015-02-26
|
11 | Ted Hardie | As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated … As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated 24 February 2012. (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? Proposed Standard is requested, and standards track is noted in the header. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary In WebRTC contexts, peers send media traffic to each other. To prevent attacks on peers, endpoints have to ensure the remote peer is willing to receive traffic. This is performed both when the session is first established to the remote peer and periodically for the duration of the session. This document defines a method for confirming consent using a new STUN usage. Working Group Summary Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough? One of the consistent issues within the WebRTC ecosystem is the extent to which requirements from deployed systems impact the working of the protocol. In this context, discussion of how ICE-lite entities should behave consumed a good bit of time, but I believe that the document represents the WG's general understanding. Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted? The document was reviewed by a number of implementors and implementations are planned or under way. This document did not require expert review of the type mentioned above, but Christer Holmberg's review is called out in the document for its thoroughness. Personnel Who is the Document Shepherd? Who is the Responsible Area Director? Ted Hardie is the Document Shepherd; Richard Barnes is the Responsible Area Director. (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The document was re-reviewed and the mailing list traffic from the working group last call forward reviewed to ensure that issues raised were addressed. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? No conerns. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. Because this describes a security mechanism, additional review would be welcome, but a number of security folks are authors or reviewers. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. No specific concerns. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why. Yes. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. No disclosures have been filed. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? Consensus appears general. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) There are no threatened appeals or other discontent of which I am aware. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. This document passes ID-nits, with only one warning of an unused reference. This can be removed by the RFC Editor, I believe, and need not hold the document. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. As noted above, these reviews do not apply to this document. (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? All normative references are at appropriate levels for advancement. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. None needed for this document. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. It will not change the status of any existing RFC. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). This document makes no requests of IANA. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. This document makes no requests of IANA. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. This document does not use a formal grammar. |
2015-02-26
|
11 | Ted Hardie | State Change Notice email list changed to ted.hardie@nominum.com, draft-ietf-rtcweb-stun-consent-freshness@ietf.org, rtcweb-chairs@ietf.org, draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org, rtcweb@ietf.org, draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org |
2015-02-26
|
11 | Ted Hardie | Responsible AD changed to Richard Barnes |
2015-02-26
|
11 | Ted Hardie | IETF WG state changed to Submitted to IESG for Publication from Waiting for WG Chair Go-Ahead |
2015-02-26
|
11 | Ted Hardie | IESG state changed to Publication Requested |
2015-02-26
|
11 | Ted Hardie | IESG process started in state Publication Requested |
2015-02-26
|
11 | Ted Hardie | Intended Status changed to Proposed Standard from None |
2015-02-26
|
11 | Ted Hardie | Changed document writeup |
2015-02-04
|
11 | Ted Hardie | Will start the doc shepherd write up in the next day or two. Ted |
2015-02-04
|
11 | Ted Hardie | IETF WG state changed to Waiting for WG Chair Go-Ahead from In WG Last Call |
2014-12-18
|
11 | Ram R | New version available: draft-ietf-rtcweb-stun-consent-freshness-11.txt |
2014-12-14
|
10 | Ram R | New version available: draft-ietf-rtcweb-stun-consent-freshness-10.txt |
2014-12-04
|
09 | Tirumaleswar Reddy.K | New version available: draft-ietf-rtcweb-stun-consent-freshness-09.txt |
2014-10-27
|
08 | Ram R | New version available: draft-ietf-rtcweb-stun-consent-freshness-08.txt |
2014-09-15
|
07 | Dan Wing | New version available: draft-ietf-rtcweb-stun-consent-freshness-07.txt |
2014-08-14
|
06 | Ted Hardie | IETF WG state changed to In WG Last Call from WG Document |
2014-08-13
|
06 | Dan Wing | New version available: draft-ietf-rtcweb-stun-consent-freshness-06.txt |
2014-07-04
|
05 | Ram R | New version available: draft-ietf-rtcweb-stun-consent-freshness-05.txt |
2014-06-17
|
04 | Ram R | New version available: draft-ietf-rtcweb-stun-consent-freshness-04.txt |
2014-05-19
|
03 | Ram R | New version available: draft-ietf-rtcweb-stun-consent-freshness-03.txt |
2014-04-10
|
02 | Ram R | New version available: draft-ietf-rtcweb-stun-consent-freshness-02.txt |
2014-03-23
|
01 | Muthu Perumal | New version available: draft-ietf-rtcweb-stun-consent-freshness-01.txt |
2014-01-10
|
00 | Magnus Westerlund | Document shepherd changed to Ted Hardie |
2013-09-20
|
00 | Ram R | New version available: draft-ietf-rtcweb-stun-consent-freshness-00.txt |