ietf
[Top] [All Lists]

Re: [secdir] Review of draft-ietf-mmusic-sctp-sdp-22

2017-02-09 21:32:59
On Thu, 9 Feb 2017, Paul Wouters wrote:

Subject: [secdir] Review of draft-ietf-mmusic-sctp-sdp-22

Reviewer: Paul Wouters
Review result: Has Issues

ouch. The new secdir review submission using file upload really mangled
the whitespace into something unreadable. I've included the original
review txt file here inline to make the review readable. Perhaps Tero
can investigate what's going on here?

Paul



I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.


[Note that I am not well versed in SCTP]

This document defines SDP [RFC4566] protocol identifiers (proto values):
'UDP/DTLS/SCTP' and 'TCP/DTLS/SCTP'.  This specification also specifies
how to use the new proto values with the SDP Offer/Answer mechanism
[RFC3264] for negotiating SCTP-over-DTLS associations.

As this document only defines a method of signaling to use UDP/DTLS/SCTP
or UDP/DTLS/SCTP, there are not specific Security Considerations for this
document, and the Security Considerations correctly points to the documents
that actually implement the UDP/DTLS/SCTP and TCP/DTLS/SCTP protocols.

So from a security point of view, this document is Ready.

I do have some generic concerns and questions I would like to see addressed:

One general issue I have is with the specification of IANA values and punting
some of its meaning. Let me quote an example:

        NOTE: This specification only defines the usage of the SDP 'max-
        message-size' attribute when associated with an m- line containing
        one of the following proto values: 'UDP/DTLS/SCTP' or 'TCP/DTLS/
        SCTP'.  Usage of the attribute with other proto values needs to be
        defined in a separate specification.

This type of constraint is not clear and easilly displayed in an IANA registry 
if
other values are later added to the table. This text is also an example of how
througout the document, items are explicitely "this use is unspecified for now
but other documents may change that". It would have been better to just simply
and clearly state the current specified use, and let future documents handle
updating this document appropriately. This language use makes a lot of decisions
for implementers unclear as these decisions are punted forward in time without
a reference to follow.

Section 4.4.1 states:

        This specification creates an IANA registry for 'association-usage' 
values.

I think this should be specified a little more clearly, similar to the IANA 
section
specification itself. Something like:

        This specification creates the IANA 'association-usage' registry for 
SDP Attributes.

Section 4.4.2:

The table contains an error on the <port> entries (UDP instead of TCP). I would 
personally
change the port parameter value to just "port number for <proto>" or "UDP or TCP 
port number"

Section 4.5:

I'm unsure if ordering matters, so I am confused by the table ordering in 
media, proto, port,
and the m= line example ordering media, port proto.

I'm further confused by the table listing colon's, eg "<proto>:" and the m= 
line not
using colons but spaces. And the following a= lines using colons again. Is this 
an error,
or this is my lack of familiarity with the used protocols?

Section 5.1:

        Therefore, if the attribute is not present, the associated m- line MUST 
be considered invalid.

Is it obvious what one must done when the m- line is considered invalid?

Section 5.2:

        Leading zeroes MUST NOT be used.

What is the problem with leading zeros? What can go wrong when these are used? 
Should
an implementor be warned about something specific?

Section 6.1:

        An SCTP endpoint MUST NOT send a SCTP user message with a message
        size that is larger than the maximum size indicated by the peer, as
        it cannot be assumed that the peer would accept such message.

While this tells an implementer what not to do, it does not tell the implementer
what to do when this happens on the receiving end. It would be good to specify
that here as well so that implementors will be reminded to think of this error
handling case.

        a maximum message size value of zero, it indicates the SCTP endpoint 
will handle
        messages of any size, subject to memory capacity etc.

I'm personally not a big fan of 0 meaning infinite, but if this is how other 
related
specs are handling these values in this way, I can understand doing it here as 
well.
For instance, not specifying a max-message-size seems more indicative of not 
having
a max message size. But here that has been defined as meaning 64k. If this usage
would be a precedent, I would recommend to not do this. If this is how these 
things
are done in this world, then I guess stick to what has already been done in 
this space.

The table entry in 6.2 lists an email contact for an IANA entry. Why does an 
IANA
entry need someone's email address as contact? IANA entries normally only refer 
to
the RFC's that define them, and people are expected to contact the working group
or maybe one of the RFC authors for questions. But putting a name and email 
address
entry here seems to convey some kind of "ownership" of the IANA entry which I 
think
is the wrong thing to do.

Section 6.3

   As the usage of multiple SCTP associations on top of a single DTLS
   association is outside the scope of this specification, no mux rules
   are specified for the 'UDP/DTLS/SCTP' and 'TCP/DTLS/SCTP' proto
   values.

Why is this out of scope? If there are good reasons not to do it, should it not
be defined to MUST NOT? If it is out of scope only for now, then it seems that
this document should in fact just specify it so people know how to do it. The
way this is phrased seems to leave the thing hanging in midair, and implememters
might end up doing different things.


Section 7:

   NOTE: While [I-D.ietf-tsvwg-sctp-dtls-encaps] allows multiple SCTP
   associations on top of a single DTLS association, the procedures in
   this specification only support the negotiation of a single SCTP
   association on top of any given DTLS association.

And similar here.

Setion 8:

Similar issues with "the procedures" and with "is out of scope for this"

Section 9.2:

        This specification does not define semantics for the SDP direction
        attributes [RFC4566].  Unless semantics of these attributes for an
        SCTP association usage have been defined, SDP direction attributes
        MUST be ignored if present.

Why are these attributes not defined in this specification? If there are good
reasons for it not to have been specified, why not change the language to
clearly state these attributes here are invalid and MUST be ignored? If it
is possibly these will be defined in the future (which the current text
suggest might happen) perhaps that specification really belongs in this
document.


Nits:

Through the document, there are paragraphs that start with "NOTE:". I think
those can all be safely removed to increase the readability.

Section 1:

   [I-D.ietf-tsvwg-sctp-dtls-encaps]

This looks but is not a proper reference. (eg there is no link)

   When the 'UDP/DTLS/SCTP' and 'TCP/DTLS/SCTP' proto values, the m-
   line fmt value, identifying the application-layer protocol, MUST be
   registered by IANA.

This sentence does not parse.


Section 6.1

Line wrapping 'TCP/DTLS/
              SCTP'   is best avoided.


Section 9

        Each can be established and closed without impacting others.

Should that not be "each other" or "the others" (as opposed to "others" being 
other things far far away)

Section 10.3

[I-D.ietf-mmusic-dtls-sdp] is not a proper reference with link.

Section 12

I would rephrase "The text in the paragraph above" as these indirect references 
make the text harder
to read.

<Prev in Thread] Current Thread [Next in Thread>