IETF Logo Mail Archive

[AVT] IESG Review of draft-ietf-srtp-08.txt - another set of comments

Allison Mankin <mankin@psg.com> Mon, 23 June 2003 21:14 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA10592 for <avt-archive@odin.ietf.org>; Mon, 23 Jun 2003 17:14:31 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5NLE4v18694 for avt-archive@odin.ietf.org; Mon, 23 Jun 2003 17:14:04 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19UYdU-0004qb-Ro; Mon, 23 Jun 2003 17:14:00 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19UYd1-0004qL-PS for avt@optimus.ietf.org; Mon, 23 Jun 2003 17:13:31 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA10583 for <avt@ietf.org>; Mon, 23 Jun 2003 17:13:28 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19UYcz-0005mU-00 for avt@ietf.org; Mon, 23 Jun 2003 17:13:29 -0400
Received: from psg.com ([147.28.0.62] ident=mailnull) by ietf-mx with esmtp (Exim 4.12) id 19UYco-0005mP-00 for avt@ietf.org; Mon, 23 Jun 2003 17:13:18 -0400
Received: from localhost ([127.0.0.1] helo=psg.com ident=mankin) by psg.com with esmtp (Exim 4.14) id 19UYci-0007Ic-Cs; Mon, 23 Jun 2003 21:13:12 +0000
To: mats.naslund@era.ericsson.se, mbaugher@cisco.com, "Rolf Blom (EAB)" <rolf.blom@era.ericsson.se>, "Elisabetta Carrara (EAB)" <Elisabetta.Carrara@era.ericsson.se>, mcgrew@cisco.com, "Karl Norrman (EAB)" <Karl.Norrman@era.ericsson.se>, oran@cisco.com
Cc: avt@ietf.org
Date: Mon, 23 Jun 2003 14:13:12 -0700
From: Allison Mankin <mankin@psg.com>
Message-Id: <E19UYci-0007Ic-Cs@psg.com>
Subject: [AVT] IESG Review of draft-ietf-srtp-08.txt - another set of comments
Sender: avt-admin@ietf.org
Errors-To: avt-admin@ietf.org
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>

SRTP is on the agenda of the IESG again this week.
Some more comments on SRTP may still come in, but I thought
it would be worth sending on those of Russ Housley, the second Security
AD.  Steve Bellovin has supported the draft.  Russ has comments that 
seem straightforward to address.  Wait for more comments before 
sending in a revision, but so far things are going well.

Allison

> 
> >                     Yes    No-Objection  Discuss *  Abstain
> >
> >Russ Housley        [   ]     [   ]       [ X ]      [   ]
> 
> I have six comments.
> 
> 1.  In section 1, spell out the first use of RTCP.
> 
> 2.  I find the structure of section 2 confusing.  I had to read it twice to 
> understand it.  I think that a second level of indenting would be one way 
> to fix it.  I am sure there are others.
> 
> 3.  In section 3.1, in the paragraph after figure 1, please delete:
> 
>     "It is exact for the pre-defined transforms."
> 
> This point is made more clearly later in the paragraph.  Then, at the end 
> of the same paragraph, the document says:
> 
>     "While it could seem more attractive to specify a fixed padding
>     scheme for all transforms, security and flexibility of transform
>     specifications REQUIRE that each transform specify a secure
>     padding method."
> 
> I disagree.  IPsec and S/MIME both specify padding schemes that are 
> employed by all of the ciphers.  Please reword.  Do not use "REQUIRE" in 
> the replacement.
> 
> 4.  In section 3.2.1, the document says: "the master key(s), which MUST be 
> random and kept secret."  This is quite a high bar.  I suggest that 
> pseudo-random is sufficient.  Please see the RFC 2828 definitions of 
> "random" and "pseudo-random."  The document says that it is following these 
> terms.  Also, see RFC 1750.  Similarly, the requirement on the master salt 
> should also be reduced to pseudo-random.
> 
> 5.  The last paragraph is section 3.2.3 says:
> 
>    "If no valid context can be found for a packet corresponding to a
>     certain context identifier, that packet MUST be discarded from
>     further SRTP processing."
> 
> Elsewhere, "discarded from further processing" is used.  This seems better 
> to me.  It is discarded, which seems different that no further SRTP 
> processing.  Also, SRTCP should be covered by this statement.
> 
> 6.  In section 4.1.1, I am confused by the term "fixed key" in the following:
> 
>     "For a fixed Counter Mode key, each IV value used as an input MUST be
>     distinct, in order to avoid the security exposure of a two-time pad
>     situation (Section 9.1).  To satisfy this constraint, an
>     implementation MUST ensure that the values of the SRTP packet index
>     of ROC || SEQ, and the SSRC used in the construction of the IV are
>     distinct for any fixed key.  The failure to ensure this uniqueness
>     could  be catastrophic for Secure RTP.  This is in contrast to the
>     situation for RTP itself, which may be able to tolerate such
>     failures.  It is RECOMMENDED that, if a dedicated security module is
>     present, the RTP sequence numbers and SSRC either be generated or
>     checked by that module (i.e., sequence-number and SSRC processing in
>     an SRTP system needs to be protected as well as the key). "
> 
> I think that "fixed" means "any particular key" but I am not sure.
> 
> 
> 
> 

_______________________________________________
Audio/Video Transport Working Group
avt@ietf.org
https://www1.ietf.org/mailman/listinfo/avt

v2.43.4 | Report a Bug | By Email | System Status