[AVT] Re: [secdir] Review of draft-ietf-avt-profile-savpf-11
Nicolas Williams <Nicolas.Williams@sun.com> Tue, 16 October 2007 14:50 UTC
Return-path: <avt-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ihnkn-0004QY-Um; Tue, 16 Oct 2007 10:50:41 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ihnkl-0004Oz-Pt for avt@ietf.org; Tue, 16 Oct 2007 10:50:40 -0400
Received: from sca-ea-mail-3.sun.com ([192.18.43.21]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1Ihnkk-0006M7-FP for avt@ietf.org; Tue, 16 Oct 2007 10:50:39 -0400
Received: from dm-central-01.central.sun.com ([129.147.62.4]) by sca-ea-mail-3.sun.com (8.13.6+Sun/8.12.9) with ESMTP id l9GEob3L010575 for <avt@ietf.org>; Tue, 16 Oct 2007 14:50:37 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-01.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id l9GEoXhx050082 for <avt@ietf.org>; Tue, 16 Oct 2007 08:50:33 -0600 (MDT)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1) with ESMTP id l9GEoad0001334; Tue, 16 Oct 2007 09:50:37 -0500 (CDT)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1/Submit) id l9GEoZa1001333; Tue, 16 Oct 2007 09:50:35 -0500 (CDT)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Tue, 16 Oct 2007 09:50:35 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Tim Polk <tim.polk@nist.gov>
Message-ID: <20071016145035.GZ29257@Sun.COM>
References: <Pine.LNX.4.64.0708232010510.8278@mint.samweiler.com> <Pine.LNX.4.64.0708301201550.5061@mint.samweiler.com> <Pine.LNX.4.64.0709061211040.10092@mint.samweiler.com> <Pine.LNX.4.64.0709131247260.3729@mint.samweiler.com> <Pine.LNX.4.64.0709201704090.3780@mint.samweiler.com> <Pine.LNX.4.64.0709290153220.4521@mint.samweiler.com> <Pine.LNX.4.64.0710041500580.10395@mint.samweiler.com> <Pine.LNX.4.64.0710111657330.14378@mint.samweiler.com> <20071011225618.GD24532@Sun.COM> <77093CA5-A161-49FF-B3B8-E5E8E3D5A0A7@nist.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <77093CA5-A161-49FF-B3B8-E5E8E3D5A0A7@nist.gov>
User-Agent: Mutt/1.5.7i
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0
Cc: fluffy@cisco.com, secdir-secretary@mit.edu, jon.peterson@neustar.biz, carrara@kth.se, secdir@mit.edu, avt@ietf.org
Subject: [AVT] Re: [secdir] Review of draft-ietf-avt-profile-savpf-11
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
Errors-To: avt-bounces@ietf.org
On Tue, Oct 16, 2007 at 09:38:54AM -0400, Tim Polk wrote: > Thanks for highlighting this in your review. I believe that all the > critical information is in RFC 4756, "Key Management Extensions for > Session Description Protocol (SDP) and Real Time Streaming Protocol > (RTSP)", but I am not sure the linkage is clear enough in > profile-savpf-11. Exactly. The text in this I-D is missing some simple wording in the examples, and maybe in the security considerations. Simply stating that the security considerations of various other RFCs should normally suffice, but given that the text in examples 1 and 2 is inconsistent (in terms of specifying what protection the SDPs in them require) I think at least a small update of the description of example 1 would help a lot. > The key management attribute (a=key-mgmt) is defined in RFC 4756. > According to the applicability statement: > > > In contrast, this specification expects endpoints to have > > preconfigured keys or common security infrastructure. It provides > > its own security and is independent of the protection of signaling > > (if any). As a result, it can be applied in environments where > > signaling protection is not turned on, or used hop-by-hop (i.e., > > scenarios where the SDP is not protected end-to-end). This > > specification will, independently of the signaling protection > > applied, ensure end-to-end security establishment for the media. Ah, I see then why example 1 might not have stated any need for integrity protection, though it is needed. > However, the Security Considerations section highlights the need for > integrity protection. The immediate relevant excerpt is: > > > .... However, if the SDP messages > > are not sent integrity protected between the parties, it is > > possible for an active attacker to change attributes without > > being detected. As the key management protocol may > > (indirectly) rely on some of the session information from SDP > > (e.g., address information), an attack on SDP may have indirect > > consequences on the key management. Even if the key management > > protocol does not rely on parameters of SDP and will not be > > affected by manipulation of these, different denial-of- service > > (DoS) attacks aimed at SDP may lead to undesired interruption > > in the setup. See also the attacks described at the end of > > this section. > > > > ... > After reviewing this, it appears that a couple of simple changes > could address integrity protection in profile-savpf-11. First, it > would be nice if Example 1 noted that an integrity protected channel > was required to support the security negotiations. (Examples 3-5 > share that requirement, but I would hope that careful wording in > Example 1 could keep us from repeating ourselves.) More importantly, > the security considerations section really needs an explicit pointer > to the security considerations in RFC 4576. I'm in agreement. Thanks, Nico -- _______________________________________________ Audio/Video Transport Working Group avt@ietf.org https://www1.ietf.org/mailman/listinfo/avt
- [AVT] Review of draft-ietf-avt-profile-savpf-11 Nicolas Williams
- [AVT] Re: Review of draft-ietf-avt-profile-savpf-… Cullen Jennings
- [AVT] Re: [secdir] Review of draft-ietf-avt-profi… Nicolas Williams
- [AVT] Re: [secdir] Review of draft-ietf-avt-profi… Russ Housley
- [AVT] Re: [secdir] Review of draft-ietf-avt-profi… Tim Polk
- Re: [AVT] Re: [secdir] Review of draft-ietf-avt-p… Magnus Westerlund