Re: [AVTCORE] Criticism on draft-ietf-avtcore-srtp-aes-gcm
Magnus Westerlund <magnus.westerlund@ericsson.com> Fri, 25 April 2014 06:44 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86E0E1A0328 for <avt@ietfa.amsl.com>; Thu, 24 Apr 2014 23:44:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aFWHS-xqElFJ for <avt@ietfa.amsl.com>; Thu, 24 Apr 2014 23:44:41 -0700 (PDT)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) by ietfa.amsl.com (Postfix) with ESMTP id 0A82B1A0412 for <avt@ietf.org>; Thu, 24 Apr 2014 23:44:40 -0700 (PDT)
X-AuditID: c1b4fb30-f791c6d000005f7c-5c-535a0451fa3c
Received: from ESESSHC011.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id CF.53.24444.1540A535; Fri, 25 Apr 2014 08:44:33 +0200 (CEST)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.53) with Microsoft SMTP Server id 14.3.174.1; Fri, 25 Apr 2014 08:44:32 +0200
Message-ID: <535A0450.5020600@ericsson.com>
Date: Fri, 25 Apr 2014 08:44:32 +0200
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Florian Zeitz <florob@babelmonkeys.de>, avt@ietf.org
References: <53568695.7090509@babelmonkeys.de> <535924F1.8000709@ericsson.com> <53599C5D.1020206@babelmonkeys.de>
In-Reply-To: <53599C5D.1020206@babelmonkeys.de>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrKLMWRmVeSWpSXmKPExsUyM+JvjW4gS1SwwbJeM4uXPSvZLe7Nn8/q wOQxobeV0WPJkp9MAUxRXDYpqTmZZalF+nYJXBn9E+4zFvxRqHh/4QJbA+NKqS5GTg4JAROJ KWu+M0LYYhIX7q1n62Lk4hASOMoo8X7zCSYIZzmjxO5Hx9hBqngFtCU+//rGAmKzCKhK3Np+ iA3EZhOwkLj5oxHMFhUIllg6ZzELRL2gxMmZT8BsEQEriZ47h5lAbGEBZ4lbLRvAZgoJFEq8 +bwFrIZTQF/i985prF2MHEAXiUv0NAaBhJkF9CSmXG1hhLDlJZq3zmaGaNWWaGjqYJ3AKDgL ybZZSFpmIWlZwMi8ilG0OLU4KTfdyEgvtSgzubg4P08vL7VkEyMwXA9u+W2wg/Hlc8dDjAIc jEo8vMVfIoOFWBPLiitzDzFKc7AoifN+O+seLCSQnliSmp2aWpBaFF9UmpNafIiRiYNTqoGR LXmFROHbs5MNilVnu6+qZjo162Pqsddr958O/avtzXrqTP8NiSlSn9Xcn1+6xri4Ye3/8PzL ++cqPJaXLWSoNd2oY1r/8ov/aa21ZSJGMbnM9cKMyc1rKyqYP+i8up9UGBfJ6DFxeeJZvfya 96FFSqdePAxrnnjOVnGewcb8k+sXMa+WN/uoxFKckWioxVxUnAgAEu5ThDgCAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/avt/AwX_q9534DBShCbvL4zLsjNAv8w
Subject: Re: [AVTCORE] Criticism on draft-ietf-avtcore-srtp-aes-gcm
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Apr 2014 06:44:43 -0000
Hi Florian and WG, Please see inline. On 2014-04-25 01:21, Florian Zeitz wrote: > On 24.04.2014 16:51, Magnus Westerlund wrote: >> Florian, >> > Hello Magnus, > >> I would like to point out one factual error in your criticism: >> >> The draft does mandate support for the longest 128 bit authentication >> tag if one support the cipher at all. This is a quote from Section 13.1: >> >> Any implementation of AES-GCM SRTP MUST support both AEAD_AES_128_GCM >> and AEAD_AES_256_GCM (the versions with 16 octet AEAD authentication >> tags), and it MAY support the four other variants shown in table 1. >> >> Similarly from 13.2 for AES-CCM >> >> Any implementation of AES-CCM SRTP/SRTCP MUST support both >> AEAD_AES_128_CCM and AEAD_AES_256_CCM (the versions with 16 octet >> AEAD authentication tags), and MAY support the other four variants. >> >> But, to be fair this was changed very recently. >> > I'm admittedly a bit irritated, by you calling this my criticism. > Particularly after having pointed out I do not fully agree with it, but > am merely the messenger. Sorry, poorly worded to attribute it to you. > The parenthetical you refer to is my own analysis however. And in fact > it does appear I accidentally read the -10 version of the draft. I do > apologize for that mistake. > >> I would also note that the draft's security consideration section do >> discuss the shorter than authentication tag length of actual >> authentication protection for AES-GCM. >> >> It is up to the WG to discuss if it thinks there should be any changes >> based on your input. And I have to ask you what you think should be the >> action based on your personal opinion. >> > I suspect you might be wondering why I'm bringing this up if I don't > fully agree with the criticism. The reason is quite simply that I still > believe in the IETF culture. In particular I believe that, unlike what > many media outlets are claiming recently, the IETF and its WGs are fully > capable of appropriately dealing with criticism, and not letting > themselves gag by any government agency. (I.e. in some way I'm trying to > prove a point here) > > However, dealing with criticism is only possible, when it is actually > expressed towards the WG, which apparently neither Erich Möchel nor > Michael Kafka found necessary. Thanks for bringing it to the WG's attention. You are correct, that the WG needs to be made aware and have the chance to discuss and consider this. > > I see two ways to address this: > Either the WG agrees with the criticism, the logical consequence of > which would be removing GCM from the draft. > Or the authors/WG explain why they believe this draft to be reasonably > secure, despite the criticism, and proceed with the current wording. > > David McGrew choose the second option, and I'm personally content with > that. Hearing a second opinion from other WG members would be > appreciated though. I hope the WG participants are happy to review this criticism and consider McGrew's response as well as what the current version of the draft says in forming their own opinions, and hopefully state where they stand. If people have proposals for corrections or clarifications to the draft they can also be brought forward. >From a process point of view, as this document is currently in a publication has been requested state we can continue the WG discussion while the AD performs her review. The WG will have to form some concluding position at the end of the IETF review if not before. I would hope that people can provide their input into this over the next two weeks, i.e. by the 9th of May. Regards Magnus Westerlund As WG chair ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- [AVTCORE] Criticism on draft-ietf-avtcore-srtp-ae… Florian Zeitz
- Re: [AVTCORE] Criticism on draft-ietf-avtcore-srt… Magnus Westerlund
- Re: [AVTCORE] Criticism on draft-ietf-avtcore-srt… Florian Zeitz
- [AVTCORE] Criticism on draft-ietf-avtcore-srtp-ae… David McGrew
- Re: [AVTCORE] Criticism on draft-ietf-avtcore-srt… Magnus Westerlund
- Re: [AVTCORE] Criticism on draft-ietf-avtcore-srt… John Mattsson