IETF Logo Mail Archive

Re: [AVT] IESG Review of draft-ietf-srtp-08.txt - another set of comments

Mats Näslund <mats.naslund@era.ericsson.se> Tue, 24 June 2003 09:05 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA07835 for <avt-archive@odin.ietf.org>; Tue, 24 Jun 2003 05:05:44 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5O95HJ05153 for avt-archive@odin.ietf.org; Tue, 24 Jun 2003 05:05:17 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19UjjZ-0001KU-OX; Tue, 24 Jun 2003 05:05:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19UjjC-0001Jy-UN for avt@optimus.ietf.org; Tue, 24 Jun 2003 05:04:38 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA07824 for <avt@ietf.org>; Tue, 24 Jun 2003 05:04:35 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Ujj9-0001ao-00 for avt@ietf.org; Tue, 24 Jun 2003 05:04:35 -0400
Received: from albatross-ext.wise.edt.ericsson.se ([193.180.251.49] helo=albatross.tn.sw.ericsson.se) by ietf-mx with esmtp (Exim 4.12) id 19Ujiy-0001ak-00 for avt@ietf.org; Tue, 24 Jun 2003 05:04:24 -0400
Received: from esealnt613.al.sw.ericsson.se (alteon-nat8.sw.ericsson.se [153.88.254.125]) by albatross.tn.sw.ericsson.se (8.12.9/8.12.9/WIREfire-1.6b) with ESMTP id h5O93xG5015898; Tue, 24 Jun 2003 11:03:59 +0200 (MEST)
Received: from era.ericsson.se (research-pi6vzu.ki.sw.ericsson.se [147.214.181.170]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id MVP95ANM; Tue, 24 Jun 2003 11:04:46 +0200
Message-ID: <3EF81335.2050606@era.ericsson.se>
Date: Tue, 24 Jun 2003 11:00:37 +0200
X-Sybari-Space: 00000000 00000000 00000000 00000000
From: Mats Näslund <mats.naslund@era.ericsson.se>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Colin Perkins <csp@csperkins.org>
CC: Allison Mankin <mankin@psg.com>, mbaugher@cisco.com, "Rolf Blom (EAB)" <rolf.blom@era.ericsson.se>, "Elisabetta Carrara (EAB)" <Elisabetta.Carrara@era.ericsson.se>, mcgrew@cisco.com, "Karl Norrman (EAB)" <Karl.Norrman@era.ericsson.se>, oran@cisco.com, avt@ietf.org
Subject: Re: [AVT] IESG Review of draft-ietf-srtp-08.txt - another set of comments
References: <20030623183457.0534f0a4.csp@csperkins.org>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: avt-admin@ietf.org
Errors-To: avt-admin@ietf.org
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit

Hi,

Colin Perkins wrote:
> [inline]
> 
> --> Allison Mankin <mankin@psg.com> writes:
> 
>>SRTP is on the agenda of the IESG again this week.
>>Some more comments on SRTP may still come in, but I thought
>>it would be worth sending on those of Russ Housley, the second Security
>>AD.  Steve Bellovin has supported the draft.  Russ has comments that 
>>seem straightforward to address.  Wait for more comments before 
>>sending in a revision, but so far things are going well.
>>
>>Allison
>>
>>
>>>>                    Yes    No-Objection  Discuss *  Abstain
>>>>
>>>>Russ Housley        [   ]     [   ]       [ X ]      [   ]
>>>
>>>I have six comments.
>>>
>>>1.  In section 1, spell out the first use of RTCP.
>>>
>>>2.  I find the structure of section 2 confusing.  I had to read it
>>>twice to understand it.  I think that a second level of indenting would
>>>be one way to fix it.  I am sure there are others.
>>>
>>>3.  In section 3.1, in the paragraph after figure 1, please delete:
>>>
>>>    "It is exact for the pre-defined transforms."
>>>
>>>This point is made more clearly later in the paragraph.  Then, at the
>>>end of the same paragraph, the document says:
>>>
>>>    "While it could seem more attractive to specify a fixed padding
>>>    scheme for all transforms, security and flexibility of transform
>>>    specifications REQUIRE that each transform specify a secure
>>>    padding method."
>>>
>>>I disagree.  IPsec and S/MIME both specify padding schemes that are 
>>>employed by all of the ciphers.  Please reword.  Do not use "REQUIRE"
>>>in the replacement.
>>
> 
> If IPsec and S/MIME both define a standard padding mechanism, why cannot
> SRTP do the same?  And, perhaps, use the standard RTP padding mechanism?
> 


To comply with Russ' comment, I have no objection to deleting
"REQUIRE". I would hesitate to go beyond that.

We will open up new issues in doing so. Do we use the IPsec pad?
The S/MIME pad? Perhaps none of them is general enough? What about
new modes? (If I remember correctly, e.g. XCBC had some padding issues.)
David referenced a paper showing that some common pad schemes
were "weak". (Even if these weaknesses are "theoretical", we have
made great effort to make SRTP "maximally" secure, and I would hate
to sub-optimize at this point.)

It seems to me that the only future proof approach is to let each
transform specify its own padding, or at least point to were a
padding spec. can be found.

/Mats


_______________________________________________
Audio/Video Transport Working Group
avt@ietf.org
https://www1.ietf.org/mailman/listinfo/avt

v2.45.0 | Report a Bug | By Email | System Status