Re: [AVTCORE] Kathleen Moriarty's No Objection on draft-ietf-avtcore-aria-srtp-10: (with COMMENT)

Ben Campbell <ben@nostrum.com> Thu, 03 August 2017 03:16 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19F291321C6; Wed, 2 Aug 2017 20:16:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.881
X-Spam-Level:
X-Spam-Status: No, score=-1.881 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mranTbkFtymF; Wed, 2 Aug 2017 20:15:53 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF19C1317E3; Wed, 2 Aug 2017 20:15:52 -0700 (PDT)
Received: from [10.0.1.63] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v733FkCD060204 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 2 Aug 2017 22:15:47 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.63]
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Ben Campbell <ben@nostrum.com>
In-Reply-To: <CAHbuEH4+R8KguTtLdoGnGdom1YB6Cp0XD5nLTm-YUMHaLsXxuw@mail.gmail.com>
Date: Wed, 2 Aug 2017 22:15:45 -0500
Cc: The IESG <iesg@ietf.org>, avtcore-chairs@ietf.org, Roni Even <roni.even@huawei.com>, draft-ietf-avtcore-aria-srtp@ietf.org, avt@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <D666082B-4DBF-406E-AC6C-03493A376A53@nostrum.com>
References: <150172505031.5791.14553211399724965332.idtracker@ietfa.amsl.com> <084BEE4A-1241-42C6-BD39-36F11792ABB4@nostrum.com> <CAHbuEH4+R8KguTtLdoGnGdom1YB6Cp0XD5nLTm-YUMHaLsXxuw@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/dBVIte7i33X7DnTC-KR9OB33EdM>
Subject: Re: [AVTCORE] Kathleen Moriarty's No Objection on draft-ietf-avtcore-aria-srtp-10: (with COMMENT)
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Aug 2017 03:16:04 -0000

> On Aug 2, 2017, at 9:50 PM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote:
> 
> Hi Ben,
> 
> Thanks for the quick response, inline.
> 
> On Wed, Aug 2, 2017 at 10:36 PM, Ben Campbell <ben@nostrum.com> wrote:
>> 
>> 
>> 
>>> On Aug 2, 2017, at 8:50 PM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote:
>>> ----------------------------------------------------------------------
>>> COMMENT:
>>> ----------------------------------------------------------------------
>>> 
>>> Although this is not a discuss, I think updated text would be very helpful on
>>> the following two issues.
>>> 
>>> I agree with the SecDir reviewer that there should be more text around the
>>> short tag length in the security considerations section.  I don't see a
>>> response to that post though.
>>> 
>> 
>> Hi Kathleen,
>> 
>> I think you are referring to Ben Laurie’s SecDir review of 06, rather than his later review of 09. Is that correct? Version 9 removed the GCM_8 modes. Or were you referring to something else?
> 
> I am referring to Ben's review of -06, where he had the following text:
> 
> Thirdly, I am not familiar enough with SRTP to understand why short
> authentication tags are needed, but in general its a bad idea, so I
> feel the Security Considerations should explain more fully than
> "Ciphersuites with short tag length may be
>   considered for specific application environments stated in 7.5 of
>   [RFC3711], but the risk of weak authentication described in
>   Section 9.5.1 of [RFC3711] should be taken into account."
> 
> I don't see an update to this text to address his question - providing
> additional information as to what should be "taken into account”.

I had assumed his concern was about short tags in GCM mode, namely the following: 

       AEAD_ARIA_128_GCM_8 
       AEAD_ARIA_256_GCM_8
       AEAD_ARIA_128_GCM_12 
       AEAD_ARIA_256_GCM_12 

These have all been removed as of version 09. Ben’s review of 09 made no further mention of short tags.

Are there suites still in version 09 that you think need further discussion in the security considerations?  I think the authors would happily add something if we can tell them what is needed, but I’m certainly not the expert here.

Ben.