Re: [AVTCORE] [Technical Errata Reported] RFC3711 (3712)
Richard Barnes <rlb@ipv.sx> Sat, 15 February 2014 18:38 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29A1D1A0279 for <avt@ietfa.amsl.com>; Sat, 15 Feb 2014 10:38:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id moJqq01mu-LS for <avt@ietfa.amsl.com>; Sat, 15 Feb 2014 10:38:23 -0800 (PST)
Received: from mail-ob0-f176.google.com (mail-ob0-f176.google.com [209.85.214.176]) by ietfa.amsl.com (Postfix) with ESMTP id 710241A0274 for <avt@ietf.org>; Sat, 15 Feb 2014 10:38:23 -0800 (PST)
Received: by mail-ob0-f176.google.com with SMTP id gq1so15269934obb.21 for <avt@ietf.org>; Sat, 15 Feb 2014 10:38:21 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=5jPf6C/uGyI/5OCyK13Sp5M+BZTGdfv/k3jCgtSa1S8=; b=Z02jmqPLVi3UqZ7T5ASB9qZUQx8B9nrGaLsIFw+/D/i0Qtxw9v/qT7WA0/sEP3CzNW ZKgNv7bjUlmDYAPpgZ0i2pzecm9XiiRsHPvZ2YQlZxVlduYvmLiEGgMwfoQ1t/tTAbzG ZFViEL7knarFA7G3HKMR0xuLXu8BkgkcSBtIR8uDbez9rVoo0rFfZrblCI2IoPS9re49 DUnyKILzTt/bGI5J7fenQwIHz28xt0x12aCx/+aIFtYXu5v+fLnl7QojOmQivSMXRVw1 QwtyUGfm8ST0NGnE2OaIX5ca11MCXQQ6xDIGzGGodK7miWW/dF2OaPS43Xqi9RjCIRCT g8ag==
X-Gm-Message-State: ALoCoQkjty/J2WndkqHpiSQjdac6GsQ/UTnEeovFMIv5EHiDV/b3EXka/XAT5I3enUoAZd0rfWwx
MIME-Version: 1.0
X-Received: by 10.60.54.138 with SMTP id j10mr2377928oep.51.1392489501363; Sat, 15 Feb 2014 10:38:21 -0800 (PST)
Received: by 10.60.69.102 with HTTP; Sat, 15 Feb 2014 10:38:21 -0800 (PST)
In-Reply-To: <33E51946CDE71249AF9D86CE4D8966B41225EE1D@ESESSMB203.ericsson.se>
References: <20130827111428.7914AB1E003@rfc-editor.org> <33E51946CDE71249AF9D86CE4D8966B41225EE1D@ESESSMB203.ericsson.se>
Date: Sat, 15 Feb 2014 13:38:21 -0500
Message-ID: <CAL02cgR99QgW3m-2-JfEzNPQh3H67SQsr4S5ea1nd-2AGE5FQQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Karl Norrman <karl.norrman@ericsson.com>
Content-Type: multipart/alternative; boundary="089e0112cd321526f504f2763ac7"
Archived-At: http://mailarchive.ietf.org/arch/msg/avt/fvmsoonggk7ljB5GjckdjdFjl4Y
X-Mailman-Approved-At: Sun, 16 Feb 2014 14:47:25 -0800
Cc: "even.roni@huawei.com" <even.roni@huawei.com>, "avt@ietf.org" <avt@ietf.org>, "elisabetta.carrara@ericsson.com" <elisabetta.carrara@ericsson.com>, "mbaugher@cisco.com" <mbaugher@cisco.com>, Mats Näslund <mats.naslund@ericsson.com>, RFC Errata System <rfc-editor@rfc-editor.org>
Subject: Re: [AVTCORE] [Technical Errata Reported] RFC3711 (3712)
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Feb 2014 18:38:26 -0000
Thanks, I have marked this as HFDU. On Fri, Sep 6, 2013 at 10:28 AM, Karl Norrman <karl.norrman@ericsson.com>wrote: > Hello! > > The observation is correct that the SRTCP index should be padded to 48 > bits here. This is also indicated in the SRTP FAQ since a few years back. > Unfortunately the FAQ is not visible enough, so an errata would be better > to avoid interoperability problems. > > http://srtp.sourceforge.net/faq.html > ... > Q39. In SRTCP key derivation, does "Replace the SRTP index by the 32-bit > quantity: 0 || SRTCP index ..." mean that quantity should be padded on the > left with 16 leading zeros? > > A. Yes; the specification means to treat the SRTP index as an unsigned > integer, in which case the shorter value would be implicitly padded on the > left with zeros, so that its length matches that of the SRTP index. > ... > > Even if the proposed new text for the errata corrects the problem, I'd > prefer if we could take the opportunity to clarify the rationale for the > padding, since it has security significance. > > How about making this change instead: > > Original text: > -------------- > Replace the SRTP index by the 32-bit quantity: 0 || SRTCP index > (i.e., excluding the E-bit, replacing it with a fixed 0-bit), and use > <label> = 0x03 for the SRTCP encryption key, <label> = 0x04 for the > SRTCP authentication key, and, <label> = 0x05 for the SRTCP salting > key. > > Corrected text: > --------------- > Replace the SRTP index by the 48-bit quantity: 000...0 || 0 || SRTCP index > (i.e., excluding the E-bit, replacing it with a fixed 0-bit and padding > the result > so that it becomes 48 bits wide to match the size of the SRTP index). > Since this > quantity and the SRTP index are both 48 bits wide, the labels are all > located in > the same octet in the IV. The labels for the derivations of the SRTCP keys > are as follows: <label> = 0x03 for the SRTCP encryption key, <label> = > 0x04 for the > SRTCP authentication key, and, <label> = 0x05 for the SRTCP salting > key. > > BR > Karl > > -----Original Message----- > From: RFC Errata System [mailto:rfc-editor@rfc-editor.org] > Sent: den 27 augusti 2013 13:14 > To: mbaugher@cisco.com; elisabetta.carrara@ericsson.com; mcgrew@cisco.com; > Mats Näslund; Karl Norrman; rlb@ipv.sx; Gonzalo Camarillo; > keith.drage@alcatel-lucent.com; even.roni@huawei.com > Cc: coien@cisco.com; avt@ietf.org; rfc-editor@rfc-editor.org > Subject: [Technical Errata Reported] RFC3711 (3712) > > The following errata report has been submitted for RFC3711, "The Secure > Real-time Transport Protocol (SRTP)". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=3711&eid=3712 > > -------------------------------------- > Type: Technical > Reported by: Christian S Oien <coien@cisco.com> > > Section: 4.3.2 > > Original Text > ------------- > Replace the SRTP index by the 32-bit quantity: 0 || SRTCP index(i.e., > excluding the E-bit, replacing it with a fixed 0-bit), and use > > Corrected Text > -------------- > Replace the SRTP index by the 48-bit quantity: 0 || SRTCP index(i.e., > excluding the E-bit, replacing it with a fixed 0-bit and thenprepending a > 16-bits zero padding), and use > > Notes > ----- > Replacing with a 32-bit quantity means that the DIV operator willyield a > 32-bit quantity. Following the specification of key_id for SRTCPthe > <label> will have 32 bits to its right when XOR'ing with master_salt.The > majority of implementations, including libsrtp, invokes this XOR with > the<label> at the same position as for SRTP. According to the > specificationthis should be done 16 bits to the right of this, when > invoking for SRTCP. > > Instructions: > ------------- > This errata is currently posted as "Reported". If necessary, please use > "Reply All" to discuss whether it should be verified or rejected. When a > decision is reached, the verifying party (IESG) can log in to change the > status and edit the report, if necessary. > > -------------------------------------- > RFC3711 (draft-ietf-avt-srtp-09) > -------------------------------------- > Title : The Secure Real-time Transport Protocol (SRTP) > Publication Date : March 2004 > Author(s) : M. Baugher, D. McGrew, M. Naslund, E. Carrara, K. > Norrman > Category : PROPOSED STANDARD > Source : Audio/Video Transport > Area : Real-time Applications and Infrastructure > Stream : IETF > Verifying Party : IESG >
- [AVTCORE] [Technical Errata Reported] RFC3711 (37… RFC Errata System
- Re: [AVTCORE] [Technical Errata Reported] RFC3711… Karl Norrman
- Re: [AVTCORE] [Technical Errata Reported] RFC3711… Richard Barnes
- [AVTCORE] [Errata Held for Document Update] RFC37… RFC Errata System