Re: [AVTCORE] [Technical Errata Reported] RFC3711 (3712)

Karl Norrman <karl.norrman@ericsson.com> Fri, 06 September 2013 14:28 UTC

Return-Path: <karl.norrman@ericsson.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DDF411E819E for <avt@ietfa.amsl.com>; Fri, 6 Sep 2013 07:28:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_33=0.6, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D08HiaO9Tpfx for <avt@ietfa.amsl.com>; Fri, 6 Sep 2013 07:28:53 -0700 (PDT)
Received: from sesbmg20.ericsson.net (sesbmg20.ericsson.net [193.180.251.56]) by ietfa.amsl.com (Postfix) with ESMTP id 6F67711E819C for <avt@ietf.org>; Fri, 6 Sep 2013 07:28:52 -0700 (PDT)
X-AuditID: c1b4fb38-b7fcf8e0000062b8-32-5229e6a3d883
Received: from ESESSHC023.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg20.ericsson.net (Symantec Mail Security) with SMTP id AA.FF.25272.3A6E9225; Fri, 6 Sep 2013 16:28:51 +0200 (CEST)
Received: from ESESSMB203.ericsson.se ([169.254.3.129]) by ESESSHC023.ericsson.se ([153.88.183.87]) with mapi id 14.02.0328.009; Fri, 6 Sep 2013 16:28:50 +0200
From: Karl Norrman <karl.norrman@ericsson.com>
To: RFC Errata System <rfc-editor@rfc-editor.org>, "mbaugher@cisco.com" <mbaugher@cisco.com>, "elisabetta.carrara@ericsson.com" <elisabetta.carrara@ericsson.com>, "mcgrew@cisco.com" <mcgrew@cisco.com>, =?iso-8859-1?Q?Mats_N=E4slund?= <mats.naslund@ericsson.com>, "rlb@ipv.sx" <rlb@ipv.sx>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>, "keith.drage@alcatel-lucent.com" <keith.drage@alcatel-lucent.com>, "even.roni@huawei.com" <even.roni@huawei.com>
Thread-Topic: [Technical Errata Reported] RFC3711 (3712)
Thread-Index: AQHOoxdcaiV2DXx0s0mH10LmS9+xkJm4zz1w
Date: Fri, 6 Sep 2013 14:28:49 +0000
Message-ID: <33E51946CDE71249AF9D86CE4D8966B41225EE1D@ESESSMB203.ericsson.se>
References: <20130827111428.7914AB1E003@rfc-editor.org>
In-Reply-To: <20130827111428.7914AB1E003@rfc-editor.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.17]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrJLMWRmVeSWpSXmKPExsUyM+Jvje7iZ5pBBpcPSlq87FnJbtFzN97i 1esrrBZPG88yWnyZspzF4uqqP+wWTfu/sllM7bN14PBofbaX1WPK742sHi1H3rJ6LFnyk8lj 8sZZLB4NbcdYA9iiuGxSUnMyy1KL9O0SuDImvPzLVnBMqeLz1issDYxPpbsYOTkkBEwkLv1+ xQRhi0lcuLeeDcQWEjjKKDH7dg6EvZhRYtNiLhCbTUBP4trN5+wgtojAJWaJJdcVuhg5OJgF 3CQmTtEDCQsLmEusbL7JBlFiIXF21w5mCNtI4tiai2CtLAIqEkemvmIFsXkFfCW6J59kBRkj BNT79mw4SJgTqPXm7q9gJYxAl30/tQbsSmYBcYlbT+ZDXSwgsWTPeWYIW1Ti5eN/YGMkBBQl lvfLQZTrSdyYOoUNwtaWWLbwNTPEVkGJkzOfsExgFJuFZOosJC2zkLTMQtKygJFlFSNHcWpx Um66kcEmRmD0Hdzy22IH4+W/NocYpTlYlMR5t+idCRQSSE8sSc1OTS1ILYovKs1JLT7EyMTB KdXA6MN080fkwis32xgu5J8sjs6JtJhy/1u/2BT2GUlVbB0/FbfO5VmeV/UzndmKbVb3ZyO3 5ONvZwh0Cy/5vzxSoXL9D2uTJW4O/1qfMx9TsbzpaHF+fkHYQo+TllqpthL+dYGBXp+C5y+b K9nbWLfi1fzcpatcP+dtPC9tl2rP1XKk7rcn/7OLSizFGYmGWsxFxYkAcnkHsYwCAAA=
X-Mailman-Approved-At: Fri, 06 Sep 2013 08:37:57 -0700
Cc: "avt@ietf.org" <avt@ietf.org>
Subject: Re: [AVTCORE] [Technical Errata Reported] RFC3711 (3712)
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 14:28:59 -0000

Hello!

The observation is correct that the SRTCP index should be padded to 48 bits here.  This is also indicated in the SRTP FAQ since a few years back. Unfortunately the FAQ is not visible enough, so an errata would be better to avoid interoperability problems.

http://srtp.sourceforge.net/faq.html
...
Q39. In SRTCP key derivation, does "Replace the SRTP index by the 32-bit quantity: 0 || SRTCP index ..." mean that quantity should be padded on the left with 16 leading zeros?

A. Yes; the specification means to treat the SRTP index as an unsigned integer, in which case the shorter value would be implicitly padded on the left with zeros, so that its length matches that of the SRTP index.
...

Even if the proposed new text for the errata corrects the problem, I'd prefer if we could take the opportunity to clarify the rationale for the padding, since it has security significance.

How about making this change instead:

Original  text:
--------------
Replace the SRTP index by the 32-bit quantity: 0 || SRTCP index
 (i.e., excluding the E-bit, replacing it with a fixed 0-bit), and use
<label> = 0x03 for the SRTCP encryption key, <label> = 0x04 for the
SRTCP authentication key, and, <label> = 0x05 for the SRTCP salting
key.

Corrected  text:
---------------
Replace the SRTP index by the 48-bit quantity: 000...0 || 0 || SRTCP index
 (i.e., excluding the E-bit, replacing it with a fixed 0-bit and padding the result
so that it becomes 48 bits wide to match the size of the SRTP index). Since this
quantity and the SRTP index are both 48 bits wide, the labels are all located in
the same octet in the IV.  The labels for the derivations of the SRTCP keys
are as follows:   <label> = 0x03 for the SRTCP encryption key, <label> = 0x04 for the
SRTCP authentication key, and, <label> = 0x05 for the SRTCP salting
key.

BR
Karl

-----Original Message-----
From: RFC Errata System [mailto:rfc-editor@rfc-editor.org] 
Sent: den 27 augusti 2013 13:14
To: mbaugher@cisco.com; elisabetta.carrara@ericsson.com; mcgrew@cisco.com; Mats Näslund; Karl Norrman; rlb@ipv.sx; Gonzalo Camarillo; keith.drage@alcatel-lucent.com; even.roni@huawei.com
Cc: coien@cisco.com; avt@ietf.org; rfc-editor@rfc-editor.org
Subject: [Technical Errata Reported] RFC3711 (3712)

The following errata report has been submitted for RFC3711, "The Secure Real-time Transport Protocol (SRTP)".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=3711&eid=3712

--------------------------------------
Type: Technical
Reported by: Christian S Oien <coien@cisco.com>

Section: 4.3.2

Original Text
-------------
Replace the SRTP index by the 32-bit quantity: 0 || SRTCP index(i.e., excluding the E-bit, replacing it with a fixed 0-bit), and use

Corrected Text
--------------
Replace the SRTP index by the 48-bit quantity: 0 || SRTCP index(i.e., excluding the E-bit, replacing it with a fixed 0-bit and thenprepending a 16-bits zero padding), and use

Notes
-----
Replacing with a 32-bit quantity means that the DIV operator willyield a 32-bit quantity.  Following the specification of key_id for SRTCPthe <label> will have 32 bits to its right when XOR'ing with master_salt.The majority of implementations, including libsrtp, invokes this XOR with the<label> at the same position as for SRTP.  According to the specificationthis should be done 16 bits to the right of this, when invoking for SRTCP.

Instructions:
-------------
This errata is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. 

--------------------------------------
RFC3711 (draft-ietf-avt-srtp-09)
--------------------------------------
Title               : The Secure Real-time Transport Protocol (SRTP)
Publication Date    : March 2004
Author(s)           : M. Baugher, D. McGrew, M. Naslund, E. Carrara, K. Norrman
Category            : PROPOSED STANDARD
Source              : Audio/Video Transport
Area                : Real-time Applications and Infrastructure
Stream              : IETF
Verifying Party     : IESG