IETF Logo Mail Archive

Re: [AVT] draft-ietf-avt-rapid-acquisition-for-rtp-07: Minor issues

Mark Baugher <mbaugher@cisco.com> Sun, 07 March 2010 23:25 UTC

Return-Path: <mbaugher@cisco.com>
X-Original-To: avt@core3.amsl.com
Delivered-To: avt@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E39AF3A67A1 for <avt@core3.amsl.com>; Sun, 7 Mar 2010 15:25:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.546
X-Spam-Level:
X-Spam-Status: No, score=-9.546 tagged_above=-999 required=5 tests=[AWL=1.052, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iPrBKEE0naWk for <avt@core3.amsl.com>; Sun, 7 Mar 2010 15:25:38 -0800 (PST)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id B6EB33A6358 for <avt@ietf.org>; Sun, 7 Mar 2010 15:25:38 -0800 (PST)
Authentication-Results: sj-iport-6.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-AV: E=Sophos; i="4.49,599,1262563200"; d="scan'208,217"; a="493028506"
Received: from sj-core-3.cisco.com ([171.68.223.137]) by sj-iport-6.cisco.com with ESMTP; 07 Mar 2010 23:25:42 +0000
Received: from sjc-mbaugher-8711.cisco.com (sjc-mbaugher-8711.cisco.com [10.19.93.34]) by sj-core-3.cisco.com (8.13.8/8.14.3) with ESMTP id o27NPf3k013449; Sun, 7 Mar 2010 23:25:42 GMT
References: <4B8E7CB9.2040701@ericsson.com> <04CAD96D4C5A3D48B1919248A8FE0D540B6F3421@xmb-sjc-215.amer.cisco.com>
In-Reply-To: <04CAD96D4C5A3D48B1919248A8FE0D540B6F3421@xmb-sjc-215.amer.cisco.com>
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: multipart/alternative; boundary="Apple-Mail-15--213151315"
Message-Id: <5DB80491-286F-401D-816E-A2C82611DF0A@cisco.com>
From: Mark Baugher <mbaugher@cisco.com>
Date: Sun, 07 Mar 2010 15:25:41 -0800
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
X-Mailer: Apple Mail (2.1077)
Cc: draft-ietf-avt-rapid-acquisition-for-rtp@tools.ietf.org, IETF AVT WG <avt@ietf.org>
Subject: Re: [AVT] draft-ietf-avt-rapid-acquisition-for-rtp-07: Minor issues
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Mar 2010 23:25:40 -0000

On 3/03/2010, at 1:20 PM, Ali C. Begen (abegen) wrote:

>> 
>> 31. Section 10.
>> The security mitigation for the authentication of the RTCP messages
>> between the RTP_RX and the RS is SRTP. However, the document fails to
>> indicate anything on how you would successfully configure the SRTP with
>> keying information. Can you provide some insight into how this would
>> work in RAMS scenario? I am more interested if you think there exist a
>> keying method that fits the trust model and scenarios? And if it does
> 
> I need some help on this. I am not really an SRTP guy.

There are a variety of ways this can be done including through a 
conditional access system, but this could be considered out of
scope for this document.  If it is in scope, I would start with a
standard multicast key management system like GSAKMP or GDOI and
define the signaling for it.  Since it's not clear that these systems
will even be used, however, this is probably a waste of the authors'
time.

> 
>> that it might be worth indicating that in the draft as a recommended
>> method. I know there will some that has different trust that can do it
>> differently. But some baseline is likely worth to lay down here.
> 
> Could be true or not. I can't really comment.


In the IPTV realm, there are a number of competing conditional access
systems that might be used for proprietary establishment of an SRTP
master key and master salt.  These are the most likely methods by
which a key might be installed.  And there are a number of standard
techniques mentioned above.


> 
>> 32. Section 10, page 43:
>>   In addition to the denial-of-service attacks, man-in-the-middle and
>>   replay attacks can also be harmful.  However, RAMS itself does not
>>   bring any new risks or threats other than the ones discussed in
>>   [I-D.ietf-avt-rtcpssm].
>> 
>> I think the document fails to describe the increased risk for other
>> attacks that isn't focused on blasting a lot of packets on to some
>> target. For example an on-path attacker can beyond preventing the RTP_RX
>> to get service, it may discretely change parameters to make the service
>> work less well.

Are you saying that there is no way to secure against this?

Mark


>> Due to that the RAMS extensions are more a control
>> protocol than a feedback protocol a different level of security threats
>> exist than what is primarily discussed in the RTCP SSM RFC.
> 
> A single RTCP packet carrying multiple NACK messages each reporting multiple missing packets will generate a lot more packets than a single RTCP packet carrying RAMS-R. No?

v2.23.0 | Report a Bug | By Email