Re: [AVTCORE] Secdir last call review of draft-ietf-avtcore-multi-party-rtt-mix-16
"Salz, Rich" <rsalz@akamai.com> Fri, 07 May 2021 16:13 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 854B43A247C; Fri, 7 May 2021 09:13:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id meQ8KrkRYTEp; Fri, 7 May 2021 09:13:30 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F096E3A2011; Fri, 7 May 2021 09:13:29 -0700 (PDT)
Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 147GAuH2024379; Fri, 7 May 2021 17:13:18 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=w41SML2WKPuzLx0i4h8GB9h5GgKDHeqButvIQIh0oLE=; b=LhZ1RC1qJhrZW2+3/BrjvumTFVPkOER2XILjptDba66ZKFAhv/vBq0SukZRdqCfqnUd3 dOOj8+g+2T0RlPRjUOCOlIIMzZcrpx9dM2MwvYc6TbS9E1aAR/TSlK//nhSpkVk1f37M An76xuzELvMjqPEMhDlggRXokpqnulU/X/AEFwscnzV+/m1wTZDDVGfxdHGvBBxDJ8RI RlTXkPvKYf9wqDiEQSxrBQCQOfwJ5WduipnocSUde0PAvsOZFr9a/gGJOObC2NJf4M+T CZOrV4RwLXSwsnuU/MwgSQcqE9UAWkXyrU8iEy2tfEl5fyHqpT80FZU26B/oPNGji/Wc fA==
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 38csrf6tvb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 07 May 2021 17:13:18 +0100
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 147G58U9014099; Fri, 7 May 2021 12:13:16 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.30]) by prod-mail-ppoint1.akamai.com with ESMTP id 38ct85334m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 07 May 2021 12:13:16 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 7 May 2021 12:13:16 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1497.012; Fri, 7 May 2021 12:13:15 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Gunnar Hellström <gunnar.hellstrom@ghaccess.se>, "secdir@ietf.org" <secdir@ietf.org>
CC: "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-avtcore-multi-party-rtt-mix.all@ietf.org" <draft-ietf-avtcore-multi-party-rtt-mix.all@ietf.org>, "avt@ietf.org" <avt@ietf.org>
Thread-Topic: [AVTCORE] Secdir last call review of draft-ietf-avtcore-multi-party-rtt-mix-16
Thread-Index: AQHXQ1gFdwCZnyD0G0WItRsxVbOVjKrYMRSA
Date: Fri, 07 May 2021 16:13:15 +0000
Message-ID: <FF68D2FB-7E52-4CBD-9B63-2E787F1B8B47@akamai.com>
References: <162031178943.8783.4063437681950995450@ietfa.amsl.com> <683ac9fe-b68f-3041-fff4-c26fef3767a8@ghaccess.se>
In-Reply-To: <683ac9fe-b68f-3041-fff4-c26fef3767a8@ghaccess.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.49.21050201
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.164.43]
Content-Type: multipart/alternative; boundary="_000_FF68D2FB7E524CBD9B632E787F1B8B47akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-05-07_06:2021-05-06, 2021-05-07 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 adultscore=0 phishscore=0 mlxlogscore=999 spamscore=0 bulkscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2105070109
X-Proofpoint-ORIG-GUID: hZwiAkU_VmG7q8b9O0WyIT0TKnH7GiGI
X-Proofpoint-GUID: hZwiAkU_VmG7q8b9O0WyIT0TKnH7GiGI
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-05-07_06:2021-05-06, 2021-05-07 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 impostorscore=0 lowpriorityscore=0 clxscore=1011 adultscore=0 suspectscore=0 phishscore=0 mlxscore=0 mlxlogscore=999 priorityscore=1501 spamscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2105070109
X-Agari-Authentication-Results: mx.akamai.com; spf=${SPFResult} (sender IP is 184.51.33.18) smtp.mailfrom=rsalz@akamai.com smtp.helo=prod-mail-ppoint1
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/rhTuRFub7221P22L0RCzVBi_LDc>
Subject: Re: [AVTCORE] Secdir last call review of draft-ietf-avtcore-multi-party-rtt-mix-16
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2021 16:13:36 -0000
Thanks for the explanation and update. Your updated draft addresses my concerns. Perhaps 3.9 should have a forward link to Sec 11 From: Gunnar Hellström <gunnar.hellstrom@ghaccess.se> Date: Friday, May 7, 2021 at 11:45 AM To: Rich Salz <rsalz@akamai.com>, "secdir@ietf.org" <secdir@ietf.org> Cc: "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-avtcore-multi-party-rtt-mix.all@ietf.org" <draft-ietf-avtcore-multi-party-rtt-mix.all@ietf.org>, "avt@ietf.org" <avt@ietf.org> Subject: Re: [AVTCORE] Secdir last call review of draft-ietf-avtcore-multi-party-rtt-mix-16 Rich, Thanks for the review. I am composing a new version because of the Gen-ART review, and want to propose changes to satisfy your comments. You ask if it is common to have the mixers being trusted. In the expected first implementation environments for this draft, it is. That is in emergency service networks. Also in personal communication services it is. The first implementation environments are also expected to use the SIP centralized conference model (RFC 4353 etc.) where all media are expected to be mixed centrally. Thus the security aspects would be similar for audio, video and real-time text. I have tried to elaborate a bit more on this in a modified security considerations section, currently looking like this and being ready for submission together with the changes because of the Gen-ART review. Would this satisfy your concerns? --------Proposed security concerns-------------------- 11. Security Considerations The RTP-mixer model requires the mixer to be allowed to decrypt, pack, and encrypt secured text from the conference participants. Therefore the mixer needs to be trusted to achieve security in confidentiality and integrity. This situation is similar to the situation for handling audio and video media in centralized mixers. The requirement to transfer information about the user in RTCP reports in SDES, CNAME, and NAME fields, and in conference notifications, for creation of labels may have privacy concerns as already stated in RFC 3550 [RFC3550], and may be restricted for privacy reasons. The receiving user will then get a more symbolic label for the source. Participants with malicious intentions may appear and e.g., disturb the multiparty session by emitting a continuous flow of text. They may also send text that appears to originate from other participants. Counteractions should be to require secure signaling, media and authentication, and to provide higher level conference functions e.g., for blocking, muting, and expelling participants. Further security considerations specific for this application are specified in Section 3.19. ---------------------------------------------------------- Regards Gunnar -- Gunnar Hellström GHAccess gunnar.hellstrom@ghaccess.se<mailto:gunnar.hellstrom@ghaccess.se> Den 2021-05-06 kl. 16:36, skrev Rich Salz via Datatracker: Reviewer: Rich Salz Review result: Ready This review is for the benefit of the Security AD's. Nobody else should read this. Or, if you read it, treat it as any other last call review :) I know very little about WebRTC, AVT, etc. I thought Section 1.2, summary of the alternatives, was great. I wish more documents did this kind of thing. And similar for all of section 2. The details in Section 3 about how to comply seem very clear. If I were implementing this, I could use easily use this as a checklist and test suite. Section 3.19 is the most important one for transport security. Not knowing the operating environments, it seems reasonable. The security considerations seems a little scant, given the opportunity for privacy concerns of participants and for intruders to disrupt calls. Is it common that the mixer is a trusted entity? A statement on that either way would be useful. _______________________________________________ Audio/Video Transport Core Maintenance avt@ietf.org<mailto:avt@ietf.org> https://www.ietf.org/mailman/listinfo/avt<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/avt__;!!GjvTz_vk!ChNP_4C8_-IG9lEq-LDl930w9i9b8GYIlpcFoBp1nUK7LGxO78Q0hXyqr7QT$> -- Gunnar Hellström GHAccess gunnar.hellstrom@ghaccess.se<mailto:gunnar.hellstrom@ghaccess.se>
- [AVTCORE] Secdir last call review of draft-ietf-a… Rich Salz via Datatracker
- Re: [AVTCORE] Secdir last call review of draft-ie… Gunnar Hellström
- Re: [AVTCORE] Secdir last call review of draft-ie… Salz, Rich
- Re: [AVTCORE] Secdir last call review of draft-ie… Gunnar Hellström