Re: [AVTCORE] Secdir last call review of draft-ietf-avtcore-multi-party-rtt-mix-16
Gunnar Hellström <gunnar.hellstrom@ghaccess.se> Fri, 07 May 2021 15:45 UTC
Return-Path: <gunnar.hellstrom@ghaccess.se>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C39FE3A2703; Fri, 7 May 2021 08:45:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=egensajt.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jpl004rh7ntQ; Fri, 7 May 2021 08:45:38 -0700 (PDT)
Received: from smtp.egensajt.se (smtp.egensajt.se [193.42.159.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 615C23A26FF; Fri, 7 May 2021 08:45:37 -0700 (PDT)
Received: from [192.168.2.137] (h77-53-37-81.cust.a3fiber.se [77.53.37.81]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: gunnar.hellstrom@ghaccess.se) by smtp.egensajt.se (Postfix) with ESMTPSA id 2F951202E6; Fri, 7 May 2021 17:45:29 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=egensajt.se; s=dkim; t=1620402329; bh=aBAHJDy+SfWScR2XtSA1GJ6pB+95raK69GMCkTtfhsw=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=NKM/TJTI+6DaWJQ5aa01JNOgl2OaHWNLzJGQ5ATHxwaTVYADubGr75moPTCrWd1yG bZ9L0LzvaCrqbFXOe59eSvMQGNQtNT4Qreazb8bWdoaiAOjvJ+XN8x03PXgsZBGzr2 SvSMIIJ6JzgcZ12sGojRuWJvZl5DJx8HHkckr2q0=
To: Rich Salz <rsalz@akamai.com>, secdir@ietf.org
Cc: last-call@ietf.org, draft-ietf-avtcore-multi-party-rtt-mix.all@ietf.org, avt@ietf.org
References: <162031178943.8783.4063437681950995450@ietfa.amsl.com>
From: Gunnar Hellström <gunnar.hellstrom@ghaccess.se>
Message-ID: <683ac9fe-b68f-3041-fff4-c26fef3767a8@ghaccess.se>
Date: Fri, 07 May 2021 17:45:28 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1
MIME-Version: 1.0
In-Reply-To: <162031178943.8783.4063437681950995450@ietfa.amsl.com>
Content-Type: multipart/alternative; boundary="------------CE9D9C7C43DF755520DB6DEC"
Content-Language: sv
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/sVy6mFj_9zA5QCdofNu-RDZITfk>
Subject: Re: [AVTCORE] Secdir last call review of draft-ietf-avtcore-multi-party-rtt-mix-16
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2021 15:45:44 -0000
Rich, Thanks for the review. I am composing a new version because of the Gen-ART review, and want to propose changes to satisfy your comments. You ask if it is common to have the mixers being trusted. In the expected first implementation environments for this draft, it is. That is in emergency service networks. Also in personal communication services it is. The first implementation environments are also expected to use the SIP centralized conference model (RFC 4353 etc.) where all media are expected to be mixed centrally. Thus the security aspects would be similar for audio, video and real-time text. I have tried to elaborate a bit more on this in a modified security considerations section, currently looking like this and being ready for submission together with the changes because of the Gen-ART review. Would this satisfy your concerns? --------Proposed security concerns-------------------- 11. Security Considerations The RTP-mixer model requires the mixer to be allowed to decrypt, pack, and encrypt secured text from the conference participants. Therefore the mixer needs to be trusted to achieve security in confidentiality and integrity. This situation is similar to the situation for handling audio and video media in centralized mixers. The requirement to transfer information about the user in RTCP reports in SDES, CNAME, and NAME fields, and in conference notifications, for creation of labels may have privacy concerns as already stated in RFC 3550 [RFC3550], and may be restricted for privacy reasons. The receiving user will then get a more symbolic label for the source. Participants with malicious intentions may appear and e.g., disturb the multiparty session by emitting a continuous flow of text. They may also send text that appears to originate from other participants. Counteractions should be to require secure signaling, media and authentication, and to provide higher level conference functions e.g., for blocking, muting, and expelling participants. Further security considerations specific for this application are specified in Section 3.19. ---------------------------------------------------------- Regards Gunnar -- Gunnar Hellström GHAccess gunnar.hellstrom@ghaccess.se Den 2021-05-06 kl. 16:36, skrev Rich Salz via Datatracker: > Reviewer: Rich Salz > Review result: Ready > > This review is for the benefit of the Security AD's. Nobody else should read > this. Or, if you read it, treat it as any other last call review :) > > I know very little about WebRTC, AVT, etc. > > I thought Section 1.2, summary of the alternatives, was great. I wish more > documents did this kind of thing. And similar for all of section 2. The details > in Section 3 about how to comply seem very clear. If I were implementing this, > I could use easily use this as a checklist and test suite. Section 3.19 is the > most important one for transport security. Not knowing the operating > environments, it seems reasonable. > > The security considerations seems a little scant, given the opportunity for > privacy concerns of participants and for intruders to disrupt calls. Is it > common that the mixer is a trusted entity? A statement on that either way would > be useful. > > > > _______________________________________________ > Audio/Video Transport Core Maintenance > avt@ietf.org > https://www.ietf.org/mailman/listinfo/avt -- Gunnar Hellström GHAccess gunnar.hellstrom@ghaccess.se
- [AVTCORE] Secdir last call review of draft-ietf-a… Rich Salz via Datatracker
- Re: [AVTCORE] Secdir last call review of draft-ie… Gunnar Hellström
- Re: [AVTCORE] Secdir last call review of draft-ie… Salz, Rich
- Re: [AVTCORE] Secdir last call review of draft-ie… Gunnar Hellström