Re: [AVTCORE] Randomly-generated CNAMEs
Colin Perkins <csp@csperkins.org> Thu, 21 June 2012 10:22 UTC
Return-Path: <csp@csperkins.org>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA36221F84FA; Thu, 21 Jun 2012 03:22:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cJDfnMyzNFbC; Thu, 21 Jun 2012 03:22:06 -0700 (PDT)
Received: from lon1-msapost-1.mail.demon.net (lon1-msapost-1.mail.demon.net [195.173.77.180]) by ietfa.amsl.com (Postfix) with ESMTP id B8B0021F84F0; Thu, 21 Jun 2012 03:22:06 -0700 (PDT)
Received: from mangole.dcs.gla.ac.uk ([130.209.247.112]) by lon1-post-1.mail.demon.net with esmtpsa (AUTH csperkins-dwh) (TLSv1:AES128-SHA:128) (Exim 4.69) id 1SheWb-0002Ch-YT; Thu, 21 Jun 2012 10:22:05 +0000
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="us-ascii"
From: Colin Perkins <csp@csperkins.org>
In-Reply-To: <CABcZeBOGHimbibmQNOKrSEKqFRkq7Y1nWfSJJofP5eLZkJ+ULg@mail.gmail.com>
Date: Thu, 21 Jun 2012 11:22:02 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <075C431A-A103-4C7E-9D4A-F80CB97DD9FB@csperkins.org>
References: <CABcZeBOGHimbibmQNOKrSEKqFRkq7Y1nWfSJJofP5eLZkJ+ULg@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.1278)
Cc: rtcweb@ietf.org, avt@ietf.org
Subject: Re: [AVTCORE] Randomly-generated CNAMEs
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2012 10:22:07 -0000
Ekr, I'm not sure I understand what problem you're trying to solve: the point of the CNAME is to allow different RTP sessions to be linked. Colin On 21 Jun 2012, at 03:04, Eric Rescorla wrote: > RFC 6222 specifies two CNAME generation algorithms: > > - Persistent CNAMEs based on UUIDs > - Short-term CNAMEs based on a digest of the MAC address and time of day. > > However, reading this document and the security considerations it seems like both methods produce CNAMEs which aren't unlinkable. Obviously the persistent CNAMEs are linkable, and it doesn't look like short-term CNAMEs have enough entropy to be unlinkable either. Specifically, the inputs are (Section 5): > > 1. The MAC address (or EUI-64) > 2. The time of day (NTP-style) > 3. Initial SSRC, and IP/port quartet > > (3) is known to the other side, (2) is at most 48-bits (and practically much less) and (2) is known to within a fairly narrow margin (and, it appears, communicated in the RTP timestamp). > > The upshot is that it seems likely that I can link two RTP sessions from the same person. Note that RFC 6222 doesn't say otherwise. Rather, it says: > > This document uses a hash function to ensure the uniqueness of RTCP > CNAMEs. A cryptographic hash function is used because such functions > provide the randomness properties that are needed. However, no > security assumptions are made on the hash function. The hash > function is not assumed to be collision resistant, preimage > resistant, or second preimage resistant in an adversarial setting; as > described above, an attacker attempting an impersonation attack could > merely set the RTCP CNAME directly rather than attacking the hash > function. Similarly, the hash function is not assumed to be a one- > way function or pseudorandom in a cryptographic sense. > > For privacy reasons, it would be nice to be able to generate CNAMEs randomly so that they're not linkable. Unfortunately, 6222 seems to require that short-term credentials be generated via the above mechanism. Is there any reason why that shouldn't be allowed? > > -Ekr > _______________________________________________ > Audio/Video Transport Core Maintenance > avt@ietf.org > https://www.ietf.org/mailman/listinfo/avt -- Colin Perkins http://csperkins.org/
- [AVTCORE] Randomly-generated CNAMEs Eric Rescorla
- Re: [AVTCORE] Randomly-generated CNAMEs Colin Perkins
- Re: [AVTCORE] Randomly-generated CNAMEs Cullen Jennings
- Re: [AVTCORE] Randomly-generated CNAMEs Eric Rescorla
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Colin Perkins
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Eric Rescorla
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Colin Perkins
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Kevin Gross
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Eric Rescorla
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Ali C. Begen (abegen)
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Eric Rescorla
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Kevin Gross
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Martin Thomson
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Justin Uberti