[AVTCORE] New proposal do declare SDP Security Descriptions (RFC4568) Historic

Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 12 July 2021 12:14 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0F243A120A; Mon, 12 Jul 2021 05:14:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.352
X-Spam-Level:
X-Spam-Status: No, score=-1.352 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xQUATwAs3hfe; Mon, 12 Jul 2021 05:14:28 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60071.outbound.protection.outlook.com [40.107.6.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AC873A11D5; Mon, 12 Jul 2021 05:14:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aXpAi/IV5W2kVP/wMcv5KcSBjkA4nz6NFB/LMvdsLy6AeChKg8yRQZXCd4sErfo6EXkeA6zGsYdZGc3hPirDViFBIh0mx9QH+MOYnffYrNi3PZxar52wxeWqO8bJE76Qp6ZIU0NZA+G2BBmnyx8fDGYHoG11LVT8QqxIAv5RCKdKRid8TeR2URqV4ZupEheG1DJ6gdjzFZo5CNLfd0shCgLff23jk9Q/kjo14ijYxkO2hu8qbuhLTZhMHCfVYScdsMycYXJN3GLrMb0CIFI4wQOCU4Ti2qP6Z7myu0LTWNu+9j9PlipHBQ/WG7DVwp47Jxwzc4xwVuvRN6NbQ5Q5Ew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PpdOfRgnxfK6ma4tNwOLoyJYeBF7fTnsqqpQnb0XQZQ=; b=El912FrXy0tt9SkcawjN71X9gHhc0H48GblIwZLv3biD+IZuv8Mb5EFFfcorxUJldNdw/VSfxqqGgTeMQHHgJnNYWsikahvysIG4O3Cak+hRuUcQxMFsHRGx5qkWksrkY+6MPI2IW/h9yNSBPJfy6WX17aWBgal7o5vvxBM+07a3hcJxkHpuYp8r2RtzYoNgHvKriLlZTb5cixosjYdNo2358PM5fyzAnEZEtY8DKD9FmPl9vKf9NivGMhqIQPTn4M8MqSXr5QW/KhXF1T86V6C/gmMaF8lVXRvg9KEAFrRRQOcRzzudpljmzApJSeQoJztySNkQ91mFpndv2verUQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PpdOfRgnxfK6ma4tNwOLoyJYeBF7fTnsqqpQnb0XQZQ=; b=adSp888S2hXttmWTJC+af/dI+eRn4kyepWukPn6DeYfj9sLVa9r2x+Y1wmEz/z2G24oE2Fu6piLoD/qONoFMttVw2lsz3d9aGH0J695nOrcLAl8gFM0iXPwYPf61sV10OkZXV9TzViFeXIKPR9vC6rkMxoRQsrQOkHnqQlTHvR8=
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (2603:10a6:7:8e::14) by HE1PR0701MB3001.eurprd07.prod.outlook.com (2603:10a6:3:52::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.14; Mon, 12 Jul 2021 12:14:22 +0000
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::5c2c:3dc8:8947:e043]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::5c2c:3dc8:8947:e043%3]) with mapi id 15.20.4331.018; Mon, 12 Jul 2021 12:14:22 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "dispatch@ietf.org" <dispatch@ietf.org>
CC: "mmusic@ietf.org" <mmusic@ietf.org>, "avt@ietf.org" <avt@ietf.org>
Thread-Topic: New proposal do declare SDP Security Descriptions (RFC4568) Historic
Thread-Index: AQHXdxdylpWLeaPaxkigdz2oXMXVfg==
Date: Mon, 12 Jul 2021 12:14:21 +0000
Message-ID: <d74c3c65ee2466c6c26fed5a907bf7048161aba6.camel@ericsson.com>
Reply-To: "dispatch@ietf.org" <dispatch@ietf.org>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.2
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: afb7d7c3-3c25-4ba4-2d90-08d9452e950c
x-ms-traffictypediagnostic: HE1PR0701MB3001:
x-microsoft-antispam-prvs: <HE1PR0701MB3001090E75C09E728FADD17F95159@HE1PR0701MB3001.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: OPtyzhOj+3AW03+Huyav0ngQ7oXI45/f8zNB+a3vNTKZTxtQUvK5U4YPF8S1Uen8pN+66RLItbLs6Rj8W8YXoL/SRTSfeo1jRnwiCflFFgrzzB2QTt/VehWp+DdAFSkITw3DZUQQFntcCA1qSm8z9E038DDLHnm82fKygGUy/tqa8b40Dg/alb3HNUqBFXwCnjm9uDwqcx4d5Nr8ev+0b+vKi/IUqh7IgQ0E/tet8KXifppDQZ8cM1WUtOSXI5dppgBA+yDo4ymvpcSJK2PVMzEZdtqVJd69h0XnxKcvF5Xsey9O5VQkM1x+/w141qo9/kKgXtgcFhcOkiKudWwDTBPn6UKiPfogFKh8a5iJvZx8yIJsPi6TwGLczh1oVqMhLsmA/ZFk1S6vGqP0k4i0Tg7eCjyrQIf0m/0S2N7Ox+FGbCD9QVZ9+uTdPsLLrW+htUXNWvbsq8DwD86eCPcv6YnPU/6G9NL1EwlwW94/cu9zcArJm8xBZCOazdzD7tQn7aMgdXrVCnbYykZ5DznjnxOPrm9V0YkqPuyAHS5KxLy/9tFduAic7roDR+vzTs7bWgeEdYQHFNlwQv8QzxCQR//LGK5k7Oav2Di6ugUZOTG61/qiB/MrBckWE2l+jw+dJzieNkzXlb5HGdPz40wQ+qipNAOe2FIvXgd0BOrH76U7rx9lT+Jgdwh/dN9mjYzGxMacciHRRU18fzz7JumnVQoQejFnjdI7DakiKSz/pQwI8/PQA0agQOlgrKNtAfdf2WISfuarhAq0u4o733oiJkdti8rz2NroNuaSC3/kxY70zK3Z3PdEZfAINXNoroLi
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(39860400002)(396003)(376002)(366004)(346002)(99936003)(36756003)(86362001)(2906002)(66616009)(166002)(6512007)(186003)(54906003)(38100700002)(6916009)(4326008)(15650500001)(6506007)(44832011)(26005)(66476007)(66556008)(66446008)(8676002)(83380400001)(122000001)(64756008)(966005)(76116006)(450100002)(66946007)(71200400001)(2616005)(478600001)(5660300002)(6486002)(66806009)(8796002)(316002)(8936002)(99106002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?VytoZ0k2K0N6WWI2bUN4NERmOWJJZnpQTnBEemxFa2NhWCtDaGVjYkc1NXIr?= =?utf-8?B?Qm1DWGl6NW91NEFwVXZFK2Fmd20vcUtrQkNKM3RnQVhOTGZjTmxadzlWSEE0?= =?utf-8?B?YUpBSDR6OEltS0RldGlzclFIQVBGb0VJQXlPVWZjcStHSzZlNVpaRVlmcWVF?= =?utf-8?B?MncwWkpzbmFDaUhsTkNCVlB6R1E3em54RjVQem54elQyNWZJWE9ReUNaUTNK?= =?utf-8?B?SHlWYmZneStZVEhUK2lYNDdQMEdnd2lUVjl2a21YWjBRYmlObklQQVhiWmVa?= =?utf-8?B?RmtCOHE5K29pNlNzVjlVWm01Q0xOelFjUmNlNVV3MDhjRUZFbDhsMnozK1JB?= =?utf-8?B?SzZiNVV1Y1Fvdk5va1pnZ2lXRmVHSW91RDkzMUVjWFJ4TmxyOVZHaHF1TFpa?= =?utf-8?B?YXVYa0R5ckl4eGovZ3JQL1k0aHZ1aVpqU0FJZm9acFo1NXBENUZyOFRvWFh4?= =?utf-8?B?OGhPRDhkWHA1Znl6cnR5VUE5QnJwM0pqamJmbWVMc2grQ3NPdndib00zaWE2?= =?utf-8?B?VTdvbEk4cXJ5bWRTcXlGRmxUc204QWZtNGoyQWxENlp6dThUSEh6bzltc2VU?= =?utf-8?B?dks4dHhUWUpyZUk2cWduU1RlMSs5QjY2RndsZ3NOdnZsb2hHYkN2V29wS0Vm?= =?utf-8?B?c1p0RWxaUGZvQW4wOFFmSkxSR0kxc3psNFJPeDA1SEtyVTNUK0xQbXFFNW95?= =?utf-8?B?a1ViS25jbWROMHVqM3hBWDhXeitlczVyS3htUjJ5d3pzMFQ2anNNZ0U0TSt5?= =?utf-8?B?SXZQeFh4ZEZBQlpVdGlxeDh2YWdpODkydHpkWVgvUVNIV3pqYkNySE96Nktv?= =?utf-8?B?RTI1eDI4YXBGcEtEK1B5MGo4b0VLNlliL3JzVHo1dDZPR0tkSHR0ZkpSdkV6?= =?utf-8?B?SFhsb2NCdU83aHFPa3ZJQUJkdTU4VDVnUzF0Ny9uRk95UDU1emZ4OUNTc2pF?= =?utf-8?B?N3NnTDJybUUzZk12TWRlOTI0bFpROXE1dG82dEpwbEtoazNTOUpnVG96dG5r?= =?utf-8?B?bjJBZnQzekVyU2I2OXRlZVAzUHdoaThEdjBCTzJMRTZWQWR6Y3hUTGtiR09P?= =?utf-8?B?LzE3YllBSUJCS2w1UG15L0Npc0FGRVhrNjl6WVlPZ25XZEZ1Z0xWNy8yZzBz?= =?utf-8?B?bzh5UCtEN2dLOTBnc3N5U2ZZVnpPQjJTbVdjZVA5L3lTd2lTZVVhZmJ1RlNY?= =?utf-8?B?RU9zUkJSemxhUk8wRHQxa3FINkcrV1FIelJXQ1VTSnN0V0VYa3pRRVJ5elhE?= =?utf-8?B?eFhoTW9xY0xIYUdvMDFxQU9XYU1UQ2NxZEphRHZvNVcvU2Fpa0I5dSs4OTVw?= =?utf-8?B?YUo4SFdGZ2VpTjgvb2pub1BuMHlEMU1tOXlQQStBUi90SGYyTTlzMzdUejJU?= =?utf-8?B?SWRxRnM0YjhHSFVyZHgyd3M4dDBkci9QckxiWC9PTytzSjFvSE1EQTMxYkVT?= =?utf-8?B?aEdDbmUzUmlJV2I1S1ZyZ2UvMlFsanI1L0FkaU4zUExXREQ4RE1lNzQ2Sksv?= =?utf-8?B?dGhTZk1MMldRKzN6dWg4aHk1UmgvSUV1dXZQRjMwT09Pd3VlQklKeFdXZkY1?= =?utf-8?B?ZjJKOGE2NkRXNnY5MXU5c1dYOWx3dUhWQitKaFluUlMyd01OYThiUklBTTdK?= =?utf-8?B?MFJ5R0RQNXJzZXBXRG5ZYjZYNjlwZHNLcU0zZUZtcDFqNW4yVUc0dHdZbGs2?= =?utf-8?B?eUdDNUY4MVAzdXA4WXJpeDY0eDRJa1RHdHhHOHdvRDFSc0xmWGMvMUV0c1JF?= =?utf-8?B?TFcrVDJqV1A3ektYTWJDTDRPazZFcWlJckxoZDhRNmEveXRxWWxSVk93U2c1?= =?utf-8?B?Y2ZuaFo5N3BNOGE3WkJ4UT09?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-TdekSvdb9VJwdaBdkLQM"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3772.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: afb7d7c3-3c25-4ba4-2d90-08d9452e950c
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jul 2021 12:14:21.9971 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: sBrcBziffzLgavPnH1TNOIGAIFJRmAqgEA1Yf5+5SvJ6xfcqffqthFhH/xM4NjQ00UMdSKn51O+DtRYcaY2J6habN1/AJnE+D/uRnhceS3I=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB3001
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/uBHdKLj0dS5ZyXOubDrqo5jYQ8Y>
Subject: [AVTCORE] New proposal do declare SDP Security Descriptions (RFC4568) Historic
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2021 12:14:33 -0000

Hi,


John and I have a draft that proposes that RFC 4568 (Session
Description Protocol (SDP) Security Descriptions for Media
Streams) should be declared Historic. As the draft explains the
security level SDP Security Description provide is not on the level on
could expected by an IETF in force proposed standard and there exist
alternatives.  


We currently point this draft to Dispatch as we are a bit uncertain if
this should be handled in MMUSIC WG or somewhere else? 
Therefore we proposes that this draft is discussed on the dispatch list
until dispatched. 


Cheers


Magnus Westerlund




Name:           draft-mattsson-dispatch-sdes-dont-dont-dont
Revision:       00
Title:          SDP Security Descriptions is NOT RECOMMENDED and
Historic
Document date:  2021-07-12
Group:          Individual Submission
Pages:          8
URL:            
https://www.ietf.org/archive/id/draft-mattsson-dispatch-sdes-dont-dont-dont-00.txt
Status:         
https://datatracker.ietf.org/doc/draft-mattsson-dispatch-sdes-dont-dont-dont/
Htmlized:       
https://datatracker.ietf.org/doc/html/draft-mattsson-dispatch-sdes-dont-dont-dont


Abstract:
   Key exchange without forward secrecy enables pervasive monitoring.
   Massive pervasive monitoring attacks relying on key exchange without
   forward secrecy have been reported, and many more have likely
   happened without ever being reported.  If key exchange without
   Diffie-Hellman is used, access to long-term keys enable passive
   attackers to compromise past and future sessions.  Entities can get
   access to long-term key material in different ways: physical
attacks,
   hacking, social engineering attacks, espionage, or by simply
   demanding access to keying material with or without a court order.
   Session Description Protocol (SDP) Security Descriptions (RFC 4568)
   does not offer PFS and has a large number of additional significant
   security weaknesses.  This document specifies that use of the SDP
   Security Descriptions is NOT RECOMMENDED.  New deployments SHOULD
   forbid support of SDP Security Descriptions.

   This document reclassifies RFC 4568 (SDP Security Descriptions) to
   Historic Status and also obsoletes RFC 4568.

   This document updates RFC 7201 (Options for Securing RTP Sessions)
to
   note that SDP Security Descriptions SHOULD NOT be used.