[AVTCORE] New proposal do declare SDP Security Descriptions (RFC4568) Historic
Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 12 July 2021 12:14 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0F243A120A; Mon, 12 Jul 2021 05:14:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.352
X-Spam-Level:
X-Spam-Status: No, score=-1.352 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xQUATwAs3hfe; Mon, 12 Jul 2021 05:14:28 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60071.outbound.protection.outlook.com [40.107.6.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AC873A11D5; Mon, 12 Jul 2021 05:14:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aXpAi/IV5W2kVP/wMcv5KcSBjkA4nz6NFB/LMvdsLy6AeChKg8yRQZXCd4sErfo6EXkeA6zGsYdZGc3hPirDViFBIh0mx9QH+MOYnffYrNi3PZxar52wxeWqO8bJE76Qp6ZIU0NZA+G2BBmnyx8fDGYHoG11LVT8QqxIAv5RCKdKRid8TeR2URqV4ZupEheG1DJ6gdjzFZo5CNLfd0shCgLff23jk9Q/kjo14ijYxkO2hu8qbuhLTZhMHCfVYScdsMycYXJN3GLrMb0CIFI4wQOCU4Ti2qP6Z7myu0LTWNu+9j9PlipHBQ/WG7DVwp47Jxwzc4xwVuvRN6NbQ5Q5Ew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PpdOfRgnxfK6ma4tNwOLoyJYeBF7fTnsqqpQnb0XQZQ=; b=El912FrXy0tt9SkcawjN71X9gHhc0H48GblIwZLv3biD+IZuv8Mb5EFFfcorxUJldNdw/VSfxqqGgTeMQHHgJnNYWsikahvysIG4O3Cak+hRuUcQxMFsHRGx5qkWksrkY+6MPI2IW/h9yNSBPJfy6WX17aWBgal7o5vvxBM+07a3hcJxkHpuYp8r2RtzYoNgHvKriLlZTb5cixosjYdNo2358PM5fyzAnEZEtY8DKD9FmPl9vKf9NivGMhqIQPTn4M8MqSXr5QW/KhXF1T86V6C/gmMaF8lVXRvg9KEAFrRRQOcRzzudpljmzApJSeQoJztySNkQ91mFpndv2verUQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PpdOfRgnxfK6ma4tNwOLoyJYeBF7fTnsqqpQnb0XQZQ=; b=adSp888S2hXttmWTJC+af/dI+eRn4kyepWukPn6DeYfj9sLVa9r2x+Y1wmEz/z2G24oE2Fu6piLoD/qONoFMttVw2lsz3d9aGH0J695nOrcLAl8gFM0iXPwYPf61sV10OkZXV9TzViFeXIKPR9vC6rkMxoRQsrQOkHnqQlTHvR8=
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (2603:10a6:7:8e::14) by HE1PR0701MB3001.eurprd07.prod.outlook.com (2603:10a6:3:52::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.14; Mon, 12 Jul 2021 12:14:22 +0000
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::5c2c:3dc8:8947:e043]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::5c2c:3dc8:8947:e043%3]) with mapi id 15.20.4331.018; Mon, 12 Jul 2021 12:14:22 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "dispatch@ietf.org" <dispatch@ietf.org>
CC: "mmusic@ietf.org" <mmusic@ietf.org>, "avt@ietf.org" <avt@ietf.org>
Thread-Topic: New proposal do declare SDP Security Descriptions (RFC4568) Historic
Thread-Index: AQHXdxdylpWLeaPaxkigdz2oXMXVfg==
Date: Mon, 12 Jul 2021 12:14:21 +0000
Message-ID: <d74c3c65ee2466c6c26fed5a907bf7048161aba6.camel@ericsson.com>
Reply-To: "dispatch@ietf.org" <dispatch@ietf.org>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.2
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: afb7d7c3-3c25-4ba4-2d90-08d9452e950c
x-ms-traffictypediagnostic: HE1PR0701MB3001:
x-microsoft-antispam-prvs: <HE1PR0701MB3001090E75C09E728FADD17F95159@HE1PR0701MB3001.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: OPtyzhOj+3AW03+Huyav0ngQ7oXI45/f8zNB+a3vNTKZTxtQUvK5U4YPF8S1Uen8pN+66RLItbLs6Rj8W8YXoL/SRTSfeo1jRnwiCflFFgrzzB2QTt/VehWp+DdAFSkITw3DZUQQFntcCA1qSm8z9E038DDLHnm82fKygGUy/tqa8b40Dg/alb3HNUqBFXwCnjm9uDwqcx4d5Nr8ev+0b+vKi/IUqh7IgQ0E/tet8KXifppDQZ8cM1WUtOSXI5dppgBA+yDo4ymvpcSJK2PVMzEZdtqVJd69h0XnxKcvF5Xsey9O5VQkM1x+/w141qo9/kKgXtgcFhcOkiKudWwDTBPn6UKiPfogFKh8a5iJvZx8yIJsPi6TwGLczh1oVqMhLsmA/ZFk1S6vGqP0k4i0Tg7eCjyrQIf0m/0S2N7Ox+FGbCD9QVZ9+uTdPsLLrW+htUXNWvbsq8DwD86eCPcv6YnPU/6G9NL1EwlwW94/cu9zcArJm8xBZCOazdzD7tQn7aMgdXrVCnbYykZ5DznjnxOPrm9V0YkqPuyAHS5KxLy/9tFduAic7roDR+vzTs7bWgeEdYQHFNlwQv8QzxCQR//LGK5k7Oav2Di6ugUZOTG61/qiB/MrBckWE2l+jw+dJzieNkzXlb5HGdPz40wQ+qipNAOe2FIvXgd0BOrH76U7rx9lT+Jgdwh/dN9mjYzGxMacciHRRU18fzz7JumnVQoQejFnjdI7DakiKSz/pQwI8/PQA0agQOlgrKNtAfdf2WISfuarhAq0u4o733oiJkdti8rz2NroNuaSC3/kxY70zK3Z3PdEZfAINXNoroLi
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(39860400002)(396003)(376002)(366004)(346002)(99936003)(36756003)(86362001)(2906002)(66616009)(166002)(6512007)(186003)(54906003)(38100700002)(6916009)(4326008)(15650500001)(6506007)(44832011)(26005)(66476007)(66556008)(66446008)(8676002)(83380400001)(122000001)(64756008)(966005)(76116006)(450100002)(66946007)(71200400001)(2616005)(478600001)(5660300002)(6486002)(66806009)(8796002)(316002)(8936002)(99106002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: W+hgI6+CzYb6mCx4Df9bIfzPNpDzlEkcaX+ChecbG55r+BmCXiz5ou4ApUvE+afwm/qKkBCJ3tgAXNLfcNlZw9VHA4aJAH4z8ImKDetisrQHAPFoEIAyOUfcq+GK6e5ZZEYfqeE2w0ZJsnaCiHlNCBVPzGQ7znxF5PznxzT25fIXOQyCZQ3JHyVbfgy+YTHT+iX47P0GgwiTV9vkmXZ0QbiNnIPAXbZeZFkB8q9+oi6SsV9UZm5CLNzQcRce5Uw08cEFEl8l2z3+RAK6b5UucQovNokZggiWFeGIouD931EcXRxNlr9VGhquLZZauXkDyrIxxj/grP/Y4hvuiZjSAIfoZpZ55pD5Fr8ToXXx8hOD8dXp5fyzrtyUA9Brp3JjjbfmeLsh+CsOvwboM3ia6U7olI8qrymdSqyFFlTsm8Afm4j2AlD6Zzu8THHzo9mseTvK8txTYJreI6qgnSTe1+9B66FwlgsNvvlohGbCvWopKEfsZtElZPfoAn08QfJLRGI1szl4ROx05HKrU3T+LPmqE5oykUbKncmdN0uj3xAX8Wz+es5rKxmR2ywzs0T6jsMgE4M+yIvPxXxdFABZUtiqx8vagi892tzdYX/QSHWzjbCrHOz6KoE25x28apFpKD+Py0j8oEK6Yb/rsTz5t6OGKdHttfJRvEzHXlocBuO7hqOkvIABdu58T5gS1t7/nFOyP55zfx9CSsjE7sgL2rmE3fMvMde924lZQ9q5to6tJplKhk3S9JgToztnkn2Aft3zErSb69teeP3Pwhi8Dv0BO2LE6VAdzcxTLkbGOO/17bYAIBBKl5Pmy/CisAFEXk69zYYOgnWdFugLV7/2g0so8yP+D7gK90gssySfYVzOB2SmWceP9/ySwiSeUafbuFSXEOsRBRzlaRO0Dt1kqH6G+WQHzRWCUSJstWEXkzQERyzXDxXhMoqcLHaGo01qAOWaMTCcqdJaDvo5W/SaikB9u+895paJ8HWFgeiN8/ojnoPn0yD1Mm9yPA+AR/tHf2M9s37Tz2TIdqFs4b8GHUrdx2ws8t0dr/PrLbX/OO+sJ1oHMDA31bEShGCne3RiIWb5KVrge/2Qljr5/AdiN3PLWDD8DMe746JK/thSfML2WQ+3zuh8hy5Rh/IEuuvPF30OOOwueBIJxWWfF5f2J8a66DW6v91u9sWX9lwuHVB+JhYnRS2wMNa8bRIAM7J0RyGDP5rsepWDnYb6X69pdsKqM3eFmp1j5n2UG4twYlk6yGC5F81P3up8Yrix64x4IkTGtxG8woD1RsLfXc/1EtsRELW+T2jWP7zKXMbCL4Ok6EqiIrLhd8Q6a/ytqYlRVOwSg5cfnhZ97pM8a7ZBxQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-TdekSvdb9VJwdaBdkLQM"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3772.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: afb7d7c3-3c25-4ba4-2d90-08d9452e950c
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jul 2021 12:14:21.9971 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: sBrcBziffzLgavPnH1TNOIGAIFJRmAqgEA1Yf5+5SvJ6xfcqffqthFhH/xM4NjQ00UMdSKn51O+DtRYcaY2J6habN1/AJnE+D/uRnhceS3I=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB3001
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/uBHdKLj0dS5ZyXOubDrqo5jYQ8Y>
Subject: [AVTCORE] New proposal do declare SDP Security Descriptions (RFC4568) Historic
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2021 12:14:33 -0000
Hi, John and I have a draft that proposes that RFC 4568 (Session Description Protocol (SDP) Security Descriptions for Media Streams) should be declared Historic. As the draft explains the security level SDP Security Description provide is not on the level on could expected by an IETF in force proposed standard and there exist alternatives. We currently point this draft to Dispatch as we are a bit uncertain if this should be handled in MMUSIC WG or somewhere else? Therefore we proposes that this draft is discussed on the dispatch list until dispatched. Cheers Magnus Westerlund Name: draft-mattsson-dispatch-sdes-dont-dont-dont Revision: 00 Title: SDP Security Descriptions is NOT RECOMMENDED and Historic Document date: 2021-07-12 Group: Individual Submission Pages: 8 URL: https://www.ietf.org/archive/id/draft-mattsson-dispatch-sdes-dont-dont-dont-00.txt Status: https://datatracker.ietf.org/doc/draft-mattsson-dispatch-sdes-dont-dont-dont/ Htmlized: https://datatracker.ietf.org/doc/html/draft-mattsson-dispatch-sdes-dont-dont-dont Abstract: Key exchange without forward secrecy enables pervasive monitoring. Massive pervasive monitoring attacks relying on key exchange without forward secrecy have been reported, and many more have likely happened without ever being reported. If key exchange without Diffie-Hellman is used, access to long-term keys enable passive attackers to compromise past and future sessions. Entities can get access to long-term key material in different ways: physical attacks, hacking, social engineering attacks, espionage, or by simply demanding access to keying material with or without a court order. Session Description Protocol (SDP) Security Descriptions (RFC 4568) does not offer PFS and has a large number of additional significant security weaknesses. This document specifies that use of the SDP Security Descriptions is NOT RECOMMENDED. New deployments SHOULD forbid support of SDP Security Descriptions. This document reclassifies RFC 4568 (SDP Security Descriptions) to Historic Status and also obsoletes RFC 4568. This document updates RFC 7201 (Options for Securing RTP Sessions) to note that SDP Security Descriptions SHOULD NOT be used.
- [AVTCORE] New proposal do declare SDP Security De… Magnus Westerlund
- Re: [AVTCORE] [dispatch] New proposal do declare … Ted Hardie