Re: [AVTCORE] Secdir last call review of draft-ietf-avtcore-multi-party-rtt-mix-16
Gunnar Hellström <gunnar.hellstrom@ghaccess.se> Fri, 07 May 2021 17:47 UTC
Return-Path: <gunnar.hellstrom@ghaccess.se>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 081813A2BB3; Fri, 7 May 2021 10:47:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.799
X-Spam-Level:
X-Spam-Status: No, score=-1.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=egensajt.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7wfS0YAQefZ6; Fri, 7 May 2021 10:47:21 -0700 (PDT)
Received: from smtp.egensajt.se (smtp.egensajt.se [194.68.80.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0CF03A29EC; Fri, 7 May 2021 10:47:06 -0700 (PDT)
Received: from [192.168.2.137] (h77-53-37-81.cust.a3fiber.se [77.53.37.81]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: gunnar.hellstrom@ghaccess.se) by smtp.egensajt.se (Postfix) with ESMTPSA id D93E620FCE; Fri, 7 May 2021 19:47:03 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=egensajt.se; s=dkim; t=1620409624; bh=LrxfdhLdvbtUJPrmV3MRQsGshTyHa78jfRq+Fpkt+Qk=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=EeF8HbVVbRJbsIDk2s692m1ogKaLQvNW5w0ME7GNkjqQIbK0lveHm297T7NvHNqdv iCWGIGem5/wG2UACuCRLni58xK91je4VVdftgFq7CgZUeCd0wYhs24g86v9+RhMWBV Mf2JFBpQIr7ARkdrr1LfXakfYx3W83AQ2/DFaCG4=
To: "Salz, Rich" <rsalz@akamai.com>, "secdir@ietf.org" <secdir@ietf.org>
Cc: "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-avtcore-multi-party-rtt-mix.all@ietf.org" <draft-ietf-avtcore-multi-party-rtt-mix.all@ietf.org>, "avt@ietf.org" <avt@ietf.org>
References: <162031178943.8783.4063437681950995450@ietfa.amsl.com> <683ac9fe-b68f-3041-fff4-c26fef3767a8@ghaccess.se> <FF68D2FB-7E52-4CBD-9B63-2E787F1B8B47@akamai.com>
From: Gunnar Hellström <gunnar.hellstrom@ghaccess.se>
Message-ID: <e06e4c6b-6491-ca3c-4617-430b657c4072@ghaccess.se>
Date: Fri, 07 May 2021 19:47:03 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1
MIME-Version: 1.0
In-Reply-To: <FF68D2FB-7E52-4CBD-9B63-2E787F1B8B47@akamai.com>
Content-Type: multipart/alternative; boundary="------------7BEBB1A4AD841BC0FF469135"
Content-Language: sv
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/vowF_4nqyiPRKPID2L7S7qUdnw8>
Subject: Re: [AVTCORE] Secdir last call review of draft-ietf-avtcore-multi-party-rtt-mix-16
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2021 17:47:27 -0000
Thanks. I have added this sentence to section 3.19 " Further general security considerations are covered in Section 11." Regards Gunnar Hellstrom -- Gunnar Hellström GHAccess gunnar.hellstrom@ghaccess.se <mailto:gunnar.hellstrom@ghaccess.se> Den 2021-05-07 kl. 18:13, skrev Salz, Rich: > > Thanks for the explanation and update. Your updated draft addresses my > concerns. Perhaps 3.9 should have a forward link to Sec 11 > > *From: *Gunnar Hellström <gunnar.hellstrom@ghaccess.se> > *Date: *Friday, May 7, 2021 at 11:45 AM > *To: *Rich Salz <rsalz@akamai.com>, "secdir@ietf.org" <secdir@ietf.org> > *Cc: *"last-call@ietf.org" <last-call@ietf.org>, > "draft-ietf-avtcore-multi-party-rtt-mix.all@ietf.org" > <draft-ietf-avtcore-multi-party-rtt-mix.all@ietf.org>, "avt@ietf.org" > <avt@ietf.org> > *Subject: *Re: [AVTCORE] Secdir last call review of > draft-ietf-avtcore-multi-party-rtt-mix-16 > > Rich, > > Thanks for the review. > > I am composing a new version because of the Gen-ART review, and want > to propose changes to satisfy your comments. > > You ask if it is common to have the mixers being trusted. > > In the expected first implementation environments for this draft, it > is. That is in emergency service networks. Also in personal > communication services it is. > > The first implementation environments are also expected to use the SIP > centralized conference model (RFC 4353 etc.) where all media are > expected to be mixed centrally. Thus the security aspects would be > similar for audio, video and real-time text. > > I have tried to elaborate a bit more on this in a modified security > considerations section, currently looking like this and being ready > for submission together with the changes because of the Gen-ART > review. Would this satisfy your concerns? > > --------Proposed security concerns-------------------- > > 11. Security Considerations > The RTP-mixer model requires the mixer to be allowed to decrypt, > pack, and encrypt secured text from the conference participants. > Therefore the mixer needs to be trusted to achieve security in > confidentiality and integrity. This situation is similar to the > situation for handling audio and video media in centralized mixers. > The requirement to transfer information about the user in RTCP > reports in SDES, CNAME, and NAME fields, and in conference > notifications, for creation of labels may have privacy concerns as > already stated in RFC 3550 [RFC3550], and may be restricted for > privacy reasons. The receiving user will then get a more symbolic > label for the source. > Participants with malicious intentions may appear and e.g., disturb > the multiparty session by emitting a continuous flow of text. They > may also send text that appears to originate from other participants. > Counteractions should be to require secure signaling, media and > authentication, and to provide higher level conference functions > e.g., for blocking, muting, and expelling participants. > Further security considerations specific for this application are > specified in Section 3.19. > ---------------------------------------------------------- > Regards > > Gunnar > > -- > Gunnar Hellström > GHAccess > gunnar.hellstrom@ghaccess.se <mailto:gunnar.hellstrom@ghaccess.se> > > Den 2021-05-06 kl. 16:36, skrev Rich Salz via Datatracker: > > Reviewer: Rich Salz > > Review result: Ready > > This review is for the benefit of the Security AD's. Nobody else should read > > this. Or, if you read it, treat it as any other last call review :) > > I know very little about WebRTC, AVT, etc. > > I thought Section 1.2, summary of the alternatives, was great. I wish more > > documents did this kind of thing. And similar for all of section 2. The details > > in Section 3 about how to comply seem very clear. If I were implementing this, > > I could use easily use this as a checklist and test suite. Section 3.19 is the > > most important one for transport security. Not knowing the operating > > environments, it seems reasonable. > > The security considerations seems a little scant, given the opportunity for > > privacy concerns of participants and for intruders to disrupt calls. Is it > > common that the mixer is a trusted entity? A statement on that either way would > > be useful. > > _______________________________________________ > > Audio/Video Transport Core Maintenance > > avt@ietf.org <mailto:avt@ietf.org> > > https://www.ietf.org/mailman/listinfo/avt <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/avt__;!!GjvTz_vk!ChNP_4C8_-IG9lEq-LDl930w9i9b8GYIlpcFoBp1nUK7LGxO78Q0hXyqr7QT$> > > -- > Gunnar Hellström > GHAccess > gunnar.hellstrom@ghaccess.se <mailto:gunnar.hellstrom@ghaccess.se> -- Gunnar Hellström GHAccess gunnar.hellstrom@ghaccess.se
- [AVTCORE] Secdir last call review of draft-ietf-a… Rich Salz via Datatracker
- Re: [AVTCORE] Secdir last call review of draft-ie… Gunnar Hellström
- Re: [AVTCORE] Secdir last call review of draft-ie… Salz, Rich
- Re: [AVTCORE] Secdir last call review of draft-ie… Gunnar Hellström