Re: [AVTCORE] Secdir last call review of draft-ietf-avtcore-multi-party-rtt-mix-16

Gunnar Hellström <gunnar.hellstrom@ghaccess.se> Fri, 07 May 2021 17:47 UTC

Return-Path: <gunnar.hellstrom@ghaccess.se>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 081813A2BB3; Fri, 7 May 2021 10:47:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.799
X-Spam-Level:
X-Spam-Status: No, score=-1.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=egensajt.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7wfS0YAQefZ6; Fri, 7 May 2021 10:47:21 -0700 (PDT)
Received: from smtp.egensajt.se (smtp.egensajt.se [194.68.80.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0CF03A29EC; Fri, 7 May 2021 10:47:06 -0700 (PDT)
Received: from [192.168.2.137] (h77-53-37-81.cust.a3fiber.se [77.53.37.81]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: gunnar.hellstrom@ghaccess.se) by smtp.egensajt.se (Postfix) with ESMTPSA id D93E620FCE; Fri, 7 May 2021 19:47:03 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=egensajt.se; s=dkim; t=1620409624; bh=LrxfdhLdvbtUJPrmV3MRQsGshTyHa78jfRq+Fpkt+Qk=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=EeF8HbVVbRJbsIDk2s692m1ogKaLQvNW5w0ME7GNkjqQIbK0lveHm297T7NvHNqdv iCWGIGem5/wG2UACuCRLni58xK91je4VVdftgFq7CgZUeCd0wYhs24g86v9+RhMWBV Mf2JFBpQIr7ARkdrr1LfXakfYx3W83AQ2/DFaCG4=
To: "Salz, Rich" <rsalz@akamai.com>, "secdir@ietf.org" <secdir@ietf.org>
Cc: "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-avtcore-multi-party-rtt-mix.all@ietf.org" <draft-ietf-avtcore-multi-party-rtt-mix.all@ietf.org>, "avt@ietf.org" <avt@ietf.org>
References: <162031178943.8783.4063437681950995450@ietfa.amsl.com> <683ac9fe-b68f-3041-fff4-c26fef3767a8@ghaccess.se> <FF68D2FB-7E52-4CBD-9B63-2E787F1B8B47@akamai.com>
From: =?UTF-8?Q?Gunnar_Hellstr=c3=b6m?= <gunnar.hellstrom@ghaccess.se>
Message-ID: <e06e4c6b-6491-ca3c-4617-430b657c4072@ghaccess.se>
Date: Fri, 7 May 2021 19:47:03 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1
MIME-Version: 1.0
In-Reply-To: <FF68D2FB-7E52-4CBD-9B63-2E787F1B8B47@akamai.com>
Content-Type: multipart/alternative; boundary="------------7BEBB1A4AD841BC0FF469135"
Content-Language: sv
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/vowF_4nqyiPRKPID2L7S7qUdnw8>
Subject: Re: [AVTCORE] Secdir last call review of draft-ietf-avtcore-multi-party-rtt-mix-16
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2021 17:47:27 -0000

Thanks.

I have added this sentence to section 3.19

" Further general security considerations are covered in
    Section 11."

Regards

Gunnar Hellstrom

-- 

Gunnar Hellström

GHAccess

gunnar.hellstrom@ghaccess.se  <mailto:gunnar.hellstrom@ghaccess.se>


Den 2021-05-07 kl. 18:13, skrev Salz, Rich:
>
> Thanks for the explanation and update. Your updated draft addresses my 
> concerns.  Perhaps 3.9 should have a forward link to Sec 11
>
> *From: *Gunnar Hellström <gunnar.hellstrom@ghaccess.se>
> *Date: *Friday, May 7, 2021 at 11:45 AM
> *To: *Rich Salz <rsalz@akamai.com>om>, "secdir@ietf.org" <secdir@ietf.org>
> *Cc: *"last-call@ietf.org" <last-call@ietf.org>rg>, 
> "draft-ietf-avtcore-multi-party-rtt-mix.all@ietf.org" 
> <draft-ietf-avtcore-multi-party-rtt-mix.all@ietf.org>rg>, "avt@ietf.org" 
> <avt@ietf.org>
> *Subject: *Re: [AVTCORE] Secdir last call review of 
> draft-ietf-avtcore-multi-party-rtt-mix-16
>
> Rich,
>
> Thanks for the review.
>
> I am composing a new version because of the Gen-ART review, and want 
> to propose changes to satisfy your comments.
>
> You ask if it is common to have the mixers being trusted.
>
> In the expected first implementation environments for this draft, it 
> is. That is in emergency service networks. Also in personal 
> communication services it is.
>
> The first implementation environments are also expected to use the SIP 
> centralized conference model (RFC 4353 etc.) where all media are 
> expected to be mixed centrally. Thus the security aspects would be 
> similar for audio, video and real-time text.
>
> I have tried to elaborate a bit more on this in a modified security 
> considerations section, currently looking like this and being ready 
> for submission together with the changes because of the Gen-ART 
> review. Would this satisfy your concerns?
>
> --------Proposed security concerns--------------------
>
> 11.  Security Considerations
>    The RTP-mixer model requires the mixer to be allowed to decrypt,
>    pack, and encrypt secured text from the conference participants.
>    Therefore the mixer needs to be trusted to achieve security in
>    confidentiality and integrity.  This situation is similar to the
>    situation for handling audio and video media in centralized mixers.
>    The requirement to transfer information about the user in RTCP
>    reports in SDES, CNAME, and NAME fields, and in conference
>    notifications, for creation of labels may have privacy concerns as
>    already stated in RFC 3550 [RFC3550], and may be restricted for
>    privacy reasons.  The receiving user will then get a more symbolic
>    label for the source.
>    Participants with malicious intentions may appear and e.g., disturb
>    the multiparty session by emitting a continuous flow of text.  They
>    may also send text that appears to originate from other participants.
>    Counteractions should be to require secure signaling, media and
>    authentication, and to provide higher level conference functions
>    e.g., for blocking, muting, and expelling participants.
>    Further security considerations specific for this application are
>    specified in Section 3.19.
> ----------------------------------------------------------
> Regards
>
> Gunnar
>
> -- 
> Gunnar Hellström
> GHAccess
> gunnar.hellstrom@ghaccess.se  <mailto:gunnar.hellstrom@ghaccess.se>
>
> Den 2021-05-06 kl. 16:36, skrev Rich Salz via Datatracker:
>
>     Reviewer: Rich Salz
>
>     Review result: Ready
>
>     This review is for the benefit of the Security AD's. Nobody else should read
>
>     this. Or, if you read it, treat it as any other last call review :)
>
>     I know very little about WebRTC, AVT, etc.
>
>     I thought Section 1.2, summary of the alternatives, was great. I wish more
>
>     documents did this kind of thing. And similar for all of section 2. The details
>
>     in Section 3 about how to comply seem very clear. If I were implementing this,
>
>     I could use easily use this as a checklist and test suite. Section 3.19 is the
>
>     most important one for transport security. Not knowing the operating
>
>     environments, it seems reasonable.
>
>     The security considerations seems a little scant, given the opportunity for
>
>     privacy concerns of participants and for intruders to disrupt calls. Is it
>
>     common that the mixer is a trusted entity? A statement on that either way would
>
>     be useful.
>
>     _______________________________________________
>
>     Audio/Video Transport Core Maintenance
>
>     avt@ietf.org  <mailto:avt@ietf.org>
>
>     https://www.ietf.org/mailman/listinfo/avt  <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/avt__;!!GjvTz_vk!ChNP_4C8_-IG9lEq-LDl930w9i9b8GYIlpcFoBp1nUK7LGxO78Q0hXyqr7QT$>
>
> -- 
> Gunnar Hellström
> GHAccess
> gunnar.hellstrom@ghaccess.se  <mailto:gunnar.hellstrom@ghaccess.se>

-- 
Gunnar Hellström
GHAccess
gunnar.hellstrom@ghaccess.se