Re: [AVTCORE] Randomly-generated CNAMEs
Cullen Jennings <fluffy@iii.ca> Thu, 21 June 2012 12:39 UTC
Return-Path: <fluffy@iii.ca>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDDF521F855E; Thu, 21 Jun 2012 05:39:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.224
X-Spam-Level:
X-Spam-Status: No, score=-1.224 tagged_above=-999 required=5 tests=[AWL=1.375, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7FSwUAxJUTaS; Thu, 21 Jun 2012 05:39:44 -0700 (PDT)
Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) by ietfa.amsl.com (Postfix) with ESMTP id 051F221F855F; Thu, 21 Jun 2012 05:39:43 -0700 (PDT)
Received: from rtp-vpn5-419.cisco.com (unknown [64.102.254.33]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 6FD1622E1EB; Thu, 21 Jun 2012 08:39:35 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="us-ascii"
From: Cullen Jennings <fluffy@iii.ca>
In-Reply-To: <075C431A-A103-4C7E-9D4A-F80CB97DD9FB@csperkins.org>
Date: Thu, 21 Jun 2012 08:39:33 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <BB321CED-DBDD-4E6F-997B-8490912F6315@iii.ca>
References: <CABcZeBOGHimbibmQNOKrSEKqFRkq7Y1nWfSJJofP5eLZkJ+ULg@mail.gmail.com> <075C431A-A103-4C7E-9D4A-F80CB97DD9FB@csperkins.org>
To: Colin Perkins <csp@csperkins.org>
X-Mailer: Apple Mail (2.1278)
Cc: rtcweb@ietf.org, avt@ietf.org
Subject: Re: [AVTCORE] Randomly-generated CNAMEs
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2012 12:39:45 -0000
One again, I think we have complete failure on the meaning of the word session :-) I think what EKR was getting at is that if A call B in one phone call, then day later A wants to make an anonymous call to B, B should not be able to tell the second call is coming from same devices. I think that was part of the goal of 6222 but from EKR's email it looks like it fails to provide that. On Jun 21, 2012, at 6:22 , Colin Perkins wrote: > Ekr, > > I'm not sure I understand what problem you're trying to solve: the point of the CNAME is to allow different RTP sessions to be linked. > > Colin > > > On 21 Jun 2012, at 03:04, Eric Rescorla wrote: >> RFC 6222 specifies two CNAME generation algorithms: >> >> - Persistent CNAMEs based on UUIDs >> - Short-term CNAMEs based on a digest of the MAC address and time of day. >> >> However, reading this document and the security considerations it seems like both methods produce CNAMEs which aren't unlinkable. Obviously the persistent CNAMEs are linkable, and it doesn't look like short-term CNAMEs have enough entropy to be unlinkable either. Specifically, the inputs are (Section 5): >> >> 1. The MAC address (or EUI-64) >> 2. The time of day (NTP-style) >> 3. Initial SSRC, and IP/port quartet >> >> (3) is known to the other side, (2) is at most 48-bits (and practically much less) and (2) is known to within a fairly narrow margin (and, it appears, communicated in the RTP timestamp). >> >> The upshot is that it seems likely that I can link two RTP sessions from the same person. Note that RFC 6222 doesn't say otherwise. Rather, it says: >> >> This document uses a hash function to ensure the uniqueness of RTCP >> CNAMEs. A cryptographic hash function is used because such functions >> provide the randomness properties that are needed. However, no >> security assumptions are made on the hash function. The hash >> function is not assumed to be collision resistant, preimage >> resistant, or second preimage resistant in an adversarial setting; as >> described above, an attacker attempting an impersonation attack could >> merely set the RTCP CNAME directly rather than attacking the hash >> function. Similarly, the hash function is not assumed to be a one- >> way function or pseudorandom in a cryptographic sense. >> >> For privacy reasons, it would be nice to be able to generate CNAMEs randomly so that they're not linkable. Unfortunately, 6222 seems to require that short-term credentials be generated via the above mechanism. Is there any reason why that shouldn't be allowed? >> >> -Ekr >> _______________________________________________ >> Audio/Video Transport Core Maintenance >> avt@ietf.org >> https://www.ietf.org/mailman/listinfo/avt > > > > -- > Colin Perkins > http://csperkins.org/ > > > > _______________________________________________ > Audio/Video Transport Core Maintenance > avt@ietf.org > https://www.ietf.org/mailman/listinfo/avt
- [AVTCORE] Randomly-generated CNAMEs Eric Rescorla
- Re: [AVTCORE] Randomly-generated CNAMEs Colin Perkins
- Re: [AVTCORE] Randomly-generated CNAMEs Cullen Jennings
- Re: [AVTCORE] Randomly-generated CNAMEs Eric Rescorla
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Colin Perkins
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Eric Rescorla
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Colin Perkins
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Kevin Gross
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Eric Rescorla
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Ali C. Begen (abegen)
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Eric Rescorla
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Kevin Gross
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Martin Thomson
- Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs Justin Uberti