IETF Logo Mail Archive

Re: [bfcpbis] Spencer Dawkins' Discuss on draft-ietf-bfcpbis-rfc4582bis-15: (with DISCUSS and COMMENT)

"Charles Eckel (eckelcu)" <eckelcu@cisco.com> Thu, 05 November 2015 08:43 UTC

Return-Path: <eckelcu@cisco.com>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2CD51A8A72; Thu, 5 Nov 2015 00:43:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WS4OLT1sYVx1; Thu, 5 Nov 2015 00:43:22 -0800 (PST)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D52F61A8A56; Thu, 5 Nov 2015 00:43:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=22940; q=dns/txt; s=iport; t=1446713001; x=1447922601; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=4qeYCtVz3ni1D6tB+EhR1URHLPg7ey1OoyfAuahqcd8=; b=Q6Zmf22sVvOBGeNgN8H3mZw9lnT5XR2WWVR/Iy7cRo7UxiWkzSuUKjmr boeQ3hK2esiaLMhAF1KuOsS32AmX4/93lynRvcB3G/nODgTGgpNAPtVEJ jI9sQyq+wyPBBgSuw0BtKPIvz4DYY7slai+SEYy26mW1rmDdgIRXoyUf+ w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AOAgB0FTtW/5JdJa1egm5NU28GvW0BDYFeFwEJhSdKAoE0OBQBAQEBAQEBgQqENQEBAQQBAQFlBgsQAgEIEQMBAQEkBAchBgsUCQgCBAENBRuHfgMSDb0sDYQ8AQEBAQEBAQEBAQEBAQEBAQEBAQEBFASKTIEGglOBVxEBBjkNCYQoBZZIAYUcgnCDIoF0gVqEP45Xg2CDcQEfAQFCghEdFoFAcgGDXTqBBwEBAQ
X-IronPort-AV: E=Sophos; i="5.20,246,1444694400"; d="scan'208,217"; a="42148947"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-7.cisco.com with ESMTP; 05 Nov 2015 08:43:20 +0000
Received: from XCH-ALN-017.cisco.com (xch-aln-017.cisco.com [173.36.7.27]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id tA58hK5p025567 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 5 Nov 2015 08:43:20 GMT
Received: from xch-aln-018.cisco.com (173.36.7.28) by XCH-ALN-017.cisco.com (173.36.7.27) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Thu, 5 Nov 2015 02:43:19 -0600
Received: from xch-aln-018.cisco.com ([173.36.7.28]) by XCH-ALN-018.cisco.com ([173.36.7.28]) with mapi id 15.00.1104.000; Thu, 5 Nov 2015 02:43:19 -0600
From: "Charles Eckel (eckelcu)" <eckelcu@cisco.com>
To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, "Paul E. Jones" <paulej@packetizer.com>
Thread-Topic: [bfcpbis] Spencer Dawkins' Discuss on draft-ietf-bfcpbis-rfc4582bis-15: (with DISCUSS and COMMENT)
Thread-Index: AQHRF3IJ5JJDWYYKUEOdhULB9tmr356NOVMAgAAGM4CAANkWAA==
Date: Thu, 05 Nov 2015 08:43:19 +0000
Message-ID: <D261445D.5E397%eckelcu@cisco.com>
References: <20151105023108.17210.54132.idtracker@ietfa.amsl.com> <19C90DA9-652D-499F-8462-7EC7878307CB@packetizer.com> <CAKKJt-ci2kndZsxmkUKchWCcEPApvoFT9QMsw6MeC7hfKso3tQ@mail.gmail.com>
In-Reply-To: <CAKKJt-ci2kndZsxmkUKchWCcEPApvoFT9QMsw6MeC7hfKso3tQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.7.151005
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.70.230.15]
Content-Type: multipart/alternative; boundary="_000_D261445D5E397eckelcuciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/bfcpbis/3Vs5nvWKuDRWB3JQICt6ZRqvkNE>
Cc: "gorry@erg.abdn.ac.uk" <gorry@erg.abdn.ac.uk>, "bfcpbis-chairs@ietf.org" <bfcpbis-chairs@ietf.org>, "bfcpbis@ietf.org" <bfcpbis@ietf.org>, "draft-ietf-bfcpbis-rfc4582bis@ietf.org" <draft-ietf-bfcpbis-rfc4582bis@ietf.org>, The IESG <iesg@ietf.org>, Mary Barnes <mary.ietf.barnes@gmail.com>
Subject: Re: [bfcpbis] Spencer Dawkins' Discuss on draft-ietf-bfcpbis-rfc4582bis-15: (with DISCUSS and COMMENT)
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Nov 2015 08:43:26 -0000

For TCP, the use of TLS was not required by RFC 4582. For 4582bis, we do not require TLS in order to maintain backward compatibility with RFC 4582.
For UDP, the reason for not mandating DTLS is backward compatibility with existing solutions. The IMTC Role Based Video Best Practice established a set of recommendations for getting BFCP to work  within enterprise video conference deployments. As that time,draft-sandbakken-xcon-bfcp-udp defined BFCP over UDP only. DTLS was left for future study. Today we have many implementations of BFCP over UDP, but few if any using DTLS. We need the ultimate RFC that standardizes BFCP over UDP (and over DTLS) to allow interworking with these existing deployments.

Cheers,
Charles

From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com<mailto:spencerdawkins.ietf@gmail.com>>
Date: Thursday, November 5, 2015 at 1:46 PM
To: Paul Jones <paulej@packetizer.com<mailto:paulej@packetizer.com>>
Cc: The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>, "gorry@erg.abdn.ac.uk<mailto:gorry@erg.abdn.ac.uk>" <gorry@erg.abdn.ac.uk<mailto:gorry@erg.abdn.ac.uk>>, Mary Barnes <mary.ietf.barnes@gmail.com<mailto:mary.ietf.barnes@gmail.com>>, "bfcpbis-chairs@ietf.org<mailto:bfcpbis-chairs@ietf.org>" <bfcpbis-chairs@ietf.org<mailto:bfcpbis-chairs@ietf.org>>, "bfcpbis@ietf.org<mailto:bfcpbis@ietf.org>" <bfcpbis@ietf.org<mailto:bfcpbis@ietf.org>>, "draft-ietf-bfcpbis-rfc4582bis@ietf.org<mailto:draft-ietf-bfcpbis-rfc4582bis@ietf.org>" <draft-ietf-bfcpbis-rfc4582bis@ietf.org<mailto:draft-ietf-bfcpbis-rfc4582bis@ietf.org>>
Subject: Re: [bfcpbis] Spencer Dawkins' Discuss on draft-ietf-bfcpbis-rfc4582bis-15: (with DISCUSS and COMMENT)

Hi, Paul,

On Thu, Nov 5, 2015 at 1:24 PM, Paul E. Jones <paulej@packetizer.com<mailto:paulej@packetizer.com>> wrote:
Spencer,

I think all of the suggestions in the comments are perfectly fine and I can accept those. With respect to the random conference ID, I think the issue is that this ID is considered outside the protocol. This protocol just uses this ID. If that's wrong, I would agree suggesting randomizing it would be good.

With respect to the DISCUSS point, I'm not sure what to do. Section 7 says TLS or DTLS must be supported, but that doesn't mean it must be used. I guess that's your concern. I think the security considerations section is the right place to provide warning to those who choose not use it. And there is warning. What more really needs to be said?

I'm entirely OK with more scary language, but would prefer it added only to security considerations.

So, we both want to do the right thing. Let's talk about what that is, before we spend time twiddling words.

The reason why we're having this chat, is that DTLS is RECOMMENDED, not REQUIRED. Can you help me understand why that is?

I'm seeing language in the spec that looks, to me, like it's trying to hold the door open in case another mechanism with equivalent functionality to DTLS becomes available (so, not MUST DTLS, because you couldn't use it). For example, from the Security Considerations section:


   BFCP entities MAY use other security mechanisms as long as they
   provide similar security properties.

Is that relevant to my question, or am I misunderstanding, and there are use cases where unencrypted BFCP is necessary?

Thanks,

Spencer

Paul

________________________________
From: Spencer Dawkins <spencerdawkins.ietf@gmail.com<mailto:spencerdawkins.ietf@gmail.com>>
Sent: November 5, 2015 11:31:08 AM GMT+09:00
To: The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>
Cc: gorry@erg.abdn.ac.uk<mailto:gorry@erg.abdn.ac.uk>, mary.ietf.barnes@gmail.com<mailto:mary.ietf.barnes@gmail.com>, bfcpbis-chairs@ietf.org<mailto:bfcpbis-chairs@ietf.org>, bfcpbis@ietf.org<mailto:bfcpbis@ietf.org>, draft-ietf-bfcpbis-rfc4582bis@ietf.org<mailto:draft-ietf-bfcpbis-rfc4582bis@ietf.org>
Subject: [bfcpbis] Spencer Dawkins' Discuss on draft-ietf-bfcpbis-rfc4582bis-15: (with DISCUSS and COMMENT)


Spencer Dawkins has entered the following ballot position for
draft-ietf-bfcpbis-rfc4582bis-15: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-bfcpbis-rfc4582bis/



________________________________

DISCUSS:
________________________________


Thanks for working through my Discuss and Comments on -13. I'm mostly
good (at the Discuss level), but have one remaining concern!
 , on
section
14.  Security Considerations

   BFCP uses TLS/DTLS to provide mutual authentication between clients
   and servers.  TLS/DTLS also provides replay and integrity protection
   and confidentiality.  It is RECOMMENDED that TLS/DTLS with an
   encryption algorithm according to Section 7 always be used.  In cases
   where signaling/control traffic is properly protected, as described
   in Section 9 it is REQUIRED to use a mandated encryption algorithm.
   BFCP entities MAY use other security mechanisms as long as they
   provide similar security properties.

If I'm reading this text correctly (please correct me if I'm
misunderstanding), it is still allowed to run BFCP over TCP/UDP without
TLS/DTLS.

If you run a protocol over TCP without TLS, you're still vulnerable to
on-path attackers, but off-path attackers have to insert attack packets
with sequence numbers that are within t!
 he
current window. That's not
impossible, but it's not easy. So, I'm not happy that TLS isn't required
when you run BFCP over TCP, but OK, fine.

If you run a protocol over UDP without DTLS, off-path attackers don't
have this constraint, so inserting attack packets off-path is much
easier. That makes BFCP much more vulnerable to attack over UDP than it
was over TCP.

Is that really OK? That seems quite odd to me, when said without a clear
warning that if you do not use DTLS (or equivalent) security mechanisms
the protocol is vulnerable to various attacks.

I’d have preferred section 7 to have said “SHOULD use TLS or DTLS” and
then have gone on to explain - “reasons for not using DTLS include ...
but when TLS or DTLS is not used the protocol becomes vulnerable to
security attacks (e.g. ...).”


________________________________

COMMENT:
________________________________



I have a couple of Comments on !
 new
text:


6.2.2.  ICMP Error Handling

   ICMP is not used with unreliable transports due to risks asociated
   with off-path attacks.  Any ICMP messages received over an
unreliable
   transport MUST be ignored.

ICMP is inherently unreliable - and is itself a control transport, rather
than sent over another transport. I think I know what you mean, but it's
not what the text says. Perhaps you mean

   ICMP is not usable when BFCP is running over an unreliable transport
due
   to risks associated with off-path attacks.  Any ICMP messages
associated
   with BFCP running over an unreliable transport MUST be ignored.

The new text says:

“predictable conference identifiers in conjunction with a non-secure
transport protocol makes BFCP more susceptible to forged request and
response messages.  See the Security Considerations section regarding
the
recommendation to use a secure transport.)”

- This text  could be improved a little by changing this to:

“ predictable conference identifiers in conjunction with a non-secure
transport protocol makes BFCP susceptible to off path data injection
attacks, where an attacker can forge a request or response message.”

However, this falls short of saying you should randomize the conference
ID.

The current text could be OK if it is hard or impossible to randomize for
some reason, but I’d have thought if it was possible this should be
RECOMMENDED either as the default method, or at least as a more secure
alternative for an unreliable transport.

Cleaning up the last few Comments on -13:

I'm still working through the conflation of transports and version
numbers. It's getting better, but the current text says:

   “If a floor control server receives a
   messag!
 e with
an unsupported version field value, the server MUST
   indicate it does not support the protocol version by sending an Error
   message with parameter value 12 (Unsupported Version).“

I’d have expected this error message to also have been returned if the
transport did not match.

Would it be correct if the text said:

  “If a floor control server receives a
   message with an unsupported version field value
   or a message with a version number that is not permitted
   with the transport over which it was received,  the server MUST
   indicate it does not support the protocol version by sending an Error
   message with parameter value 12 (Unsupported Version).“


________________________________

bfcpbis mailing list
bfcpbis@ietf.org<mailto:bfcpbis@ietf.org>
https://www.ietf.org/mailman/listinfo/bfcpbis

v2.23.0 | Report a Bug | By Email