IETF Logo Mail Archive

Re: [bfcpbis] Benjamin Kaduk's No Objection on draft-ietf-bfcpbis-rfc4583bis-26: (with COMMENT)

Christer Holmberg <christer.holmberg@ericsson.com> Fri, 07 December 2018 18:40 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3507130FB1 for <bfcpbis@ietfa.amsl.com>; Fri, 7 Dec 2018 10:40:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.759
X-Spam-Level:
X-Spam-Status: No, score=-5.759 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=dkJs24wc; dkim=pass (1024-bit key) header.d=ericsson.com header.b=Kee4fjw+
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LFgzZ37cM2s7 for <bfcpbis@ietfa.amsl.com>; Fri, 7 Dec 2018 10:40:33 -0800 (PST)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E755130FA3 for <bfcpbis@ietf.org>; Fri, 7 Dec 2018 10:40:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1544208030; x=1546800030; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=KkeVHa+ToB4pHoTLMBUL/QZgGbKzssYyuyve8viACyU=; b=dkJs24wcEHlozv4haj5W+grgbEyHwK15RvHs/tFjDPfnZub5b9fHzVKlqeMcXlvv XqjLiUuoUyBaEwMLGb6LixTIRIAjKPRzN8HMuckdK4IqQkmw74LlS0q6+Ga7revb wut5NX4qKC5S0+K5ouDqABq3kmdZWIXPK1bstP/d9T8=;
X-AuditID: c1b4fb25-5e9ff7000000191f-8e-5c0abe9e45c7
Received: from ESESSMB503.ericsson.se (Unknown_Domain [153.88.183.121]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 66.B0.06431.E9EBA0C5; Fri, 7 Dec 2018 19:40:30 +0100 (CET)
Received: from ESESBMR505.ericsson.se (153.88.183.201) by ESESSMB503.ericsson.se (153.88.183.191) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Fri, 7 Dec 2018 19:40:29 +0100
Received: from ESESSMB505.ericsson.se (153.88.183.166) by ESESBMR505.ericsson.se (153.88.183.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Fri, 7 Dec 2018 19:40:29 +0100
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB505.ericsson.se (153.88.183.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Fri, 7 Dec 2018 19:40:29 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KkeVHa+ToB4pHoTLMBUL/QZgGbKzssYyuyve8viACyU=; b=Kee4fjw+oyKkrI2czfaRxlZxhAVXfjddmXY4RUNGlBWq4c5W/z19Bs6DYxjBh8tvv4XLDYOD1aq0hq4Hwyqx8tVyU2LBipamOi8dEQcyF67Ka71k1/N+B7Q1WC6eBhtwewpyEdz3tgHqV6pji8VH57fClrqUivG2QenIb4L0sHA=
Received: from AM6PR07MB5621.eurprd07.prod.outlook.com (20.178.91.14) by AM6PR07MB5911.eurprd07.prod.outlook.com (20.178.91.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1425.8; Fri, 7 Dec 2018 18:40:28 +0000
Received: from AM6PR07MB5621.eurprd07.prod.outlook.com ([fe80::a5dd:4302:feec:e113]) by AM6PR07MB5621.eurprd07.prod.outlook.com ([fe80::a5dd:4302:feec:e113%3]) with mapi id 15.20.1382.024; Fri, 7 Dec 2018 18:40:28 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "Charles Eckel (eckelcu)" <eckelcu@cisco.com>, Benjamin Kaduk <kaduk@mit.edu>, "adam@nostrum.com" <adam@nostrum.com>
CC: "bfcpbis@ietf.org" <bfcpbis@ietf.org>, "mary.ietf.barnes@gmail.com" <mary.ietf.barnes@gmail.com>, The IESG <iesg@ietf.org>, "draft-ietf-bfcpbis-rfc4583bis@ietf.org" <draft-ietf-bfcpbis-rfc4583bis@ietf.org>
Thread-Topic: [bfcpbis] Benjamin Kaduk's No Objection on draft-ietf-bfcpbis-rfc4583bis-26: (with COMMENT)
Thread-Index: AQHUjDeNJYj0YvLoRkeeWdulSFyGfaVwFdUAgAGmQwCAAUUUAIAA3tQA///hvQA=
Date: Fri, 07 Dec 2018 18:40:28 +0000
Message-ID: <5CE8A3FC-3EEC-44FC-82D2-3CE02A7442D9@ericsson.com>
References: <4809F8B5-F43F-49B0-A638-68935FC5BC5B@cisco.com> <CF3B0A92-4497-41F1-8E8F-66C6327BA46E@ericsson.com> <4E5CA82F-AB2F-4DE0-BADF-FB48B911FF79@cisco.com> <0DC599D8-9582-4830-9887-0D2760E81A7D@ericsson.com> <8B0A6F27-B9A0-4F86-9375-9594EFFE18EA@cisco.com>
In-Reply-To: <8B0A6F27-B9A0-4F86-9375-9594EFFE18EA@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.13.0.181109
x-originating-ip: [89.166.49.243]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM6PR07MB5911; 6:BmeNl54k9DRCEltmtwip+SN2sQHbZuAjA6L/Aj8cks6WjJ7TZ9I/cp5GSscU1bl1Ycbr3tFQi5/xZ4QhXpzI40ZOy6v1xIb4ejknTCtrIgGlSShYGb9VpnPymZ993oqChRBhrNt6pKH4/nnV25DPdFy7yPKf28/fGf/YH35I93xdtbCST9GZcM6ma+HJTwjyRmjpJy3JzP/hq8Y/2BukQVQiLPlQNtgeaQvdcSwVLLZDBMMBfEYXCG33aOGIzAwc6cqjXZWvKlncqaZSskwPmg12rPJXvcptimZpelql3U3WtKFe4zKCXw3Q++zaTtiDjuNHu8dGg0uJsKZAeXgfVOyb7xw7PQpzRVU6/Djrgpqb8kpRkEvrxa94nfkZxX0SiPqjYaFUBQzbNvDSY4U4wGcGWFyznk7ntGKHiNygwdPsXgcwDqb4+33kLsqSbD8JzQTEltT+7SiMS4UlJs+hDA==; 5:3tkID9Ktmgt+V2VJlBqIUjXQH/cVDa8S2WEK62sAsuPHYAtkzLP3Yykg2asjEaXZ1G/iq+s3WadHF+Tx/C20vrpaFpEnIeFfMPT2A/4cOl3WD8MbrQ4Uco7jpwhiuVFw5A/pU8Ol1g9kzLWUBHOGguAnt7pY/FgFg4uaCPv/6f4=; 7:1ZERS0TTvWpZbrjXHzMbQl8KZdUM6y/WByyOV7cv1KClUW+T3wpPTw/CG7PGAGtXXVh8sekT8NxwMp3f4TOmzwyx0mJGbENQ65WzlH4k+7/p35KQDeAWwqkO/gu+E3tyQiYneus13OtcEg+GobYowA==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: cc588180-fa8d-410d-e05e-08d65c7375c5
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390098)(7020095)(4652040)(8989299)(5600074)(711020)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:AM6PR07MB5911;
x-ms-traffictypediagnostic: AM6PR07MB5911:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-microsoft-antispam-prvs: <AM6PR07MB591140D372DAFD42D2C0DB0293AA0@AM6PR07MB5911.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230011)(999002)(6040522)(2401047)(8121501046)(5005006)(3231466)(944501520)(52105112)(93006095)(93001095)(10201501046)(3002001)(148016)(149066)(150057)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123558120)(20161123562045)(20161123560045)(201708071742011)(7699051)(76991095); SRVR:AM6PR07MB5911; BCL:0; PCL:0; RULEID:; SRVR:AM6PR07MB5911;
x-forefront-prvs: 0879599414
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(366004)(346002)(136003)(396003)(39860400002)(199004)(189003)(13464003)(6512007)(6306002)(33656002)(5660300001)(305945005)(316002)(58126008)(7736002)(2501003)(36756003)(93886005)(110136005)(97736004)(54906003)(105586002)(66066001)(106356001)(82746002)(81166006)(2171002)(6246003)(4326008)(39060400002)(53936002)(25786009)(478600001)(966005)(6116002)(102836004)(186003)(6486002)(6436002)(53546011)(486006)(2616005)(476003)(446003)(26005)(8936002)(44832011)(11346002)(68736007)(81156014)(76176011)(8676002)(86362001)(229853002)(14454004)(99286004)(2906002)(6506007)(256004)(14444005)(3846002)(83716004)(71200400001)(71190400001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR07MB5911; H:AM6PR07MB5621.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: wfcDZqDqfsn+oTIYcfs7juxRjKVsF8jFYDMqtaEaFO5XkWxDn9jHyrOgz2wnAmyo3A1aemuMiy+2nJY73qk9Kjaunx8IwcV6clyMq+LW7cqM8qeuvqkLDac5STrj9gxQAWMCVACwY1n9GzE2cJp8RLqWox+74YRYL+75IuYSWtRk83XInoAwRWSqeXPazuROPgsO51yvhFsY4209aT/LcEqahfqdGepTsFh7K32mzuwV0fUUEWDpIHCN5Pdarc3WVTmMUUOBQMdnNbiUXfk5g3FjriF5J2A8ASNZhQLp3AVNC4EuGg74cM5zOKb8s1fOnR2eN3jtJyd5njA2ULkHuhxN9e5ewcdzXFbprpJAmXs=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <6F1023568D196940A0B38414670A5720@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: cc588180-fa8d-410d-e05e-08d65c7375c5
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Dec 2018 18:40:28.4829 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB5911
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA01SeUhTcRzv935ve8/l6Kd5fLELV/2R4ZVS0+wQjCaUSQRGCLny4X2wLcko 0qIopzZJQVd4tTTMvCrNIZorE9NQuzxQcXiklFFkmZrWnm9F/32u7/Xjx2J7o8iFjUnUcKpE ZbxMLKELjjekuhc2S8K9Mu9vlDctlTLy5ao2Sq69N8PI6/SzYnn+rxwsL68toOTfWlrwfkaR u1grUjTqhxmFwTBPKS51tWGFvnGcDhWdkAREcvExKZzKc2+EJDpnvAonLxw4W9Y+hNJQblAG smGB+EKPeQZnIAlrT54jyO9fsJLvCCZ0ueJ/pG36CyWQOxS0p9XQPKGJDkPhoI4RHB0FAz0P rcSMwHi7U5SBWFZM5KBd3s5PdCDnYOhj+soQTPoQXG15yvCZtSQW5l6uFjJxYC4pwQIOgemi PpqP0GQLlM0d5WUp2QddjYXWjbIpmMl+LOING7IHFn+/QzxGxMnSspLiMSbOMDheRAlXEzA0 dWMBO8L02PJKrSPxhCsvbzCC7gqvPput+Q3wukiL+GFA3ouhYrIMCYY7fMnLszY6DOYXHVgI 9SDIrJ+kBcMNRnrzxcJGSmipGLUWxMFoZZZYh3z0/y2otxyKyTaoNnoKsgLytMu0gF0hV2tm 9CsPYAcdBeN0MRJVIEc1pz6VELXDx4NTxZxWq5MSPRI5TR2y/KjWR4tbn6A3nwJNiLBIZiv1 fiAJtxcpU9SpCSYELJY5SGXxFkkaqUw9x6mSTqrOxHNqE1rH0jJn6ap0i0WilBoujuOSOdVf l2JtXNJQUsH55swX18au+9ePZS8pIiUXVa2mz/PBm752Nkz5TQSXTocdu+mm9L98BB9oDZ0K rW7ssxUd2vWD3uxXYYrVJISEdkfhYaOvU0CY+afmbtDYyMJC1kD5mr6UfkN7h1eCYUB2sPgD 46/1SXtWs1Nza7aXeWs3tfvD+gi3C4H07EEZrY5WerthlVr5B2OTzpZNAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/bfcpbis/LrhJs-gZlyGiWZpdu01Gm85J-ng>
Subject: Re: [bfcpbis] Benjamin Kaduk's No Objection on draft-ietf-bfcpbis-rfc4583bis-26: (with COMMENT)
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2018 18:40:36 -0000

Adam, can I submit a new version of the draft?

Regards,

Christer


On 07/12/2018, 9.29, "bfcpbis on behalf of Charles Eckel (eckelcu)" <bfcpbis-bounces@ietf.org on behalf of eckelcu@cisco.com> wrote:

    Looks good to me, thanks!
    
    Charles
    
    -----Original Message-----
    From: Christer Holmberg <christer.holmberg@ericsson.com>
    Date: Friday, December 7, 2018 at 4:12 PM
    To: Charles Eckel <eckelcu@cisco.com>, Benjamin Kaduk <kaduk@mit.edu>
    Cc: Mary Barnes <mary.ietf.barnes@gmail.com>, "bfcpbis@ietf.org" <bfcpbis@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-bfcpbis-rfc4583bis@ietf.org" <draft-ietf-bfcpbis-rfc4583bis@ietf.org>
    Subject: Re: [bfcpbis] Benjamin Kaduk's No Objection on draft-ietf-bfcpbis-rfc4583bis-26: (with COMMENT)
    
        The pull request has been updated.
        
        Regards,
        
        Christer
        
        
        On 06/12/2018, 0.47, "Charles Eckel (eckelcu)" <eckelcu@cisco.com> wrote:
        
            -----Original Message-----
            From: bfcpbis <bfcpbis-bounces@ietf.org> on behalf of Christer Holmberg <christer.holmberg@ericsson.com>
            Date: Wednesday, December 5, 2018 at 7:37 PM
            To: Charles Eckel <eckelcu@cisco.com>, Benjamin Kaduk <kaduk@mit.edu>
            Cc: Mary Barnes <mary.ietf.barnes@gmail.com>, "bfcpbis@ietf.org" <bfcpbis@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-bfcpbis-rfc4583bis@ietf.org" <draft-ietf-bfcpbis-rfc4583bis@ietf.org>
            Subject: Re: [bfcpbis] Benjamin Kaduk's No Objection on draft-ietf-bfcpbis-rfc4583bis-26: (with COMMENT)
            
                Hi,
                        
                        ....
                        
                            >>>>> An attacker able to view the SDP exchanges can determine which media flows
                            >>>>> contain which content, which could exacerbate existing metadata leakage
                            >>>>> channels in some circumstances.
                            >>>>>     
                            >>>>> I am not sure how that is related to the BFCP SDP negotiation?
                            >>>>
                            >>>> exchange but the actual media flows are secured with (D)TLS and not visible
                            >>>> to the attacker.  The (D)TLS flows will leak some information via packet
                            >>>> size/timing, perhaps allowing for traffic analysis to determine what sorts
                            >>>> of media flows are going where.  The new attributes in the BFCP SDP
                            >>>> negotiation can make this sort of traffic analysis more effective.  I would
                            >>>> be fairly receptive if you wanted to say that this is not more noteworthy
                            >>>> than for normal SDP security considerations, though.
                            >>>
                            >>> In general I agree with you that non-protected SDP attributes can help in traffic analysis, but 
                            >>> the BFCP attributes only provide information about the BFCP stream itself - they don't even indicate which 
                            >>> media streams will be controlled by BFCP to begin with (that is negotiated on BFCP level).
                            >>
                            >> But, I could add something like:
                            >>
                            >> "The SDP attributes defined in this specification do not add additional security considerations to the generic 
                            >> security considerations for protecting SDP attributes [RFC3264]. The attributes do not reveal information 
                            >> about the content of individual BFCP controlled media streams, nor do they reveal which media streams 
                            >> will be BFCP controlled." 
                            >
                            >[cue] I don't think I agree with this last part. The info in SDP does indicate which media streams will be 
                            >controlled using BFCP. For example,
                            >
                            > m=application 50000 TCP/TLS/BFCP *
                            > a=setup:actpass
                            > a=connection:new
                            > a=fingerprint:sha-256 \
                            > 19:E2:1C:3B:4B:9F:81:E6:B8:5C:F4:A5:A8:D8:73:04: \
                            > BB:05:2F:70:9F:04:A9:0E:05:E9:26:33:E8:70:88:A2
                            > a=floorctrl:c-only s-only
                            > a=confid:4321
                            > a=userid:1234
                            > a=floorid:1 mstrm:10
                            > a=floorid:2 mstrm:11
                            > a=bfcpver:1 2
                            > m=audio 50002 RTP/AVP 0
                            > a=label:10
                            > m=video 50004 RTP/AVP 31
                            > a=label:11
                            >
                           > The combination of floorid/mstrm and label attributes indicate that the corresponding audio and 
                           > video m-lines are to be controlled via BFCP.
                
                You are right.
                
                So, something like:
                
                        "The generic security considerations associated with SDP attributes are defined in [RFC3264]. While the 
                          defined in this specification do not reveal information about the content of individual BFCP controlled 
                          media streams, they do reveal which media streams will be BFCP controlled."
            
            Yes, except s/While the defined/While those defined
            
            Cheers,
            Charles
                        
                        Regards,
                        
                        Christer    
                
                _______________________________________________
                bfcpbis mailing list
                bfcpbis@ietf.org
                https://www.ietf.org/mailman/listinfo/bfcpbis
                
            
            
        
        
    
    _______________________________________________
    bfcpbis mailing list
    bfcpbis@ietf.org
    https://www.ietf.org/mailman/listinfo/bfcpbis

v2.23.0 | Report a Bug | By Email