Re: [bfcpbis] Ben Campbell's Discuss on draft-ietf-bfcpbis-bfcp-websocket-14: (with DISCUSS and COMMENT)
"Ben Campbell" <ben@nostrum.com> Wed, 08 February 2017 23:32 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CF9012A111; Wed, 8 Feb 2017 15:32:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8niZaczSBfwV; Wed, 8 Feb 2017 15:32:42 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0209712A112; Wed, 8 Feb 2017 15:32:41 -0800 (PST)
Received: from [10.0.1.39] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v18NWZFH071458 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 8 Feb 2017 17:32:36 -0600 (CST) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.39]
From: Ben Campbell <ben@nostrum.com>
To: Ram Mohan R <rmohanr@cisco.com>
Date: Wed, 08 Feb 2017 17:32:35 -0600
Message-ID: <08C20901-35F0-4AC8-A0CE-1361E73D25FC@nostrum.com>
In-Reply-To: <AF24E23F-5B3E-444F-9078-45D008448C0C@cisco.com>
References: <148478285523.2190.2128906462944738445.idtracker@ietfa.amsl.com> <AF24E23F-5B3E-444F-9078-45D008448C0C@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.6r5344)
Archived-At: <https://mailarchive.ietf.org/arch/msg/bfcpbis/OnIa6U1kV5jPtwzrYht0xOxGp04>
Cc: "bfcpbis@ietf.org" <bfcpbis@ietf.org>, "draft-ietf-bfcpbis-bfcp-websocket@ietf.org" <draft-ietf-bfcpbis-bfcp-websocket@ietf.org>, The IESG <iesg@ietf.org>, "bfcpbis-chairs@ietf.org" <bfcpbis-chairs@ietf.org>, Charles Eckel <eckelcu@cisco.com>
Subject: Re: [bfcpbis] Ben Campbell's Discuss on draft-ietf-bfcpbis-bfcp-websocket-14: (with DISCUSS and COMMENT)
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2017 23:32:43 -0000
Thanks for the response. Please see comments inline. I will delete sections that seem to be resolved. (Consider my responses to them as "Okay"). Thanks! Ben. On 7 Feb 2017, at 10:20, Ram Mohan R (rmohanr) wrote: > Hi Ben, > > Sorry for delay. Please see inline <Ram> for my responses > > -----Original Message----- > From: Ben Campbell <ben@nostrum.com> [...] > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > I plan to ballot "yes" for this document, but I have some concerns > about > the security properties that I think need to be resolved first. I > have > followed the discussion resulting from Robert's Gen-ART review > (and will > have comments about that in the "COMMENTS section", but I think I > see an > additional issue that hasn't been covered in that discussion. > > draft-ietf-bfcpbis-rfc4582bis (currently in the RFC Editors queue) > defines some situations where TLS and client authentication are > normatively required. Specifically, section 9 of that draft says > that, if > the signaling channel is authenticated and has confidentiality and > integrity protection, the BFCP client MUST be authenticated. > Section 14 > additionally says that under those circumstances, BFCP is REQUIRED > to use > the mandated cryptographic algorithm. But bfcp-websocket only says > that > WSS and client authentication are RECOMMENDED. > > <Ram> Agree. That’s a reasonable ask. > > I think this could be fixed by requiring WSS, and the web-based > client > authentication techniques described in this draft whenever the > signaling > protocol is secured. The simplest way to describe that might be to > say > that BFCP-websocket must use at least as strong protections as the > signaling channel. > <Ram> I will add the following line to the security consideration > section > NEW: > “Secure WebSocket (WSS) MUST be used for BCP when the signalling > channel used to exchange the BFCP parameters is secured. “ > > Is this ok ? That's moving in the right direction. However, the second paragraph of section 9 of draft-ietf-bfcpbis-rfc4582bis offers a little more precision. Perhaps something like the following: "If the signaling or control protocol traffic used to set up the conference is authenticated and confidentiality and integrity protected, Secure WebSocket (WSS) MUST be used, and the floor control server MUST authenticate the client." > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I appreciate the author's efforts in resolving the security > considerations issues from Robert's Gen-ART review, but I don't > think the > current text is quite there yet. Version 14 added the text to say > that, > when using websockets, the websocket security mechanisms are used > instead > of those from draft-ietf-bfcpbis-rfc4582bis. But Robert also asked > for > the draft to describe how that change impacts the security > analysis in > draft-ietf-bfcpbis-rfc4582bis. I don't see text that does that. > I'd like > to see, for each of the attacks described in > draft-ietf-bfcpbis-rfc4582bis, text that says describes how (or > if) a > similar attack would be mitigated using websocket. > <Ram> Here is the text I plan to add the security considerations as a > separate paragraph > > EXISTING: > When using BFCP over websockets, the security mechanisms defined in > [draft-ietf-bfcpbis-rfc4592bis] are *not used*. Instead, the > application > is required to build and rely on the security mechanisms in > [RFC6455] > > NEW: > “When using BFCP over websockets, the security mechanisms defined in > [draft-ietf-bfcpbis-rfc4592bis] are *not used*. Instead, the > application > is required to build and rely on the security mechanisms in > [RFC6455] > > This section analyses the threats described in Section 14 of > [draft-ietf-bfcpbis-rfc4582bis] when WebSocket is > used as transport protocol for BFCP. > > An attacker attempting to impersonate a floor control server is > avoided by having servers accept BFCP messages over > Secure WebSocket (WSS) only. As with any other web connection, the > clients will verify the servers certificate. > The floor control WebSocket client MUST follow the procedures in > [RFC7525] (including hostname verification > as per section 6.1 in [RFC7525]) while setting up TLS connection with > floor control webSocket server. > > An attacker attempting to impersonate a floor control client is > avoided by having servers accept BFCP messages > over WSS only. As described in Section 10.5 of [RFC6455] the floor > control server can use any client authentication > mechanism and follow the steps in Section 8 of this document. > > Attackers may attempt to modify messages exchanged by a client and a > floor control server. This can be prevented by having WSS between > client and server. > > An attacker trying to replay the messages is prevented by > having floor control servers check that messages arriving over a > given WSS connection use an authorized user ID. > > Attackers may attempt to pick messages from the network to get access I'm not sure what you mean by "pick messages". Are we talking about eavesdropping? > to confidential information between the floor control server and a > client (e.g., why a floor request was denied). In order to ensure > that > BFCP users are getting the level of protection that they would get > using > the BFCP protocol directly, applications need to have a way to > control the websocket libraries to use encryption algorithms specified > in Section 7 > of [draft-ietf-bfcpbis-rfc4582bis. Since the WebSocket API does not > have a way to > allow an application to select the encryption algorithm to be used, > the protection > level provided when WSS is used is limited to the underlying TLS > algorithm used by WebSocket library.” > > Other than the minor comment above, that looks good to me. [...]
- [bfcpbis] Ben Campbell's Discuss on draft-ietf-bf… Ben Campbell
- Re: [bfcpbis] Ben Campbell's Discuss on draft-iet… Ram Mohan R (rmohanr)
- Re: [bfcpbis] Ben Campbell's Discuss on draft-iet… Ben Campbell
- Re: [bfcpbis] Ben Campbell's Discuss on draft-iet… Ram Mohan R (rmohanr)
- Re: [bfcpbis] Ben Campbell's Discuss on draft-iet… Ben Campbell
- Re: [bfcpbis] Ben Campbell's Discuss on draft-iet… Ram Mohan R (rmohanr)
- Re: [bfcpbis] Ben Campbell's Discuss on draft-iet… Ben Campbell