IETF Logo Mail Archive

Re: [bfcpbis] Ben Campbell's Discuss on draft-ietf-bfcpbis-bfcp-websocket-14: (with DISCUSS and COMMENT)

"Ben Campbell" <ben@nostrum.com> Thu, 09 February 2017 02:23 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86448129525; Wed, 8 Feb 2017 18:23:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BDOXQmVyc7Sz; Wed, 8 Feb 2017 18:23:01 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA001129503; Wed, 8 Feb 2017 18:23:01 -0800 (PST)
Received: from [10.0.1.39] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v192Mvrm091851 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 8 Feb 2017 20:22:58 -0600 (CST) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.39]
From: Ben Campbell <ben@nostrum.com>
To: Ram Mohan R <rmohanr@cisco.com>
Date: Wed, 08 Feb 2017 20:22:57 -0600
Message-ID: <18BB66FF-A435-4E69-9B9A-72F6AD2E8ABF@nostrum.com>
In-Reply-To: <B4FBD9EF-82B7-4FA7-8B60-1617A64B2487@cisco.com>
References: <148478285523.2190.2128906462944738445.idtracker@ietfa.amsl.com> <AF24E23F-5B3E-444F-9078-45D008448C0C@cisco.com> <08C20901-35F0-4AC8-A0CE-1361E73D25FC@nostrum.com> <B4FBD9EF-82B7-4FA7-8B60-1617A64B2487@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.6r5344)
Archived-At: <https://mailarchive.ietf.org/arch/msg/bfcpbis/WVNhwi33oAkN9kq47j0dyN7i098>
Cc: "bfcpbis@ietf.org" <bfcpbis@ietf.org>, "draft-ietf-bfcpbis-bfcp-websocket@ietf.org" <draft-ietf-bfcpbis-bfcp-websocket@ietf.org>, The IESG <iesg@ietf.org>, "bfcpbis-chairs@ietf.org" <bfcpbis-chairs@ietf.org>, Charles Eckel <eckelcu@cisco.com>
Subject: Re: [bfcpbis] Ben Campbell's Discuss on draft-ietf-bfcpbis-bfcp-websocket-14: (with DISCUSS and COMMENT)
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2017 02:23:03 -0000

This all looks good to me. I will release the DISCUSS when you submit 
the revision with the changes.

Thanks!

Ben.

On 8 Feb 2017, at 19:55, Ram Mohan R (rmohanr) wrote:

> Hi Ben,
>
> Thanks for your feedback. Please see inline <Ram>
>
> -----Original Message-----
> From: Ben Campbell <ben@nostrum.com>
> Date: Thursday, 9 February 2017 at 5:02 AM
> To: "Ram Mohan R (rmohanr)" <rmohanr@cisco.com>
> Cc: The IESG <iesg@ietf.org>, "bfcpbis@ietf.org" <bfcpbis@ietf.org>, 
> "draft-ietf-bfcpbis-bfcp-websocket@ietf.org" 
> <draft-ietf-bfcpbis-bfcp-websocket@ietf.org>, "Charles Eckel 
> (eckelcu)" <eckelcu@cisco.com>, "bfcpbis-chairs@ietf.org" 
> <bfcpbis-chairs@ietf.org>
> Subject: Re: Ben Campbell's Discuss on 
> draft-ietf-bfcpbis-bfcp-websocket-14: (with DISCUSS and COMMENT)
> Resent-From: <alias-bounces@ietf.org>
> Resent-To: <anton.roman@quobis.com>, <stephane.cazeaux@orange.com>, 
> <gsalguei@cisco.com>, <sergio.garcia.murillo@gmail.com>, 
> <rmohanr@cisco.com>, <victor.pascual.avila@oracle.com>
> Resent-Date: Thursday, 9 February 2017 at 5:02 AM
>
>     Thanks for the response. Please see comments inline. I will delete
>     sections that seem to be resolved. (Consider my responses to them 
> as
>     "Okay").
>
>     Thanks!
>
>     Ben.
>
>     On 7 Feb 2017, at 10:20, Ram Mohan R (rmohanr) wrote:
>
>     > Hi Ben,
>     >
>     > Sorry for delay. Please see inline <Ram> for my responses
>     >
>     > -----Original Message-----
>     > From: Ben Campbell <ben@nostrum.com>
>
>     [...]
>
>     >
>     >
>     >     
> ----------------------------------------------------------------------
>     >     DISCUSS:
>     >     
> ----------------------------------------------------------------------
>     >
>     >     I plan to ballot "yes" for this document, but I have some 
> concerns
>     > about
>     >     the security properties that I think need to be resolved 
> first. I
>     > have
>     >     followed the discussion resulting from Robert's Gen-ART 
> review
>     > (and will
>     >     have comments about that in the "COMMENTS section", but I 
> think I
>     > see an
>     >     additional issue that hasn't been covered in that 
> discussion.
>     >
>     >     draft-ietf-bfcpbis-rfc4582bis (currently in the RFC Editors 
> queue)
>     >     defines some situations where TLS and client authentication 
> are
>     >     normatively required. Specifically, section 9 of that draft 
> says
>     > that, if
>     >     the signaling channel is authenticated and has 
> confidentiality and
>     >     integrity protection, the BFCP client MUST be authenticated.
>     > Section 14
>     >     additionally says that under those circumstances, BFCP is 
> REQUIRED
>     > to use
>     >     the mandated cryptographic algorithm. But bfcp-websocket 
> only says
>     > that
>     >     WSS and client authentication are RECOMMENDED.
>     >
>     > <Ram> Agree. That’s a reasonable ask.
>     >
>     >     I think this could be fixed by requiring WSS, and the 
> web-based
>     > client
>     >     authentication techniques described in this draft whenever 
> the
>     > signaling
>     >     protocol is secured. The simplest way to describe that might 
> be to
>     > say
>     >     that BFCP-websocket must use at least as strong protections 
> as the
>     >     signaling channel.
>     >   <Ram> I will add the following line to the security 
> consideration
>     > section
>     > NEW:
>     > “Secure WebSocket (WSS) MUST be used for BCP when the 
> signalling
>     > channel used to exchange the BFCP parameters is secured. “
>     >
>     > Is this ok ?
>
>     That's moving in the right direction. However, the second 
> paragraph of
>     section 9 of draft-ietf-bfcpbis-rfc4582bis offers a little more
>     precision. Perhaps something like the following:
>
>     "If the signaling or control protocol traffic used to set up the
>     conference is authenticated and confidentiality and integrity 
> protected,
>     Secure WebSocket (WSS) MUST be used, and the floor control server 
> MUST
>     authenticate the client."
>
> <Ram> Proposed text looks good to me. I will use this.
>
>     >
>     >     
> ----------------------------------------------------------------------
>     >     COMMENT:
>     >     
> ----------------------------------------------------------------------
>     >
>     >     I appreciate the author's efforts in resolving the security
>     >     considerations issues from Robert's Gen-ART review, but I 
> don't
>     > think the
>     >     current text is quite there yet. Version 14 added the text 
> to say
>     > that,
>     >     when using websockets, the websocket security mechanisms are 
> used
>     > instead
>     >     of those from draft-ietf-bfcpbis-rfc4582bis. But Robert also 
> asked
>     > for
>     >     the draft to describe how that change impacts the security
>     > analysis in
>     >     draft-ietf-bfcpbis-rfc4582bis. I don't see text that does 
> that.
>     > I'd like
>     >     to see, for each of the attacks described in
>     >     draft-ietf-bfcpbis-rfc4582bis, text that says describes how 
> (or
>     > if) a
>     >     similar attack would be mitigated using websocket.
>     > <Ram> Here is the text I plan to add the security considerations 
> as a
>     > separate paragraph
>     >
>     > EXISTING:
>     > When using BFCP over websockets, the security mechanisms defined 
> in
>     >     [draft-ietf-bfcpbis-rfc4592bis] are *not used*. Instead, the
>     > application
>     >     is required to build and rely on the security mechanisms in
>     > [RFC6455]
>     >
>     > NEW:
>     > “When using BFCP over websockets, the security mechanisms 
> defined in
>     >     [draft-ietf-bfcpbis-rfc4592bis] are *not used*. Instead, the
>     > application
>     >     is required to build and rely on the security mechanisms in
>     > [RFC6455]
>     >
>     > This section analyses the threats described in Section 14 of
>     > [draft-ietf-bfcpbis-rfc4582bis] when WebSocket is
>     > used as transport protocol for BFCP.
>     >
>     > An attacker attempting to impersonate a floor control server is
>     > avoided by having servers accept BFCP messages over
>     > Secure WebSocket (WSS) only. As with any other web connection, 
> the
>     > clients will verify the servers certificate.
>     > The floor control WebSocket client MUST follow the procedures in
>     > [RFC7525] (including hostname verification
>     > as per section 6.1 in [RFC7525]) while setting up TLS connection 
> with
>     > floor control webSocket server.
>     >
>     > An attacker attempting to impersonate a floor control client is
>     > avoided by having servers accept BFCP messages
>     > over WSS only. As described in Section 10.5 of [RFC6455] the 
> floor
>     > control server can use any client authentication
>     > mechanism and follow the steps in Section 8 of this document.
>     >
>     > Attackers may attempt to modify messages exchanged by a client 
> and a
>     >    floor control server. This can be prevented by having WSS 
> between
>     > client and server.
>     >
>     > An attacker trying to replay the messages is prevented by
>     >    having floor control servers check that messages arriving 
> over a
>     >    given WSS connection use an authorized user ID.
>     >
>     > Attackers may attempt to pick messages from the network to get 
> access
>
>     I'm not sure what you mean by "pick messages". Are we talking 
> about
>     eavesdropping?
> Yes.  It is eavesdropping. How about this:
>
> NEW:
> Attackers may eavesdrop on the network to get access to confidential 
> information between the floor control server and a
> [………]
>
> Regards,
> Ram
>
>     >    to confidential information between the floor control server 
> and a
>     >    client (e.g., why a floor request was denied).  In order to 
> ensure
>     > that
>     > BFCP users are getting the level of protection that they would 
> get
>     > using
>     > the BFCP protocol directly, applications need to have a way to
>     > control the websocket libraries to use encryption algorithms 
> specified
>     > in Section 7
>     > of [draft-ietf-bfcpbis-rfc4582bis. Since  the WebSocket API does 
> not
>     > have a way to
>     > allow an application to select the encryption algorithm to be 
> used,
>     > the protection
>     > level provided when WSS is used is limited to the underlying TLS
>     > algorithm used by WebSocket library.”
>     >
>     >
>
>     Other than the minor comment above, that looks good to me.
>
>     [...]

v2.23.0 | Report a Bug | By Email