Re: [bfcpbis] Ben Campbell's Discuss on draft-ietf-bfcpbis-bfcp-websocket-14: (with DISCUSS and COMMENT)
"Ben Campbell" <ben@nostrum.com> Thu, 09 February 2017 02:23 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86448129525; Wed, 8 Feb 2017 18:23:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BDOXQmVyc7Sz; Wed, 8 Feb 2017 18:23:01 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA001129503; Wed, 8 Feb 2017 18:23:01 -0800 (PST)
Received: from [10.0.1.39] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v192Mvrm091851 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 8 Feb 2017 20:22:58 -0600 (CST) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.39]
From: Ben Campbell <ben@nostrum.com>
To: Ram Mohan R <rmohanr@cisco.com>
Date: Wed, 08 Feb 2017 20:22:57 -0600
Message-ID: <18BB66FF-A435-4E69-9B9A-72F6AD2E8ABF@nostrum.com>
In-Reply-To: <B4FBD9EF-82B7-4FA7-8B60-1617A64B2487@cisco.com>
References: <148478285523.2190.2128906462944738445.idtracker@ietfa.amsl.com> <AF24E23F-5B3E-444F-9078-45D008448C0C@cisco.com> <08C20901-35F0-4AC8-A0CE-1361E73D25FC@nostrum.com> <B4FBD9EF-82B7-4FA7-8B60-1617A64B2487@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.6r5344)
Archived-At: <https://mailarchive.ietf.org/arch/msg/bfcpbis/WVNhwi33oAkN9kq47j0dyN7i098>
Cc: "bfcpbis@ietf.org" <bfcpbis@ietf.org>, "draft-ietf-bfcpbis-bfcp-websocket@ietf.org" <draft-ietf-bfcpbis-bfcp-websocket@ietf.org>, The IESG <iesg@ietf.org>, "bfcpbis-chairs@ietf.org" <bfcpbis-chairs@ietf.org>, Charles Eckel <eckelcu@cisco.com>
Subject: Re: [bfcpbis] Ben Campbell's Discuss on draft-ietf-bfcpbis-bfcp-websocket-14: (with DISCUSS and COMMENT)
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2017 02:23:03 -0000
This all looks good to me. I will release the DISCUSS when you submit the revision with the changes. Thanks! Ben. On 8 Feb 2017, at 19:55, Ram Mohan R (rmohanr) wrote: > Hi Ben, > > Thanks for your feedback. Please see inline <Ram> > > -----Original Message----- > From: Ben Campbell <ben@nostrum.com> > Date: Thursday, 9 February 2017 at 5:02 AM > To: "Ram Mohan R (rmohanr)" <rmohanr@cisco.com> > Cc: The IESG <iesg@ietf.org>, "bfcpbis@ietf.org" <bfcpbis@ietf.org>, > "draft-ietf-bfcpbis-bfcp-websocket@ietf.org" > <draft-ietf-bfcpbis-bfcp-websocket@ietf.org>, "Charles Eckel > (eckelcu)" <eckelcu@cisco.com>, "bfcpbis-chairs@ietf.org" > <bfcpbis-chairs@ietf.org> > Subject: Re: Ben Campbell's Discuss on > draft-ietf-bfcpbis-bfcp-websocket-14: (with DISCUSS and COMMENT) > Resent-From: <alias-bounces@ietf.org> > Resent-To: <anton.roman@quobis.com>, <stephane.cazeaux@orange.com>, > <gsalguei@cisco.com>, <sergio.garcia.murillo@gmail.com>, > <rmohanr@cisco.com>, <victor.pascual.avila@oracle.com> > Resent-Date: Thursday, 9 February 2017 at 5:02 AM > > Thanks for the response. Please see comments inline. I will delete > sections that seem to be resolved. (Consider my responses to them > as > "Okay"). > > Thanks! > > Ben. > > On 7 Feb 2017, at 10:20, Ram Mohan R (rmohanr) wrote: > > > Hi Ben, > > > > Sorry for delay. Please see inline <Ram> for my responses > > > > -----Original Message----- > > From: Ben Campbell <ben@nostrum.com> > > [...] > > > > > > > > ---------------------------------------------------------------------- > > DISCUSS: > > > ---------------------------------------------------------------------- > > > > I plan to ballot "yes" for this document, but I have some > concerns > > about > > the security properties that I think need to be resolved > first. I > > have > > followed the discussion resulting from Robert's Gen-ART > review > > (and will > > have comments about that in the "COMMENTS section", but I > think I > > see an > > additional issue that hasn't been covered in that > discussion. > > > > draft-ietf-bfcpbis-rfc4582bis (currently in the RFC Editors > queue) > > defines some situations where TLS and client authentication > are > > normatively required. Specifically, section 9 of that draft > says > > that, if > > the signaling channel is authenticated and has > confidentiality and > > integrity protection, the BFCP client MUST be authenticated. > > Section 14 > > additionally says that under those circumstances, BFCP is > REQUIRED > > to use > > the mandated cryptographic algorithm. But bfcp-websocket > only says > > that > > WSS and client authentication are RECOMMENDED. > > > > <Ram> Agree. That’s a reasonable ask. > > > > I think this could be fixed by requiring WSS, and the > web-based > > client > > authentication techniques described in this draft whenever > the > > signaling > > protocol is secured. The simplest way to describe that might > be to > > say > > that BFCP-websocket must use at least as strong protections > as the > > signaling channel. > > <Ram> I will add the following line to the security > consideration > > section > > NEW: > > “Secure WebSocket (WSS) MUST be used for BCP when the > signalling > > channel used to exchange the BFCP parameters is secured. “ > > > > Is this ok ? > > That's moving in the right direction. However, the second > paragraph of > section 9 of draft-ietf-bfcpbis-rfc4582bis offers a little more > precision. Perhaps something like the following: > > "If the signaling or control protocol traffic used to set up the > conference is authenticated and confidentiality and integrity > protected, > Secure WebSocket (WSS) MUST be used, and the floor control server > MUST > authenticate the client." > > <Ram> Proposed text looks good to me. I will use this. > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > > ---------------------------------------------------------------------- > > > > I appreciate the author's efforts in resolving the security > > considerations issues from Robert's Gen-ART review, but I > don't > > think the > > current text is quite there yet. Version 14 added the text > to say > > that, > > when using websockets, the websocket security mechanisms are > used > > instead > > of those from draft-ietf-bfcpbis-rfc4582bis. But Robert also > asked > > for > > the draft to describe how that change impacts the security > > analysis in > > draft-ietf-bfcpbis-rfc4582bis. I don't see text that does > that. > > I'd like > > to see, for each of the attacks described in > > draft-ietf-bfcpbis-rfc4582bis, text that says describes how > (or > > if) a > > similar attack would be mitigated using websocket. > > <Ram> Here is the text I plan to add the security considerations > as a > > separate paragraph > > > > EXISTING: > > When using BFCP over websockets, the security mechanisms defined > in > > [draft-ietf-bfcpbis-rfc4592bis] are *not used*. Instead, the > > application > > is required to build and rely on the security mechanisms in > > [RFC6455] > > > > NEW: > > “When using BFCP over websockets, the security mechanisms > defined in > > [draft-ietf-bfcpbis-rfc4592bis] are *not used*. Instead, the > > application > > is required to build and rely on the security mechanisms in > > [RFC6455] > > > > This section analyses the threats described in Section 14 of > > [draft-ietf-bfcpbis-rfc4582bis] when WebSocket is > > used as transport protocol for BFCP. > > > > An attacker attempting to impersonate a floor control server is > > avoided by having servers accept BFCP messages over > > Secure WebSocket (WSS) only. As with any other web connection, > the > > clients will verify the servers certificate. > > The floor control WebSocket client MUST follow the procedures in > > [RFC7525] (including hostname verification > > as per section 6.1 in [RFC7525]) while setting up TLS connection > with > > floor control webSocket server. > > > > An attacker attempting to impersonate a floor control client is > > avoided by having servers accept BFCP messages > > over WSS only. As described in Section 10.5 of [RFC6455] the > floor > > control server can use any client authentication > > mechanism and follow the steps in Section 8 of this document. > > > > Attackers may attempt to modify messages exchanged by a client > and a > > floor control server. This can be prevented by having WSS > between > > client and server. > > > > An attacker trying to replay the messages is prevented by > > having floor control servers check that messages arriving > over a > > given WSS connection use an authorized user ID. > > > > Attackers may attempt to pick messages from the network to get > access > > I'm not sure what you mean by "pick messages". Are we talking > about > eavesdropping? > Yes. It is eavesdropping. How about this: > > NEW: > Attackers may eavesdrop on the network to get access to confidential > information between the floor control server and a > [………] > > Regards, > Ram > > > to confidential information between the floor control server > and a > > client (e.g., why a floor request was denied). In order to > ensure > > that > > BFCP users are getting the level of protection that they would > get > > using > > the BFCP protocol directly, applications need to have a way to > > control the websocket libraries to use encryption algorithms > specified > > in Section 7 > > of [draft-ietf-bfcpbis-rfc4582bis. Since the WebSocket API does > not > > have a way to > > allow an application to select the encryption algorithm to be > used, > > the protection > > level provided when WSS is used is limited to the underlying TLS > > algorithm used by WebSocket library.” > > > > > > Other than the minor comment above, that looks good to me. > > [...]
- [bfcpbis] Ben Campbell's Discuss on draft-ietf-bf… Ben Campbell
- Re: [bfcpbis] Ben Campbell's Discuss on draft-iet… Ram Mohan R (rmohanr)
- Re: [bfcpbis] Ben Campbell's Discuss on draft-iet… Ben Campbell
- Re: [bfcpbis] Ben Campbell's Discuss on draft-iet… Ram Mohan R (rmohanr)
- Re: [bfcpbis] Ben Campbell's Discuss on draft-iet… Ben Campbell
- Re: [bfcpbis] Ben Campbell's Discuss on draft-iet… Ram Mohan R (rmohanr)
- Re: [bfcpbis] Ben Campbell's Discuss on draft-iet… Ben Campbell