Re: [bfcpbis] Ben Campbell's Discuss on draft-ietf-bfcpbis-bfcp-websocket-14: (with DISCUSS and COMMENT)
"Ram Mohan R (rmohanr)" <rmohanr@cisco.com> Tue, 07 February 2017 16:20 UTC
Return-Path: <rmohanr@cisco.com>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42DEB129D3B; Tue, 7 Feb 2017 08:20:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ju1LBPn7V8Jc; Tue, 7 Feb 2017 08:20:33 -0800 (PST)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16F3D129D2E; Tue, 7 Feb 2017 08:20:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11680; q=dns/txt; s=iport; t=1486484430; x=1487694030; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=DSlQT0oUCWNuB64x9CIPf+5RWF4T/55qpdQA+mEIUaU=; b=JMtEcxj4qbuLOBzSgmhBgdZEPS/bBUOhbPr9CAL1he6WvESibNBDUE1/ c4Ai/5qB6ocySUD1ltt/tekB13PS3lROvav3F/P9lebjzYojjK08JvHeV rGBFRACGOVSpXvVe9iNDIKa13QeTIt1xaybufN/w7h7SG9fo4ljxHm0Fa A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DsAQBR85lY/4sNJK1dGQEBAQEBAQEBAQEBBwEBAQEBg1FhgQkHg1GKCJFwH4gMixuCD4IMKoV4AhqCOD8YAQIBAQEBAQEBYiiEaQEBAQQjETkMDAQCAQgRAwECAwISFAICAh8RFQgIAgQBDQWJWwMVDq9zgiWHRQ2DcwEBAQEBAQEBAQEBAQEBAQEBAQEBARgFgQuHRgiCYoJRgVUKAQYBBh0xAg4MgjIugjEFiQAKh32KLDgBhmmDH4NshBmBe4UXiXGKMIheAR84dghPFU0BhGiBSHUBhjcBDheBCoEMAQEB
X-IronPort-AV: E=Sophos;i="5.33,346,1477958400"; d="scan'208";a="205778111"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 07 Feb 2017 16:20:29 +0000
Received: from XCH-RTP-016.cisco.com (xch-rtp-016.cisco.com [64.101.220.156]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id v17GKSC3007208 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 7 Feb 2017 16:20:28 GMT
Received: from xch-rtp-017.cisco.com (64.101.220.157) by XCH-RTP-016.cisco.com (64.101.220.156) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 7 Feb 2017 11:20:27 -0500
Received: from xch-rtp-017.cisco.com ([64.101.220.157]) by XCH-RTP-017.cisco.com ([64.101.220.157]) with mapi id 15.00.1210.000; Tue, 7 Feb 2017 11:20:27 -0500
From: "Ram Mohan R (rmohanr)" <rmohanr@cisco.com>
To: Ben Campbell <ben@nostrum.com>, The IESG <iesg@ietf.org>
Thread-Topic: Ben Campbell's Discuss on draft-ietf-bfcpbis-bfcp-websocket-14: (with DISCUSS and COMMENT)
Thread-Index: AQHSceRTe5LJyE53MkeeyUi4LMDL1KFeiFwA
Date: Tue, 07 Feb 2017 16:20:27 +0000
Message-ID: <AF24E23F-5B3E-444F-9078-45D008448C0C@cisco.com>
References: <148478285523.2190.2128906462944738445.idtracker@ietfa.amsl.com>
In-Reply-To: <148478285523.2190.2128906462944738445.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.1a.0.160910
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.65.93.82]
Content-Type: text/plain; charset="utf-8"
Content-ID: <4992EED157B50C41B6D793A513458638@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/bfcpbis/dS8Ima0Z5P7FJMZCrehber0gguM>
Cc: "bfcpbis@ietf.org" <bfcpbis@ietf.org>, "draft-ietf-bfcpbis-bfcp-websocket@ietf.org" <draft-ietf-bfcpbis-bfcp-websocket@ietf.org>, "Charles Eckel (eckelcu)" <eckelcu@cisco.com>, "bfcpbis-chairs@ietf.org" <bfcpbis-chairs@ietf.org>
Subject: Re: [bfcpbis] Ben Campbell's Discuss on draft-ietf-bfcpbis-bfcp-websocket-14: (with DISCUSS and COMMENT)
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2017 16:20:35 -0000
Hi Ben, Sorry for delay. Please see inline <Ram> for my responses -----Original Message----- From: Ben Campbell <ben@nostrum.com> Date: Thursday, 19 January 2017 at 5:10 AM To: The IESG <iesg@ietf.org> Cc: "draft-ietf-bfcpbis-bfcp-websocket@ietf.org" <draft-ietf-bfcpbis-bfcp-websocket@ietf.org>, "Charles Eckel (eckelcu)" <eckelcu@cisco.com>, "bfcpbis-chairs@ietf.org" <bfcpbis-chairs@ietf.org>, "Charles Eckel (eckelcu)" <eckelcu@cisco.com>, "bfcpbis@ietf.org" <bfcpbis@ietf.org> Subject: Ben Campbell's Discuss on draft-ietf-bfcpbis-bfcp-websocket-14: (with DISCUSS and COMMENT) Resent-From: <alias-bounces@ietf.org> Resent-To: <anton.roman@quobis.com>, <stephane.cazeaux@orange.com>, <gsalguei@cisco.com>, <sergio.garcia.murillo@gmail.com>, <rmohanr@cisco.com>, <victor.pascual.avila@oracle.com> Resent-Date: Thursday, 19 January 2017 at 5:10 AM Ben Campbell has entered the following ballot position for draft-ietf-bfcpbis-bfcp-websocket-14: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-bfcpbis-bfcp-websocket/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- I plan to ballot "yes" for this document, but I have some concerns about the security properties that I think need to be resolved first. I have followed the discussion resulting from Robert's Gen-ART review (and will have comments about that in the "COMMENTS section", but I think I see an additional issue that hasn't been covered in that discussion. draft-ietf-bfcpbis-rfc4582bis (currently in the RFC Editors queue) defines some situations where TLS and client authentication are normatively required. Specifically, section 9 of that draft says that, if the signaling channel is authenticated and has confidentiality and integrity protection, the BFCP client MUST be authenticated. Section 14 additionally says that under those circumstances, BFCP is REQUIRED to use the mandated cryptographic algorithm. But bfcp-websocket only says that WSS and client authentication are RECOMMENDED. <Ram> Agree. That’s a reasonable ask. I think this could be fixed by requiring WSS, and the web-based client authentication techniques described in this draft whenever the signaling protocol is secured. The simplest way to describe that might be to say that BFCP-websocket must use at least as strong protections as the signaling channel. <Ram> I will add the following line to the security consideration section NEW: “Secure WebSocket (WSS) MUST be used for BCP when the signalling channel used to exchange the BFCP parameters is secured. “ Is this ok ? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I appreciate the author's efforts in resolving the security considerations issues from Robert's Gen-ART review, but I don't think the current text is quite there yet. Version 14 added the text to say that, when using websockets, the websocket security mechanisms are used instead of those from draft-ietf-bfcpbis-rfc4582bis. But Robert also asked for the draft to describe how that change impacts the security analysis in draft-ietf-bfcpbis-rfc4582bis. I don't see text that does that. I'd like to see, for each of the attacks described in draft-ietf-bfcpbis-rfc4582bis, text that says describes how (or if) a similar attack would be mitigated using websocket. <Ram> Here is the text I plan to add the security considerations as a separate paragraph EXISTING: When using BFCP over websockets, the security mechanisms defined in [draft-ietf-bfcpbis-rfc4592bis] are *not used*. Instead, the application is required to build and rely on the security mechanisms in [RFC6455] NEW: “When using BFCP over websockets, the security mechanisms defined in [draft-ietf-bfcpbis-rfc4592bis] are *not used*. Instead, the application is required to build and rely on the security mechanisms in [RFC6455] This section analyses the threats described in Section 14 of [draft-ietf-bfcpbis-rfc4582bis] when WebSocket is used as transport protocol for BFCP. An attacker attempting to impersonate a floor control server is avoided by having servers accept BFCP messages over Secure WebSocket (WSS) only. As with any other web connection, the clients will verify the servers certificate. The floor control WebSocket client MUST follow the procedures in [RFC7525] (including hostname verification as per section 6.1 in [RFC7525]) while setting up TLS connection with floor control webSocket server. An attacker attempting to impersonate a floor control client is avoided by having servers accept BFCP messages over WSS only. As described in Section 10.5 of [RFC6455] the floor control server can use any client authentication mechanism and follow the steps in Section 8 of this document. Attackers may attempt to modify messages exchanged by a client and a floor control server. This can be prevented by having WSS between client and server. An attacker trying to replay the messages is prevented by having floor control servers check that messages arriving over a given WSS connection use an authorized user ID. Attackers may attempt to pick messages from the network to get access to confidential information between the floor control server and a client (e.g., why a floor request was denied). In order to ensure that BFCP users are getting the level of protection that they would get using the BFCP protocol directly, applications need to have a way to control the websocket libraries to use encryption algorithms specified in Section 7 of [draft-ietf-bfcpbis-rfc4582bis. Since the WebSocket API does not have a way to allow an application to select the encryption algorithm to be used, the protection level provided when WSS is used is limited to the underlying TLS algorithm used by WebSocket library.” -4.2, first paragraph: You talk about how the payload size limit is smaller when using websocket. Can you give guidance for actual reasonable limits? <Ram> The para already gives the max limit. I don’t see a real need to give any other limit. The reason for adding this section to explicitly mention that when BFCP is sent over WS/WSS there should be no fragmentation unlike what is mentioned in WS RFC [ rfc6455 section 5.4]. I think the procedures (like learning the MTU of a path and constructing BFCP msg such that it will not be fragmented] of Section 6.2.3 in [draft-ietf-bfcpbis-rfc4582bis-13] are applicable here as well. -5, 2nd paragraph: "The BFCP server is a will have a globally routable address" Is there an implied MUST hiding in there? Also, there's a typo around "is will have". <Ram> I will add a MUST here. -8, paragraph 8: Is the point that you SHOULD authenticate the client, or that if you want to authenticate the client you SHOULD do it this way? I suspect the former is intended, but the text implies the latter. <Ram> Yes it’s the former. I am re-wording the last para of this section to this as per discussion in the thread. Is this making it better ? NEW: If the status code received from the server is not 101, the WebSocket client stack handles the response per HTTP [RFC7230] procedures, in particular the client might perform authentication if it receives 401 status code. The WebSocket clients are vulnerable to the attacks of basic authentication (mentioned in Section 4 of [RFC7617]) and digest authentication (mentioned in Section 5 of [RFC7616]). To overcome some of these weakness, the WebSocket clients for example can use HTTP Origin-Bound Authentication (HOBA) mechanism mentioned in [RFC7486]. Regards, Ram
- [bfcpbis] Ben Campbell's Discuss on draft-ietf-bf… Ben Campbell
- Re: [bfcpbis] Ben Campbell's Discuss on draft-iet… Ram Mohan R (rmohanr)
- Re: [bfcpbis] Ben Campbell's Discuss on draft-iet… Ben Campbell
- Re: [bfcpbis] Ben Campbell's Discuss on draft-iet… Ram Mohan R (rmohanr)
- Re: [bfcpbis] Ben Campbell's Discuss on draft-iet… Ben Campbell
- Re: [bfcpbis] Ben Campbell's Discuss on draft-iet… Ram Mohan R (rmohanr)
- Re: [bfcpbis] Ben Campbell's Discuss on draft-iet… Ben Campbell