IETF Logo Mail Archive

Re: [clue] Eric Rescorla's No Objection on draft-ietf-clue-signaling-14: (with COMMENT)

"Rob Hanton (rohanse2)" <rohanse2@cisco.com> Tue, 27 November 2018 09:55 UTC

Return-Path: <rohanse2@cisco.com>
X-Original-To: clue@ietfa.amsl.com
Delivered-To: clue@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A74E1276D0; Tue, 27 Nov 2018 01:55:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.96
X-Spam-Level:
X-Spam-Status: No, score=-15.96 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xJSZY9Zz-ij3; Tue, 27 Nov 2018 01:55:18 -0800 (PST)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7880127B4C; Tue, 27 Nov 2018 01:55:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6102; q=dns/txt; s=iport; t=1543312518; x=1544522118; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=ajQaWqXZcaaclsBYYVOPpuS53cUEfedNJr0RsRozkR0=; b=in+ugy+BFkzzkS8ocUgceC92vlXmCwUl+fCvkQaQ/mcJTWoEjDr4zmLw EYH3uaOggun16GCvMQc9UZMT2fasBAsPaR/+P6UfsMTffjZ0HoygaUJfX a2NAwisruEfAMDd3g7EQxfbUSWBE0ibbOFauMo07jG2ewHlOhT2xD/obG I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AEAACnE/1b/40NJK1kDgwBAQEBAQIBAQEBBwIBAQEBgVEFAQEBAQsBgVUuZoECJwqDb4gYjhODRYVKjjGBegsBASWERwIXhBkiNAkNAQMBAQIBAQJtHAyFPAEBAQEDIxFFDAQCAQgOAwQBAQECAiMDAgICHxEUAQgIAgQBDQUIgxqBaQMVD6UYgS+EMQMNQIMIDYIXBYELiDqCSIIWgRGDEoJXRwICAQEWhEuCVwKBKgGILYE9lEkuBgMChnqDLYNbgyQgkQuNRoEKiUACERSBJx84gVVwgW6BToInFxKITIUEO0ExAY1RgR8BAQ
X-IronPort-AV: E=Sophos;i="5.56,286,1539648000"; d="scan'208";a="491705988"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Nov 2018 09:55:16 +0000
Received: from XCH-ALN-017.cisco.com (xch-aln-017.cisco.com [173.36.7.27]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id wAR9tG2n029053 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 27 Nov 2018 09:55:16 GMT
Received: from xch-rcd-016.cisco.com (173.37.102.26) by XCH-ALN-017.cisco.com (173.36.7.27) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 27 Nov 2018 03:55:15 -0600
Received: from xch-rcd-016.cisco.com ([173.37.102.26]) by XCH-RCD-016.cisco.com ([173.37.102.26]) with mapi id 15.00.1395.000; Tue, 27 Nov 2018 03:55:15 -0600
From: "Rob Hanton (rohanse2)" <rohanse2@cisco.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>, Eric Rescorla <ekr@rtfm.com>
CC: Roni Even <roni.even@huawei.com>, IESG <iesg@ietf.org>, Daniel Burnett <danielcburnett@gmail.com>, "clue@ietf.org" <clue@ietf.org>, "roni.even@mail01.huawei.com" <roni.even@mail01.huawei.com>, "clue-chairs@ietf.org" <clue-chairs@ietf.org>, "draft-ietf-clue-signaling@ietf.org" <draft-ietf-clue-signaling@ietf.org>
Thread-Topic: Eric Rescorla's No Objection on draft-ietf-clue-signaling-14: (with COMMENT)
Thread-Index: AQHUgItlNzV1mBjQhkStyjijOx0gwqVcD0cAgABD4YCABBM5gIAAfr0AgABJCoCAAB+6AIABl6KAgACEumA=
Date: Tue, 27 Nov 2018 09:55:15 +0000
Message-ID: <8524dc46c43e4f5084fbbd2e566f9c28@XCH-RCD-016.cisco.com>
References: <154268892146.26648.17870778354406192041.idtracker@ietfa.amsl.com> <6E58094ECC8D8344914996DAD28F1CCD18C762DF@DGGEMM506-MBX.china.huawei.com> <CABcZeBMcQxZuRUFx=tz==C5eCc8zNBrxkKaZfBa+gYnyaV3FOQ@mail.gmail.com> <6E58094ECC8D8344914996DAD28F1CCD18C7B5DE@DGGEMM506-MBS.china.huawei.com> <CABcZeBOPPojS2zsR6uZCagcs7yBBmtMW9rcyPw_gEK44u7GH1w@mail.gmail.com> <b9922f72-932c-a509-95c2-c86765d5ce6d@alum.mit.edu> <CABcZeBNb4nG7U9KdMLCT8f4oOYXqWydM_1JQPbfceSu31+Bg1A@mail.gmail.com> <e8a805d2-762d-6cd7-bed5-4518e943453c@alum.mit.edu>
In-Reply-To: <e8a805d2-762d-6cd7-bed5-4518e943453c@alum.mit.edu>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.138.252]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Outbound-SMTP-Client: 173.36.7.27, xch-aln-017.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/clue/AfJ0tzHc6B3XlYwxJMh7xurCE14>
Subject: Re: [clue] Eric Rescorla's No Objection on draft-ietf-clue-signaling-14: (with COMMENT)
X-BeenThere: clue@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CLUE - ControLling mUltiple streams for TElepresence <clue.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/clue>, <mailto:clue-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/clue/>
List-Post: <mailto:clue@ietf.org>
List-Help: <mailto:clue-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/clue>, <mailto:clue-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Nov 2018 09:55:20 -0000

We did have specific protections as mandantory to use in earlier drafts. From version 05:

   ... discussion of video hammer attack ...
   This attack can be prevented by ensuring that the media recipient
   intends to receive the media packets.  Because of the way that CLUE
   can increase the severity of this attack, as well as because of the
   general increased awareness of the need to secure critical payloads,
   a CLUE-capable device MUST secure all CLUE-controlled RTP "m" lines
   using SRTP [RFC3711], and MUST support and use key negotiation and
   receiver intent assurance via DTLS [RFC5763] on these "m" lines.  For
   backwards compatibility, this is not a mandatory requirement for non-
   CLUE-controlled "m" lines.

https://datatracker.ietf.org/doc/draft-ietf-clue-signaling/05/?include_text=1

This was then changed in version 06 and onwards following the discussion at IETF 92 and later where there was opposition to making the use of DTLS/SRTP mandatory to use. If I recall the two major concerns people had were:
1) This prevents implementations using a superior mechanism should one be developed
2) This prevents two devices from the same vendor using some alternate means of authentication (potentially proprietary) that would reduce the need for DTLS/SRTP
(Minutes: https://datatracker.ietf.org/doc/minutes-92-clue/ )

So while everyone agreed that DTLS/SRTP should be mandatory to implement so it was always available, consensus ended up being removing the requirement to use DTLS/SRTP and instead having more generic language:

   This attack can be prevented by ensuring that the media recipient
   intends to receive the media packets.  As such all CLUE-capable
   devices MUST support key negotiation and receiver intent assurance
   via DTLS-SRTP [RFC5763] on CLUE-controlled RTP "m=" lines.  All CLUE-
   controlled RTP "m" lines must be secured and implemented using
   mechanisms such as SRTP [RFC3711].  CLUE implementations MAY choose
   not to require the use of SRTP to secure legacy (non-CLUE-controlled)
   media for backwards compatibility with older SIP clients that are
   incapable of supporting it.

https://datatracker.ietf.org/doc/draft-ietf-clue-signaling/?include_text=1

All drafts have always had an exception for non-CLUE-controlled lines for backwards compatibility.

Rob

-----Original Message-----
From: Paul Kyzivat <pkyzivat@alum.mit.edu> 
Sent: 26 November 2018 19:49
To: Eric Rescorla <ekr@rtfm.com>
Cc: Roni Even <roni.even@huawei.com>; IESG <iesg@ietf.org>; Daniel Burnett <danielcburnett@gmail.com>; clue@ietf.org; roni.even@mail01.huawei.com; clue-chairs@ietf.org; draft-ietf-clue-signaling@ietf.org
Subject: Re: Eric Rescorla's No Objection on draft-ietf-clue-signaling-14: (with COMMENT)

On 11/25/18 2:29 PM, Eric Rescorla wrote:
> 
> 
> On Sun, Nov 25, 2018 at 9:35 AM Paul Kyzivat <pkyzivat@alum.mit.edu 
> <mailto:pkyzivat@alum.mit.edu>> wrote:
> 
>     On 11/25/18 8:14 AM, Eric Rescorla wrote:
>      >
>      >
>      > On Sat, Nov 24, 2018 at 9:41 PM Roni Even (A)
>     <roni.even@huawei.com <mailto:roni.even@huawei.com>
>      > <mailto:roni.even@huawei.com <mailto:roni.even@huawei.com>>> wrote:
>      >
>      >     Hi,____
>      >
>      >     The point that is made that in general CLUE is similar to no CLUE
>      >     RTP media calls. The difference is that since the EP may open
>     more
>      >     than one RTP video channel there is a greater risk of sending
>     more
>      >     media to the victim.
>      >
>      >
>      > Yes, but in order to have a useful countermeasure, that needs to be
>      > mandatory, and yours is not.
> 
>     But one of the goals of clue is to be backward compatible with regular
>     sip calls. If we impose constraints on the media over and above those
>     required for regular sip calls then we lose that.
> 
> 
> ISTM that that's already not true for these media flows, because 4.4.1 
> requires them to be inactive and you need to use an SCTP/DTLS control 
> channel to negotiate them.
> What I'm saying is that those other flows should also have a consent 
> check

I was more concerned with the basic audio and/or video in the initial invite, before it is known whether the answerer supports clue. I don't have a particular problem with putting further restrictions on the clue controlled media.

	Thanks,
	Paul

v2.23.0 | Report a Bug | By Email