Re: [clue] Last Call: <draft-ietf-clue-rtp-mapping-10.txt> (Mapping RTP streams to CLUE Media Captures) to Proposed Standard
Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 16 January 2017 13:56 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: clue@ietfa.amsl.com
Delivered-To: clue@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4782F129470; Mon, 16 Jan 2017 05:56:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IfQldTWofuHF; Mon, 16 Jan 2017 05:56:48 -0800 (PST)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A61E012943D; Mon, 16 Jan 2017 05:56:47 -0800 (PST)
X-AuditID: c1b4fb30-3136f98000003c8a-0f-587cd11d6d6c
Received: from ESESSHC012.ericsson.se (Unknown_Domain [153.88.183.54]) by (Symantec Mail Security) with SMTP id 7A.B5.15498.D11DC785; Mon, 16 Jan 2017 14:56:45 +0100 (CET)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.56) with Microsoft SMTP Server id 14.3.319.2; Mon, 16 Jan 2017 14:56:43 +0100
To: Roni Even <ron.even.tlv@gmail.com>, ietf@ietf.org
References: <148244150608.26135.13003140554574277685.idtracker@ietfa.amsl.com> <e62d8fea-692f-2463-3fce-e9bfbc87293c@ericsson.com> <001901d26ef5$5c91af20$15b50d60$@gmail.com>
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
Message-ID: <18e96e7e-51f4-2a38-a267-110f7f60f9aa@ericsson.com>
Date: Mon, 16 Jan 2017 14:56:42 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0
MIME-Version: 1.0
In-Reply-To: <001901d26ef5$5c91af20$15b50d60$@gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrALMWRmVeSWpSXmKPExsUyM2K7ma7sxZoIg0MLLS2+TlrCZrH/1GVm i6cT/7FYPNs4n8XibzuzA6vHzll32T2WLPnJFMAUxWWTkpqTWZZapG+XwJWx7cY0toIpJhUb jp5hbGCcq9XFyMEhIWAisWqudBcjF4eQwDpGiZ9TV7FBOMsZJa4daGQBcYQF2hklTn45yArS ISJgLrFqPR9E0SZGiXcn5gN1cHIwC4RKXPnwgR3EZhOwkLj5oxEszitgL/Ft4lRGEJtFQFXi 5oU7TCC2qECMxNv1y9khagQlTs58wgIynxOo985GfRCTGaj1wdYyiOnyEs1bZzOD2EIC2hIN TR2sExgFZiFpnoXQMQtJxwJG5lWMosWpxUm56UZGeqlFmcnFxfl5enmpJZsYgeF6cMtvgx2M L587HmIU4GBU4uHdcKw6Qog1say4MvcQowQHs5IIr+SZmggh3pTEyqrUovz4otKc1OJDjNIc LErivGYr74cLCaQnlqRmp6YWpBbBZJk4OKUaGLf/k1+/3fn8ggOStcF3ugTXCqz/tcpBv0rI TkrMu2pi6so5h1+5+z2/qi7SJrTwwbuG7X+SJrRnlxy+XH7W9i+HF2P/y8t/vf/msi0wP9Hv YTolN+q26+rdKnYB+RFLPomsXfjYg+3jCfGkqcGhB6dJHudhvZ5ia2u3Raf137PyRL9a/fQj ZUosxRmJhlrMRcWJAHpAUhhTAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/clue/PKR2orYaug_7hvMML-uw2H9uQjs>
Cc: clue@ietf.org, clue-chairs@ietf.org, draft-ietf-clue-rtp-mapping@ietf.org
Subject: Re: [clue] Last Call: <draft-ietf-clue-rtp-mapping-10.txt> (Mapping RTP streams to CLUE Media Captures) to Proposed Standard
X-BeenThere: clue@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: CLUE - ControLling mUltiple streams for TElepresence <clue.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/clue>, <mailto:clue-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/clue/>
List-Post: <mailto:clue@ietf.org>
List-Help: <mailto:clue-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/clue>, <mailto:clue-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jan 2017 13:56:50 -0000
Den 2017-01-15 kl. 07:05, skrev Roni Even: > Hi Magnus, > CaptureID here is just conveying the value defined in the CLUE data model > and CLUE protocol defines the security consideration for conveying the > adertized and configured values. > So any security on creating is done in the protocol document Yes, it is containing a value. And the data model and protocol documents defines the protocol level security requirements and solution. However, as the CaptureID is taken out of the context of the CLUE protocol, and put into RTP/RTCP there needs to be consideration for the implications of that action. As I don't find any recommendation for how an implementation generates CaptureIDs I could not determine the security sensitivity of the field. That is why I am asking about that aspect. Please provide an analysis of what it may contain, i.e. worst case, and the appropriate recommendation for appropriately securing that field. > > As for the header extension, I will add some text And I think this is relevant also for SDES items in general, not only for the header extension. The security risks and fundamental requirements are shared anyway. Cheers Magnus > Roni > >> -----Original Message----- >> From: clue [mailto:clue-bounces@ietf.org] On Behalf Of Magnus Westerlund >> Sent: Friday, January 13, 2017 2:22 PM >> To: ietf@ietf.org >> Cc: draft-ietf-clue-rtp-mapping@ietf.org; clue-chairs@ietf.org; > clue@ietf.org >> Subject: Re: [clue] Last Call: <draft-ietf-clue-rtp-mapping-10.txt> > (Mapping RTP >> streams to CLUE Media Captures) to Proposed Standard >> >> Hi, >> >> As one of IANA's expert reviewers for the two registries that this > document >> attempts to register in, I want to provide some feedback on individual > basis and >> directly. >> >> The SDES item registration of the CaptureID is fine with the exception > that it isn't >> clear on the security consideration for the CaptureID field as SDES item. > I fail to >> find any limitations or even recommendations for how the value is created > by >> the implementation. Nor does the security considerations discuss the > potential >> risk that the capture ID is privacy sensitive, like "Adrian's Mic" rather > than AC0 >> as in the example in the data model document. The data model document is >> fairly clear on the need for confidentiality and authorization for the > whole data >> model document. However, this thinking has not been raised and clarified > in this >> specific move of the information into the RTP protocol. >> >> So, I would recommend a discussion in general if the field should have >> anonymous labels, that do not contain privacy information. Then one needs > to >> be clear on what requirements that puts on transporting this field in RTP. > And >> that depends on how certain one can be that it is anonymous or that it may >> contain sensitive information and therefore should be confidentiality > protected. >> In all cases this field needs integrity and source authentication. Which > should be >> made explicit in the security consideration. The clue mapping require >> implementation of SRTP with DTLS-SRTP keying, however, it fails to be > specific >> on which protection profiles that are to be supported, both for the SRTP > as well >> as the crypto functions for the key handshakes in DTLS-SRTP. Thus, I can't > be >> certain if the CaptureID will be confidentiality protected or not even in > RTCP. >> >> When it comes to the RTP Header Extension case, the RFC 7941 is very > explicit >> about the requirement on doing this security consideration. And I note > that with >> the above analysis of what requirements to put, one can ensure that the > right >> requirements on the CLUE system to protect any RTP header extension with > the >> CaptureID is done. I do note that if confidentiality protection is needed, > this >> means additional implementation requirement. Such needs to be defined in > this >> or referenced document if that is the case. >> >> This should be fairly straight forward to fix, but needs to be done. >> >> Cheers >> >> Magnus >> >> Den 2016-12-22 kl. 22:18, skrev The IESG: >>> >>> The IESG has received a request from the ControLling mUltiple streams >>> for tElepresence WG (clue) to consider the following document: >>> - 'Mapping RTP streams to CLUE Media Captures' >>> <draft-ietf-clue-rtp-mapping-10.txt> as Proposed Standard >>> >>> The IESG plans to make a decision in the next few weeks, and solicits >>> final comments on this action. Please send substantive comments to the >>> ietf@ietf.org mailing lists by 2017-01-12. Exceptionally, comments may >>> be sent to iesg@ietf.org instead. In either case, please retain the >>> beginning of the Subject line to allow automated sorting. >>> >>> Abstract >>> >>> >>> This document describes how the Real Time transport Protocol (RTP) is >>> used in the context of the CLUE protocol. It also describes the >>> mechanisms and recommended practice for mapping RTP media streams >>> defined in SDP to CLUE Media Captures. >>> >>> >>> >>> >>> The file can be obtained via >>> https://datatracker.ietf.org/doc/draft-ietf-clue-rtp-mapping/ >>> >>> IESG discussion can be tracked via >>> https://datatracker.ietf.org/doc/draft-ietf-clue-rtp-mapping/ballot/ >>> >>> >>> No IPR declarations have been submitted directly on this I-D. >>> >>> >>> >>> >>> >> >> >> -- >> >> Magnus Westerlund >> >> ---------------------------------------------------------------------- >> Services, Media and Network features, Ericsson Research EAB/TXM >> ---------------------------------------------------------------------- >> Ericsson AB | Phone +46 10 7148287 >> Färögatan 6 | Mobile +46 73 0949079 >> SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com >> ---------------------------------------------------------------------- >> >> _______________________________________________ >> clue mailing list >> clue@ietf.org >> https://www.ietf.org/mailman/listinfo/clue > > -- Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- [clue] Last Call: <draft-ietf-clue-rtp-mapping-10… The IESG
- Re: [clue] Last Call: <draft-ietf-clue-rtp-mappin… Magnus Westerlund
- Re: [clue] Last Call: <draft-ietf-clue-rtp-mappin… Paul Kyzivat
- Re: [clue] Last Call: <draft-ietf-clue-rtp-mappin… Roni Even
- Re: [clue] Last Call: <draft-ietf-clue-rtp-mappin… Magnus Westerlund
- Re: [clue] Last Call: <draft-ietf-clue-rtp-mappin… Paul Kyzivat