Re: [clue] Eric Rescorla's No Objection on draft-ietf-clue-signaling-14: (with COMMENT)
"Rob Hanton (rohanse2)" <rohanse2@cisco.com> Thu, 06 December 2018 10:07 UTC
Return-Path: <rohanse2@cisco.com>
X-Original-To: clue@ietfa.amsl.com
Delivered-To: clue@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 058AB131126; Thu, 6 Dec 2018 02:07:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.958
X-Spam-Level:
X-Spam-Status: No, score=-15.958 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id agIlR4dOIFZz; Thu, 6 Dec 2018 02:07:17 -0800 (PST)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAD4D13112A; Thu, 6 Dec 2018 02:07:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=41680; q=dns/txt; s=iport; t=1544090836; x=1545300436; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=xjGMYD5Q4aQKOQOdRxWpVyOlYPOhR/q3/mjYMJaEQC4=; b=BxnEqn3n2bmrQxZFxnZXq0YuuWOlu64CNkGcCEB75zJth+j+RJE73PAi vUlfyxYYWQf/urE9csuXVoBsRa2s3MPPgaGbleBB2uhbYtMyJpXw5FOVi 4hIfqoC6dmc1nvsezchxX/JM1Rp46zbUbnSGLPgTKE1aFcaB1f7HudgW8 c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ADAABs9Ahc/4cNJK1kGQEBAQEBAQEBAQEBAQcBAQEBAQGBUQQBAQEBAQsBgQ1ILmaBAicKg3CIGY4aiRKOPIF6CwEBJYMQgTcCF4J9IjQJDQEDAQECAQECbRwMhTwBAQEEIwpMDAQCAQgOAwMBAQEBIAEGAwICAh8RFAkIAgQBDQUIgxqBHUwDFQ+lUoEvhDEDDUCDAg2CFwWJVoJIghaBEYMSgldHAgIBARaBZxaCToJXAoEqAYg7gT6De5ESLgYDAocCgzeDXYMmIIFcj1mJDoEEg2eBDoldAhEUgScfOCeBLnCBboFOgXcwFxKITIU/QTEBiSIrgQGBHwEB
X-IronPort-AV: E=Sophos;i="5.56,322,1539648000"; d="scan'208,217";a="490273865"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Dec 2018 10:07:14 +0000
Received: from XCH-ALN-017.cisco.com (xch-aln-017.cisco.com [173.36.7.27]) by alln-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id wB6A7EZs031688 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 6 Dec 2018 10:07:15 GMT
Received: from xch-rcd-016.cisco.com (173.37.102.26) by XCH-ALN-017.cisco.com (173.36.7.27) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 6 Dec 2018 04:07:13 -0600
Received: from xch-rcd-016.cisco.com ([173.37.102.26]) by XCH-RCD-016.cisco.com ([173.37.102.26]) with mapi id 15.00.1395.000; Thu, 6 Dec 2018 04:07:14 -0600
From: "Rob Hanton (rohanse2)" <rohanse2@cisco.com>
To: Eric Rescorla <ekr@rtfm.com>, Christer Holmberg <christer.holmberg@ericsson.com>
CC: "clue@ietf.org" <clue@ietf.org>, "roni.even@mail01.huawei.com" <roni.even@mail01.huawei.com>, IESG <iesg@ietf.org>, "clue-chairs@ietf.org" <clue-chairs@ietf.org>, "draft-ietf-clue-signaling@ietf.org" <draft-ietf-clue-signaling@ietf.org>
Thread-Topic: [clue] Eric Rescorla's No Objection on draft-ietf-clue-signaling-14: (with COMMENT)
Thread-Index: AQHUgItlNzV1mBjQhkStyjijOx0gwqVcD0cAgABD4YCABBM5gIAAfr0AgABJCoCAAB+6AIABl6KAgACEumCAAMAiAIAHnnCAgADengCABOthUA==
Date: Thu, 06 Dec 2018 10:07:14 +0000
Message-ID: <b0e71029f70c4cb28bf68ef3856f03c7@XCH-RCD-016.cisco.com>
References: <154268892146.26648.17870778354406192041.idtracker@ietfa.amsl.com> <6E58094ECC8D8344914996DAD28F1CCD18C762DF@DGGEMM506-MBX.china.huawei.com> <CABcZeBMcQxZuRUFx=tz==C5eCc8zNBrxkKaZfBa+gYnyaV3FOQ@mail.gmail.com> <6E58094ECC8D8344914996DAD28F1CCD18C7B5DE@DGGEMM506-MBS.china.huawei.com> <CABcZeBOPPojS2zsR6uZCagcs7yBBmtMW9rcyPw_gEK44u7GH1w@mail.gmail.com> <b9922f72-932c-a509-95c2-c86765d5ce6d@alum.mit.edu> <CABcZeBNb4nG7U9KdMLCT8f4oOYXqWydM_1JQPbfceSu31+Bg1A@mail.gmail.com> <e8a805d2-762d-6cd7-bed5-4518e943453c@alum.mit.edu> <8524dc46c43e4f5084fbbd2e566f9c28@XCH-RCD-016.cisco.com> <CABcZeBNwvzJ98qrCW6tiTozBsKiGJEnVi5MBQz32Udrizp180Q@mail.gmail.com> <1648CE33-0DFB-487A-9C11-F78945F30844@ericsson.com> <CABcZeBMHgJeJKKZQV6d7MMbg=1ahxgKOOQ1gmnepnQUTsooVWw@mail.gmail.com>
In-Reply-To: <CABcZeBMHgJeJKKZQV6d7MMbg=1ahxgKOOQ1gmnepnQUTsooVWw@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.230.72.134]
Content-Type: multipart/alternative; boundary="_000_b0e71029f70c4cb28bf68ef3856f03c7XCHRCD016ciscocom_"
MIME-Version: 1.0
X-Outbound-SMTP-Client: 173.36.7.27, xch-aln-017.cisco.com
X-Outbound-Node: alln-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/clue/jgROaW_WRfqo3plIMQNuM3UKqN8>
Subject: Re: [clue] Eric Rescorla's No Objection on draft-ietf-clue-signaling-14: (with COMMENT)
X-BeenThere: clue@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CLUE - ControLling mUltiple streams for TElepresence <clue.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/clue>, <mailto:clue-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/clue/>
List-Post: <mailto:clue@ietf.org>
List-Help: <mailto:clue-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/clue>, <mailto:clue-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2018 10:07:22 -0000
I agree that the key is to ensure that the recipient of the packets is actually expecting to get said packets to prevent an amplification attack. How about we change the normative language to make it mandatory to authenticate the far end of the media path but we allow alternate mechanisms to DTLS-SRTP to potentially be used if in a scenario where such an alternative is available. For instance: “All CLUE-controlled RTP "m" lines must be secured and implemented using SRTP [RFC3711], and MUST establish receiver intent assurance via DTLS-SRTP [RFC5763] or some other mechanism. CLUE implementations MAY choose not to require the use of SRTP or authentication to secure legacy (non-CLUE-controlled) media for backwards compatibility with older SIP clients that are incapable of supporting it.” For ease of comparison, the current wording is: “All CLUE-controlled RTP "m" lines must be secured and implemented using mechanisms such as SRTP [RFC3711]. CLUE implementations MAY choose not to require the use of SRTP to secure legacy (non-CLUE-controlled) media for backwards compatibility with older SIP clients that are incapable of supporting it.” Rob From: Eric Rescorla <ekr@rtfm.com> Sent: 03 December 2018 00:49 To: Christer Holmberg <christer.holmberg@ericsson.com> Cc: Rob Hanton (rohanse2) <rohanse2@cisco.com>; clue@ietf.org; roni.even@mail01.huawei.com; IESG <iesg@ietf.org>; clue-chairs@ietf.org; draft-ietf-clue-signaling@ietf.org Subject: Re: [clue] Eric Rescorla's No Objection on draft-ietf-clue-signaling-14: (with COMMENT) On Sun, Dec 2, 2018 at 3:32 AM Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>> wrote: Hi, Would requiring SRTP be an option? Note that CLUE has been adopted (many years ago) in environments where usage of DTLS-SRTP is not defined. That would unfortunately not solve the consent problem. -Ekr Regards, Christer From: clue <clue-bounces@ietf.org<mailto:clue-bounces@ietf.org>> on behalf of Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> Date: Tuesday, 27 November 2018 at 17.12 To: Robert Hansen <rohanse2@cisco.com<mailto:rohanse2@cisco.com>> Cc: "clue@ietf.org<mailto:clue@ietf.org>" <clue@ietf.org<mailto:clue@ietf.org>>, Roni Even <roni.even@mail01.huawei.com<mailto:roni.even@mail01.huawei.com>>, "iesg@ietf.org<mailto:iesg@ietf.org>" <iesg@ietf.org<mailto:iesg@ietf.org>>, "clue-chairs@ietf.org<mailto:clue-chairs@ietf.org>" <clue-chairs@ietf.org<mailto:clue-chairs@ietf.org>>, "draft-ietf-clue-signaling@ietf.org<mailto:draft-ietf-clue-signaling@ietf.org>" <draft-ietf-clue-signaling@ietf.org<mailto:draft-ietf-clue-signaling@ietf.org>> Subject: Re: [clue] Eric Rescorla's No Objection on draft-ietf-clue-signaling-14: (with COMMENT) On Tue, Nov 27, 2018 at 1:55 AM Rob Hanton (rohanse2) <rohanse2@cisco.com<mailto:rohanse2@cisco.com>> wrote: We did have specific protections as mandantory to use in earlier drafts. From version 05: ... discussion of video hammer attack ... This attack can be prevented by ensuring that the media recipient intends to receive the media packets. Because of the way that CLUE can increase the severity of this attack, as well as because of the general increased awareness of the need to secure critical payloads, a CLUE-capable device MUST secure all CLUE-controlled RTP "m" lines using SRTP [RFC3711], and MUST support and use key negotiation and receiver intent assurance via DTLS [RFC5763] on these "m" lines. For backwards compatibility, this is not a mandatory requirement for non- CLUE-controlled "m" lines. https://datatracker.ietf.org/doc/draft-ietf-clue-signaling/05/?include_text=1 This was then changed in version 06 and onwards following the discussion at IETF 92 and later where there was opposition to making the use of DTLS/SRTP mandatory to use. If I recall the two major concerns people had were: 1) This prevents implementations using a superior mechanism should one be developed I don't think this is a real objection, If a new mechanism should be developed, then presumably it would also be documented in an RFC and we could update this one. 2) This prevents two devices from the same vendor using some alternate means of authentication (potentially proprietary) that would reduce the need for DTLS/SRTP (Minutes: https://datatracker.ietf.org/doc/minutes-92-clue/ ) It's not a matter of authentication. It's a matter of path validation. For instance, if you were to have a situation where you had a cryptographic key but it did not have an interactive handshake, that would not provide the correct function. By contrast, ICE would. So while everyone agreed that DTLS/SRTP should be mandatory to implement so it was always available, consensus ended up being removing the requirement to use DTLS/SRTP and instead having more generic language: This attack can be prevented by ensuring that the media recipient intends to receive the media packets. As such all CLUE-capable devices MUST support key negotiation and receiver intent assurance via DTLS-SRTP [RFC5763] on CLUE-controlled RTP "m=" lines. All CLUE- controlled RTP "m" lines must be secured and implemented using mechanisms such as SRTP [RFC3711]. CLUE implementations MAY choose not to require the use of SRTP to secure legacy (non-CLUE-controlled) media for backwards compatibility with older SIP clients that are incapable of supporting it. https://datatracker.ietf..org/doc/draft-ietf-clue-signaling/?include_text=1<https://datatracker.ietf.org/doc/draft-ietf-clue-signaling/?include_text=1> Yes, but the problem is that this doesn't require any kind of consent validation at all, which creates an unacceptable amplification risk. It seems to me that there are a number of options here: 1. Require DTLS-SRTP 2. Require ICE 3. Require *some* path-validating consent mechanism However, just leaving the amplification attack does not seem OK. -Ekr All drafts have always had an exception for non-CLUE-controlled lines for backwards compatibility. Rob -----Original Message----- From: Paul Kyzivat <pkyzivat@alum.mit.edu<mailto:pkyzivat@alum.mit.edu>> Sent: 26 November 2018 19:49 To: Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> Cc: Roni Even <roni.even@huawei.com<mailto:roni.even@huawei.com>>; IESG <iesg@ietf.org<mailto:iesg@ietf.org>>; Daniel Burnett <danielcburnett@gmail.com<mailto:danielcburnett@gmail.com>>; clue@ietf.org<mailto:clue@ietf.org>; roni.even@mail01.huawei.com<mailto:roni.even@mail01.huawei.com>; clue-chairs@ietf.org<mailto:clue-chairs@ietf.org>; draft-ietf-clue-signaling@ietf.org<mailto:draft-ietf-clue-signaling@ietf.org> Subject: Re: Eric Rescorla's No Objection on draft-ietf-clue-signaling-14: (with COMMENT) On 11/25/18 2:29 PM, Eric Rescorla wrote: > > > On Sun, Nov 25, 2018 at 9:35 AM Paul Kyzivat <pkyzivat@alum.mit.edu<mailto:pkyzivat@alum.mit.edu> > <mailto:pkyzivat@alum.mit.edu<mailto:pkyzivat@alum.mit.edu>>> wrote: > > On 11/25/18 8:14 AM, Eric Rescorla wrote: > > > > > > On Sat, Nov 24, 2018 at 9:41 PM Roni Even (A) > <roni.even@huawei.com<mailto:roni.even@huawei.com> <mailto:roni.even@huawei.com<mailto:roni.even@huawei.com>> > > <mailto:roni.even@huawei.com<mailto:roni.even@huawei..com> <mailto:roni.even@huawei.com<mailto:roni.even@huawei.com>>>> wrote: > > > > Hi,____ > > > > The point that is made that in general CLUE is similar to no CLUE > > RTP media calls. The difference is that since the EP may open > more > > than one RTP video channel there is a greater risk of sending > more > > media to the victim. > > > > > > Yes, but in order to have a useful countermeasure, that needs to be > > mandatory, and yours is not. > > But one of the goals of clue is to be backward compatible with regular > sip calls. If we impose constraints on the media over and above those > required for regular sip calls then we lose that. > > > ISTM that that's already not true for these media flows, because 4..4.1 > requires them to be inactive and you need to use an SCTP/DTLS control > channel to negotiate them. > What I'm saying is that those other flows should also have a consent > check I was more concerned with the basic audio and/or video in the initial invite, before it is known whether the answerer supports clue. I don't have a particular problem with putting further restrictions on the clue controlled media. Thanks, Paul
- [clue] Eric Rescorla's No Objection on draft-ietf… Eric Rescorla
- Re: [clue] Eric Rescorla's No Objection on draft-… Roni Even (A)
- Re: [clue] Eric Rescorla's No Objection on draft-… Eric Rescorla
- Re: [clue] Eric Rescorla's No Objection on draft-… Roni Even (A)
- Re: [clue] Eric Rescorla's No Objection on draft-… Eric Rescorla
- Re: [clue] Eric Rescorla's No Objection on draft-… Paul Kyzivat
- Re: [clue] Eric Rescorla's No Objection on draft-… Eric Rescorla
- Re: [clue] Eric Rescorla's No Objection on draft-… Paul Kyzivat
- Re: [clue] Eric Rescorla's No Objection on draft-… Rob Hanton (rohanse2)
- Re: [clue] Eric Rescorla's No Objection on draft-… Eric Rescorla
- Re: [clue] Eric Rescorla's No Objection on draft-… Christer Holmberg
- Re: [clue] Eric Rescorla's No Objection on draft-… Eric Rescorla
- Re: [clue] Eric Rescorla's No Objection on draft-… Rob Hanton (rohanse2)