Re: [clue] Comments on CaptureID and security
Paul Kyzivat <pkyzivat@alum.mit.edu> Wed, 18 January 2017 16:25 UTC
Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: clue@ietfa.amsl.com
Delivered-To: clue@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1424F1294D0 for <clue@ietfa.amsl.com>; Wed, 18 Jan 2017 08:25:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.4
X-Spam-Level:
X-Spam-Status: No, score=-7.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 33sL9act7BMj for <clue@ietfa.amsl.com>; Wed, 18 Jan 2017 08:25:51 -0800 (PST)
Received: from alum-mailsec-scanner-2.mit.edu (alum-mailsec-scanner-2.mit.edu [18.7.68.13]) by ietfa.amsl.com (Postfix) with ESMTP id 8FEB912947D for <clue@ietf.org>; Wed, 18 Jan 2017 08:25:51 -0800 (PST)
X-AuditID: 1207440d-97fff70000000a35-61-587f970ecfd2
Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33]) by alum-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id E4.2E.02613.E079F785; Wed, 18 Jan 2017 11:25:50 -0500 (EST)
Received: from [192.168.1.110] (c-73-186-127-100.hsd1.ma.comcast.net [73.186.127.100]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.13.8/8.12.4) with ESMTP id v0IGPn4Z032576 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for <clue@ietf.org>; Wed, 18 Jan 2017 11:25:49 -0500
To: clue@ietf.org
References: <6E58094ECC8D8344914996DAD28F1CCD76DEFF@DGGEMM506-MBX.china.huawei.com> <5eb63eb7-0a07-cae4-cf7d-e4ff00fc7118@ericsson.com> <6E58094ECC8D8344914996DAD28F1CCD76DF3C@DGGEMM506-MBX.china.huawei.com> <74afe259-a7cd-c55b-ed4a-bea29ede012f@ericsson.com>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <208e2d66-b7bf-8167-7c3d-6841df84192e@alum.mit.edu>
Date: Wed, 18 Jan 2017 11:25:49 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.6.0
MIME-Version: 1.0
In-Reply-To: <74afe259-a7cd-c55b-ed4a-bea29ede012f@ericsson.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrJIsWRmVeSWpSXmKPExsUixO6iqMs3vT7C4OlxU4v9py4zOzB6LFny kymAMYrLJiU1J7MstUjfLoEr48CkVYwFh8wr5p41a2DcoNvFyMkhIWAi8WP5ZMYuRi4OIYHL jBJ/lv5jgXBeM0lc2XSAHaRKWMBM4vTW5UA2B4eIgKDEyyuCEDWdTBL7HnSzgtSwCWhJzDn0 nwWkhlfAXmLDEjWQMIuAqsTFZbeYQWxRgTSJBye3MoLYvEBjTs58wgJicwo4SDS+fsEGYjMD rZq3+SEzhC0v0bx1NvMERr5ZSFpmISmbhaRsASPzKka5xJzSXN3cxMyc4tRk3eLkxLy81CJd I73czBK91JTSTYyQEOPdwfh/ncwhRgEORiUe3o6i+ggh1sSy4srcQ4ySHExKorwuPUAhvqT8 lMqMxOKM+KLSnNTiQ4wSHMxKIrzBk4ByvCmJlVWpRfkwKWkOFiVxXrUl6n5CAumJJanZqakF qUUwWRkODiUJ3r9TgRoFi1LTUyvSMnNKENJMHJwgw3mAhqtOAxleXJCYW5yZDpE/xagoJc67 E6RZACSRUZoH1wtLAa8YxYFeEeZNA2nnAaYPuO5XQIOZgAZbKYMNLklESEk1MCYpVkUYdhxb p3NlSek1Zr6J854/PHtZOrcspCRv1cpAViHX83ObCpW2CAb6fb2xLiY2Xs/+V73dMbenAt2n ylMFLm2NaXrc/OmE5QfJ5iNdvkr2usevXLV692az19cP4XyBIt3FTZ2ztm3Pvtp+SmCXzGoh p2sffNVXyc/c0uSyxOvNyhwRRSWW4oxEQy3mouJEAE5r93XcAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/clue/mFlMm8nkn9kRmndU3nANjKC-Tjo>
Subject: Re: [clue] Comments on CaptureID and security
X-BeenThere: clue@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: CLUE - ControLling mUltiple streams for TElepresence <clue.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/clue>, <mailto:clue-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/clue/>
List-Post: <mailto:clue@ietf.org>
List-Help: <mailto:clue-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/clue>, <mailto:clue-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jan 2017 16:25:53 -0000
I have a side question on this: if RTCP is being multiplexed with RTP, and the RTP is being encrypted, is the RTCP also implicitly encrypted, or is it still an independently negotiated feature? (Yes, I realize that doesn't solve the general problem for CLUE.) Thanks, Paul On 1/18/17 6:53 AM, Magnus Westerlund wrote: > Hi, > > Yes, I think encrypting the CaptureID avoids the negative impacts that > bad construction can have that I can think of. Thus, I support going in > that direction. > > When it comes to the security solution I would recommend copying the > text and then make the edits. There is at least two additions, the MUST > encrypt RTCP, and the MUST implement RFC 6904 and use it to encrypt the > CaptureID header extension. Please be explicit and clear in the CLUE > level document on what security solutions that needs to be implemented > and use. > > Reasons for copying the text, is that there are differences between > RTCWeb and CLUE, and in addition I think the implementation > considerations and potential needs to later revise the specification are > different. I am not certain CLUE will want to be required to follow any > changes that RTCWeb does in the future. > > I would also note that I think you need at least to put in a short > paragraph about the CaptureID value. Something like this. > > The construction of the CaptureID value is implementation dependent and > is not tightly restricted. Therefore there exist a risk that the > CaptureID contains privacy sensitive information or otherwise revealing > information about the communication session to third parties. Therefore > confidentiality protection is always applied to avoid this risk. > > Cheers > > Magnus > > Den 2017-01-18 kl. 10:44, skrev Roni Even: >> Hi, The text I added to the -11 version "The CaptureID is created as >> part of the CLUE protocol. The CaptId SDES item is used to convey >> the same CaptureID value in the SDES item. When sending the SDES >> item the security considertion specied in the security section of >> [RFC7941] are applicable and this SDES item MUST use similar security >> as the CLUE protocol messages carried in the CLUE data channel." >> >> Say that " this SDES item MUST use similar security as the CLUE >> protocol messages carried in the CLUE data channel." The CLUE data >> channel document >> https://tools.ietf.org/html/draft-ietf-clue-datachannel-14#section-4 >> point at >> https://tools.ietf.org/html/draft-ietf-rtcweb-data-channel-13#section-7 >> pointing to >> https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-10 >> >> So we can reference the rtcweb security architecture or use the text >> I copied from there to define a security profile >> >> As for the second item I agree that if we encrypt the content in the >> CLUE data channel that includes the captureID, we need also to >> encrypt RTCP with the captureID SDES item and it does not matter how >> we create the captureID value, so maybe if we mandate encrypting the >> SDES item there is no strong need for specifying how to create >> CaptureID . Note that the CaptureID is not use to provide >> human-readable textual information which is in the description >> attribute. >> >> Roni >> >>> -----Original Message----- From: Magnus Westerlund >>> [mailto:magnus.westerlund@ericsson.com] Sent: יום ד 18 ינואר 2017 >>> 10:45 To: Roni Even; clue@ietf.org Cc: Jonathan Lennox Subject: Re: >>> Comments on CaptureID and security >>> >>> Hi, >>> >>> A comment about the below. I have an issue raised against the below >>> quoted text from the rtcweb-security-architecture in the RTCWeb WG, >>> as it fails to specify if RTCP encryption is mandatory to use or >>> not. There are protection profiles that only have confidentiality >>> protection for RTP, and not for RTCP. I would recommend requiring >>> confidentiality protection also of RTCP. >>> >>> The second note on the below is that depending on the outcome of >>> the security requirements for the CaptureID RTP header extension, >>> you might in addition have to require RFC 6904, implementation and >>> usage for the CaptureId header extension field. Or rather if you >>> write nothing it will by default be required if you encrypt RTCP, >>> due to RFC 7941. But, I really recommend that you are explicit on >>> this matter. It comes down to what security risks the field >>> entails. What information will it leak to a third party viewer of >>> the RTP/RTCP stream they can capture. >>> >>> Cheers >>> >>> Magnus >>> >>> Den 2017-01-18 kl. 09:33, skrev Roni Even: >>>> 2. What do we want to say about supported security profile? >>>> For example does the following directive from >>>> https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-12#section-5.5 >>>> >>>> >>>> > looks good for CLUE? >>>> >>>> >>>> >>>> “Implementations MUST implement SRTP [RFC3711 >>>> <https://tools.ietf.org/html/rfc3711>]. Implementations MUST >>>> >>>> implement DTLS [RFC4347 <https://tools.ietf.org/html/rfc4347>] >>>> and DTLS-SRTP [RFC5763 >>>> <https://tools.ietf.org/html/rfc5763>][RFC5764] for >>> SRTP >>>> >>>> keying. Implementations MUST implement >>>> >>>> [I-D.ietf-tsvwg-sctp-dtls-encaps >>>> <https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-12#ref-I- >>> >>>> > D.ietf-tsvwg-sctp-dtls-encaps>]. >>>> >>>> >>>> >>>> All media channels MUST be secured via SRTP. Media traffic MUST >>>> NOT >>>> >>>> be sent over plain (unencrypted) RTP; that is, implementations >>>> MUST >>>> >>>> NOT negotiate cipher suites with NULL encryption modes. >>>> DTLS-SRTP >>>> >>>> MUST be offered for every media channel. >>>> >>>> >>>> >>>> All data channels MUST be secured via DTLS. >>>> >>>> >>>> >>>> All implementations MUST implement DTLS 1.0, with the cipher >>>> suite >>>> >>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA with the the P-256 curve >>>> >>>> [FIPS186 >>>> <https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-12#ref- >>> >>>> > FIPS186>]. >>>> The DTLS-SRTP protection profile >>>> >>>> SRTP_AES128_CM_HMAC_SHA1_80 MUST be supported for SRTP. >>>> >>>> Implementations SHOULD implement DTLS 1.2 with the >>>> >>>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite. >>>> >>>> Implementations MUST favor cipher suites which support PFS over >>>> non- >>>> >>>> PFS cipher suites and SHOULD favor AEAD over non-AEAD cipher >>>> suites. >>>> >>>> “ >>> >>> >>> -- >>> >>> Magnus Westerlund >>> >>> ---------------------------------------------------------------------- >>> >>> > Services, Media and Network features, Ericsson Research EAB/TXM >>> ---------------------------------------------------------------------- >>> >>> > Ericsson AB | Phone +46 10 7148287 >>> Färögatan 6 | Mobile +46 73 0949079 SE-164 80 >>> Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com >>> ---------------------------------------------------------------------- >> >>>
- [clue] Comments on CaptureID and security Roni Even
- Re: [clue] Comments on CaptureID and security Magnus Westerlund
- Re: [clue] Comments on CaptureID and security Roni Even
- Re: [clue] Comments on CaptureID and security Magnus Westerlund
- Re: [clue] Comments on CaptureID and security Roni Even
- Re: [clue] Comments on CaptureID and security Paul Kyzivat
- Re: [clue] Comments on CaptureID and security Christian Groves
- Re: [clue] Comments on CaptureID and security Roni Even
- Re: [clue] Comments on CaptureID and security Roni Even
- Re: [clue] Comments on CaptureID and security Roni Even
- Re: [clue] Comments on CaptureID and security Roni Even
- Re: [clue] Comments on CaptureID and security Paul Kyzivat
- Re: [clue] Comments on CaptureID and security Roni Even
- Re: [clue] Comments on CaptureID and security Magnus Westerlund