Re: [dispatch] [RAI] MSRP Expert Review of draft-pd-dispatch-msrp-websocket-04

Ben Campbell <ben@nostrum.com> Sat, 11 January 2014 21:54 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D889F1A1F61; Sat, 11 Jan 2014 13:54:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.036
X-Spam-Level:
X-Spam-Status: No, score=-1.036 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eR3gv9N-ruNk; Sat, 11 Jan 2014 13:54:22 -0800 (PST)
Received: from shaman.nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by ietfa.amsl.com (Postfix) with ESMTP id 1E4C81A1F4C; Sat, 11 Jan 2014 13:54:22 -0800 (PST)
Received: from [10.0.1.29] (cpe-173-172-146-58.tx.res.rr.com [173.172.146.58]) (authenticated bits=0) by shaman.nostrum.com (8.14.3/8.14.3) with ESMTP id s0BLs7YL076321 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sat, 11 Jan 2014 15:54:08 -0600 (CST) (envelope-from ben@nostrum.com)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Ben Campbell <ben@nostrum.com>
In-Reply-To: <45B84D8F-AD8C-4B28-90DF-9B1C40771104@nostrum.com>
Date: Sat, 11 Jan 2014 15:54:08 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <6833E320-7B45-4FC2-853B-62311DCF7E7B@nostrum.com>
References: <45B84D8F-AD8C-4B28-90DF-9B1C40771104@nostrum.com>
To: draft-pd-dispatch-msrp-websocket.all@tools.ietf.org, Mary Barnes <mary.ietf.barnes@gmail.com>
X-Mailer: Apple Mail (2.1827)
Received-SPF: pass (shaman.nostrum.com: 173.172.146.58 is authenticated by a trusted mechanism)
Cc: DISPATCH <dispatch@ietf.org>, rai@ietf.org
Subject: Re: [dispatch] [RAI] MSRP Expert Review of draft-pd-dispatch-msrp-websocket-04
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jan 2014 21:54:25 -0000

On Jan 10, 2014, at 5:34 PM, Ben Campbell <ben@nostrum.com> wrote:

> --3
> 
> I am not happy with the downgrade of of the TLS requirement between client and relay. I recognize that WebSocket

Robert pointed out to me that my comments on this section were truncated. Apparently I'm not qualified for this email gizmo. Here's another try:

I recognize that the WebSocket API limits the application's ability to control the security parameters of the connection. I think this is a general issue for moving application protocols to use WebSocket, that perhaps needs to be addressed in the WebSocket API.  We probably need an whole IETF (or at least RAI+APPS) policy for how to handle this. But MSRP is somewhat unusual in having a "MUST use" TLS requirement, and in the current security climate we need to take a really hard look at anything that weakens the normative security requirements of a messaging protocol.

I don't have an answer for how to proceed, but at a minimum I would like to see considerably more discussion of the implications and any potential mitigation of this in the Security Considerations sections.