IETF Logo Mail Archive

Re: [dispatch] Identity Adhoc - Nov 9th: Notes available

Francois Audet <audet.francois@gmail.com> Mon, 16 November 2009 22:06 UTC

Return-Path: <audet.francois@gmail.com>
X-Original-To: dispatch@core3.amsl.com
Delivered-To: dispatch@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C496A3A6B32 for <dispatch@core3.amsl.com>; Mon, 16 Nov 2009 14:06:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id REjtPYvnUqNZ for <dispatch@core3.amsl.com>; Mon, 16 Nov 2009 14:06:17 -0800 (PST)
Received: from mail-bw0-f223.google.com (mail-bw0-f223.google.com [209.85.218.223]) by core3.amsl.com (Postfix) with ESMTP id 337123A6B2B for <dispatch@ietf.org>; Mon, 16 Nov 2009 14:06:17 -0800 (PST)
Received: by bwz23 with SMTP id 23so6294526bwz.29 for <dispatch@ietf.org>; Mon, 16 Nov 2009 14:06:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to:x-mailer; bh=T2U9izL2UYHCo5Ofo3rAVt6hua9HTnvHGLtFaehumRk=; b=q1f9sb86/hxjwChhoz2dbqSZos79mLB8LnlcZeX9I1wI+L9vPkAeRo+r+gVhJG0aHt PMaz5DcCpZ/vj896kb8BozAS6mdsBKMauNmVzLKnY8FO7ZSX/cazKmowgUDO2F/8Hpe8 A/gBhbdCGgzeyNIRxqBpBmCEL67ibPqSGj7XY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; b=IMkVBg+gr1xN6n1i87BZREBLlwoUVLBdAy/PAidO9KnJxMS+Dt9+oHPfsCm3q4YikP C+qhyi8LD5MUBJ75NUKXxT9b5VW0Uu6nDS1nFUDgRceq0+B8AjmQj18aA4tmjQJFc2hZ tl/vXWtHQOP3K/sWarpqqmp27KgPXR+frla18=
Received: by 10.204.32.16 with SMTP id a16mr4338115bkd.190.1258409169103; Mon, 16 Nov 2009 14:06:09 -0800 (PST)
Received: from ?192.168.12.175? (89.26.235.80.sta.estpak.ee [80.235.26.89]) by mx.google.com with ESMTPS id 15sm1965952bwz.8.2009.11.16.14.06.06 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 16 Nov 2009 14:06:07 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
From: Francois Audet <audet.francois@gmail.com>
In-Reply-To: <4B01B9E8.7050507@neustar.biz>
Date: Tue, 17 Nov 2009 00:06:03 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <9D78C8C9-96FB-49D7-8B9E-ED6FAA6F8CA3@gmail.com>
References: <F592E36A5C943E4E91F25880D05AD1140CC8E1F3@zrc2hxm0.corp.nortel.com> <4B01A877.4010306@iptel.org> <4B01B9E8.7050507@neustar.biz>
To: Jon Peterson <jon.peterson@neustar.biz>
X-Mailer: Apple Mail (2.1077)
Cc: dispatch@ietf.org
Subject: Re: [dispatch] Identity Adhoc - Nov 9th: Notes available
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dispatch>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Nov 2009 22:06:18 -0000

So, in summary: SDP (and other) modification should only be done on a UA's behalf  by its administrative domain, otherwise, it's unsafe.

Seems reasonable to me.

We seem to recycle the same arguments over and over again....

On Nov 16, 2009, at 22:45 , Jon Peterson wrote:

> 
> I was not arguing against NAT traversal, actually. From the start of the SIP identity work, we considered support for NAT traversal as a requirement. Of course, the authors of RFC4474 assumed that something roughly like ICE would take over this role, and obviously the deployment situation is bit more complicated (we similarly hoped that GRUU would make it unnecessary for intermediaries to modify Contact headers, and so on). Regardless, I still believe we need to have a reasonable story for how an identity mechanism will accommodate NAT traversal.
> 
> To rehash arguments that have circulated in this discussion many times, one must distinguish the NAT traversal case from the "media steering" requirement that has motivated much of the re-examination of identity. RFC4474 signatures are applied not by the user agent (at least not in the typical case), but rather by a server operated by the user agent's administrative domain. The administrative domain can more or less modify signaling arbitrarily before adding an Identity header per RFC4474. Thus, some sort of intermediary that modifies SIP signaling for the sake of NAT traversal can work with RFC4474, provided that the intermediary acts before the Identity header is added.
> 
> While it can therefore be argued that RFC4474 does not rule out intermediary-based NAT traversal entirely, it does protect against any intermediary altering SDP once a request has left the originating administrative domain with an Identity header. The "media steering" use cases that challenge this design are predicated on an intermediary with no necessary relationship to the originating or terminating administrative domain unilaterally modifying SDP in transit, usually in order to force layer 3 routing of media to pass through one or more anchor points in a network - perhaps for the sake of drawing the traffic across a managed circuit with carefully-managed quality, or to facilitate lawful intercept, or what have you. It is that requirement which I have consistently argued is equivalent to exposing this mechanism to a man-in-the-middle attack. If we removed enough protections in the design of RFC4474 to enable media steering by "good" intermediaries, we are effectively also enabling any malicious entities to change those aspects of SIP requests as well.
> 
> I do not find the requirement for NAT traversal unacceptable, but I do consider the requirement for media steering highly dubious at best.
> 
> Jon Peterson
> NeuStar, Inc
> 
> Jiri Kuthan wrote:
>> I think it is worth mentioning and doublechecking a problem we touched
>> in this conversation, which is SIP servers modifying SDP to facilitate
>> NAT traversal. I think Jon P. has said this was unacceptable use-case not
>> good enough as motivation for work related to it, because it exposes
>> such calls to MiTM attacks. Is that right, Jon?
>> 
>> -jiri
>> 
>> Mary Barnes wrote:
>>> 
>>> Hi all,
>>> 
>>> I have uploaded Jim McEachern's notes from the Identity Adhoc yesterday:
>>> http://www.softarmor.com/dispatch/IETF76/Meeting%20notes/Identity-AdHoc-Notes-jmce.doc 
>>> 
>>> Regards,
>>> Mary.
>>> 
>>> 
>>> ------------------------------------------------------------------------
>>> 
>>> _______________________________________________
>>> dispatch mailing list
>>> dispatch@ietf.org
>>> https://www.ietf.org/mailman/listinfo/dispatch
> 
> _______________________________________________
> dispatch mailing list
> dispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/dispatch

v2.23.0 | Report a Bug | By Email