[Gen-art] RE: Gen-ART review of draft-ietf-mmusic-securityprecondition-02.txt
Black_David@emc.com Tue, 25 July 2006 14:37 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5O2c-00012G-HC; Tue, 25 Jul 2006 10:37:46 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5O2b-000128-LP for gen-art@ietf.org; Tue, 25 Jul 2006 10:37:45 -0400
Received: from mexforward.lss.emc.com ([128.222.32.20]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G5O2Z-0005Rv-75 for gen-art@ietf.org; Tue, 25 Jul 2006 10:37:45 -0400
Received: from mailhub.lss.emc.com (uraeus.lss.emc.com [10.254.144.14]) by mexforward.lss.emc.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id k6PEbRSb004621; Tue, 25 Jul 2006 10:37:27 -0400 (EDT)
Received: from corpussmtp3.corp.emc.com (corpussmtp3.corp.emc.com [10.254.64.53]) by mailhub.lss.emc.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id k6PEaZmj020061; Tue, 25 Jul 2006 10:37:20 -0400 (EDT)
From: Black_David@emc.com
Received: from CORPUSMX20A.corp.emc.com ([128.221.62.11]) by corpussmtp3.corp.emc.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 25 Jul 2006 10:37:16 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 25 Jul 2006 10:37:16 -0400
Message-ID: <F222151D3323874393F83102D614E05502B670AB@CORPUSMX20A.corp.emc.com>
In-Reply-To: <F222151D3323874393F83102D614E05502B670A0@CORPUSMX20A.corp.emc.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Gen-ART review of draft-ietf-mmusic-securityprecondition-02.txt
Thread-Index: Acavexp/N1YL8mlrT768kALn0lr0IAAfGWjA
To: Black_David@emc.com, gen-art@ietf.org, fandreas@cisco.com, dwing@cisco.com
X-OriginalArrivalTime: 25 Jul 2006 14:37:16.0975 (UTC) FILETIME=[D3ACFBF0:01C6AFF7]
X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.4.0.264935, Antispam-Data: 2006.7.25.71432
X-PerlMx-Spam: Gauge=, SPAM=0%, Reason='EMC_BODY_1+ -3, EMC_FROM_0+ -2, NO_REAL_NAME 0, __C230066_P5 0, __CP_NOT_1 0, __CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CTYPE_CHARSET_QUOTED 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __STOCK_CRUFT 0'
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 6ba8aaf827dcb437101951262f69b3de
Cc: jon.peterson@neustar.biz, jf.mule@cablelabs.com, csp@csperkins.org, jo@acm.org, Black_David@emc.com
Subject: [Gen-art] RE: Gen-ART review of draft-ietf-mmusic-securityprecondition-02.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Errors-To: gen-art-bounces@ietf.org
Oops, serious typo ... > That handles one of the two concerns, when it is safe to begin using > the old parameters. The other concern of when it is safe to cease ^^^ new Sorry, --David > -----Original Message----- > From: Black, David > Sent: Monday, July 24, 2006 7:44 PM > To: gen-art@ietf.org; 'fandreas@cisco.com'; 'dwing@cisco.com' > Cc: Black, David; 'Joerg Ott'; 'Colin Perkins'; > 'Jean-Francois Mule'; 'Peterson, Jon' > Subject: Gen-ART review of > draft-ietf-mmusic-securityprecondition-02.txt > > Flemming and Dan, > > I am the assigned Gen-ART reviewer for > draft-ietf-mmusic-securityprecondition-02.txt . > > For background on Gen-ART, please see the FAQ at > <http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html>. > > Please resolve these comments along with any other > Last Call comments you may receive. > > This draft is on the right track but has open issues, > described in the review. > > The draft does a good job describing the precondition mechanism > and giving examples of its usage, but has several security > issues that need attention: > > (1) Section 3, near end: > > Offers with security preconditions in re-INVITEs or UPDATEs follow > the rules given in Section 6 of RFC 3312, i.e.: > > "Both user agents SHOULD continue using the old session parameters > until all the mandatory preconditions are met. At that moment, > the user agents can begin using the new session parameters." > > That handles one of the two concerns, when it is safe to begin using > the old parameters. The other concern of when it is safe to cease > using the old parameters also needs to be covered. This is particularly > important for security, as when encryption parameters are removed, > they are typically destroyed making it impossible to process subsequent > traffic that uses them. One could easily follow the rule cited here > and still insert a glitch in an ongoing call by retiring the old > receive security parameters too early for in-flight traffic. > > (2) Section 4.1 > > SDP2: When B receives the offer and generates an answer, B knows the > (send and recv) security parameters of both A and B. However, A > does not know B's security parameters, so the current status of B's > "send" security precondition (which equal A's "recv" security > precondition) is "no". Similarly, A does not know any of B's SDP > information, so B's "send" security precondition is also "no". > > The latter sentence above should refer to B's "recv" security > precondition. Even with that change, it does not appear to be correct, > as based on the reasoning given, B now knows how to decrypt traffic > from A, even though A can't send traffic yet. Either B's "recv > security precondition becomes "yes" at this point, or a longer > discussion is needed of B's behavior with respect to the "recv" > precondition. The former is preferable, as one would like to ensure > that the ability to receive is established before the counterparty > tries to send. > > Section 4.2 has an analogous issue (when does B's "recv" become "yes") > at SDP2, but without the "send" vs. "recv" confusion: > > Similarly, A does not know any of B's SDP information, so B's "recv" > security precondition is also "no" > > It needs the same treatment (either B's "recv" becomes "yes" at this > stage, or a longer explanation is provided). > > In both 4.1 and 4.2, if B's "recv" does not become "yes" until SDP4, > an explanation needs to be added about why A will not send traffic > using B's security parameters until A receives the PRACK and/or the > 180 (Ringing) Response, or alternatively why it is ok to discard any > such traffic at B. > > (3) Section 5, Security Considerations > > The discussion of offering both a secure and non-secure stream > alternative is confusing, and missing some important points. > It should be cleaned up and address the following three points: > > a) Since support does not exist to combine secure and non-secure > alternatives in an offer, this draft should say that such combinations > SHOULD NOT be used until the work to specify them is complete. > Alternatively, the draft should explain how [SDPCN] supports this > combination and include [SDPCN] as a normative reference. > > b) When secure and non-secure streams are offered as alternatives, > the offerer's security policy includes "no security is acceptable". > This needs to be stated. In addition, the "downgrade" attack where > a man-in-the-middle removes the secure alternative(s) needs to be > discussed. I believe that signaling integrity (as discussed earlier > in the section) is the countermeasure for this "downgrade" attack, > but end-to-end authentication (or hop-by-hop authentication of all > hops) is necessary to achieve this result - that should also > be stated. > > c) The end of the next-to-last paragraph says (wrt an active attacker > injecting unsecured packets): > > Use of security preconditions would not address this > vulnerability since security preconditions do not guarantee that a > media stream established is secure, even if the strength-tag is > "mandatory". > > It should be the case that security preconditions + a policy requiring > secure connections + signaling integrity is sufficient to address > this vulnerability, and that needs to be stated. The last sentence > in the last paragraph of Section 5 has a similar issue. > > --- Nits > > The header of the draft needs to say that it Updates: RFC 3312 (and > RFC 4032 if that is also affected). > > Section 3, near beginning: > > Note > though, that use of SRTP without authentication is discouraged. > > Due to the use of "integrity" elsewhere in this draft, "authentication" > will be interpreted by default as per-session entity authentication. > If per-packet authentication (i.e., keyed message integrity check) > was intended, language including the word "integrity" should be used > for consistency with the rest of the draft. > > Thanks, > --David > ---------------------------------------------------- > David L. Black, Senior Technologist > EMC Corporation, 176 South St., Hopkinton, MA 01748 > +1 (508) 293-7953 FAX: +1 (508) 293-7786 > black_david@emc.com Mobile: +1 (978) 394-7754 > ---------------------------------------------------- > _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art