[Gen-art] RE: Gen-ART review of draft-ietf-mmusic-securityprecondition-02.txt
Black_David@emc.com Tue, 25 July 2006 14:37 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5O2c-00012G-HC; Tue, 25 Jul 2006 10:37:46 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5O2b-000128-LP for gen-art@ietf.org; Tue, 25 Jul 2006 10:37:45 -0400
Received: from mexforward.lss.emc.com ([128.222.32.20]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G5O2Z-0005Rv-75 for gen-art@ietf.org; Tue, 25 Jul 2006 10:37:45 -0400
Received: from mailhub.lss.emc.com (uraeus.lss.emc.com [10.254.144.14]) by mexforward.lss.emc.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id k6PEbRSb004621; Tue, 25 Jul 2006 10:37:27 -0400 (EDT)
Received: from corpussmtp3.corp.emc.com (corpussmtp3.corp.emc.com [10.254.64.53]) by mailhub.lss.emc.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id k6PEaZmj020061; Tue, 25 Jul 2006 10:37:20 -0400 (EDT)
From: Black_David@emc.com
Received: from CORPUSMX20A.corp.emc.com ([128.221.62.11]) by corpussmtp3.corp.emc.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 25 Jul 2006 10:37:16 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 25 Jul 2006 10:37:16 -0400
Message-ID: <F222151D3323874393F83102D614E05502B670AB@CORPUSMX20A.corp.emc.com>
In-Reply-To: <F222151D3323874393F83102D614E05502B670A0@CORPUSMX20A.corp.emc.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Gen-ART review of draft-ietf-mmusic-securityprecondition-02.txt
Thread-Index: Acavexp/N1YL8mlrT768kALn0lr0IAAfGWjA
To: Black_David@emc.com, gen-art@ietf.org, fandreas@cisco.com, dwing@cisco.com
X-OriginalArrivalTime: 25 Jul 2006 14:37:16.0975 (UTC) FILETIME=[D3ACFBF0:01C6AFF7]
X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.4.0.264935, Antispam-Data: 2006.7.25.71432
X-PerlMx-Spam: Gauge=, SPAM=0%, Reason='EMC_BODY_1+ -3, EMC_FROM_0+ -2, NO_REAL_NAME 0, __C230066_P5 0, __CP_NOT_1 0, __CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CTYPE_CHARSET_QUOTED 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __STOCK_CRUFT 0'
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 6ba8aaf827dcb437101951262f69b3de
Cc: jon.peterson@neustar.biz, jf.mule@cablelabs.com, csp@csperkins.org, jo@acm.org, Black_David@emc.com
Subject: [Gen-art] RE: Gen-ART review of draft-ietf-mmusic-securityprecondition-02.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Errors-To: gen-art-bounces@ietf.org
Oops, serious typo ...
> That handles one of the two concerns, when it is safe to begin using
> the old parameters. The other concern of when it is safe to cease
^^^
new
Sorry,
--David
> -----Original Message-----
> From: Black, David
> Sent: Monday, July 24, 2006 7:44 PM
> To: gen-art@ietf.org; 'fandreas@cisco.com'; 'dwing@cisco.com'
> Cc: Black, David; 'Joerg Ott'; 'Colin Perkins';
> 'Jean-Francois Mule'; 'Peterson, Jon'
> Subject: Gen-ART review of
> draft-ietf-mmusic-securityprecondition-02.txt
>
> Flemming and Dan,
>
> I am the assigned Gen-ART reviewer for
> draft-ietf-mmusic-securityprecondition-02.txt .
>
> For background on Gen-ART, please see the FAQ at
> <http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html>.
>
> Please resolve these comments along with any other
> Last Call comments you may receive.
>
> This draft is on the right track but has open issues,
> described in the review.
>
> The draft does a good job describing the precondition mechanism
> and giving examples of its usage, but has several security
> issues that need attention:
>
> (1) Section 3, near end:
>
> Offers with security preconditions in re-INVITEs or UPDATEs follow
> the rules given in Section 6 of RFC 3312, i.e.:
>
> "Both user agents SHOULD continue using the old session
parameters
> until all the mandatory preconditions are met. At that moment,
> the user agents can begin using the new session parameters."
>
> That handles one of the two concerns, when it is safe to begin using
> the old parameters. The other concern of when it is safe to cease
> using the old parameters also needs to be covered. This is
particularly
> important for security, as when encryption parameters are removed,
> they are typically destroyed making it impossible to process
subsequent
> traffic that uses them. One could easily follow the rule cited here
> and still insert a glitch in an ongoing call by retiring the old
> receive security parameters too early for in-flight traffic.
>
> (2) Section 4.1
>
> SDP2: When B receives the offer and generates an answer, B knows
the
> (send and recv) security parameters of both A and B. However, A
> does not know B's security parameters, so the current status of B's
> "send" security precondition (which equal A's "recv" security
> precondition) is "no". Similarly, A does not know any of B's SDP
> information, so B's "send" security precondition is also "no".
>
> The latter sentence above should refer to B's "recv" security
> precondition. Even with that change, it does not appear to be
correct,
> as based on the reasoning given, B now knows how to decrypt traffic
> from A, even though A can't send traffic yet. Either B's "recv
> security precondition becomes "yes" at this point, or a longer
> discussion is needed of B's behavior with respect to the "recv"
> precondition. The former is preferable, as one would like to ensure
> that the ability to receive is established before the counterparty
> tries to send.
>
> Section 4.2 has an analogous issue (when does B's "recv" become "yes")
> at SDP2, but without the "send" vs. "recv" confusion:
>
> Similarly, A does not know any of B's SDP information, so B's
"recv"
> security precondition is also "no"
>
> It needs the same treatment (either B's "recv" becomes "yes" at this
> stage, or a longer explanation is provided).
>
> In both 4.1 and 4.2, if B's "recv" does not become "yes" until SDP4,
> an explanation needs to be added about why A will not send traffic
> using B's security parameters until A receives the PRACK and/or the
> 180 (Ringing) Response, or alternatively why it is ok to discard any
> such traffic at B.
>
> (3) Section 5, Security Considerations
>
> The discussion of offering both a secure and non-secure stream
> alternative is confusing, and missing some important points.
> It should be cleaned up and address the following three points:
>
> a) Since support does not exist to combine secure and non-secure
> alternatives in an offer, this draft should say that such combinations
> SHOULD NOT be used until the work to specify them is complete.
> Alternatively, the draft should explain how [SDPCN] supports this
> combination and include [SDPCN] as a normative reference.
>
> b) When secure and non-secure streams are offered as alternatives,
> the offerer's security policy includes "no security is acceptable".
> This needs to be stated. In addition, the "downgrade" attack where
> a man-in-the-middle removes the secure alternative(s) needs to be
> discussed. I believe that signaling integrity (as discussed earlier
> in the section) is the countermeasure for this "downgrade" attack,
> but end-to-end authentication (or hop-by-hop authentication of all
> hops) is necessary to achieve this result - that should also
> be stated.
>
> c) The end of the next-to-last paragraph says (wrt an active attacker
> injecting unsecured packets):
>
> Use of security preconditions would not address this
> vulnerability since security preconditions do not guarantee that a
> media stream established is secure, even if the strength-tag is
> "mandatory".
>
> It should be the case that security preconditions + a policy requiring
> secure connections + signaling integrity is sufficient to address
> this vulnerability, and that needs to be stated. The last sentence
> in the last paragraph of Section 5 has a similar issue.
>
> --- Nits
>
> The header of the draft needs to say that it Updates: RFC 3312 (and
> RFC 4032 if that is also affected).
>
> Section 3, near beginning:
>
> Note
> though, that use of SRTP without authentication is discouraged.
>
> Due to the use of "integrity" elsewhere in this draft,
"authentication"
> will be interpreted by default as per-session entity authentication.
> If per-packet authentication (i.e., keyed message integrity check)
> was intended, language including the word "integrity" should be used
> for consistency with the rest of the draft.
>
> Thanks,
> --David
> ----------------------------------------------------
> David L. Black, Senior Technologist
> EMC Corporation, 176 South St., Hopkinton, MA 01748
> +1 (508) 293-7953 FAX: +1 (508) 293-7786
> black_david@emc.com Mobile: +1 (978) 394-7754
> ----------------------------------------------------
>
_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www1.ietf.org/mailman/listinfo/gen-art