Protocol Action: 'Unknown Key Share Attacks on uses of TLS with the Session Description Protocol (SDP)' to Proposed Standard (draft-ietf-mmusic-sdp-uks-07.txt)
The IESG <iesg-secretary@ietf.org> Tue, 13 August 2019 22:16 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E57E71208E7; Tue, 13 Aug 2019 15:16:57 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'Unknown Key Share Attacks on uses of TLS with the Session Description Protocol (SDP)' to Proposed Standard (draft-ietf-mmusic-sdp-uks-07.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 6.100.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: mmusic-chairs@ietf.org, adam@nostrum.com, mmusic@ietf.org, draft-ietf-mmusic-sdp-uks@ietf.org, Bo Burman <bo.burman@ericsson.com>, bo.burman@ericsson.com, The IESG <iesg@ietf.org>, rfc-editor@rfc-editor.org
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Message-ID: <156573461793.24210.6708806809433111687.idtracker@ietfa.amsl.com>
Date: Tue, 13 Aug 2019 15:16:57 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/IKf0R9t51WmvABFKikm8CJDsSuE>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Aug 2019 22:16:58 -0000
The IESG has approved the following document: - 'Unknown Key Share Attacks on uses of TLS with the Session Description Protocol (SDP)' (draft-ietf-mmusic-sdp-uks-07.txt) as Proposed Standard This document is the product of the Multiparty Multimedia Session Control Working Group. The IESG contact persons are Adam Roach, Alexey Melnikov and Barry Leiba. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-mmusic-sdp-uks/ Technical Summary This document describes unknown key-share attacks on the use of Datagram Transport Layer Security for the Secure Real-Time Transport Protocol (DTLS-SRTP). Similar attacks are described on the use of DTLS-SRTP with the identity bindings used in Web Real-Time Communications (WebRTC) and SIP identity. These attacks are difficult to mount, but they cause a victim to be mislead about the identity of a communicating peer. Simple mitigation techniques are defined for each. Working Group Summary The document’s progress through the working group was unremarkable. Document Quality The document was reviewed and discussed by a small group of key MMUSIC and RTCWEB members. No implementations are known. Personnel Who is the Document Shepherd? Who is the Responsible Area Director? The Document Shepherd is Bo Burman. The Responsible AD is Adam Roach. RFC Editor Note Please make the following two changes to the document. In Section 3.2 OLD An "external_id_hash" extension that is any length other than 0 or 32 is invalid and MUST cause the receiving endpoint to generate a fatal "decode_error" alert. NEW An "external_id_hash" extension with a "binding_hash" field that is any length other than 0 or 32 is invalid and MUST cause the receiving endpoint to generate a fatal "decode_error" alert. Section 6 OLD Without identity assertions, the mitigations in this document prevent the session splicing attack described in Section 4. Defense against session concatenation (Section 5) additionally requires protocol peers are not able to claim the certificate fingerprints of other entities. NEW Without identity assertions, the mitigations in this document prevent the session splicing attack described in Section 4. Defense against session concatenation (Section 5) additionally requires that protocol peers are not able to claim the certificate fingerprints of other entities. (Replace "requires" with "requires that")