IETF Logo Mail Archive

Re: [AVT] Last Call: draft-zimmermann-avt-zrtp (ZRTP: Media Path Key Agreement for Secure RTP) to Informational RFC

Colin Perkins <csp@csperkins.org> Wed, 28 April 2010 11:36 UTC

Return-Path: <csp@csperkins.org>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 35CA93A6BC0; Wed, 28 Apr 2010 04:36:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.153
X-Spam-Level:
X-Spam-Status: No, score=-2.153 tagged_above=-999 required=5 tests=[AWL=-1.154, BAYES_50=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n55ZICMDQD1d; Wed, 28 Apr 2010 04:36:47 -0700 (PDT)
Received: from lon1-msapost-2.mail.demon.net (lon1-msapost-2.mail.demon.net [195.173.77.181]) by core3.amsl.com (Postfix) with ESMTP id DE67E3A6BBA; Wed, 28 Apr 2010 04:36:41 -0700 (PDT)
Received: from mangole.dcs.gla.ac.uk ([130.209.247.112]) by lon1-post-2.mail.demon.net with esmtpsa (AUTH csperkins-dwh) (TLSv1:AES128-SHA:128) (Exim 4.69) id 1O75Z6-0005bR-cB; Wed, 28 Apr 2010 11:36:28 +0000
Message-Id: <D6609CA5-04DB-49A1-B931-DB98B6482FC8@csperkins.org>
From: Colin Perkins <csp@csperkins.org>
To: Alan Johnston <alan.b.johnston@gmail.com>
In-Reply-To: <4BD1D5C4.7000603@gmail.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Subject: Re: [AVT] Last Call: draft-zimmermann-avt-zrtp (ZRTP: Media Path Key Agreement for Secure RTP) to Informational RFC
Date: Wed, 28 Apr 2010 12:36:27 +0100
References: <20100317222658.185643A68C3@core3.amsl.com> <8238542A-E026-4214-B9A0-1AA212712714@csperkins.org> <4BD1D5C4.7000603@gmail.com>
X-Mailer: Apple Mail (2.936)
Cc: Philip Zimmermann <prz@mit.edu>, ietf@ietf.org, IETF AVT WG <avt@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Apr 2010 11:36:49 -0000

Alan,

Thanks for your response - some comments inline.
Colin

On 23 Apr 2010, at 18:15, Alan Johnston wrote:

> Colin,
>
> Thank you for your detailed review of the draft.  See my comments  
> below.
>
> - Alan -
>
> On 4/13/10 12:19 PM, Colin Perkins wrote:
>> On 17 Mar 2010, at 22:26, The IESG wrote:
>>> The IESG has received a request from an individual submitter to  
>>> consider the following document:
>>>
>>> - 'ZRTP: Media Path Key Agreement for Secure RTP '
>>>  <draft-zimmermann-avt-zrtp-17.txt> as an Informational RFC
>>>
>>> The IESG plans to make a decision in the next few weeks, and  
>>> solicits final comments on this action.  Please send substantive  
>>> comments to the ietf@ietf.org mailing lists by 2010-04-14.  
>>> Exceptionally, comments may be sent to iesg@ietf.org instead. In  
>>> either case, please retain the beginning of the Subject line to  
>>> allow automated sorting.
>>
>>
>> I've reviewed this draft, and have a number of comments. The main  
>> issue is the scope of the protocol: it claims to be "Media Path Key  
>> Agreement for Secure RTP", but may be better titled "Media Path Key  
>> Agreement for Unicast Voice Telephony Using Secure RTP". The  
>> majority of RTP sessions cannot be secured using ZRTP, but this  
>> draft is virtually silent on its limitations.
>
> The draft does point out that it is for securing unicast RTP only.   
> For
> example, in Section 1:
>
> "ZRTP is designed for unicast media sessions in which there is a voice
> media stream."
>
> Including unicast in the title does seem to be a reasonable thing to  
> do
> and we will do that.
>
> However, scoping it to voice telephony is not accurate.  While the  
> Short Authentication String is the preferred security mechanism, the  
> protocol also works with digital signatures and can be authenticated  
> using an integrity protected signaling channel. Neither of these  
> methods require a voice channel.
>
> Some details follow:
>>
>> - RTP is explicitly a group communication protocol, that supports a  
>> wide range of topologies [RFC 5117], and a wide range of media  
>> types. ZRTP is defined for point-to-point audio calls or group  
>> audio conferences with a centralised conference bridge, and doesn't  
>> support the full range of RTP topologies or media formats. This is  
>> probably an acceptable limitation, but needs to be much more  
>> clearly documented than in the present draft.
>
> We propose adding unicast to the title and having this as the first
> sentence of the Abstract:
>
> "  This document defines ZRTP, a protocol for media path Diffie- 
> Hellman
>   exchange to agree on a session key and parameters for establishing
>   unicast Secure Real-time Transport Protocol (SRTP) sessions for VoIP
>   applications."

That's fine, but I do think the draft should explicitly refer to RFC  
5117 and state which of the RTP topologies described therein are  
supported.

...
>> - Section 5 uses the SSRC to associate ZRTP messages with an RTP  
>> stream, but doesn't appear to consider the possibility of an SSRC  
>> collision [RFC 3550 section 8.2].
>
> Sure - we should mention that if a VoIP call is forked to two  
> endpoints, and media sessions are established with both, and they  
> both choose the same 32 bit SSRC, then ZRTP will not be able to  
> distinguish between them.

An SSRC collision is possible, if unlikely, for unicast sessions in  
the absence of forking. I believe the draft needs to explicitly  
address what should be done in the event of an SSRC collision  
(presumably you should re-negotiate the security, which should be  
acceptable since collisions are rare).

>> - RTP can run over non-UDP transports, such as TCP and DCCP.  
>> Section 6 of the draft defines retransmission timers for ZRTP that  
>> are reasonable for RTP/UDP/IP sessions, but not for RTP/TCP/IP or  
>> RTP/DCCP/IP sessions. The draft needs to discuss use of ZRTP over  
>> non-UDP transports.
>
> If the media is transported end-to-end using a reliable transport,  
> then
> clearly ZRTP retransmissions are not needed.  However, there can be
> cases involving relays where ZRTP could be sent over a reliable
> transport part of the way, and an unreliable transport the rest of the
> way.  We will add text recommending that if reliable transport is  
> used,
> then the retransmit timers should be lengthened.

It's not clear how such scenarios can be distinguished, but okay. Some  
guidance on the appropriate values for the lengthened timers would be  
helpful.

>> - Section 7.3 discusses relaying ZRTP through a PBX. There appears  
>> to be an assumption that the PBX is configured to provide point to  
>> multipoint service as an RTCP-Terminating MCU (Topo-RTCP- 
>> terminating-MCU in the terminology of RFC 5117). None of the other  
>> topologies defined in RFC 5117 are considered.
>
> I couldn't find where you got this idea from.  A PBX is not going to  
> act as an RTCP-Terminating MCU.  It will most likely act as a B2B  
> for both the signaling and media, but it will still be 1:1.  We can  
> clarify this. ZRTP does not apply to all the topologies of RFC 5117.

But, again, you need to be explicit about how the topologies you're  
describing relate to those of RFC 5117, and which of the RFC 5117  
topologies are supported.

>> - The recommendations in Section 8.3 to avoid VBR traffic with secure
>> calls are at odds with the recent discussion in the AVT working group
>> (IETF 76).
>
> Is this discussion captured in draft-perkins-avt-srtp-vbr-audio?

Yes.

-- 
Colin Perkins
http://csperkins.org/

v2.23.0 | Report a Bug | By Email