Re: [MMUSIC] draft-dtls-sdp: Allow offerer to establish DTLS association before it has received the SDP answer?
Martin Thomson <martin.thomson@gmail.com> Fri, 26 May 2017 11:02 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D363E129C53 for <mmusic@ietfa.amsl.com>; Fri, 26 May 2017 04:02:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 54ORFM6DnjHQ for <mmusic@ietfa.amsl.com>; Fri, 26 May 2017 04:02:01 -0700 (PDT)
Received: from mail-lf0-x22b.google.com (mail-lf0-x22b.google.com [IPv6:2a00:1450:4010:c07::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29963126B71 for <mmusic@ietf.org>; Fri, 26 May 2017 04:02:01 -0700 (PDT)
Received: by mail-lf0-x22b.google.com with SMTP id h4so4188542lfj.3 for <mmusic@ietf.org>; Fri, 26 May 2017 04:02:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bOmTRPAy/8ycsB9lYabz7hmj5xr2nYfIsi7nLAh5D1w=; b=lxnErCxSep/wd4YzW4Fws8+Kpy/AMMhHQbhubz+f2mL4YQIC3l2UgWByClyFsRhG9Q QHipNE2jolltk2Z6EdsRc07cKzOxNGTdWeGVvMCCj4T+h7uV5dKrVrKHPX+soBVxH2iG kzeou/gd+ojzaw7Fkx+vDdp3TsYy66jPDg9oO3eWUBD0c5+YWyfgnoTxnFguVS70WFXZ NDaTfFF571jDUT0L438GWiThBhcxPiDHnDW92M26REhRehiT3o/AD1i0QY6osfvEDuzm gsdlYduhdigCZocj2l3RPOTIRunUG4/nSuDLBWR6JgjqiRW5qA/+VCAYH9WS98sipri5 WYsw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bOmTRPAy/8ycsB9lYabz7hmj5xr2nYfIsi7nLAh5D1w=; b=XznHBCSyUr8dKkG3cs5BfBAU0w0nTDqDn6anK0Jbdo/krJ1PlOa35nrq7b6O12uDHH PNULY834AF04t+ST+pHRIaJJpkHiJXX8ll/QvfIaWJUAtH/zpDx/rWX3p66jSWv7YP82 qOHSDnmqsEeuOItGl6G7HozDe6SzOPSzeQultClBgc+tbDxOaUqor7gjSwOV2mlJmFSm 7MrHBDqw4H8+1087wOukBPx5SjJhi+OZ7MUOnk5XnZRSlwIP1eMcX5n1hvTLadob9ziB 5QBw+SzCLJ3lPEOpD2JLa4yXHtnICoc0JfuDdE/zCEdLyYfSLGXGmLLUopBCOH9+/crf VhSg==
X-Gm-Message-State: AODbwcBuGJYeovHLjwbjrTO75HPwRhvzDu0XaEKo3QRu60MkJSTsI3Iv 5fGFwJ4LPMpLfmu5gGjvf5lxCcmiLw==
X-Received: by 10.25.201.145 with SMTP id z139mr507236lff.172.1495796519218; Fri, 26 May 2017 04:01:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.46.22.73 with HTTP; Fri, 26 May 2017 04:01:58 -0700 (PDT)
In-Reply-To: <CABcZeBN000+Qm=FJpB_6bp8WYQhQ7E84XVYO4bXyby2U-DcWew@mail.gmail.com>
References: <D5407B8A.1C98B%christer.holmberg@ericsson.com> <CABcZeBN+91+kf8j599CpdiHu62QoOu4Xbkb5xhEEwSQp_LGxFw@mail.gmail.com> <CAD5OKxsFwbQPK2jz-BnS3Re6df2tU1RzuFgWx1f8xKio6NdJTQ@mail.gmail.com> <CABcZeBNoOaZaotNjz35CT=9Vb8ktHysnp9hZZu4=yK3oz5=2Fw@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B4CBA529B@ESESSMB109.ericsson.se> <D5487BC2.1CF8E%christer.holmberg@ericsson.com> <CABkgnnXzzKMWrPaGq6mho=Dmq7Hjbi_G4Ng1O6LBCTL-1Pt-hA@mail.gmail.com> <D549E2A8.1D08C%christer.holmberg@ericsson.com> <CABkgnnXY+uwW=iPjT3O=TmnYj4CD-PYRYkSMTWc5QiFEVBsNiA@mail.gmail.com> <D549E62B.1D0A3%christer.holmberg@ericsson.com> <CABkgnnWSm0T3n0Lrqx3WCqDmPutLDXtkfwK8Pc+0fYdJa+q=hw@mail.gmail.com> <D54DB2E1.1D299%christer.holmberg@ericsson.com> <CABcZeBN000+Qm=FJpB_6bp8WYQhQ7E84XVYO4bXyby2U-DcWew@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 26 May 2017 21:01:58 +1000
Message-ID: <CABkgnnXXCj55+f0pG0_5PeAB0GMi3m4EdgPUFFv2=-07uxb_Yw@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Christer Holmberg <christer.holmberg@ericsson.com>, "mmusic@ietf.org" <mmusic@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/1G_7wv3ywNBJ7I8-TsS6jXwEITU>
Subject: Re: [MMUSIC] draft-dtls-sdp: Allow offerer to establish DTLS association before it has received the SDP answer?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 May 2017 11:02:03 -0000
On 26 May 2017 at 20:37, Eric Rescorla <ekr@rtfm.com> wrote: > Also, you say that if you initiate the handshake before the answer > is received you are vulnerable to attacks. What attacks are those? It should be "complete" - on the assumption that a completed handshake leads immediately to using the connection. Really, it's using the connection (sending or receiving data or using exporters) that puts you at risk, but I don't think that it's worth putting that fine a distinction on it.
- [MMUSIC] draft-dtls-sdp: Allow offerer to establi… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Eric Rescorla
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Roman Shpount
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Eric Rescorla
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Martin Thomson
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Cullen Jennings
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Martin Thomson
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Martin Thomson
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Eric Rescorla
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Martin Thomson
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- [MMUSIC] Fwd: draft-dtls-sdp: Allow offerer to es… Ben Campbell
- Re: [MMUSIC] Fwd: draft-dtls-sdp: Allow offerer t… Cullen Jennings
- Re: [MMUSIC] Fwd: draft-dtls-sdp: Allow offerer t… Roman Shpount
- Re: [MMUSIC] Fwd: draft-dtls-sdp: Allow offerer t… Christer Holmberg
- Re: [MMUSIC] Fwd: draft-dtls-sdp: Allow offerer t… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Cullen Jennings
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Roman Shpount
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Flemming Andreasen
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Roman Shpount
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Eric Rescorla
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Cullen Jennings
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Roman Shpount
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Paul Kyzivat
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Roman Shpount
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Cullen Jennings
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Roman Shpount
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Cullen Jennings
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Roman Shpount
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg