Re: [MMUSIC] draft-dtls-sdp: Allow offerer to establish DTLS association before it has received the SDP answer?
Roman Shpount <roman@telurix.com> Fri, 09 June 2017 00:36 UTC
Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1CDE12EAB2 for <mmusic@ietfa.amsl.com>; Thu, 8 Jun 2017 17:36:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_SORBS_SPAM=0.5, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xUowxwgRhpHl for <mmusic@ietfa.amsl.com>; Thu, 8 Jun 2017 17:36:53 -0700 (PDT)
Received: from mail-it0-x22a.google.com (mail-it0-x22a.google.com [IPv6:2607:f8b0:4001:c0b::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CFBA129C12 for <mmusic@ietf.org>; Thu, 8 Jun 2017 17:36:53 -0700 (PDT)
Received: by mail-it0-x22a.google.com with SMTP id m62so131235612itc.0 for <mmusic@ietf.org>; Thu, 08 Jun 2017 17:36:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=8UTu6A92y6tMnw3cLYn8HhT+gRKU6VMsjnuyjdOyU0E=; b=S+/qTuzAIXplrgdyv+SBzlLwgLmzzlLDpsmzDW8roFSAmPxSCeas8blfTQr408AXq2 kuEpeSrw26QpMH9X7t48zq1wfNRCUFRPiEVIPwdvBji0RUMvEjY6okZXu+OpMwaQUiGQ +qttBHHe9qh1O6OCEyqpq8zJct4sIqrQfxveJEEL590NMlKkUmRWnJt0nGkk4GeKKIgZ ux+vL08Eu5LUOGdB4nuV3i1YUJH4kVkM8fpTtcUK0ibBiHboZpX8bFTZYDLcWpizbjCv Wh8+2+Tyo27Qg01E5pMa9JjrTu1zHLK2RMVElRRWsnRT93NvTc9CPnkXn7/i5UXJ8PSI 1rFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=8UTu6A92y6tMnw3cLYn8HhT+gRKU6VMsjnuyjdOyU0E=; b=Ga16B0DnOCZ1meF2SiU9sLjZf13k8eO7QrlRZJo31LEU+aVin4ZolrZhlxCZhwGTW5 /Oirr4wcnGH1R/2nhNWEIVkojOAaogpniOltRprEPN4uNgY0HTHH71yQu1cM6GD1iz78 zNejk+AqIusbjmbmRi017pLOel71oLzAHJHOM4kkmgqGGv6Y2vFXP5mYMdyHw3DYRWsc kSSmoIH1YWcOInOz+TPa9Tdw/44xqCpDE2gK2tVH9+2tiuaD8Wcpt+036+LOmrIM7SZU RTHIpgMpF2DJ0trzGfbOStAKcB/pHrw1JsODzNffgFDtBehtmm0BE8FF0nPoenGpf8n0 0eqA==
X-Gm-Message-State: AODbwcAN/SVeyk3agGgj/XiGZuLL9/BoTrcMSzLUDRqCB6LXjqgg/5uq oUU5gZ2BYnkPWBBZ6YE=
X-Received: by 10.36.40.17 with SMTP id h17mr8569527ith.39.1496968612597; Thu, 08 Jun 2017 17:36:52 -0700 (PDT)
Received: from mail-pf0-f169.google.com (mail-pf0-f169.google.com. [209.85.192.169]) by smtp.gmail.com with ESMTPSA id 197sm162799ity.5.2017.06.08.17.36.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 08 Jun 2017 17:36:51 -0700 (PDT)
Received: by mail-pf0-f169.google.com with SMTP id x63so22477569pff.3; Thu, 08 Jun 2017 17:36:50 -0700 (PDT)
X-Received: by 10.84.132.98 with SMTP id 89mr36963240ple.29.1496968610381; Thu, 08 Jun 2017 17:36:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.169.66 with HTTP; Thu, 8 Jun 2017 17:36:49 -0700 (PDT)
In-Reply-To: <46506F82-3944-471C-80E9-D622EB3E1211@iii.ca>
References: <D551D683.1D429%christer.holmberg@ericsson.com> <22C94242-218F-4724-AE92-E0B1E8DC2C82@nostrum.com> <21E8BA9D-E442-4DBC-8A7D-CEDFD5F54F8B@iii.ca> <CAD5OKxujAuzJt4QD6JXKHkVd4JB_nO5Th6KXjavMBww=W4644Q@mail.gmail.com> <6125EAB1-A827-4E0F-B756-78F85BB411CD@iii.ca> <CAD5OKxutcpUzh1yLA2kukmYmiHQg3+6fuXbaD0w73gzsAHEXzg@mail.gmail.com> <e80f0fbe-221e-aa9b-33bd-24d2ff50fe84@cisco.com> <6D9B0AD9-F9C9-4DF6-A2AB-D160094E5FE3@iii.ca> <CAD5OKxsZMei6FYDPWVcrjt0X6fy4h_=Odybjczpc8VpEgFSrQg@mail.gmail.com> <46506F82-3944-471C-80E9-D622EB3E1211@iii.ca>
From: Roman Shpount <roman@telurix.com>
Date: Thu, 08 Jun 2017 20:36:49 -0400
X-Gmail-Original-Message-ID: <CAD5OKxsWM0SevCiMZ9jJQn_PsEp5hhJ=0BODOm_UXa0P_1_nwQ@mail.gmail.com>
Message-ID: <CAD5OKxsWM0SevCiMZ9jJQn_PsEp5hhJ=0BODOm_UXa0P_1_nwQ@mail.gmail.com>
To: Cullen Jennings <fluffy@iii.ca>
Cc: Flemming Andreasen <fandreas@cisco.com>, Ben Campbell <ben@nostrum.com>, Eric Rescorla <ekr@rtfm.com>, Martin Thomson <martin.thomson@gmail.com>, Christer Holmberg <christer.holmberg@ericsson.com>, mmusic-chairs@ietf.org, mmusic <mmusic@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c12572a430b8a05517c2ac4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/1vW4bxAXKrZSHB8Niy4BXUsFSaQ>
Subject: Re: [MMUSIC] draft-dtls-sdp: Allow offerer to establish DTLS association before it has received the SDP answer?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jun 2017 00:36:55 -0000
On Thu, Jun 8, 2017 at 8:03 PM, Cullen Jennings <fluffy@iii.ca> wrote: > > > On Jun 8, 2017, at 10:49 AM, Roman Shpount <roman@telurix.com> wrote: > > > > We can expand the language regarding unverified DTLS association that > end point SHOULD inform the end user when unverified media is played and > SHOULD not send user generated media until stream is verified. > > > > I also want to add that fingerprints SHOULD be sent over integrity > protected signaling channel. I think this should address your concern about > the Answer identity. I think specifics of integrity protection of > fingerprint delivery is outside of scope of this draft. > > > > Would this address your comments? > > No. > > You keep trying to design the overall security of every system that uses > this draft in this draft and that won't work. You need to let the system > that use this draft define out the security for that system works. All we > need here is to define how to set up a DTLS session using TLS. How any > systems decides to use identity founds in TLS is complicated and differs > for different usages. That's the same here - how the fingerprint are bound > to identities changes for different usages of this. For example, the > important part is to know who the media is coming from or going to. In some > cases, integrity protection channels from trusted sources might provide > that the SIP From header and fingerprint were matched together and helped > solve that. But in some case, for example the work on passport at IETF, it > is not the integrity protected channel that that mattered, it was a > signature on a the passport object that tied the fingerprint to the > identity that is important. > > What would help is if the first thing is do we agree on the points I sent > out and if not, lets figure out why, and if yes, then we can work on text. > You have mentioned that we removed the requirement that session description should be sent over integrity protected channel. This requirement was present in https://tools.ietf.org/html/rfc5763#section-5 and got removed in this draft. I assumed you wanted to bring this back. I understand that until answer identity and integrity is verified and until fingerprint is matched, received media is coming from an unverified source and ultimately not secure. Validation of session description identity and integrity is something that is outside of scope of this document. Stating that this document only provides a partial solution and that it SHOULD be used with a signaling channel that provides identity and integrity validation in order to guarantee that data delivered over DTLS association is secure is very much in scope. It should also be in scope to state that media can be received before DTLS association is verified and that it is up to the application if this media should be played and how to appropriately inform the user. I am trying to understand what exactly you are trying to change in my proposal. I am trying to propose something that addresses your points but apparently I am getting wrong. So, can you propose the text? Regarding handling of data, we just finished datachannel related drafts. None of them define how data sent over SCTP association is supposed to be handled before DTLS association is verified. If this information is not present in any of those drafts, should it simply be left undefined? Keep in mind that people (like W3C in regard of webrtc) are asking how unverified media and data should be handled. If anything, some guideline should be provided in security considerations section of this draft. Regards, _____________ Roman Shpount
- [MMUSIC] draft-dtls-sdp: Allow offerer to establi… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Eric Rescorla
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Roman Shpount
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Eric Rescorla
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Martin Thomson
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Cullen Jennings
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Martin Thomson
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Martin Thomson
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Eric Rescorla
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Martin Thomson
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- [MMUSIC] Fwd: draft-dtls-sdp: Allow offerer to es… Ben Campbell
- Re: [MMUSIC] Fwd: draft-dtls-sdp: Allow offerer t… Cullen Jennings
- Re: [MMUSIC] Fwd: draft-dtls-sdp: Allow offerer t… Roman Shpount
- Re: [MMUSIC] Fwd: draft-dtls-sdp: Allow offerer t… Christer Holmberg
- Re: [MMUSIC] Fwd: draft-dtls-sdp: Allow offerer t… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Cullen Jennings
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Roman Shpount
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Flemming Andreasen
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Roman Shpount
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Eric Rescorla
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Cullen Jennings
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Roman Shpount
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Paul Kyzivat
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Roman Shpount
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Cullen Jennings
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Roman Shpount
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Cullen Jennings
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Roman Shpount
- Re: [MMUSIC] draft-dtls-sdp: Allow offerer to est… Christer Holmberg