IETF Logo Mail Archive

Re: [MMUSIC] Draft new: draft-holmberg-mmusic-udptl-dtls-00

"Schwarz, Albrecht (Albrecht)" <albrecht.schwarz@alcatel-lucent.com> Mon, 02 September 2013 09:04 UTC

Return-Path: <albrecht.schwarz@alcatel-lucent.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B28F21E80A1 for <mmusic@ietfa.amsl.com>; Mon, 2 Sep 2013 02:04:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.398
X-Spam-Level:
X-Spam-Status: No, score=-9.398 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, SARE_OEM_S_DOL=1.2]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3uDCUURFFKhj for <mmusic@ietfa.amsl.com>; Mon, 2 Sep 2013 02:04:47 -0700 (PDT)
Received: from ihemail2.lucent.com (ihemail2.lucent.com [135.245.0.35]) by ietfa.amsl.com (Postfix) with ESMTP id 349E521E80C3 for <mmusic@ietf.org>; Mon, 2 Sep 2013 02:04:46 -0700 (PDT)
Received: from fr712usmtp2.zeu.alcatel-lucent.com (h135-239-2-42.lucent.com [135.239.2.42]) by ihemail2.lucent.com (8.13.8/IER-o) with ESMTP id r8294bFB013258 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 2 Sep 2013 04:04:38 -0500 (CDT)
Received: from FR712WXCHHUB03.zeu.alcatel-lucent.com (fr712wxchhub03.zeu.alcatel-lucent.com [135.239.2.74]) by fr712usmtp2.zeu.alcatel-lucent.com (GMO) with ESMTP id r8294ax9028025 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 2 Sep 2013 11:04:36 +0200
Received: from FR711WXCHMBA03.zeu.alcatel-lucent.com ([169.254.3.135]) by FR712WXCHHUB03.zeu.alcatel-lucent.com ([135.239.2.74]) with mapi id 14.02.0247.003; Mon, 2 Sep 2013 11:04:36 +0200
From: "Schwarz, Albrecht (Albrecht)" <albrecht.schwarz@alcatel-lucent.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Thread-Topic: [MMUSIC] Draft new: draft-holmberg-mmusic-udptl-dtls-00
Thread-Index: Ac6c2+8uzokCW2xnSQeYLTwy0EHdvQAFtGOAAIoTZrABOnz8AAAiwW4gAMlNcqA=
Date: Mon, 02 Sep 2013 09:04:35 +0000
Message-ID: <786615F3A85DF44AA2A76164A71FE1AC09654E@FR711WXCHMBA03.zeu.alcatel-lucent.com>
References: <7594FB04B1934943A5C02806D1A2204B1C46787F@ESESSMB209.ericsson.se> <E158A6F0-2A84-4B81-AFDE-CFF5E1EDE295@cisco.com> <7594FB04B1934943A5C02806D1A2204B1C4754A3@ESESSMB209.ericsson.se> <361F2B18-D0B3-487B-A534-8E8D4604561D@cisco.com> <7594FB04B1934943A5C02806D1A2204B1C47F98F@ESESSMB209.ericsson.se>
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B1C47F98F@ESESSMB209.ericsson.se>
Accept-Language: de-DE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.239.27.40]
Content-Type: multipart/alternative; boundary="_000_786615F3A85DF44AA2A76164A71FE1AC09654EFR711WXCHMBA03zeu_"
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.35
Cc: mmusic WG <mmusic@ietf.org>, "t13sg16q15@lists.itu.int" <t13sg16q15@lists.itu.int>
Subject: Re: [MMUSIC] Draft new: draft-holmberg-mmusic-udptl-dtls-00
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Sep 2013 09:04:56 -0000

Hello Christer,

I did follow the T.38 development in ITU-T a couple of years, but I have to admit that I'm also missing the origins and history of T.4, T.30 and T.38 in the 1990 decade.

The original requirement for secure fax transport was subject of the application protocol itself (e.g. T.30) AFAIK. That's why T.38 is silent on that aspect.

The indication of RTP/SAVP in T.38 (2004) was listed just for completeness, but not really motivated by T.38 security requirements (Paul may correct me).

Further, we should only refer to T.38 2010 (due to the well known issue with V.34G3 fax).



That said, like to suggest following revision proposal to clause 1 and references, see below.

Regards,

Albrecht



PS

Cc'd ITU-T Q.15 SG16, which is technology owner of T.38 in current Study Period.





1.  Introduction



There are three transport options for T.38 fax-over-IP, called "T.38 transport modes" [ITU.T38.2010]. T.38 transport mode "UDPTL/UDP" [ITU.T38.1998] is the predominant protocol for fax transport in

   IP networks.  The protocol stack for fax transport using UDPTL is

   shown in Table 1.



                      +-----------------------------+

                      |           Protocol          |

                      +-----------------------------+

                      | Internet facsimile protocol |

                      +-----------------------------+

                      |            UDPTL            |

                      +-----------------------------+

                      |             UDP             |

                      +-----------------------------+

                      |              IP             |

                      +-----------------------------+



                Table 1: Protocol stack for UDPTL over UDP



T.38 itself does not support integrity and confidentiality protection, because supposed to be subject of the application layer.



NOTE 1: Encryption of end-to-end facsimile transfer between fax devices was/is historically part of the application layer, such as [ITU.T.30] in case of group 3 facsimile equipment (G3FE). See e.g., T.30 "Annex H - Security in facsimile G3 based on the RSA algorithm"



Hence, none of the three T.38 transport modes was required to support additional security.



NOTE 2: Keeping in mind that T.38 communication was/is normally limited between T.38 endpoints located in IP-PSTN gateways (due to G3FE) besides Internet-Aware Fax (IAF) devices).



UDPTL does not offer integrity and confidentiality protection.  To

   enable integrity and confidentiality protection, [ITU.T38.2004]

   specifies fax transport over RTP/SAVP.  However, fax transport over

   RTP/SAVP is not widely supported.



   The 3rd Generation Partnership Project (3GPP) has performed a study

   on how to provide secure fax in the IP Multimedia Subsystem (IMS),  which concluded that secure fax shall be transported using UDPTL over

   DTLS.

NOTE 3: Because, 1st limited end-to-end scope ("IMS domain only") and 2nd support of transport security due to the assumption of unsecured facsimile data at application layer.





...


   [ITU.T38.1998]
              International Telecommunications Union, "Procedures for
              real time Group 3 facsimile communication between
              terminals using IP Networks", ITU-T Recommendation T.38,
              1998.

   [ITU.T38.2004]
              International Telecommunications Union, "Procedures for
              real-time Group 3 facsimile communication over IP
              networks", ITU-T Recommendation T.38, 2004.

   [ITU.T38.2010]

              International Telecommunications Union, "Procedures for

              real time Group 3 facsimile communication between

              terminals using IP Networks", ITU-T Recommendation T.38,

              2010.

https://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-T.38-201009-I!!PDF-E&type=items







-----Original Message-----
From: mmusic-bounces@ietf.org [mailto:mmusic-bounces@ietf.org] On Behalf Of Christer Holmberg
Sent: Donnerstag, 29. August 2013 10:17
To: Dan Wing
Cc: mmusic WG
Subject: Re: [MMUSIC] Draft new: draft-holmberg-mmusic-udptl-dtls-00



Hi Dan,



The protocols listed in draft-ietf-tls-applayerprotoneg-01 are used without SIP/SDP, so using such mechanism makes sense for those protocols.



In SIP, SDP is used to negotiate the media (including nonsecure fax), and I see no reason why we should introduce a new mechanism for secure fax.



Regards,



Christer





-----Original Message-----

From: Dan Wing [mailto:dwing@cisco.com]

Sent: 28. elokuuta 2013 20:41

To: Christer Holmberg

Cc: mmusic WG

Subject: Re: [MMUSIC] Draft new: draft-holmberg-mmusic-udptl-dtls-00





On Aug 22, 2013, at 2:37 AM, Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>> wrote:



> Hi Dan,

>

> Regarding the 3GPP SA3 study, the information I gave was a little misleading. From a security perspective SRTP would be fine.

>

> The focus of the SA3 study was on how to provide security for the existing fax transmission mechanism, which uses UDPTL/UDP.

>

> 3GPP already mandates IMS terminals to support UDPTL/UDP for unsecure fax. And, new terminals (supporting secure fax) are still required to also support unsecure fax, in order to communicate with legacy terminals when unsecure fax is sufficient.

>

> So, using UDPTL/DTLS/UDP for secure fax makes more sense, as it avoids implementing different mechanisms for secure and unsecure fax - UDPTL/DTLS/UDP only requires a new layer between UDPTL and UDP, it does not require changing the upper layers (UDPTL and above).

>

> Hopefully this clarifies :)



(Sorry for my delay.  I was on vacation.)



Thanks for the clarification.





Back to your document, it says:



   Since the DTLS record layer "application_data" packet does not

   indicate whether it carries UDPTL, or some other protocol, the usage

   of a dedicated DTLS association for transport of UDPTL needs to be

   negotiated, e.g. using the Session Description Protocol (SDP)

   [RFC4566] and the SDP offer/answer mechanism [RFC3264].



   Therefore, this document specifies a new <proto> value [RFC4566] for

   the SDP "m=" line [RFC3264], in order to indicate UDPTL over DTLS in

   SDP messages [RFC4566].



Have you considered doing UDPTL negotiation in the DTLS handshake itself, using http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg?  That seems ideally suited for indicating the application layer protocol, perhaps in addition to the SDP signaling described in your I-D.



-d





>

> Regards,

>

> Christer

>

>

>

>

>

> -----Original Message-----

> From: Dan Wing [mailto:dwing@cisco.com]

> Sent: 19. elokuuta 2013 20:43

> To: Christer Holmberg

> Cc: mmusic; mmusic-chairs@tools.ietf.org<mailto:mmusic-chairs@tools.ietf.org>

> Subject: Re: [MMUSIC] Draft new: draft-holmberg-mmusic-udptl-dtls-00

>

>

> On Aug 19, 2013, at 6:03 AM, Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>> wrote:

>

>> Hi,

>>

>> We have submitted a new draft, draft-holmberg-mmusic-udptl-dtls-00, which defines usage of UDPTL over DTLS, in order to provide secure fax.

>>

>> The draft was previously submitted to DISPATCH. Based on discussions with the ADs and chairs, it was decided that it shall be submitted to MMUSIC (note that no DTLS extensions are needed).

>>

>> As is indicated in the draft, 3GPP has performed a study on how to

>> provide secure fax in the IMS, and the outcome was that secure fax shall be transported using UDPTL over DTLS.

>

> Got a pointer to that study?  Seems easier to carry UDPTL over RTP, which would allow the RTP to be secured using SRTP (and thus the UDPTL would be secured using SRTP).  There is a spec floating around to do exactly that (carry fax over RTP so that SRTP can secure it).  Advantage of using SRTP to secure fax is it separates the keying mechanism from security, so that Security Descriptions / MIKEY / DTLS-SRTP / whatever-is-invented-in-2020 will work just as effectively for voice as for fax.  And also that upgrading from a voice call to a "fax" call has no additional complexities due to security ("please press START to begin the fax transmission").

>

> -d

>

>

>> However, there is nothing "3GPP/IMS specific" about the mechanism, as UDPTL is commonly used for fax also elsewhere.

>>

>> Regards,

>>

>> Christer

>> _______________________________________________

>> mmusic mailing list

>> mmusic@ietf.org<mailto:mmusic@ietf.org>

>> https://www.ietf.org/mailman/listinfo/mmusic

>



_______________________________________________

mmusic mailing list

mmusic@ietf.org<mailto:mmusic@ietf.org>

https://www.ietf.org/mailman/listinfo/mmusic

v2.23.0 | Report a Bug | By Email