Re: [MMUSIC] 10 BUNDLE questions: Same SDES key for multiple m- lines?
Christer Holmberg <christer.holmberg@ericsson.com> Thu, 02 May 2013 10:14 UTC
Return-Path: <prvs=4834b6ea25=christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70F5C21F9988 for <mmusic@ietfa.amsl.com>; Thu, 2 May 2013 03:14:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.149
X-Spam-Level:
X-Spam-Status: No, score=-6.149 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vunlyavpnzkb for <mmusic@ietfa.amsl.com>; Thu, 2 May 2013 03:14:51 -0700 (PDT)
Received: from mailgw2.ericsson.se (mailgw2.ericsson.se [193.180.251.37]) by ietfa.amsl.com (Postfix) with ESMTP id B888A21F8930 for <mmusic@ietf.org>; Thu, 2 May 2013 03:14:50 -0700 (PDT)
X-AuditID: c1b4fb25-b7f396d000007d06-a0-51823c99127c
Received: from ESESSHC024.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw2.ericsson.se (Symantec Mail Security) with SMTP id 6C.FB.32006.99C32815; Thu, 2 May 2013 12:14:49 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.167]) by ESESSHC024.ericsson.se ([153.88.183.90]) with mapi id 14.02.0328.009; Thu, 2 May 2013 12:14:49 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Martin Thomson <martin.thomson@gmail.com>
Thread-Topic: [MMUSIC] 10 BUNDLE questions: Same SDES key for multiple m- lines?
Thread-Index: Ac5Fm5YzG97WvrBuR0q4LrredSKh4QAJysmAAFamXCA=
Date: Thu, 02 May 2013 10:14:48 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1C369768@ESESSMB209.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B1C368D88@ESESSMB209.ericsson.se> <CABkgnnVMtp8WKQnwRhMh0JpXJ=0oMuZmTfwESnJ5gVY36VoAWA@mail.gmail.com>
In-Reply-To: <CABkgnnVMtp8WKQnwRhMh0JpXJ=0oMuZmTfwESnJ5gVY36VoAWA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.20]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrPLMWRmVeSWpSXmKPExsUyM+Jvre5Mm6ZAgyWTLSyunfnHaDF1+WMW ByaPnbPusnssWfKTKYApitsmKbGkLDgzPU/fLoE7Y9+NBWwF6wQqji1qZ25g/MHfxcjJISFg InHofCMThC0mceHeerYuRi4OIYHDjBIz2r4yQjiLGSWez1rB3sXIwcEmYCHR/U8bpEFEQFdi 0dkHYGFmAXWJq4uDQMLCAoESb6dtYoQoCZJYMmMWlG0lseR6CwtIOYuAisSmVSkgYV4BX4n9 2z+yQ2yawihxr+0JC0iCE2hOa88uZhCbEei276fWgN3JLCAucevJfKibBSSW7DnPDGGLSrx8 /I8VwlaUuDp9ORPEaZoS63fpQ7QqSkzpfsgOsVdQ4uTMJywTGMVmIZk6C6FjFpKOWUg6FjCy rGJkz03MzEkvN9rECIyPg1t+q+5gvHNO5BCjNAeLkjhvMldjoJBAemJJanZqakFqUXxRaU5q 8SFGJg5OEMEl1cDY4PWB9cTFYo8t3/ZffHY5z5Gr9PdZn96LX/r4g7imPfqqFZtddXYx0/kY m5yQdav+7tqjY11pKXUn+KxH/kmr/U826jD90HiRdGZe1O9w6ZLMv+1xNU27vj686lQl1C56 wU0n1Pbs2SN7Gc9+8N6SMveZzUcj14lbJV9/rFnJ/Jbx3Eul+hOXlViKMxINtZiLihMB9gfK tGICAAA=
Cc: "mmusic@ietf.org" <mmusic@ietf.org>
Subject: Re: [MMUSIC] 10 BUNDLE questions: Same SDES key for multiple m- lines?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 May 2013 10:14:57 -0000
Hi, >> Regarding using the same SDES key, it is important to remember that, if there is a fallback (ie the remote endpoint >> does not support BUNDLE, and the SDP answer will contain different ports), there will be different RTP sessions, in >> which case two-time pad becomes an issue. > > Yes, I hadn't considered that, but it's another reason to have different keys :) Since this is only the bundling side that is > affected, this can be addressed with a security considerations note to the effect that the bundler, who has chosen to use > the same key across m= lines, MUST NOT select the same SSRC for those sessions. I think that's an easy thing to do. > > Still, even without special measures chances are that you wont pick colliding SSRCs. Though the odds are not really in your > favor given the size of the space you chose from; it doesn't take many sessions before it happens to someone. > >> So, one way forward would be: >> >> 1. In the first offer, when it is still unknown whether the remote endpoint supports BUNDLE, use different SDES keys. >> >> 2. In the second offer, if the remote endpoint indicated support of BUNDLE, allow switching to a single SDES key. > > That would be reasonable too. I probably wouldn't bother with the change in practice (see above), but MAY == good. Sounds good to me. (After all, once you know that you are only going to have a single RTP session, it doesn't really matter if you use a single or different SDES keys.) Regards, Christer
- Re: [MMUSIC] 10 BUNDLE questions: Same SDES key f… Christer Holmberg
- Re: [MMUSIC] 10 BUNDLE questions: Same SDES key f… Martin Thomson
- Re: [MMUSIC] 10 BUNDLE questions: Same SDES key f… Christer Holmberg