IETF Logo Mail Archive

Re: [MMUSIC] WGLC on draft-ietf-mmusic-sdp-uks-03

Bo Burman <bo.burman@ericsson.com> Mon, 25 February 2019 13:23 UTC

Return-Path: <bo.burman@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C9FB130EED for <mmusic@ietfa.amsl.com>; Mon, 25 Feb 2019 05:23:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=XYmbg9UU; dkim=pass (1024-bit key) header.d=ericsson.com header.b=Rnyi7tVE
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jwi9lgR3xtJB for <mmusic@ietfa.amsl.com>; Mon, 25 Feb 2019 05:23:10 -0800 (PST)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75A23128CB7 for <mmusic@ietf.org>; Mon, 25 Feb 2019 05:23:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1551100987; x=1553692987; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=yE5htWkzQaCY5I/15ZbCnCVDxr1xQEtM3Ls46UcrBRw=; b=XYmbg9UUQXr2PPghfJyXG2FFnvGhP6hc5N7aCFG9kLHb1Wp3SbnoE5+7qKD25lHk XovCTT5W1qTQrYYHcUTXzRfsRAP99l/gvaDbaHS82YTTxFZedBuYyy/5Zz7g7OdP KBsyWxKVXq6jkdWjLy7dlbTV+/2lz7o17B2kMqYpTZY=;
X-AuditID: c1b4fb2d-2198b9e00000062f-66-5c73ec3bcc15
Received: from ESESSMB501.ericsson.se (Unknown_Domain [153.88.183.119]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id FD.47.01583.B3CE37C5; Mon, 25 Feb 2019 14:23:07 +0100 (CET)
Received: from ESESBMB504.ericsson.se (153.88.183.171) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Mon, 25 Feb 2019 14:23:05 +0100
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB504.ericsson.se (153.88.183.171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Mon, 25 Feb 2019 14:23:05 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yE5htWkzQaCY5I/15ZbCnCVDxr1xQEtM3Ls46UcrBRw=; b=Rnyi7tVEZGP/arjh33su0ITCHNRbmkVYo6vkPc1r203ILfVSoS1jGEXOfOU80mcPurosx7m8XOCuKZ7YboMUhkHKfdiwTLqrAql88xlV70uX9P/xtJAt6k0Q83XcLuBTGwqP6RIHhqnvOCe78Ojltn7Xkg1/SjKoIwHCdnbUNa4=
Received: from HE1PR07MB3259.eurprd07.prod.outlook.com (10.170.246.26) by HE1PR07MB4220.eurprd07.prod.outlook.com (20.176.166.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.5; Mon, 25 Feb 2019 13:23:04 +0000
Received: from HE1PR07MB3259.eurprd07.prod.outlook.com ([fe80::31df:749d:121a:93f3]) by HE1PR07MB3259.eurprd07.prod.outlook.com ([fe80::31df:749d:121a:93f3%4]) with mapi id 15.20.1665.012; Mon, 25 Feb 2019 13:23:04 +0000
From: Bo Burman <bo.burman@ericsson.com>
To: Martin Thomson <mt@lowentropy.net>, mmusic <mmusic@ietf.org>
CC: "draft-ietf-mmusic-sdp-uks@ietf.org" <draft-ietf-mmusic-sdp-uks@ietf.org>
Thread-Topic: [MMUSIC] WGLC on draft-ietf-mmusic-sdp-uks-03
Thread-Index: AQHUppKYzbL9IIoclE+lDKCXhZBCwqW6bOuAgDZNm5A=
Date: Mon, 25 Feb 2019 13:23:04 +0000
Message-ID: <HE1PR07MB3259FFC36B8E84EA647982728D7A0@HE1PR07MB3259.eurprd07.prod.outlook.com>
References: <ec74675d-c576-f728-0481-c9488fb13beb@cisco.com> <DB7PR07MB4988216B696D0E69ED14D5F095820@DB7PR07MB4988.eurprd07.prod.outlook.com> <1547691891.367836.1636707376.1C1427EE@webmail.messagingengine.com> <AM0PR07MB5793531D0F31BCDBEF95CE8695830@AM0PR07MB5793.eurprd07.prod.outlook.com> <1548111599.1648805.1640352152.40952394@webmail.messagingengine.com>
In-Reply-To: <1548111599.1648805.1640352152.40952394@webmail.messagingengine.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=bo.burman@ericsson.com;
x-originating-ip: [79.138.87.202]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 53b4f21f-b99f-4ebd-4622-08d69b245f8b
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600110)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:HE1PR07MB4220;
x-ms-traffictypediagnostic: HE1PR07MB4220:
x-ms-exchange-purlcount: 3
x-microsoft-exchange-diagnostics: 1; HE1PR07MB4220; 23:ZdQ3Letq7RH3DWBFZZxMfCgnKcC00WxVckXTS+NduCCD4WtSc5znOs9WPUv1uRXXo7kp78jZifIW+wTsEyLUxE1htQVckZOwJDzCqmqUZJOBaRsU05j2dgcjY6JZkiHScMMcqlBLOU+Hc2PmQ3M4bOemQXaNRfQXQD9g9b2hRZ/Lm6mHSBrHImaRqjknZr8XneDISOoB9mux4UcTAejsd4xnTB84TGQZfdloFb3qgwO0+9w8+p5B0Pu594sbrPrvIumJqazURP9ooEgNkUNF0PKzuCn5CD3/h8kzVj1S1ByA+5DwkzP06Gv0ER/G5+8LO8PmGgs0pwlZ4EKvsEwvFmKSQKo9qRoGljlsxiWbxYZt8npeUW9lqAqiawAE4Od5ZdXhpuDeDLWuObQ8sPDoGd9dTgJyJN+XaCUwrPyfw4DxiL0iHwwLrIpfN643YolFkcCqCOqcbEiPzhF5amUBrHJXpnnmqvWiOOdrKrNa6QXM1U9XNQQmU0l7+Of1RUXHEJ01GDv5s3camRC6PcygMRFtPEXEyooKYLeUs8Wgv/UbKqGhkXLle8JH5H4/ZTq7LOECoGETlj9629lqoP2sMwTYAe/KXt+4w6bCAqLs7S4m8cSm2vTYswAPr6zaC40/ErP03ucw7cruCiiH/Nbg37geKAd1njdbOlUJuHz4uiosjNFMb0gwNKdD87nJFUUBZnMu5l+XrPJtM6Rx9TEzPAgfb3KFtxquPEJHcuU5pwTysq/SeEU4zYYiBkT+qMp939ILhHF3x766WxOLSIeAm5reyOLDImO8oRfu+FXO5AMoPUrtPEQ0Vu9giBN+jL+Zgi9By7ghw3dJ1bDal5qvV8jl2bWEbXldvpvnfqh8dAcgoNW8XyWp5x5SN7TVX1IsZ9e0AIMDYwiGzygGdjT3aOmKK4lebbGSSRfo0fWLofumkohnY8egvKJ6+8E56ffEoVhfdoKiaFgxm/TQjrSipyEr7P3vrM6d24Y+GjCqYGl4GkjrsezUGi7bIa0ehLVZxavlf2buatUi0VGFtlcyLJm5zNl3HIz/+Z/FutVrobJtObRntilKD9wO9wBMzZUZKQxLKbogtNPJGOhr28yf39g5sLTSpPVzfQYrkuf3E3hcUFLO7rTdQeHIWFpECFggIH/Ycpi50XszaPJCS42ditpfL0g2341VNk7vOV4YFmfxUzKATsoEU+BQ7qhkOGPjXgj2cpyCkLqY7ydw6IKNgzXyphMb64iBOqzYwlQQHoY2MztV6XH7yGhrreNe/I3kWzh/XSVyZoWALmluPPixriqqyRrra9pQS4QgoNerYAzkrtLJ+P4/JNOIlmqr+wbTetcbEeuBOlfKczmFd7pfjw==
x-microsoft-antispam-prvs: <HE1PR07MB4220F912BED1FBB914B981CB8D7A0@HE1PR07MB4220.eurprd07.prod.outlook.com>
x-forefront-prvs: 095972DF2F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(136003)(376002)(396003)(366004)(39860400002)(51914003)(189003)(199004)(13464003)(8676002)(186003)(81156014)(81166006)(8936002)(486006)(305945005)(7736002)(7696005)(966005)(66066001)(93886005)(102836004)(74316002)(53936002)(33656002)(76176011)(478600001)(44832011)(26005)(11346002)(476003)(446003)(6506007)(106356001)(105586002)(97736004)(14454004)(68736007)(53546011)(25786009)(14444005)(6246003)(86362001)(6306002)(9686003)(99286004)(2906002)(5660300002)(4326008)(229853002)(316002)(256004)(6436002)(71190400001)(71200400001)(3846002)(52536013)(110136005)(6116002)(55016002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4220; H:HE1PR07MB3259.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: CyiA4mFD4gzg/kWGDTP4Dbu87FlOS6MX2eNeMULkjQpwKvU4ibEjC1lEtA83ER0H216wJhHrvpw3v3aqS5iBwKnxJ6a9JH0aoGAw63k3J3wo0UpR+t8BBang7wRxsjNX5zr4pQy9vZVjOayzBMl4PsrF+HKPf9tdZNUOQ5epMDhu7+9B7lMfRiOireASywgD4eK2o7bHCchFUog9mOSiVNgQGSqOfWaNdkhZJrs2ZVa6q9POwsEdQI5EcrxEmehFAlPk4JVWkxrYd4ETFrQMSeovRbSmLMarwQfzBz1U9RS1EkDNWqhUTfNxIacuUY4SmutGPHxdF4ZizfsG2e94VXm/Tz4UnA31ln3oy+0yJDpwFp+ugNAD1tyP934Z24CDtWn+C8g2YlqGEWcTx9zWR6Kex23ar/pqe3EFg1i6d38=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 53b4f21f-b99f-4ebd-4622-08d69b245f8b
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Feb 2019 13:23:04.1873 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4220
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupjleLIzCtJLcpLzFFi42KZGbG9XNf6TXGMweIpehbvPnSwW0xd/pjF YufZ2UwOzB5Llvxk8lj3ch17AFMUl01Kak5mWWqRvl0CV8ahjfdZC14rV6xvusvYwDhRtouR k0NCwETi2tSHLF2MXBxCAkcYJS5NfsoE4XxjlFjZ+J4dwlnCJDGncz5YhkVgArPEybf7mCEy k5kkln6eADXgEaPEwm+N7CCT2QQ0JObvuMsIYosIOEhcP76dDcRmFvCV6Hs3BaxGWMBK4uyW iawQNdYSs9ZMhqq3knjV3sEMYrMIqEr0dn0Fq+cViJE4u28l1LL3TBLn/zwGS3AKBEq8PtzC AmIzCshK3P9+jwVimbjErScgd4O8KiCxZM95ZghbVOLl43+sEPWREpMnnmWHiCtKXNt4ixHC lpW4NL8byvaVeHXgKDgwJARuMkrc2H+VBSKhJXGivx3KlpJYeP4LVNE+PonjO/5BJbIlrvx+ CbVBRuLTxjVsEEVNbBKfr61imcCoNwvJtRC2jsSC3Z/YIGxtiWULXzPPAgeBoMTJmU9YFjCy rGIULU4tLs5NNzLWSy3KTC4uzs/Ty0st2cQITCUHt/zW3cG4+rXjIUYBDkYlHt6sC8UxQqyJ ZcWVuYcYJTiYlUR4TS4ChXhTEiurUovy44tKc1KLDzFKc7AoifP+ERKMERJITyxJzU5NLUgt gskycXBKNTBOq/tc2L7M8j13mvApiSnGov1bL5SoX4lZtrFFTUVbd59ok/PBtLqVh5qEP32t ecqkp9E83eqygf2at6a9tTM2qTKZKJnkpZd4ugRMUPwpfavqwtsjKrb3anlEWG/XFUm0xT+5 fP1FZbCySqRSh/XL/Obdi648F/xieMQ2t0v5jjrbBe01EUosxRmJhlrMRcWJAPC9r8UhAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/4SyZZ8D6G3dMIIQiF3xhRKzpHM8>
Subject: Re: [MMUSIC] WGLC on draft-ietf-mmusic-sdp-uks-03
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Feb 2019 13:23:12 -0000

Hi Martin,

I've now also reviewed this and have a set of comments and questions, after taking Magnus' comments and your suggested edits in response to that into account:

Section 2.1:
* In bullet 2, "complete communications" is slightly unclear (more so if "complete" is used in other contexts further down in the text). Do you with "complete" mean "accept", or perhaps "accept setting up"?

* Don't understand what is meant with "...second condition..."; is it bullet #2, or is it referring to "...joining two separate sessions"?

* Also don't really understand in what way that second condition is "not necessary"; to limit the attacker capabilities (related to bullet #2), for the attacker to join two sessions, or something else like "for the attack to succeed"?

* Just to confirm, does "removing this constraint" refer to removing use of an identity binding?

Section 3:
* Is the "victim" of the first paragraph the same or another victim compared to the one mentioned in the next paragraph?

* Is "another entity of the attacker's choice" also to be considered a victim?

* The last paragraph in section 3, just before section 3.1 "The same technique..." seems a bit misplaced, after text talking about a solution. Should it perhaps be moved just before the paragraph "The problem..." in section 3? Or, is this "same technique" referring to what is described in section 4?

Section 4:
* First sentence, "similar attack"; similar to what?

Section 4.1:
* Believe it would be helpful for the reader to better understand why "Mallory has no real interest in seeing that session complete"

* Same sentence, does "session complete" mean "session setup complete"? I first interpreted "complete" as "conclude" in the meaning "terminate".

* Same paragraph, should "call completion" be "call setup completion", and "session completes" be "session setup completes"?

* Same paragraph, "will likely be discarded by Patsy"; believe it would be helpful to say why.

Section 4.2:
* I believe the first paragraph ("An attack on... ...vulnerable to attack.") would also be helpful as first text of section 4. Move? Copy?

* "Validating that peers..." -> "Successful validation that peers..."?

Section 4.3:
* "When used with SDP, the value includes..." -> "When used with SDP, the value MUST consist of..."?

Section 5:
* "Use of the "external_session_id"
   does not guarantee that the identity of the peer at the TLS layer is
   the same as the identity of the signaling peer"; sounds a bit strange - isn't this what the draft is supposed to solve? Is "... when used with session concatenation" meant? 

* "Similarly, data from one TLS connection..."; I assume "data" means "security-related information", not "user data" (TLS payload)?

Nits:

Section 2.2:
* geniune -> genuine

Section 4:
* "believe that is calling" -> "believe that it is calling"

Section 4.1:
* "also needs to the ability" -> "also needs the ability"
* "ostensibly between Mallory and Norma, is complete.  Mallory begins forwarding DTLS" -> "ostensibly between Mallory and Norma, Mallory begins forwarding DTLS"
* "These packets denoted" -> "These packets are denoted"

Section 5:
* concatention -> concatenation

Cheers,
Bo (as individual)

-----Original Message-----
From: mmusic <mmusic-bounces@ietf.org> On Behalf Of Martin Thomson
Sent: den 22 januari 2019 00:00
To: Magnus Westerlund <magnus.westerlund@ericsson.com>; Flemming Andreasen <fandreas@cisco.com>; mmusic <mmusic@ietf.org>
Cc: draft-ietf-mmusic-sdp-uks@ietf.org
Subject: Re: [MMUSIC] WGLC on draft-ietf-mmusic-sdp-uks-03

On Thu, Jan 17, 2019, at 19:50, Magnus Westerlund wrote:
> Hi Martin,
> 
> Thanks for the pull request. I have detailed inline comments, but I 
> think the pull request do address my issues.

Thanks again Magnus.

I made a few tweaks regarding canonicalization (or lack thereof) and merged the PR.  I'll await the end of the WGLC and the chairs' instruction before publishing again, but there's a preview here:

https://martinthomson.github.io/sdp-uks/draft-ietf-mmusic-sdp-uks.html

> Although I didn't read all the sections in 7, I do agree that security 
> arch appear to need some clarification so that what you write is clear.

FWIW, https://github.com/rtcweb-wg/security-arch/pull/84 attempts to fix that.

_______________________________________________
mmusic mailing list
mmusic@ietf.org
https://www.ietf.org/mailman/listinfo/mmusic

v2.23.0 | Report a Bug | By Email