IETF Logo Mail Archive

AW: [MMUSIC] Working group last call:draft-ietf-mmusic-securityprecondition-00.txt

"Stach Thomas" <thomas.stach@siemens.com> Mon, 29 August 2005 15:50 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E9luE-0004e1-Eh; Mon, 29 Aug 2005 11:50:42 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E9luD-0004dK-77 for mmusic@megatron.ietf.org; Mon, 29 Aug 2005 11:50:41 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA17779 for <mmusic@ietf.org>; Mon, 29 Aug 2005 11:50:38 -0400 (EDT)
Received: from mxs2.siemens.at ([194.138.12.133]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E9lvI-00043F-K9 for mmusic@ietf.org; Mon, 29 Aug 2005 11:52:06 -0400
Received: from vies1k7x.sie.siemens.at ([158.226.129.83]) by mxs2.siemens.at with ESMTP id j7TFo6QM026016; Mon, 29 Aug 2005 17:50:06 +0200
Received: from nets139a.ww300.siemens.net ([158.226.129.97]) by vies1k7x.sie.siemens.at (8.12.11/8.12.1) with ESMTP id j7TFo66C010466; Mon, 29 Aug 2005 17:50:06 +0200
Received: from nets13ha.ww300.siemens.net ([158.226.250.77]) by nets139a.ww300.siemens.net with Microsoft SMTPSVC(6.0.3790.211); Mon, 29 Aug 2005 17:50:05 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: AW: [MMUSIC] Working group last call:draft-ietf-mmusic-securityprecondition-00.txt
Date: Mon, 29 Aug 2005 17:50:05 +0200
Message-ID: <649A59E9F7977F449E5792357A9DDB2CB356CB@nets13ha.ww300.siemens.net>
Thread-Topic: [MMUSIC] Working group last call:draft-ietf-mmusic-securityprecondition-00.txt
thread-index: AcWWsy3ziB/3kHRzQA6E83t1M0RSPwV4cWPA
From: Stach Thomas <thomas.stach@siemens.com>
To: fandreas@cisco.com, dwing@cisco.com
X-OriginalArrivalTime: 29 Aug 2005 15:50:05.0969 (UTC) FILETIME=[537B1010:01C5ACB1]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: bdc523f9a54890b8a30dd6fd53d5d024
Content-Transfer-Encoding: quoted-printable
Cc: Colin Perkins <csp@csperkins.org>, IETF MMUSIC working group <mmusic@ietf.org>
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
Sender: mmusic-bounces@ietf.org
Errors-To: mmusic-bounces@ietf.org

Hi Fleming and Dan,

first of all sorry for sending my comments rather late. Nevertheless, I'd like to ask for some clarification since details on the usage of SDP Security Description and Key-Management extensions are rather scarce. You are referencing SDP Security Description [SDESC] and Key-Management extensions [KMGMT] as means to exchange the necessary keys. 
Since both IDs say that preconditions are out of scope, I expect the pre-conditions document to specify some necessary details. 
I can't find normative text on how to exactly do key exchange in conjunction with the security pre-conditions. 

My problem is how exactly shall one construct the crypto line/key-mgmt line for the second offer/answer exchange? 

The shown examples seem to indicate that in the second offer the same keys shall be sent as in the first offer, which of course makes sense. But since this is marked as an example I can't rely.
I could imagine that in the second offer/answer someone might send some other key material or omit the crypto/key-mgmt line since the keys are already exchanged. I would rather like to see some normative language that requires a certain behavior. 

Furthermore, assuming that the second offer contains the same key material as the first, I would also expect to find the same data in the second answer as in the first one, especially when I use Diffie-Hellmann key exchange.

Sending again the same MIKEY message in the second offer can interfere with the replay attack handling of MIKEY. Of course we don't want to regard the second message as a replay. 
How should that be handled? 
Maybe it is fine to e.g. hide the second MIKEY message from the MIKEY handler and just check if it is identical to the first one? 
Or I could also imagine that some one updates the time stamp for the second MIKEY message? But will/should that be interpreted as re-keying by the MIKEY handler? Remembering postings on implementor's lists I could imagine other weird interpretations too.


More comments:
I'm missing RFC2119 as a normative reference although it is mentioned in sec 1.  Please add.

The MIKEY examples show the same key-mgmt lines in the offer and answer which is not the case. 


Kind Regards 

Thomas



> -----Ursprüngliche Nachricht-----
> Von: mmusic-bounces@ietf.org [mailto:mmusic-bounces@ietf.org] 
> Im Auftrag von Colin Perkins
> Gesendet: Montag, 01. August 2005 18:05
> An: IETF MMUSIC working group
> Betreff: [MMUSIC] Working group last 
> call:draft-ietf-mmusic-securityprecondition-00.txt
> 
> This is to announce a working group last call on the Security  
> Preconditions for SDP <draft-ietf-mmusic- 
> securityprecondition-00.txt>.  Please send any final comments 
> on this  
> draft to the <mmusic@ietf.org> mailing list by 29th August 2005.
> 
> If no substantive issues are raised by that time, we will 
> request the  
> IETF publish this draft as a Proposed Standard RFC.
> 
> Colin
> 
> 
> _______________________________________________
> mmusic mailing list
> mmusic@ietf.org
> https://www1.ietf.org/mailman/listinfo/mmusic
> 

_______________________________________________
mmusic mailing list
mmusic@ietf.org
https://www1.ietf.org/mailman/listinfo/mmusic

v2.23.0 | Report a Bug | By Email