Re: [MMUSIC] WGLC on draft-ietf-mmusic-sdp-uks-03

"Martin Thomson" <mt@lowentropy.net> Sun, 03 March 2019 23:09 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10763124BF6; Sun, 3 Mar 2019 15:09:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=mGnHswzT; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=vbmqeDCS
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FOTJWFxMD2Ne; Sun, 3 Mar 2019 15:09:12 -0800 (PST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F28B51200B3; Sun, 3 Mar 2019 15:09:11 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id CEB3821D1F; Sun, 3 Mar 2019 18:09:10 -0500 (EST)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Sun, 03 Mar 2019 18:09:10 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=message-id:in-reply-to:references:date:from:to:cc:subject :content-type; s=fm1; bh=390F3/aWmh59oTD2b9tL+kCy11+3TfoSX+kecr5 0JJ4=; b=mGnHswzTi5cLMObKjpfPF5UKZ3b3V8z4t7Bnx3UMaW627ZCtPVK0pmc GuFr6Cg1XQ957WDNmI9lBqY/UhN+nonQCw0LQmCPQrkUWOI8EAu6dWH2NkFJS5Wf FRCDjBY2LwaUK34YNx/UlS0UUJ0+pNsJsB0N/6puMMi8f07ul2nHMMRqkhqsTgr2 cM53tNNM04T7oeD/pK8ojBLMiOgQCT6VTzZSRNNd5BoVd9KExEwghOrhmkW7yGS3 bhsArtTRUaluj5sJU8wa0reF/3RUp9zeonNcCftocplKwpmidAVcM1jl2PCMLU5z lapYLGVPiF+3N0KetN2t8PUlriuMReA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:references:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=390F3/aWmh59oTD2b 9tL+kCy11+3TfoSX+kecr50JJ4=; b=vbmqeDCS02fE7xFZkPN3f0Ict2qkuO18n Kfnmw/Cv1UBdWF/80S5dwUgDzE0qyzW5+XV+VahhgjBVX8wVOtL7FLRUW6ro0MuV r25OPNKDWQh/2pcmXRfCy6aWEygrJtZ0Ee5/0A+slHTdoRXvQaJnp46u24XfijGo 1vJb1VRcQqTbuajOhtfVBNPSyAWpRe+sW2bfFcMg07ph4nbQRQDM9KvUxkn7uQqF bm6Sl8sNMhwQB86QBX9OfDcWb1t2OkeHP3cVeftWKDWgcDaM3il4XxXliur7GUZb 4QEgE3mGLqxfB+tWAnL8pDwfj3m83Klg6btPPc6iz9sjUpgOcME2w==
X-ME-Sender: <xms:ll58XLeZ9Une3e-8DlB8WSjRoQavFuUGd1QDL-pwaiJbF3Vy9uaClA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrfedtgddtgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgfkjghffffhvffutgesthdtredtreertdenucfhrhhomhepfdforghrthhi nhcuvfhhohhmshhonhdfuceomhhtsehlohifvghnthhrohhphidrnhgvtheqnecuffhomh grihhnpehgihhthhhusgdrtghomhenucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehl ohifvghnthhrohhphidrnhgvthenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:ll58XPnG09--2NlmL1Z8NQi6J0g4azQDlWHaHQAbM80c5ELgmhB_Tw> <xmx:ll58XAgn52hoFj5IhC8i-goV84w5I343IH7ivwZxGCHmCez7vvFWCg> <xmx:ll58XAFlOAPDRIFgkth2VCAopGzEAECaKOgfOC9IfJaMc2XBNQOFEA> <xmx:ll58XKoYKdSn9SJBfqL8qEmkpasiBjq__T4Vd5wouN4tvgDo3HgSPg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 3AE777C4CE; Sun, 3 Mar 2019 18:09:10 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.5-925-g644bf8c-fmstable-20190228v5
X-Me-Personality: 92534000
Message-Id: <a2cfefa7-4876-470e-97ac-c0f783a1ea11@www.fastmail.com>
In-Reply-To: <HE1PR07MB32597ED7D767C3FEF71309E48D760@HE1PR07MB3259.eurprd07.prod.outlook.com>
References: <ec74675d-c576-f728-0481-c9488fb13beb@cisco.com> <DB7PR07MB4988216B696D0E69ED14D5F095820@DB7PR07MB4988.eurprd07.prod.outlook.com> <1547691891.367836.1636707376.1C1427EE@webmail.messagingengine.com> <AM0PR07MB5793531D0F31BCDBEF95CE8695830@AM0PR07MB5793.eurprd07.prod.outlook.com> <1548111599.1648805.1640352152.40952394@webmail.messagingengine.com> <HE1PR07MB3259FFC36B8E84EA647982728D7A0@HE1PR07MB3259.eurprd07.prod.outlook.com> <bd9f46be-abee-438c-b3f8-52eafd7b1b2e@www.fastmail.com> <HE1PR07MB32597ED7D767C3FEF71309E48D760@HE1PR07MB3259.eurprd07.prod.outlook.com>
Date: Sun, 03 Mar 2019 18:09:09 -0500
From: "Martin Thomson" <mt@lowentropy.net>
To: "Bo Burman" <bo.burman@ericsson.com>, mmusic <mmusic@ietf.org>
Cc: "draft-ietf-mmusic-sdp-uks@ietf.org" <draft-ietf-mmusic-sdp-uks@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/G03hznmn5SlmOtZFd5LGrB5JrtA>
Subject: Re: [MMUSIC] WGLC on draft-ietf-mmusic-sdp-uks-03
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Mar 2019 23:09:15 -0000

Thanks Bo,

I've updated the combined review PR:
https://github.com/martinthomson/sdp-uks/pull/9

With just the changes discussed:
https://github.com/martinthomson/sdp-uks/pull/9/commits/82645026faa84cd1124ba2dcfda07f341175d364

On Sat, Mar 2, 2019, at 01:29, Bo Burman wrote:
> Thanks, I believe that addresses almost all of my concerns (see also inline).
> 
> Just a final nit for section 4.1 (also listed in the below);
> "...Once the second session completes, Mallory might cause DTLS packets
> > sent by Norma to Patsy to be dropped.  It is likely that these DTLS packets will
> > be discarded by Patsy as Patsy will already have a successful DTLS connection
> > established."
> [BoB] I think there can still be confusion what you mean with "Once the 
> second session completes"; suggest changing to "Once the second session 
> is established", if that was the intention.
> Also, a couple of sentences before "Though Patsy...", there's one too 
> many "is complete" in this sentence: "Once signaling is complete on a 
> session, ostensibly between Mallory and Norma, is complete."
> 
> Cheers,
> /Bo
> 
> > -----Original Message-----
> > From: Martin Thomson <mt@lowentropy.net>;
> > Sent: den 1 mars 2019 07:04
> > To: Bo Burman <bo.burman@ericsson.com>;; mmusic <mmusic@ietf.org>;
> > Cc: draft-ietf-mmusic-sdp-uks@ietf.org
> > Subject: Re: [MMUSIC] WGLC on draft-ietf-mmusic-sdp-uks-03
> > 
> > Thanks for reviewing Bo,
> > 
> > I've got the changes I've made up at
> > https://github.com/martinthomson/sdp-uks/pull/7
> > 
> > The changes look like a lot, but that is mostly because of some reordering of
> > text.  I've reworded a few things to improve clarity.  I appreciate having a
> > new set of eyes on this.  I find I tend to miss places where the text assumes
> > too much prior knowledge.
> > 
> > I'll put a second PR up for Flemming's review shortly.  That will stack on top of
> > this one.
> > 
> > On Tue, Feb 26, 2019, at 00:23, Bo Burman wrote:
> > > Hi Martin,
> > >
> > > I've now also reviewed this and have a set of comments and questions,
> > > after taking Magnus' comments and your suggested edits in response to
> > > that into account:
> > >
> > > Section 2.1:
> > > * In bullet 2, "complete communications" is slightly unclear (more so
> > > if "complete" is used in other contexts further down in the text). Do
> > > you with "complete" mean "accept", or perhaps "accept setting up"?
> > 
> > Yes, I can see how this could be confusing. Reworded to:
> > 
> > "2. No entity will successfully establish a session with a peer unless they are
> >    willing to participate in a session with that peer."
> [BoB] OK, good.
> 
> > 
> > > * Don't understand what is meant with "...second condition..."; is it
> > > bullet #2, or is it referring to "...joining two separate sessions"?
> > 
> > Bullet 2, but see below.
> > 
> > > * Also don't really understand in what way that second condition is
> > > "not necessary"; to limit the attacker capabilities (related to bullet
> > > #2), for the attacker to join two sessions, or something else like
> > > "for the attack to succeed"?
> > >
> > > * Just to confirm, does "removing this constraint" refer to removing
> > > use of an identity binding?
> > 
> > Does this make more sense?
> > 
> > "Systems that rely on strong identity bindings, such as those defined in
> > {{WEBRTC}} or {{!SIP-ID}}, have a different threat model, which admits the
> > possibility of attack by an entity with access to the signaling channel.
> > Attacks under these conditions are more feasible as an attacker is assumed
> > to be able to both observe and modify signaling messages."
> [BoB] Yes, that's much better.
> 
> > 
> > > Section 3:
> > > * Is the "victim" of the first paragraph the same or another victim
> > > compared to the one mentioned in the next paragraph?
> > >
> > > * Is "another entity of the attacker's choice" also to be considered a victim?
> > 
> > Yes, there are really two victims here, so I've reworded to use first victim and
> > second victim.
> > 
> > "An attacker causes an
> > identity binding to be created that binds an identity they control to the
> > fingerprint of a first victim.
> > 
> > "An attacker can thereby cause a second victim to believe that they are
> > communicating with an attacker-controlled identity, when they are really
> > talking to the first victim.  The attacker only needs to create an identity
> > assertion that covers a certificate fingerprint of the first victim."
> [BoB] OK
> 
> > 
> > > * The last paragraph in section 3, just before section 3.1 "The same
> > > technique..." seems a bit misplaced, after text talking about a
> > > solution. Should it perhaps be moved just before the paragraph "The
> > > problem..." in section 3? Or, is this "same technique" referring to
> > > what is described in section 4?
> > 
> > Yes, this was a little light.  I've moved it up with the attack synopsis.
> > 
> > "A variation on the same technique can be used to cause both victims to both
> > believe they are talking to the attacker when they are talking to each other.
> > In this case, the attacker performs the identity misbinding once for each
> > victim."
> [BoB] OK
> 
> > 
> > > Section 4:
> > > * First sentence, "similar attack"; similar to what?
> > 
> > Yeah, that lost context.  How about:
> > 
> > "Even where the integrity of session signaling can be relied upon, an attacker
> > might still be able to create a session where there is confusion about the
> > communicating endpoints by substituting the fingerprint of a communicating
> > endpoint."
> [BoB] OK
> 
> > 
> > > Section 4.1:
> > > * Believe it would be helpful for the reader to better understand why
> > > "Mallory has no real interest in seeing that session complete"
> > 
> > The next sentence is intended to explain this point: Mallory needs Patsy to
> > maintain her end of the communications, lest Norma believe that the session
> > is broken.
> > 
> > > * Same sentence, does "session complete" mean "session setup
> > complete"?
> > > I first interpreted "complete" as "conclude" in the meaning "terminate"