Re: [MMUSIC] 10 BUNDLE questions: Same SDES key for multiple m- lines?
Martin Thomson <martin.thomson@gmail.com> Tue, 30 April 2013 18:50 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4570821F9BA4 for <mmusic@ietfa.amsl.com>; Tue, 30 Apr 2013 11:50:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5smnJ3Q8l0on for <mmusic@ietfa.amsl.com>; Tue, 30 Apr 2013 11:50:03 -0700 (PDT)
Received: from mail-we0-x232.google.com (mail-we0-x232.google.com [IPv6:2a00:1450:400c:c03::232]) by ietfa.amsl.com (Postfix) with ESMTP id EF1E621F9B5E for <mmusic@ietf.org>; Tue, 30 Apr 2013 11:50:02 -0700 (PDT)
Received: by mail-we0-f178.google.com with SMTP id t11so680346wey.23 for <mmusic@ietf.org>; Tue, 30 Apr 2013 11:50:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:content-transfer-encoding; bh=rlQCu/lBD6zGsBgo8giJa1xcZDJWqF9PChWMb5Vd+F0=; b=ut4CYRIeJuFspoKt2+QZW6FEA5YEvRKdKo7StzBikTMLag2hZap4eo3yAr1CtJE2cD EOu9JIdFl1VWDBObmwaKZHlzT5l3uMlWvp/WhLRwsutFbxFhv4WUE4JPlDCqX1Pr8kSL +2ASZB1W3+wpkTuNB+B/KdhJjUKuBzvQ/A3VZJeutszau0blnYH4ljIkiIknfzd6ELdl 3JNkiKc0nXl4QSM+ntZnI35BNF0ShSm6XJ/RjVuYxpjGXdxJBjoopIeY5te9yGIeoRhg lP/wIb+aUtjJPkAVUO+NKX76fiG6mijexNdtSCdkzCu5buzwcuHIvUF1G3j17d2W/hyE A/ig==
MIME-Version: 1.0
X-Received: by 10.194.78.204 with SMTP id d12mr14455924wjx.42.1367347802081; Tue, 30 Apr 2013 11:50:02 -0700 (PDT)
Received: by 10.194.33.102 with HTTP; Tue, 30 Apr 2013 11:50:01 -0700 (PDT)
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B1C368D88@ESESSMB209.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B1C368D88@ESESSMB209.ericsson.se>
Date: Tue, 30 Apr 2013 11:50:01 -0700
Message-ID: <CABkgnnVMtp8WKQnwRhMh0JpXJ=0oMuZmTfwESnJ5gVY36VoAWA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: "mmusic@ietf.org" <mmusic@ietf.org>
Subject: Re: [MMUSIC] 10 BUNDLE questions: Same SDES key for multiple m- lines?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2013 18:50:04 -0000
On 30 April 2013 05:16, Christer Holmberg <christer.holmberg@ericsson.com> wrote: > Regarding using the same SDES key, it is important to remember that, if there is a fallback (ie the remote endpoint does not support BUNDLE, and the SDP answer will contain different ports), there will be different RTP sessions, in which case two-time pad becomes an issue. Yes, I hadn't considered that, but it's another reason to have different keys :) Since this is only the bundling side that is affected, this can be addressed with a security considerations note to the effect that the bundler, who has chosen to use the same key across m= lines, MUST NOT select the same SSRC for those sessions. I think that's an easy thing to do. Still, even without special measures chances are that you wont pick colliding SSRCs. Though the odds are not really in your favor given the size of the space you chose from; it doesn't take many sessions before it happens to someone. > So, one way forward would be: > > 1. In the first offer, when it is still unknown whether the remote endpoint supports BUNDLE, use different SDES keys. > > 2. In the second offer, if the remote endpoint indicated support of BUNDLE, allow switching to a single SDES key. That would be reasonable too. I probably wouldn't bother with the change in practice (see above), but MAY == good.
- Re: [MMUSIC] 10 BUNDLE questions: Same SDES key f… Christer Holmberg
- Re: [MMUSIC] 10 BUNDLE questions: Same SDES key f… Martin Thomson
- Re: [MMUSIC] 10 BUNDLE questions: Same SDES key f… Christer Holmberg