Re: [MMUSIC] AD evaluation: draft-ietf-mmusic-latching-04
Alissa Cooper <alissa@cooperw.in> Thu, 03 April 2014 18:19 UTC
Return-Path: <alissa@cooperw.in>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 297471A024D for <mmusic@ietfa.amsl.com>; Thu, 3 Apr 2014 11:19:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TwtfVZXKm--a for <mmusic@ietfa.amsl.com>; Thu, 3 Apr 2014 11:19:45 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) by ietfa.amsl.com (Postfix) with ESMTP id 63F861A022E for <mmusic@ietf.org>; Thu, 3 Apr 2014 11:19:45 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.mail.srv.osa [10.202.2.42]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 7082420B53 for <mmusic@ietf.org>; Thu, 3 Apr 2014 14:19:40 -0400 (EDT)
Received: from frontend1 ([10.202.2.160]) by compute2.internal (MEProxy); Thu, 03 Apr 2014 14:19:40 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h=date :subject:from:to:cc:message-id:references:in-reply-to :mime-version:content-type:content-transfer-encoding; s=mesmtp; bh=I2Q48C5KjLtuw6B6RewvcB6NeUk=; b=A9ji+997cnAq+P4HtXKZ8gPFyxn5 98mr6OgluUBegm0bByNf/BWUM+JIuwNN09Gc0AfdhvbUlaBGusEzJpcl4heOKCk2 y1WuDXoPWIYx0rBoGJAZbqEU+HdlH2sn/wVjps0egUdxKX/8B3uoc7fabVCYSQKo c3A5Mx7FvsBAH3A=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=date:subject:from:to:cc:message-id :references:in-reply-to:mime-version:content-type :content-transfer-encoding; s=smtpout; bh=I2Q48C5KjLtuw6B6RewvcB 6NeUk=; b=Cu8aJijeyCnAG5tqJi3YmxFMUIXMzQAYIdmZGL90HM/6T3R8mPOtgs 3GHyxMs5yavzeBXufN5SSQJ26e+YymHI5EdGvZ5X2fd7AyqxZlB6ld6O+6ayq1mS Em21I6e0KvCCKxW1hX6pblgIWWj6GLKFSKmu5WergQB8b51RkkqIA=
X-Sasl-enc: RtsEBI+81U8PRkKgACaPdW+7I18uzgONtht5iZmrYxFg 1396549179
Received: from [171.68.18.132] (unknown [171.68.18.132]) by mail.messagingengine.com (Postfix) with ESMTPA id D3CCCC00005; Thu, 3 Apr 2014 14:19:38 -0400 (EDT)
User-Agent: Microsoft-MacOutlook/14.3.9.131030
Date: Thu, 03 Apr 2014 11:19:32 -0700
From: Alissa Cooper <alissa@cooperw.in>
To: Dan Wing <dwing@cisco.com>
Message-ID: <CF62F0FE.300ED%alissa@cooperw.in>
Thread-Topic: [MMUSIC] AD evaluation: draft-ietf-mmusic-latching-04
References: <CF489B5D.25EB0%alissa@cooperw.in> <CAPvvaaKM7S0jRA1dQgCZLGfg4ryNRriMfvSM3V6sD+=3TX4Jzw@mail.gmail.com> <CF6053C5.2F454%alissa@cooperw.in> <D89856F8-9E74-4612-88D8-D9E1EE27BE36@cisco.com> <CF62E5DD.2FFDF%alissa@cooperw.in> <7CB15B3C-4A35-4397-8029-1396722EB2CC@cisco.com>
In-Reply-To: <7CB15B3C-4A35-4397-8029-1396722EB2CC@cisco.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/mmusic/MxfGapW80rwiRAfLEnNm5s1k__A
Cc: draft-ietf-mmusic-latching@tools.ietf.org, mmusic <mmusic@ietf.org>
Subject: Re: [MMUSIC] AD evaluation: draft-ietf-mmusic-latching-04
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Apr 2014 18:19:51 -0000
On 4/3/14 10:39 AM, "Dan Wing" <dwing@cisco.com> wrote:
>
>On Apr 3, 2014, at 10:28 AM, Alissa Cooper <alissa@cooperw.in> wrote:
>
>> Hi Dan,
>>
>> On 4/1/14 11:42 AM, "Dan Wing" <dwing@cisco.com> wrote:
>>>
>>>>> The draft suggests use of SRTP for authenticating media which does
>>>>> resolve the security issues (from a privacy/confidentiality
>>>>> perspective).
>>>>>
>>>>
>>>> I was more concerned with the DoS aspect.
In response to Emil's note above about the SRTP text resolving the
security issues "from a privacy/confidentiality perspective," all I was
saying was that my initial question was prompted not because I was
concerned about a breach of confidentiality, but about the ability to
perform a DoS attack even when SRTP is in use. I think the text in Section
5 that describes this is ok though.
>>>
>>> The DoS aspect of authenticating incoming SRTP packets to the SBC?
>>
>> The DoS aspect that is described in the paragraph Emil quoted below.
>>
>>>
>>>
>>>>
>>>>> That's part of section 5:
>>>>>
>>>>> Naturally, SRTP [RFC3711] would help mitigate such threats and should
>>>>> be used independently of HNT. For example, in cases where end-to-end
>>>>> encryption is used it would still be possible for an attacker to
>>>>> hijack a session despite the use of SRTP and perform a denial of
>>>>> service attack. However, media integrity would not be compromised.
>>>>>
>
>Sorry, I read it again and I'm still not clear on the concern. Could you
>restate or rephrase.
>
>
>>
>>>> I think something like the following might capture the
>>>> situation better:
>>>>
>>>> OLD:
>>>> Due to the security issues presented in Section 5, the latching
>>>> mechanism
>>>> is considered inappropriate for general use on the Internet unless all
>>>> security considerations are taken into account and solved.
>>>>
>>>>
>>>> NEW:
>>>> Due to the security issues presented in Section 5, the latching
>>>> mechanism
>>>> is considered inappropriate for general use on the Internet, and in
>>>> controlled environments unless all security considerations are taken
>>>> into
>>>> account and solved.
>>>
>>> "General use on the Internet" and "in controlled environments" are 100%
>>> of all networks, so perhaps simplifying to:
>>>
>>> NEW:
>>> Due to the security issues presented in Section 5, the latching
>>> mechanism
>>> is considered appropriate only when all security considerations are
>>> taken into
>>> account and solved.
>>
>> I think the text in the -04 is preferable to this, as it is more
>>specific.
>>
>> I would be interested in others' thoughts on the text I proposed above.
>
>Could we at least eliminate the double negatives ("inappropriate ...
>unless")?
In principle, yes, but it seems much easier to enumerate the situations
where it's inappropriate than where it's appropriate -- I'm finding it
difficult to think of better phrasing.
Alissa
>
>-d
>
>
>>
>> Thanks,
>> Alissa
>>
>>
>
- [MMUSIC] AD evaluation: draft-ietf-mmusic-latchin… Alissa Cooper
- Re: [MMUSIC] AD evaluation: draft-ietf-mmusic-lat… Emil Ivov
- Re: [MMUSIC] AD evaluation: draft-ietf-mmusic-lat… Cullen Jennings
- Re: [MMUSIC] AD evaluation: draft-ietf-mmusic-lat… Emil Ivov
- Re: [MMUSIC] AD evaluation: draft-ietf-mmusic-lat… Alissa Cooper
- Re: [MMUSIC] AD evaluation: draft-ietf-mmusic-lat… Alissa Cooper
- Re: [MMUSIC] AD evaluation: draft-ietf-mmusic-lat… Dan Wing
- Re: [MMUSIC] AD evaluation: draft-ietf-mmusic-lat… Alissa Cooper
- Re: [MMUSIC] AD evaluation: draft-ietf-mmusic-lat… Dan Wing
- Re: [MMUSIC] AD evaluation: draft-ietf-mmusic-lat… Alissa Cooper
- Re: [MMUSIC] AD evaluation: draft-ietf-mmusic-lat… Kevin Gross
- Re: [MMUSIC] AD evaluation: draft-ietf-mmusic-lat… Alissa Cooper
- Re: [MMUSIC] AD evaluation: draft-ietf-mmusic-lat… Emil Ivov