IETF Logo Mail Archive

Re: [MMUSIC] Getting draft-ietf-mmusic-sdp-uks-04 ready for PubReq

"Martin Thomson" <mt@lowentropy.net> Wed, 05 June 2019 03:00 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5662C120120; Tue, 4 Jun 2019 20:00:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=isGGkTS0; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=EUSFdkqR
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FS3LzZqoLk2V; Tue, 4 Jun 2019 20:00:50 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6837120633; Tue, 4 Jun 2019 20:00:49 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id D41B522409; Tue, 4 Jun 2019 23:00:48 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Tue, 04 Jun 2019 23:00:48 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type:content-transfer-encoding; s=fm2; bh=nA 9kP+xKGYe3u7HCenC1IKGfFceTl0YQpLHDfSHYeZo=; b=isGGkTS0Yqt9eiEKJu uqrbMaiUVAm4CR15vIQ/8X0xsVkZCCsqqgOXeT3ePU19ccznE6o3Ss+UvGtAtcKR rx3wINY32FFLMzwxRtK5+LWqdl1qVb/+7v09ekXROAGTJSuYP8xGDi85izRzr9SF xvrFatn+Zn0LGMXtF2HI+MyBLMo6tKdcjSOVtQNf/svTkx/2Qf8CHSzLhD4aUGdr D6A0FG+hiLgQegfRtqDhBnR8kivUnDnLcY3Zy2yLi8NHl06zibwHF9yLfPvh4I1u 2x2bZ+8X4X92eBiiC61WdqzjOddcC9xiB6VYjIuvblmoVd9LqTaXB0EKQNQxNOmm tZ3w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=nA9kP+xKGYe3u7HCenC1IKGfFceTl0YQpLHDfSHYe Zo=; b=EUSFdkqRNEMY9XbDhySE/As9YWhzPK4Cr02DNjboLZMt+yP7Lnri4Eag2 b7MaYWZ4r4dBzRuJ4KQyRMHhyS1JDfoGsCrdLR8TMgLNKLZ+sx5Fh1R/z+7yjL5v W56Sxa3/n5r1oqbhjhynii19bIFJc+xa7zwlyDPe4aRxJqUHu0MJLemw2fwesxfe FYrHUj46ysSMXC8KD9YEJs6i5qCkorAJDBztGq7Mgb2cHtd6UO8sSgTKcAc0fFWk 9AHiEm6kZJAV67Leit/qiqMvYUXzOhS280Ny9x+4kuxkvoZqhwlJAZRQILT+0LgK 5jv51FrODW64VtlOvik8fbXB+d6Vg==
X-ME-Sender: <xms:YDD3XOVG6xN1UXFxicZwDD4FqhP0GUgckg8TJLZaCJX6rz-XA9jnMw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrudeguddgieehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgfgsehtqhertderreejnecuhfhrohhmpedfofgr rhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenuc ffohhmrghinhepihgvthhfrdhorhhgnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmthes lhhofigvnhhtrhhophihrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:YDD3XITUDtecPm77l8nAX6hiRHKFZTm-rGCgm90mocavfNtLvXqE4w> <xmx:YDD3XEL-YZl5fCpjCIAUXd6JzcQxPjjoc3GTsy7Xy97Sn0axlZNyZw> <xmx:YDD3XB1HbHWwVe18YAtAkcmxPBbLvjZHmqE5Urn6pY0G4uApEy2lFg> <xmx:YDD3XBOQYWh-w05Ci8KSWmvULxc1pahhlLdfRZiozdsyXCb2hVpEhg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 18191E00A1; Tue, 4 Jun 2019 23:00:48 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-650-g74f8db0-fmstable-20190604v3
Mime-Version: 1.0
Message-Id: <2ed5021f-f9cf-4d48-a0a5-5045984168cd@www.fastmail.com>
In-Reply-To: <HE1PR07MB32599C3B63042968BBCBCDD98D150@HE1PR07MB3259.eurprd07.prod.outlook.com>
References: <HE1PR07MB3259C69803BEB1913483C7328D0B0@HE1PR07MB3259.eurprd07.prod.outlook.com> <CAD5OKxvfBSs7Yu5xyD7LXgfEW_5-2c_u39935mF8XOTxvLxixg@mail.gmail.com> <1cebc5fa-81ac-455c-9619-48d273177e5b@www.fastmail.com> <CAD5OKxtt8Attax=9-LnndF8RD2D0eFzZVSh-PqCC=9485eTJPw@mail.gmail.com> <HE1PR07MB32599C3B63042968BBCBCDD98D150@HE1PR07MB3259.eurprd07.prod.outlook.com>
Date: Wed, 05 Jun 2019 13:00:50 +1000
From: Martin Thomson <mt@lowentropy.net>
To: Bo Burman <bo.burman@ericsson.com>, Roman Shpount <roman@telurix.com>, "draft-ietf-mmusic-sdp-uks.authors@ietf.org, " <draft-ietf-mmusic-sdp-uks.authors@ietf.org>
Cc: mmusic <mmusic@ietf.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/QxyFvdEv1qsihahwlqSr3ZWWS7Y>
Subject: Re: [MMUSIC] Getting draft-ietf-mmusic-sdp-uks-04 ready for PubReq
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jun 2019 03:01:05 -0000

-05 is up.  Thanks.

On Tue, Jun 4, 2019, at 22:07, Bo Burman wrote:
> Thank you for your review Roman.
> 
> 
> Authors, since there are no unaddressed comments beyond the editorial 
> ones from Flemming (here 
> <https://mailarchive.ietf.org/arch/msg/mmusic/ZewhLMuV3EJ6r6rVsCtSiF4TsaM>), and there seems to be no objections to proceed, please submit an update addressing Flemming’s comments that I will then submit for publication.
> 
> 
> Thanks,
> 
> /Bo
> 
> MMUSIC co-chair
> 
> 
> 
> *From:* mmusic <mmusic-bounces@ietf.org> *On Behalf Of *Roman Shpount
> *Sent:* den 30 maj 2019 00:45
> *To:* Martin Thomson <mt@lowentropy.net>
> *Cc:* mmusic <mmusic@ietf.org>
> *Subject:* Re: [MMUSIC] Getting draft-ietf-mmusic-sdp-uks-04 ready for PubReq
> 
> 
> I have reviewed the document and I have confirmed that the document is 
> clear and my understanding is correct.
> 
> 
> Thank you, Martin.
> 
> _____________
> 
> Roman Shpount
> 
> 
> 
> On Mon, May 27, 2019 at 12:45 AM Martin Thomson <mt@lowentropy.net> wrote:
> 
> > On Sat, May 25, 2019, at 10:03, Roman Shpount wrote:
> > > Sorry for the late question, but is there a scenario where party is 
> > > communicating with attacker but believes that it communicates with 
> > > patsy?
> > 
> > I don't think so. I think that would require failures in parts of the system that we are assuming to be OK (the IdP in one case, the signaling system in the other). The attacker can swap another entity into a call, but not vice versa.
> > 
> > > In all the described attacks, all I see is that one of the attacked 
> > > parties is communicating with another but thinks it is communicating 
> > > with the attacker. What is the risk associated with this? How this is 
> > > different then just setting up a communication channel with attacker 
> > > who is re-encoding the data?
> > 
> > This is different because a recipient is able to authenticate the source of the media as being the victim. It is very much like relaying media by instantiating a new session and forwarding media, but if context (or ambient authority) is used in interpreting that data, the attacker might gain something.
> > 
> > Imagine the following conversation: 
> > 
> > victim: I will buy 10.
> > response: Are you quite sure?
> > victim: Yes. Please charge to my account.
> > 
> > If the attacker is selling boxes of cookies and the target is selling refrigerators, the result might be surprising.
> 
> Attachments:
> * smime.p7s

v2.23.0 | Report a Bug | By Email