Re: [MMUSIC] 10 BUNDLE questions: Same SDES key for multiple m- lines?
Christer Holmberg <christer.holmberg@ericsson.com> Tue, 30 April 2013 12:16 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FC5521F9A6C for <mmusic@ietfa.amsl.com>; Tue, 30 Apr 2013 05:16:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.099
X-Spam-Level:
X-Spam-Status: No, score=-6.099 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oMxlEUbmWGFz for <mmusic@ietfa.amsl.com>; Tue, 30 Apr 2013 05:16:39 -0700 (PDT)
Received: from mailgw2.ericsson.se (mailgw2.ericsson.se [193.180.251.37]) by ietfa.amsl.com (Postfix) with ESMTP id E36C921F966A for <mmusic@ietf.org>; Tue, 30 Apr 2013 05:16:38 -0700 (PDT)
X-AuditID: c1b4fb25-b7f366d000004d10-a4-517fb6255fe3
Received: from ESESSHC011.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw2.ericsson.se (Symantec Mail Security) with SMTP id 9A.47.19728.526BF715; Tue, 30 Apr 2013 14:16:38 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.167]) by ESESSHC011.ericsson.se ([153.88.183.51]) with mapi id 14.02.0328.009; Tue, 30 Apr 2013 14:16:37 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Martin Thomson <martin.thomson@gmail.com>
Thread-Topic: [MMUSIC] 10 BUNDLE questions: Same SDES key for multiple m- lines?
Thread-Index: Ac5Fm5YzG97WvrBuR0q4LrredSKh4Q==
Date: Tue, 30 Apr 2013 12:16:36 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1C368D88@ESESSMB209.ericsson.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.20]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrALMWRmVeSWpSXmKPExsUyM+Jvra7atvpAg9P9TBbXzvxjtJi6/DGL A5PHzll32T2WLPnJFMAUxWWTkpqTWZZapG+XwJVxa551wRLhigXvtzM2MD4R6mLk5JAQMJF4 dXkiE4QtJnHh3nq2LkYuDiGBw4wSTzZNg3KWMEoc+P+XtYuRg4NNwEKi+582SIOIgK7EorMP 2EHCzALqElcXB4GEhQUCJd5O28QIURIksWTGLChbT6JzWhsbiM0ioCpx4Mg0sL28Ar4STWca 2UFsRqAbvp9aAxZnFhCXuPVkPtRtAhJL9pxnhrBFJV4+/scKYStKXJ2+nAniBE2J9bv0IVoV JaZ0P2SHGC8ocXLmE5YJjCKzkEydhdAxC0nHLCQdCxhZVjGy5yZm5qSXG21iBIb6wS2/VXcw 3jkncohRmoNFSZw3fUV9oJBAemJJanZqakFqUXxRaU5q8SFGJg5OqQbGjL1LjvjEPV0jNG/z RCVOngNTNlUvn/t549NMtbkRQcGRUSdOVJ/bvthpZ7lk5uab955vL56SdyhKPrlX0mrvba1/ yYd9RArt3CQnK71uXs194vHf05v/nFEV8lm7soo/Kkvhz7R14jWvVPgi47e8U7SML1ml/KnZ +MwCqU7zXpcfQVM+MdQ+UGIpzkg01GIuKk4EAFDplBVDAgAA
Cc: "mmusic@ietf.org" <mmusic@ietf.org>
Subject: Re: [MMUSIC] 10 BUNDLE questions: Same SDES key for multiple m- lines?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2013 12:16:59 -0000
Hi, >> As people have indicated, it prevents a two-time pad attack, and that is also the only reason I can think of. My suggestion is to keep the restriction in list 1 and 2. But, if someone OBJECTS to this, please indicate so. > > The two-time pad thing is bogus, unless you are using shim (so that you can reuse SSRCs). > > I think that I would like to OBJECT to this. It is possible to perform decrypt after demux, and there are no inherent problems. > > I initially wasn't that concerned with people taking this position, because I figured that it would be better to allow for some flexibility in the order of operations. However, it makes multiplexing translators harder to build. > > It's not a strong objection. After all, we are all in the business of accelerating the heat death of the universe. > >>> 6. If you start with a m= line with one SDES config (e.g. 32-bit >>> MAC), and then BUNDLE with another SDES line with a different (non >>> overlapping) SDES config (e.g. 80-bit MAC), what happens? (assume >>> fail) >> >> People have indicated that this would be a failure, and I have seen no one indicate otherwise. But, if someone OBJECTS to this, please indicate so. > > See above. Regarding using the same SDES key, it is important to remember that, if there is a fallback (ie the remote endpoint does not support BUNDLE, and the SDP answer will contain different ports), there will be different RTP sessions, in which case two-time pad becomes an issue. So, one way forward would be: 1. In the first offer, when it is still unknown whether the remote endpoint supports BUNDLE, use different SDES keys. 2. In the second offer, if the remote endpoint indicated support of BUNDLE, allow switching to a single SDES key. Regards, Christer
- Re: [MMUSIC] 10 BUNDLE questions: Same SDES key f… Christer Holmberg
- Re: [MMUSIC] 10 BUNDLE questions: Same SDES key f… Martin Thomson
- Re: [MMUSIC] 10 BUNDLE questions: Same SDES key f… Christer Holmberg