IETF Logo Mail Archive

Re: [MMUSIC] draft-dtls-sdp: Allow offerer to establish DTLS association before it has received the SDP answer?

Martin Thomson <martin.thomson@gmail.com> Mon, 22 May 2017 10:08 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B60F129BD8 for <mmusic@ietfa.amsl.com>; Mon, 22 May 2017 03:08:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.8
X-Spam-Level:
X-Spam-Status: No, score=-0.8 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hWyZRYrCfJjW for <mmusic@ietfa.amsl.com>; Mon, 22 May 2017 03:08:26 -0700 (PDT)
Received: from mail-lf0-x234.google.com (mail-lf0-x234.google.com [IPv6:2a00:1450:4010:c07::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30837126CD8 for <mmusic@ietf.org>; Mon, 22 May 2017 03:08:26 -0700 (PDT)
Received: by mail-lf0-x234.google.com with SMTP id 99so28166268lfu.1 for <mmusic@ietf.org>; Mon, 22 May 2017 03:08:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=EYLYXWTZ2EQVUCmIMevboF/0Zfi/0KsqBpq3NNt+AtQ=; b=g0pToJWW5hA9rrBzhtdXjlvL4aShQerc4AiRJI2givmgn8PJm9lL0/zHhJ7ocMZg+c Bo0wpTkmRhx8swb8IklLBGbDHuciKtzNDBvef3qLrkenloXuTrNK95VpB+VJp/EI3ONv ow2AFjfFkul+SKhK0k9QWAivhoNOUt4DVylSuioZbK7uRTG6w2yvnoVUED6TTEZYHtuN yq8Ld+BdvHi1fAyNjrDL+p6TwZHbrHNaehCgDAngbtOT3t8mWeNMteIjmPHS+GT4mmKS +FrZ8DXdEcd2ZrPRnsMAyBGNSuNCuxLyA3WA9gXdXkqm6IzEMNQH7bzGrnhme/8//JlQ QJiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=EYLYXWTZ2EQVUCmIMevboF/0Zfi/0KsqBpq3NNt+AtQ=; b=W1vzUiOk/Z81pbceO/fvHQbkfZqRS2mROdiTvvKBxs7jzXA4bcxlLFIFmki4E5C/xE FT2zunOpSM+CGljMwwaRdpM1xcik0AcO35S8jarmhTt2Am09BWTFUIUQOvFYj6fylLiA bahE16MDeK9MSanS7Pin82W2XyGu/pLL7hok+PKlgQavjeewXcvvV49wm46tI0jDOh6M p/Cs/Lp4yHUTbCLX110Jm737N3Bnb8gEECYdJKW09GwqxBuRc562itoCmAQiyZNDT3ti TbN3PY9W3JOAVVEPOlj4uU3kpD7xHG8A5poy+lMgxeLydNSxvtpERgbqlb4YhUC2TuVj ROeg==
X-Gm-Message-State: AODbwcD1Fe682qPtWh5sSDoKT5nXtvmwKg6R7KbKo+/dXnX0bFJzwY4+ mTcMyTYXXE7ztF3VsncHTXc/V0706Q==
X-Received: by 10.25.166.133 with SMTP id p127mr5133882lfe.43.1495447704319; Mon, 22 May 2017 03:08:24 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.46.22.73 with HTTP; Mon, 22 May 2017 03:08:23 -0700 (PDT)
In-Reply-To: <D5487BC2.1CF8E%christer.holmberg@ericsson.com>
References: <D5407B8A.1C98B%christer.holmberg@ericsson.com> <CABcZeBN+91+kf8j599CpdiHu62QoOu4Xbkb5xhEEwSQp_LGxFw@mail.gmail.com> <CAD5OKxsFwbQPK2jz-BnS3Re6df2tU1RzuFgWx1f8xKio6NdJTQ@mail.gmail.com> <CABcZeBNoOaZaotNjz35CT=9Vb8ktHysnp9hZZu4=yK3oz5=2Fw@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B4CBA529B@ESESSMB109.ericsson.se> <D5487BC2.1CF8E%christer.holmberg@ericsson.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 22 May 2017 20:08:23 +1000
Message-ID: <CABkgnnXzzKMWrPaGq6mho=Dmq7Hjbi_G4Ng1O6LBCTL-1Pt-hA@mail.gmail.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Cc: Eric Rescorla <ekr@rtfm.com>, Roman Shpount <roman@telurix.com>, "mmusic@ietf.org" <mmusic@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/Rr2zZSi2BWfw9Q8P2taVhHTf3x4>
Subject: Re: [MMUSIC] draft-dtls-sdp: Allow offerer to establish DTLS association before it has received the SDP answer?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 May 2017 10:08:28 -0000

On 22 May 2017 at 18:24, Christer Holmberg
<christer.holmberg@ericsson.com> wrote:
> I have updated the PR. The text now allows the offerer to establish the DTLS
> association before it has received the SDP answer, but that any media
> received before the answer shall be considered unauthenticated.
>
> https://github.com/cdh4u/draft-dtls-sdp/pull/31
>
> I intend to submit a new version of the draft soon, so please indicate if
> you don’t agree with the text – together with text that you (and hopefully
> others) would agree too :)

Roman is right here, this is going too far.  As ekr points out, we
over-corrected by insisting that the handshake not proceed without the
answer, but doesn't mean that we should let the handshake complete
without knowing to whom we are completing the handshake with.

There is a case for taking the data you receive and holding it until
you get an answer; it would be OK to allow that, though it would need
some careful writing.

However, I believe that the reason we've been asked to do this is in
aid of actually playing out media from a completely unauthenticated
source.  That's the point at which this goes pear-shaped.  The whole
point of this is to provide integrity, and that doesn't happen if an
attacker gets to provide the first few bits of a stream.

I realize that this makes Cullen's use case harder, but several
alternative solutions have been offered.

My preference is to forbid handshake completion until the anchors by
which the handshake is assessed (a=fingerprint, a=tls-id) are
available.

Second in preference to that is to allow received data to be saved,
but not used.  In no circumstance should we allow data to be *sent*.
It's very hard to guarantee that an error that is detected on the peer
will actually result in the connection terminating in a reasonable
period of time.  The current draft is vague on this point.

p.s., Tim's comment about media vs. data needs to be addressed.

v2.23.0 | Report a Bug | By Email