Re: [MMUSIC] Input wanted for draft-ietf-mmusic-sdp-uks
Flemming Andreasen <fandreas@cisco.com> Thu, 14 June 2018 21:43 UTC
Return-Path: <fandreas@cisco.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D68D130E3B for <mmusic@ietfa.amsl.com>; Thu, 14 Jun 2018 14:43:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.509
X-Spam-Level:
X-Spam-Status: No, score=-14.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5UZSt2_V9Q40 for <mmusic@ietfa.amsl.com>; Thu, 14 Jun 2018 14:43:53 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF1BE12D949 for <mmusic@ietf.org>; Thu, 14 Jun 2018 14:43:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7712; q=dns/txt; s=iport; t=1529012632; x=1530222232; h=subject:to:references:from:message-id:date:mime-version: in-reply-to; bh=ntvaJP9CkRSHGAZF5ov1xSVa75rOJb6EvQEU2ylTf6I=; b=fw7T+tCM4ZQHSskJc8mY3iH6+lYD7OsDPcCMNF1C7LzQGset3wXHfLbO wJynhMetfy04QXqkZATDYfmuE3cpMrDg5AxljhnFB4HpmQiCYu8rrUcEl rEmp37hB6snoXFE5mI4te/t8ztBsLcRVChciwoJqP/aUW0sQ7AAtKaw/V g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CrAQCB4CJb/5ldJa1dGQEBAQEBAQEBAQEBAQcBAQEBAYJTdWJ/KJhPgVYpj26GdwsYAQqEA0YCgkkhOBQBAgEBAQEBAQJtHAyFKQEBBAEBK0EbCxguJzAGAQwGAgEBF4MHAoFyDQ+sDB+EPINtgWMFhheCNYFUP4EPJIJogxMBAQMBhzICmQ4JhXmJAgaBP4QAgkWFNIoNhzSBWCGBUk0jFTuCQ4sRhVojMJBDAQE
X-IronPort-AV: E=Sophos;i="5.51,224,1526342400"; d="scan'208,217";a="129212511"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Jun 2018 21:43:52 +0000
Received: from [10.118.10.21] (rtp-fandreas-2-8814.cisco.com [10.118.10.21]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id w5ELhpYq022354; Thu, 14 Jun 2018 21:43:51 GMT
To: Bo Burman <bo.burman@ericsson.com>, "mmusic (mmusic@ietf.org)" <mmusic@ietf.org>, Martin Thomson <martin.thomson@gmail.com>, Eric Rescorla <ekr@rtfm.com>
References: <DB7PR07MB3850C6167834ABFD35D598988D950@DB7PR07MB3850.eurprd07.prod.outlook.com>
From: Flemming Andreasen <fandreas@cisco.com>
Message-ID: <a3fbc621-c0cd-4d72-ee59-d4c66dcd9c05@cisco.com>
Date: Thu, 14 Jun 2018 17:43:51 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <DB7PR07MB3850C6167834ABFD35D598988D950@DB7PR07MB3850.eurprd07.prod.outlook.com>
Content-Type: multipart/alternative; boundary="------------2562DBA251CC2063911D661D"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/S--938SHsvRQq-k-w2rvqMgAzv4>
Subject: Re: [MMUSIC] Input wanted for draft-ietf-mmusic-sdp-uks
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jun 2018 21:43:56 -0000
I took a look at the document and have a couple of comments: I was initially expecting the unknown key share attack to be about what the document refers to as Session Concatenation (in Section 5), however the attack overview in Section 2.1 describes two other attack scenarios instead. I think it would be helpful to be clear on all the attack scenarios up front. Secondly, I find it very difficult to follow the "two concurrent calls" attack scenario described. The overview is very high-level and the example in Section 2.3 omits too many details for me to fully understand the attack (there seems to be more going on between Mallory and Patsy than explained in the text and there are subtleties around what Mallory actually does with the respective SIP, DTLS and media packets for each session that are not entirely clear to me). Without a solid understanding of the attack, it is difficult to determine if the proposed solution truly mitigates it (I was in fact wondering about how the solution would work with session concatenation in the absence of somehow securely associating the session identifier with a particular SIP signaling session, which the document gets more into later in Section 5). A similar concern applies to the WebRTC use case, since I'm not familiar with the details of how that works, and hence would benefit from more details. On that note, there are solution elements here that span TLS/DTLS, SDP, and WebRTC/RTCWeb, and we should ensure those groups review the document as well. Have the authors circulated the document in those groups ? Thanks -- Flemming (as individual) On 5/21/18 9:44 AM, Bo Burman wrote: > > WG, > > We have not seen any discussion on the list for this draft since it > was submitted late January 2018. Please consider reviewing and > commenting if you have interest in progressing the draft. It is a > short document (only 13 pages in total). > > Datatracker: https://datatracker.ietf.org/doc/draft-ietf-mmusic-sdp-uks/ > > Cheers, > > Bo > > MMUSIC co-chair > > > > _______________________________________________ > mmusic mailing list > mmusic@ietf.org > https://www.ietf.org/mailman/listinfo/mmusic
- Re: [MMUSIC] Input wanted for draft-ietf-mmusic-s… Dale R. Worley
- Re: [MMUSIC] Input wanted for draft-ietf-mmusic-s… Flemming Andreasen
- Re: [MMUSIC] Input wanted for draft-ietf-mmusic-s… Martin Thomson
- Re: [MMUSIC] Input wanted for draft-ietf-mmusic-s… Flemming Andreasen
- Re: [MMUSIC] Input wanted for draft-ietf-mmusic-s… Martin Thomson
- Re: [MMUSIC] Input wanted for draft-ietf-mmusic-s… Martin Thomson
- Re: [MMUSIC] Input wanted for draft-ietf-mmusic-s… Christer Holmberg
- Re: [MMUSIC] Input wanted for draft-ietf-mmusic-s… Christer Holmberg
- Re: [MMUSIC] Input wanted for draft-ietf-mmusic-s… Paul Kyzivat
- Re: [MMUSIC] Input wanted for draft-ietf-mmusic-s… Martin Thomson
- Re: [MMUSIC] Input wanted for draft-ietf-mmusic-s… Dale R. Worley
- [MMUSIC] Input wanted for draft-ietf-mmusic-sdp-u… Bo Burman