IETF Logo Mail Archive

Re: [MMUSIC] draft-davis-valverde-srtp-assurance [was: Re: [dispatch] IETF 117 - do you have something for DISPATCH?]

Dan Wing <danwing@gmail.com> Wed, 19 July 2023 18:01 UTC

Return-Path: <danwing@gmail.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34497C14F726; Wed, 19 Jul 2023 11:01:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.093
X-Spam-Level:
X-Spam-Status: No, score=-2.093 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LDMqoLcbiQG8; Wed, 19 Jul 2023 11:01:48 -0700 (PDT)
Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89695C15153E; Wed, 19 Jul 2023 11:01:48 -0700 (PDT)
Received: by mail-pl1-x632.google.com with SMTP id d9443c01a7336-1b8ad356f03so43585435ad.1; Wed, 19 Jul 2023 11:01:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689789708; x=1690394508; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=08Y5vS1LrREHcaXhLNXJdVdRvjnu3EwvFSoZxmxx7TE=; b=nSUJK8HPydONLDWkTNIdpPOY6+TXBjPVy4hkUNyATVMozqtkfFgtZ1qFAAmBgYNMbN UM6GluOwzNDMOaDu4/yv6vKARPjFHoUlK9Cwb/PiJqpxyQuvkniRPyPyhy61Y56XvxOy l2td2cHrkOecI8dtzFRCWK4k3JWS3CWVMPDniiD1iXu3AUcodcIXU15OoXNP0n78Mb8Z GK0tpTbQ2cSY1pemCsnPdJgIHLS4ZdFcJb8mXDii94/DvBmLOfnMaP7nTUdFxiq2Zu57 uDVfbsWatPML7FdA46QcVCbo5gbepXiDvPy863rX+Rj6BLXRFhANSSVC3xz4aYpKgC2Z s4Fg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689789708; x=1690394508; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=08Y5vS1LrREHcaXhLNXJdVdRvjnu3EwvFSoZxmxx7TE=; b=byEStnwu1hWGgDBWqGkae67z88wZNvu47tcN1lxvrq6SDXsBwfzgLa4O+vMRZe9cff 8ExgWHqw2lgePB4tk4aDRaUgxBGGMfQYpiEul14XNP/IA+SDN67KdDeqVYPzrswXrhaR 7+qwETK6oxdFp4QqdJt37eeWxecgdBgLjCi5S5SKkmoM1Jtj1OxV/sY/Cg3obmsEw9i9 KnaUVvPyapy/8liSz9tR8dIYt3AZn7I3FFK5SvN0HDo9YAC+6vLrJcXL9qgoHGl7x9Zi JcvR5ETv7repIK4W72U9PTZ1IguSTtS+4Hcv+30gQ6cFN+v7Ym0umuSSVPWqN+sFxKwS Tctg==
X-Gm-Message-State: ABy/qLb/hkFlkdW0OjXP/nvA1WXM/NzRfxpdXHn6RF76hYRfdpoSp53/ fPFSWrpibojMsOGj3+DKXyw=
X-Google-Smtp-Source: APBJJlGLj9p2tqeB55Fgj2cAqJzPd5CSrdQc2HSGfFT3hQd6/6rkZLwhuXYZ3KIyjOPz9gxA+XVpHg==
X-Received: by 2002:a17:902:c115:b0:1b9:e481:ef3f with SMTP id 21-20020a170902c11500b001b9e481ef3fmr2825773pli.9.1689789707686; Wed, 19 Jul 2023 11:01:47 -0700 (PDT)
Received: from smtpclient.apple ([47.208.218.46]) by smtp.gmail.com with ESMTPSA id 20-20020a170902e9d400b001ac95be5081sm4242916plk.307.2023.07.19.11.01.46 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Jul 2023 11:01:47 -0700 (PDT)
From: Dan Wing <danwing@gmail.com>
Message-Id: <9AB41B3E-F877-408E-A90A-54BD564C48E9@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_3188FDAE-1C5D-4926-9DC8-046738042AD9"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
Date: Wed, 19 Jul 2023 11:01:45 -0700
In-Reply-To: <PH0PR11MB50293AD3FEDA894B9B2D3041BB3BA@PH0PR11MB5029.namprd11.prod.outlook.com>
Cc: "dispatch@ietf.org" <dispatch@ietf.org>, Robert Sparks <rjsparks@nostrum.com>, "mmusic@ietf.org" <mmusic@ietf.org>
To: "Kyzer Davis (kydavis)" <kydavis@cisco.com>
References: <0490249B-C51B-4E18-8155-144CE044E994@gmail.com> <PH0PR11MB50293AD3FEDA894B9B2D3041BB3BA@PH0PR11MB5029.namprd11.prod.outlook.com>
X-Mailer: Apple Mail (2.3731.600.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/VrYlxZ3JUxO0UvxqZYzDsSYBUPM>
Subject: Re: [MMUSIC] draft-davis-valverde-srtp-assurance [was: Re: [dispatch] IETF 117 - do you have something for DISPATCH?]
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2023 18:01:52 -0000

On Jul 17, 2023, at 2:09 PM, Kyzer Davis (kydavis) <kydavis@cisco.com> wrote:
> 
> Hello Dan,
>  
> I reached out to the MMUSIC chairs (along with AVTCORE Chairs and Dispatch chairs CC’d) 
> MMUSIC felt like it belonged but still wanted the dispatch time since there is no MMUSIC meeting at 117.
>  
> To address a few other statements:
>  
> > I would like to understand where EKT-SRTP (RFC8870) fails to meet needs.  
> I think EKT-SRTP does a great job. That is, if we are using DTLS-SRTP. I am only aiming to do the same for SDP Security (SDES).
>  
> > I would rather see RFC8870 extended to work with SDP Security Descriptions because it moves us on a path towards DTLS-SRTP:  DTLS-SRTP-signaled endpoints could interop with SDP Security Descriptions-signaled endpoints because they're both using EKT to handle SSRC/ROC and key changes when group membership changes.  
> I believe you are referencing the act of an SBC/B2BUA interoperating SDP Security and DTLS-SRTP w/EKT?

Yes, if/when such interworking is needed, the interworking would need a B2BUA for the signaling.  That is always necessary for signaling interworking, so no surprise there.   But there would be no need to have an SBC for media, because EKT would allow both DTLS-SRTP- and SDES-signaled endpoints to interwork with each other.  

In contrast, if SDP Security Descriptions avoids EKT and does its signaling in SDP, there would *need* to be media interworking (SBC) with encrypt/decrypt to interwork the EKT with SDP Security Descriptions.


> I found some older EKT-SRTP drafts that I think are the topic:
> https://www.ietf.org/archive/id/draft-mcgrew-srtp-ekt-06.html#anchor6
> https://www.ietf.org/archive/id/draft-mcgrew-srtp-ekt-06.html#anchor21
>  
> One point discussed in there was “SDP Security Descriptions however does not negotiate SSRCs and their associated Rollover Counter (ROC). Instead, SDES relies on a so-called "late binding", where a newly observed SSRC will have its crypto context initialized to a ROC value of zero. Clearly, this does not work for participants joining an SRTP session that has been established for a while and hence has a non-zero ROC.”
>  
> If that is the point then I agree; having the SSRC, ROC, SEQ in SDES/SDP security could allow for an intermediary to easily interwork SDES<>DTLS-EKT-SRTP.
> Note: I would need to audit EKT-SRTP to see if there is anything else SDES is missing that could help that Key Management Interworking.

Sure, I'm not saying "it is immediately obvious and do-able".  But it seems safer to move towards DTLS-SRTP signaling, as that brings better interop with WebRTC, as well.


> > We really should be deprecating SDP Security Descriptions because it has far worse security properties compared with DTLS-SRTP.
> I also know SDP as a means for conveying keying material for SRTP isn't exactly the best method in the grand scheme when compared to the other available options.
> That being said, there are many millions of devices across different vendors still using SDP Security as the SRTP key management protocol.
> Further, I continue to see more modern internet telephony service providers providing TLS SIP w/SRTP via SDES and the acceleration of cloud registered SIP endpoints utilizing SDP Security. 
> Ignoring the problem that could positively affect so many does not seem like the right thing to do.

Security Descriptions fails to meet modern privacy requirements, which cannot be ignored for those millions of humans using those millions of devices.


>  
> Other:
> I started an audit of various enterprise, cloud and service provider offerings to compare MIKEY, DTLS-SRTP, EKT-SRTP, and SDP Security but I will not be able to finish this by the time for dispatch so I have dropped the slide. I can create a wiki page on the drafts GitHub if the group wants to help crowdsource a “Current State of SRTP Key Management Protocol offerings in 2023”. Similarly, if a similar study already exists I would love to give it a read.

Market share is interesting, I suppose.

IAB and IETF are pretty clear that protocols need to be encrypted to provide privacy to Internet users.  Security Descriptions doesn't meet that need.

It is a matter of choosing:
  - modify SDP Security Descriptions endpoints to understand SSRC and ROC signaling in SDP (write code and write standard)
or
  - modify SDP Security Descriptions endpoints to understand EKT (write code) and define how EKT works with SDP Security Descriptions (write standard)

-d

 
> Lastly, I have a WIP draft-01 which provides an alternative solution to draft-00’s a=srtpctx SDP attribute.
> The alternative solution reuses the sdp security session parameter postfix options to convey SSRC, ROC, SEQ. 
> https://www.iana.org/assignments/sdp-security-descriptions/sdp-security-descriptions.xhtml#sdp-security-descriptions-4
> I plan to have a slide on both solutions for the dispatch discussion.
>  
> Thanks,
>  
> From: Dan Wing <danwing@gmail.com <mailto:danwing@gmail.com>> 
> Sent: Monday, July 17, 2023 3:41 PM
> To: dispatch@ietf.org <mailto:dispatch@ietf.org>
> Cc: Kyzer Davis (kydavis) <kydavis@cisco.com <mailto:kydavis@cisco.com>>; Robert Sparks <rjsparks@nostrum.com <mailto:rjsparks@nostrum.com>>; mmusic@ietf.org <mailto:mmusic@ietf.org>
> Subject: draft-davis-valverde-srtp-assurance [was: Re: [dispatch] IETF 117 - do you have something for DISPATCH?]
>  
> Yeah, it feels like draft-davis-valverde-srtp-assurance could go straight to MMUSIC.
>  
> The I-D needs to discuss what happens when SSRC collision occurs, which I think is "send new SDP indicating the new SSRC and ROC=0".
>  
> I would like to understand where EKT-SRTP (RFC8870) fails to meet needs.  The design of EKT-SRTP avoids signaling SSRC or ROC in the signaling channel and, instead, allow them both to be indicated in the SRTP channel itself.  This design allows SSRC collisions to be handled very much like how they are handled with RTP (that is, without the "S").  I would rather see RFC8870 extended to work with SDP Security Descriptions because it moves us on a path towards DTLS-SRTP:  DTLS-SRTP-signaled endpoints could interop with SDP Security Descriptions-signaled endpoints because they're both using EKT to handle SSRC/ROC and key changes when group membership changes.  We really should be deprecating SDP Security Descriptions because it has far worse security properties compared with DTLS-SRTP.
>  
> -d
>  
> 
> 
> Hi Kyzer (et. al.) -
>  
> Why aren't you taking this straight to mmusic? Am I missing something 
> that says that's not the obvious place for the work?
>  
> RjS
>  
>  
> On 6/27/23 7:31 AM, Kyzer Davis (kydavis) wrote:
> > 
> > Hello,
> > 
> > I would like to request a bit of dispatch time for the draft just posted:
> > 
> > https://datatracker.ietf.org/doc/draft-davis-valverde-srtp-assurance/
> > 
> > I also plan to attend IETF 117 in person to represent.
> > 
> > Thanks,
> >

v2.23.0 | Report a Bug | By Email