IETF Logo Mail Archive

Re: [MMUSIC] AD evaluation: draft-ietf-mmusic-latching-04

Dan Wing <dwing@cisco.com> Thu, 03 April 2014 17:39 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D17C1A0218 for <mmusic@ietfa.amsl.com>; Thu, 3 Apr 2014 10:39:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CoYuydPtCoRC for <mmusic@ietfa.amsl.com>; Thu, 3 Apr 2014 10:39:50 -0700 (PDT)
Received: from mtv-iport-2.cisco.com (mtv-iport-2.cisco.com [173.36.130.13]) by ietfa.amsl.com (Postfix) with ESMTP id EBCE11A020E for <mmusic@ietf.org>; Thu, 3 Apr 2014 10:39:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2362; q=dns/txt; s=iport; t=1396546786; x=1397756386; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=8zomF2HeWkqu5Flsx9K2bWhMPCpAg3cQF5/jyDABZBE=; b=ayUmydzvEjgTWAqbde2nbf+yoP429mEI+z9VJLLFYehf76/s4nLvLYvu kQYFnJy2eilcgp8XFnPVJufW00n0U8PHfeepFatSGq63W10dNiXkC4pfv h2EsGFjj15otiwTB5O6MVUjU5RZYpjc5vSRk3Rd7Km6qN2e0E4X/dabef c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhYFAAicPVOrRDoG/2dsb2JhbABYgwbFCYEfFnSCJQEBAQMBOj8FCwsYFRlXBhOHcQfPKBeOPjMHCoMagRQEiVqPAYZRi22DUB0
X-IronPort-AV: E=Sophos;i="4.97,788,1389744000"; d="scan'208";a="109779681"
Received: from mtv-core-1.cisco.com ([171.68.58.6]) by mtv-iport-2.cisco.com with ESMTP; 03 Apr 2014 17:39:45 +0000
Received: from [10.21.70.110] ([10.21.70.110]) by mtv-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s33HdjJF014559; Thu, 3 Apr 2014 17:39:45 GMT
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Dan Wing <dwing@cisco.com>
In-Reply-To: <CF62E5DD.2FFDF%alissa@cooperw.in>
Date: Thu, 03 Apr 2014 10:39:46 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <7CB15B3C-4A35-4397-8029-1396722EB2CC@cisco.com>
References: <CF489B5D.25EB0%alissa@cooperw.in> <CAPvvaaKM7S0jRA1dQgCZLGfg4ryNRriMfvSM3V6sD+=3TX4Jzw@mail.gmail.com> <CF6053C5.2F454%alissa@cooperw.in> <D89856F8-9E74-4612-88D8-D9E1EE27BE36@cisco.com> <CF62E5DD.2FFDF%alissa@cooperw.in>
To: Alissa Cooper <alissa@cooperw.in>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/mmusic/ZWVik4QOOAmjTSps3HXx6pyPwMo
Cc: draft-ietf-mmusic-latching@tools.ietf.org, mmusic <mmusic@ietf.org>
Subject: Re: [MMUSIC] AD evaluation: draft-ietf-mmusic-latching-04
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Apr 2014 17:39:55 -0000

On Apr 3, 2014, at 10:28 AM, Alissa Cooper <alissa@cooperw.in> wrote:

> Hi Dan,
> 
> On 4/1/14 11:42 AM, "Dan Wing" <dwing@cisco.com> wrote:
>> 
>>>> The draft suggests use of SRTP for authenticating media which does
>>>> resolve the security issues (from a privacy/confidentiality
>>>> perspective). 
>>> 
>>> I was more concerned with the DoS aspect.
>> 
>> The DoS aspect of authenticating incoming SRTP packets to the SBC?
> 
> The DoS aspect that is described in the paragraph Emil quoted below.
> 
>> 
>> 
>>> 
>>>> That's part of section 5:
>>>> 
>>>> Naturally, SRTP [RFC3711] would help mitigate such threats and should
>>>> be used independently of HNT.  For example, in cases where end-to-end
>>>> encryption is used it would still be possible for an attacker to
>>>> hijack a session despite the use of SRTP and perform a denial of
>>>> service attack.  However, media integrity would not be compromised.
>>>> 

Sorry, I read it again and I'm still not clear on the concern.  Could you restate or rephrase.


> 
>>> I think something like the following might capture the
>>> situation better:
>>> 
>>> OLD:
>>> Due to the security issues presented in Section 5, the latching
>>> mechanism
>>> is considered inappropriate for general use on the Internet unless all
>>> security considerations are taken into account and solved.
>>> 
>>> 
>>> NEW:
>>> Due to the security issues presented in Section 5, the latching
>>> mechanism
>>> is considered inappropriate for general use on the Internet, and in
>>> controlled environments unless all security considerations are taken
>>> into
>>> account and solved.
>> 
>> "General use on the Internet" and "in controlled environments" are 100%
>> of all networks, so perhaps simplifying to:
>> 
>> NEW:
>> Due to the security issues presented in Section 5, the latching
>> mechanism
>> is considered appropriate only when all security considerations are
>> taken into
>> account and solved.
> 
> I think the text in the -04 is preferable to this, as it is more specific.
> 
> I would be interested in others' thoughts on the text I proposed above.

Could we at least eliminate the double negatives ("inappropriate ... unless")?

-d


> 
> Thanks,
> Alissa
> 
>

v2.34.0 | Report a Bug | By Email | System Status