Re: [MMUSIC] BFCP: SDP usage and k=
Mark Baugher <mbaugher@cisco.com> Wed, 09 February 2005 16:32 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA15169 for <mmusic-web-archive@ietf.org>; Wed, 9 Feb 2005 11:32:29 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Cyv5K-0002mV-6t for mmusic-web-archive@ietf.org; Wed, 09 Feb 2005 11:53:02 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CyuiI-0006Jw-S4; Wed, 09 Feb 2005 11:29:14 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Cyudv-0005nW-2M; Wed, 09 Feb 2005 11:24:43 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA14711; Wed, 9 Feb 2005 11:24:40 -0500 (EST)
Received: from sj-iport-3-in.cisco.com ([171.71.176.72] helo=sj-iport-3.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Cyuxj-0002c3-Vv; Wed, 09 Feb 2005 11:45:13 -0500
Received: from sj-core-1.cisco.com (171.71.177.237) by sj-iport-3.cisco.com with ESMTP; 09 Feb 2005 09:35:54 +0000
X-BrightmailFiltered: true
X-Brightmail-Tracker: AAAAAA==
X-IronPort-AV: i="3.88,190,1102291200"; d="scan'208"; a="224752964:sNHT23372132"
Received: from imail.cisco.com (imail.cisco.com [128.107.200.91]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id j19GO7uC020510; Wed, 9 Feb 2005 08:24:08 -0800 (PST)
Received: from [192.168.0.10] (sjc-vpn6-276.cisco.com [10.21.121.20]) by imail.cisco.com (8.12.11/8.12.10) with ESMTP id j19GJO7R015370; Wed, 9 Feb 2005 08:19:24 -0800
In-Reply-To: <4209433A.2000005@nostrum.com>
References: <4209433A.2000005@nostrum.com>
Mime-Version: 1.0 (Apple Message framework v619.2)
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Message-Id: <3d298d2cf5c4d747f4326f93220e2b63@cisco.com>
Content-Transfer-Encoding: 7bit
From: Mark Baugher <mbaugher@cisco.com>
Subject: Re: [MMUSIC] BFCP: SDP usage and k=
Date: Wed, 09 Feb 2005 08:24:03 -0800
To: XCON-IETF <xcon@ietf.org>
X-Mailer: Apple Mail (2.619.2)
IIM-SIG: v:"1.1"; h:"imail.cisco.com"; d:"cisco.com"; z:"home"; m:"krs"; t:"1107965964.853025"; x:"432200"; a:"rsa-sha1"; b:"nofws:2768"; e:"Iw=="; n:"sQYarK2E51MdcTiUqeif3F7cWdxIfoCiXhdfb9vD5ee/j0jXL15gbFxF2p" "XIweAblu0N6XAgK7k+wrbr7bQDJaCDqOmzqpRUBjIRQAXQ7NzadpmR3pUL6wxaRUtW+c43sl9jC" "50Qg1sXHpPjt8Y+Y16ioyQAQAdSunM4YhevURc="; s:"hLyzCcFn16dy8DTOzMIj7EccseAOdEhsa6Rv9xCT2hTI03Ep0BINM4kqSzScCNZbjLDA9ihB" "ZqEcym7Pa+9lHRdIUFL0Rm3KVJiIgGTNIfMCaYsGF2onamHScqgdZIzPtitYQgYE4gWabjg3cQF" "yBkTHUh60bD3Xgr1wZZimXIc="; c:"From: Mark Baugher <mbaugher@cisco.com>"; c:"Subject: Re: [MMUSIC] BFCP: SDP usage and k=3D"; c:"Date: Wed, 9 Feb 2005 08:24:03 -0800"
IIM-VERIFY: s:"y"; v:"y"; r:"60"; h:"imail.cisco.com"; c:"message from imail.cisco.com verified; "
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cd26b070c2577ac175cd3a6d878c6248
Content-Transfer-Encoding: 7bit
Cc: mmusic@ietf.org
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
Sender: mmusic-bounces@ietf.org
Errors-To: mmusic-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b7b9551d71acde901886cc48bfc088a6
Content-Transfer-Encoding: 7bit
On Feb 8, 2005, at 2:54 PM, Adam Roach wrote:
> [as XCON chair]
>
> I am copying the MMUSIC mailing list on this message, since I believe
> there may be individuals in MMUSIC who are willing and able to assist
> in a decision that the XCON working group must make. Fundamentally,
> though, I believe this is an XCON issue, so I believe any ensuing
> discussion should take place on the XCON mailing list.
>
> Currently, the SDP document for BFCP
> (draft-ietf-mmusic-sdp-bfcp-00.txt) talks about using the k= line for
> calculation of DIGEST TLV values.
I glanced at the usage of k= in this I-D, which says that it encodes a
shared secret. But where does it specify what kind of shared secret?
What algorithm is used for computing the digest? I did not study the
draft and may be missing something. If it is completely specified then
it avoids the general problem that we found with k= in the past, namely
that there is no way to identify the transform to be used and pass
additional cryptographic and session parameters that practically always
need to be communicated with a cryptographic key. If
draft-ietf-mmusic-sdp-bfcp-00.txt does not have these problems and k=
signals all needed information, then there may be no problem.
Mark
>
> During review of sdp-new (not sdp-ng -- but the 2327bis document), the
> IESG commented that the use of k= for key exchange is not a sufficient
> solution for key exchange; the resultant change to the SDP document is
> as follows:
>
>> If transported over a secure and trusted channel, the session
>> description protocol MAY be used to convey encryption keys. A
>> simple
>> mechanism for key exchange is provided by the key field ("k=")
>> although this is primarily supported for compatibility with older
>> implementations and its use is NOT RECOMMENDED. Work is in progress
>> to define new key exchange mechanisms for use with SDP [26][27] and
>> it is expected that new applications will use those mechanisms.
>>
>
> Given this NOT RECOMMENDED strength provision, XCON needs to consider
> whether we continue to use the k= field as described, or if we need to
> instead use draft-ietf-mmusic-kmgmt-ext (which is just about to be
> ready for IESG review) or some similar mechanism.
>
> If we decide to continue to use k=, then the BFCP SDP document needs
> to justify that decision. Questions to answer include:
>
> * Why is the k= mechanism sufficient for floor control despite its
> use being NOT RECOMMENDED?
>
> * In what ways does floor control or our usage of the k= line differ
> from other media that we have grounds for contravening the
> recommendations of sdp-new?
>
> * Are there specific reasons that the draft-ietf-mmusic-kmgmt-ext is
> not appropriate for BFCP?
>
>
> One notable difference is that BFCP does not use this key to encrypt
> the actual floor control; it uses it for shared secret exchange for
> the purposes of digest authentication. It may well be that using k=
> for this purpose (that is, keys used for purposes other than stream
> encryption) is sufficiently outside the traditional meaning of k= that
> we should instead choose (e.g.) an a= attribute for digest key
> exchange.
>
> Follow ups to the XCON working group only, please.
>
> /a
>
> _______________________________________________
> mmusic mailing list
> mmusic@ietf.org
> https://www1.ietf.org/mailman/listinfo/mmusic
>
_______________________________________________
mmusic mailing list
mmusic@ietf.org
https://www1.ietf.org/mailman/listinfo/mmusic
- [MMUSIC] BFCP: SDP usage and k= Adam Roach
- Re: [MMUSIC] BFCP: SDP usage and k= Mark Baugher
- Re: [MMUSIC] BFCP: SDP usage and k= Nathan Allen Stratton
- Re: [MMUSIC] BFCP: SDP usage and k= Mark Baugher
- Re: [MMUSIC] BFCP: SDP usage and k= Nathan Allen Stratton
- Re: [MMUSIC] BFCP: SDP usage and k= Mark Baugher
- Re: [MMUSIC] BFCP: SDP usage and k= Nathan Allen Stratton