Re: [MMUSIC] [rtcweb] BUNDLE: Attempting to resolve security consideration

Magnus Westerlund <magnus.westerlund@ericsson.com> Tue, 14 March 2017 08:47 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BC75129469; Tue, 14 Mar 2017 01:47:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vNwj-VYqXwrb; Tue, 14 Mar 2017 01:47:11 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D053129441; Tue, 14 Mar 2017 01:47:10 -0700 (PDT)
X-AuditID: c1b4fb25-0b71498000002d78-b8-58c7ae0cba36
Received: from ESESSHC021.ericsson.se (Unknown_Domain [153.88.183.81]) by (Symantec Mail Security) with SMTP id 1A.EE.11640.B0EA7C85; Tue, 14 Mar 2017 09:47:08 +0100 (CET)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.83) with Microsoft SMTP Server id 14.3.319.2; Tue, 14 Mar 2017 09:47:06 +0100
To: Eric Rescorla <ekr@rtfm.com>
References: <8b2b8754-b10c-6f8e-6262-95cd25374a18@ericsson.com> <CABcZeBMTW48fj=1EMJ3uJCdVqEiYuPk+rDy6h_7W=jh0fu7tNQ@mail.gmail.com> <0827af95-b755-9730-6605-5146967760e7@ericsson.com> <CABcZeBPcqz+NzKp=c5zZd_aDqYHjC6AhOyBMjsOdpKEjGF08qw@mail.gmail.com> <a7070e7a-81dc-ab68-c59b-d4df367029c2@ericsson.com> <CABcZeBM6LMJB2f10+F1jQNinKe4nkNGCRpT6VN1tZPXCLskxHQ@mail.gmail.com> <f390877e-d6be-11cd-8a35-f68546ae4115@ericsson.com> <CABcZeBNAU0eo+nP02LRjP3Cybtrm487wQMtq34zhmeaB+=uHiQ@mail.gmail.com> <29d1f31b-402c-5f31-8eee-f1f066ddce29@ericsson.com> <CABcZeBP_c90N+bWiQXTg8-VvwY4Vme1T0v88DQ4DSW_KnG_Cuw@mail.gmail.com>
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
Message-ID: <314d5af9-018d-8d15-7629-dbcc62fe5a2e@ericsson.com>
Date: Tue, 14 Mar 2017 09:47:05 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBP_c90N+bWiQXTg8-VvwY4Vme1T0v88DQ4DSW_KnG_Cuw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrFLMWRmVeSWpSXmKPExsUyM2J7oC7PuuMRBku3yFiseH2O3WLq8scs Fmv/tbM7MHssWfKTyWPy4zbmAKYoLpuU1JzMstQifbsEroxHv5+zFnzjrVjw5xRrA+N3ri5G Tg4JAROJDxdOMHcxcnEICaxjlHi37RYThLOcUeLf1O/sIFXCAl4SbdsmMoPYIgIKEr/+nGCB KPrFIrH5zF6gIg4OZgEfiYXPEkFq2AQsJG7+aGQDsXkF7CWWPTvAAmKzCKhK7Fn0hgnEFhWI kWhZ8oERokZQ4uTMJ2A1nAKBEjNfHWEFsZmB5sycf54RwpaXaN46G+wGIQFtiYamDtYJjAKz kLTPQtIyC0nLAkbmVYyixanFSbnpRsZ6qUWZycXF+Xl6eaklmxiBIXpwy2/VHYyX3zgeYhTg YFTi4f2w+ViEEGtiWXFl7iFGCQ5mJRHebU3HI4R4UxIrq1KL8uOLSnNSiw8xSnOwKInzmq28 Hy4kkJ5YkpqdmlqQWgSTZeLglGpglGBheF5iLHa8J39C9f0dgr/bkvrLu8o39m9udniXs/Pv nnULynfxnNpeImu8L9P2rMf+rifJ/3K/qZptYUrlvxDyWKcwdH3YV6H/W677hvBOld555i9D 7rX1tvM+repRbW1neOaYVlFYellRlG/bVh2WELtbaxudHi+v2rhx88cDcf3Py0/ZKLEUZyQa ajEXFScCAMjezidNAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/dDXc6cGAstQGnSL4whbp8M6iz5c>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>, "mmusic \(E-mail\)" <mmusic@ietf.org>
Subject: Re: [MMUSIC] [rtcweb] BUNDLE: Attempting to resolve security consideration
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Mar 2017 08:47:12 -0000

Den 2017-03-10 kl. 16:31, skrev Eric Rescorla:
>
>        When the BUNDLE extension is used, a single set of security
>        credentials over the bundled media descriptions will need to be used,
>        at least per direction or endpoint.
>
>
> Actually, why does this have to be the case? I mean, we require it, but
> if you have the MID extension, you could easily not do this.
>

You are correct, this is actually misstating the problem. It is not the 
security credentials that need to be a single set. Any SDP level 
security configuration used on individual media description MUST be 
possible to use when creating a bundle group across the full or a 
sub-set of the media description offered as a bundle group.

This works fine for the below listed ones by following the limiations 
indicated in SDP MUX attributes, i.e. transport or identical. But for a 
future mechanism that is defined with bundle in mind from the start 
could have individual configurations.

>
>
>     When using SRTP this will be the
>        case, at least for the IETF defined key-management solutions due to
>        their SDP attributes (a=crypto, a=fingerprint, a=mikey) and their
>        classification in [I-D.ietf-mmusic-sdp-mux-attributes].
>

I will have to think on how to re-write this.

Cheers

Magnus Westerlund

----------------------------------------------------------------------
Media Technologies, Ericsson Research
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Färögatan 6                 | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------