Re: [MMUSIC] [Technical Errata Reported] RFC4568 (6291)
Flemming Andreasen <fandreas@cisco.com> Mon, 05 October 2020 22:15 UTC
Return-Path: <fandreas@cisco.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBE8B3A005C for <mmusic@ietfa.amsl.com>; Mon, 5 Oct 2020 15:15:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.811
X-Spam-Level:
X-Spam-Status: No, score=-9.811 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.213, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dDmcjgZU3Jm2 for <mmusic@ietfa.amsl.com>; Mon, 5 Oct 2020 15:15:25 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42B483A003F for <mmusic@ietf.org>; Mon, 5 Oct 2020 15:15:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=26301; q=dns/txt; s=iport; t=1601936125; x=1603145725; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to; bh=WQyGw1UzGo+nkl8chdK62MTvoJec24Tu4WvxEuRi1zg=; b=P0gKp7Liz3vaxgXO6RwkOdZ5oL5/LzKsp2Groc9Tjmjxyula3wMO5yEH igHkmTczmBjqlr5vmTgdE6+OjQ34gLtyZ/hcWlxv3bmt+lVWDH/E7Hlgf +Z/CBcFOzpX99R2bqlouEiwBelEgeQ5oVTj8k3BP3BtE1FHIXkebu0e6K 0=;
X-IronPort-AV: E=Sophos;i="5.77,340,1596499200"; d="scan'208,217";a="547600657"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 05 Oct 2020 22:15:24 +0000
Received: from [10.118.10.20] (rtp-fandreas-2-8813.cisco.com [10.118.10.20]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTP id 095MFN4d022509; Mon, 5 Oct 2020 22:15:23 GMT
To: "David Nguyen (davidtng)" <davidtng@cisco.com>, RFC Errata System <rfc-editor@rfc-editor.org>, "mbaugher@cisco.com" <mbaugher@cisco.com>, "dwing-ietf@fuggles.com" <dwing-ietf@fuggles.com>, "superuser@gmail.com" <superuser@gmail.com>, "barryleiba@computer.org" <barryleiba@computer.org>, "bo.burman@ericsson.com" <bo.burman@ericsson.com>, "Venkata Amudalapalli -X (vamudala - INFOSYS LIMITED at Cisco)" <vamudala@cisco.com>
Cc: "mmusic@ietf.org" <mmusic@ietf.org>
References: <20200916174633.E62DCF40776@rfc-editor.org> <5DE9F3A3-D36A-484D-B4A6-69B1DD8C63B9@cisco.com> <64d7b6aa-9473-f8b8-d975-8617f14615ba@cisco.com> <7850F22C-AE7F-49AA-A0FC-9E91C7D2C601@cisco.com> <920535D2-AF77-4981-874F-2D94E5AD0730@cisco.com>
From: Flemming Andreasen <fandreas@cisco.com>
Message-ID: <4a218cec-d09d-6b52-2a8a-7f7a19c706e9@cisco.com>
Date: Mon, 05 Oct 2020 18:15:22 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.12.1
MIME-Version: 1.0
In-Reply-To: <920535D2-AF77-4981-874F-2D94E5AD0730@cisco.com>
Content-Type: multipart/alternative; boundary="------------2F23FC4989386BDE945D2231"
Content-Language: en-US
X-Outbound-SMTP-Client: 10.118.10.20, rtp-fandreas-2-8813.cisco.com
X-Outbound-Node: rcdn-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/hAaHpUi64QiUbkdZCISR-8kh7Xk>
Subject: Re: [MMUSIC] [Technical Errata Reported] RFC4568 (6291)
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2020 22:15:28 -0000
Hi David I have not heard from anybody else on this. I will try to take a closer look this week and get back to you. Thanks -- Flemming On 10/5/20 4:23 PM, David Nguyen (davidtng) wrote: > > ++ Venkata > > Thanks, > David > > *From: *"David Nguyen (davidtng)" <davidtng@cisco.com> > *Date: *Monday, October 5, 2020 at 12:07 PM > *To: *"Flemming Andreasen (fandreas)" <fandreas@cisco.com>, RFC Errata > System <rfc-editor@rfc-editor.org>, "mbaugher@cisco.com" > <mbaugher@cisco.com>, "dwing-ietf@fuggles.com" > <dwing-ietf@fuggles.com>, "superuser@gmail.com" <superuser@gmail.com>, > "barryleiba@computer.org" <barryleiba@computer.org>, > "bo.burman@ericsson.com" <bo.burman@ericsson.com> > *Cc: *"mmusic@ietf.org" <mmusic@ietf.org> > *Subject: *Re: [Technical Errata Reported] RFC4568 (6291) > > Hi Flemming, > > I was just wondering if you heard anything regarding this? > > Thanks, > > David > > *From: *Flemming Andreasen <fandreas@cisco.com> > *Date: *Monday, September 21, 2020 at 12:55 PM > *To: *"David Nguyen (davidtng)" <davidtng@cisco.com>, RFC Errata > System <rfc-editor@rfc-editor.org>, "mbaugher@cisco.com" > <mbaugher@cisco.com>, "dwing-ietf@fuggles.com" > <dwing-ietf@fuggles.com>, "superuser@gmail.com" <superuser@gmail.com>, > "barryleiba@computer.org" <barryleiba@computer.org>, > "bo.burman@ericsson.com" <bo.burman@ericsson.com> > *Cc: *"mmusic@ietf.org" <mmusic@ietf.org> > *Subject: *Re: [Technical Errata Reported] RFC4568 (6291) > > Hi David > > It is indeed - we will take a closer look and get back to you. > > Thanks > > -- Flemming > > On 9/21/20 12:45 PM, David Nguyen (davidtng) wrote: > > Hi All, > > > > I was just wondering if this mailing list is still active? > > > > Thanks, > > David > > > > On 9/16/20, 10:46 AM, "RFC Errata System"<rfc-editor@rfc-editor.org> <mailto:rfc-editor@rfc-editor.org> wrote: > > > > The following errata report has been submitted for RFC4568, > > "Session Description Protocol (SDP) Security Descriptions for Media Streams". > > > > -------------------------------------- > > You may review the report below and at: > > https://www.rfc-editor.org/errata/eid6291 > > > > -------------------------------------- > > Type: Technical > > Reported by: David Nguyen<davidtng@cisco.com> <mailto:davidtng@cisco.com> > > > > Section: 7.1.4 > > > > Original Text > > ------------- > > If the offerer includes an IP address and/or port that differs from > > that used previously for a media stream (or FEC stream), the offerer > > MUST include a new master key with the offer (and in so doing, it > > will be creating a new crypto context where the ROC is set to zero). > > Similarly, if the answerer includes an IP address and/or port that > > differs from that used previously for a media stream (or FEC stream), > > the answerer MUST include a new master key with the answer (and hence > > create a new crypto context with the ROC set to zero). The reason > > for this is that when the answerer receives an offer or the offerer > > receives an answer with an updated IP address and/or port, it is not > > possible to determine if the other side has access to the old crypto > > context parameters (and in particular the ROC). For example, if one > > side is a decomposed media gateway, or if a SIP back-to-back user > > agent is involved, it is possible that the media endpoint changed and > > no longer has access to the old crypto context. By always requiring > > a new master key in this case, the answerer/offerer will know that > > the ROC is zero for this offer/answer, and any key lifetime > > constraints will trivially be satisfied too. Another consideration > > here applies to media relays; if the relay changes the media endpoint > > on one side transparently to the other side, the relay cannot operate > > as a simple packet reflector but will have to actively engage in SRTP > > packet processing and transformation (i.e., decryption and re- > > encryption, etc.). > > Finally, note that if the new offer is rejected, the old crypto > > parameters remain in place. > > > > > > Corrected Text > > -------------- > > > > > > Notes > > ----- > > (and in so doing, it > > will be creating a new crypto context where the ROC is set to zero). > > -Which crypto context for which direction? Logically this would be the crypto context for media towards the new IP address ? > > > > (and hence > > create a new crypto context with the ROC set to zero). > > -What if the offerer stays the same and only the answerer changes the IP address? > > New crypto context in direction towards new IP address? > > > > By always requiring > > a new master key in this case, the answerer/offerer will know that > > the ROC is zero for this offer/answer, > > -Is this resetting crypto context for both directions of media flow? > > > > Is this section based on having offer and answerer both change the IP address. > > What if the offerer did not change the IP address but the answerer does change it. > > What is the expected behavior for media/crypto context/ROC for both sides? > > > > What is expected for IP address of 0.0.0.0 for hold, should this reset crypto context as well? > > > > How should all of this be handled for the case of switching to MoH server and then back to original call? > > SBC ------------- CUCM ------------ EXP (signaling) > > SBC --------------------------------- EXP (media stream 1) > > SBC --------------------------------- MOH (media stream 2) > > > > SBC ------------- CUCM ------------ EXP > > <--------------------SDP with IP1ofEXP part of early offer from SBC > > Crypto context for media towards EXP > > <--------------------SDP with IP2ofMoH part of delayed offer from CUCM and additional early offer CUCM. CUCM initiates MoH signaling towards SBC. > > Crypto context for media towards MoH (only SBC and MoH know about this) > > <--------------------SDP with IP1ofEXP part of delayed offer from CUCM > > Crypto context for media towards EXP. Should this be the same as the original if SSRC did not change for media from SBC towards Expressway? > > > > Instructions: > > ------------- > > This erratum is currently posted as "Reported". If necessary, please > > use "Reply All" to discuss whether it should be verified or > > rejected. When a decision is reached, the verifying party > > can log in to change the status and edit the report, if necessary. > > > > -------------------------------------- > > RFC4568 (draft-ietf-mmusic-sdescriptions-12) > > -------------------------------------- > > Title : Session Description Protocol (SDP) Security Descriptions for Media Streams > > Publication Date : July 2006 > > Author(s) : F. Andreasen, M. Baugher, D. Wing > > Category : PROPOSED STANDARD > > Source : Multiparty Multimedia Session Control RAI > > Area : Real-time Applications and Infrastructure > > Stream : IETF > > Verifying Party : IESG > > > > > >
- [MMUSIC] [Technical Errata Reported] RFC4568 (629… RFC Errata System
- Re: [MMUSIC] [Technical Errata Reported] RFC4568 … Flemming Andreasen
- Re: [MMUSIC] [Technical Errata Reported] RFC4568 … Flemming Andreasen
- Re: [MMUSIC] [Technical Errata Reported] RFC4568 … Flemming Andreasen
- Re: [MMUSIC] [Technical Errata Reported] RFC4568 … Roman Shpount
- Re: [MMUSIC] [Technical Errata Reported] RFC4568 … Flemming Andreasen
- Re: [MMUSIC] [Technical Errata Reported] RFC4568 … Flemming Andreasen
- Re: [MMUSIC] [Technical Errata Reported] RFC4568 … Roman Shpount
- Re: [MMUSIC] [Technical Errata Reported] RFC4568 … Patrick Kinane (pkinane)