IETF Logo Mail Archive

Re: [MMUSIC] I-D Action: draft-ietf-mmusic-latching-01.txt

"Cullen Jennings (fluffy)" <fluffy@cisco.com> Thu, 30 May 2013 14:23 UTC

Return-Path: <fluffy@cisco.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02E5521F9021 for <mmusic@ietfa.amsl.com>; Thu, 30 May 2013 07:23:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.374
X-Spam-Level:
X-Spam-Status: No, score=-110.374 tagged_above=-999 required=5 tests=[AWL=0.225, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kd07X9J4Ss7M for <mmusic@ietfa.amsl.com>; Thu, 30 May 2013 07:23:43 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) by ietfa.amsl.com (Postfix) with ESMTP id 1C0AE21F8FF3 for <mmusic@ietf.org>; Thu, 30 May 2013 07:23:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4623; q=dns/txt; s=iport; t=1369923823; x=1371133423; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=eh/shvpwzS9SNH/oqUIniuqxLqhNlH2/xdQzm/L6Ms0=; b=fqK+vfzlC7nX8qRd337ePnfe9WEhdHJE6rYAJY8mvtaVl4LzZT4vLL0i w0Si2z24TOOX7Ux40thfhM//qZgXAol0Trx6xMSxMua0za3b1AFi2guCl ZxJDvG+VjmQIi+B2M6yDiUq2nrCD/u1qgxLCRavHa4ipY0t5PvBR99Zl9 U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AikFALRfp1GtJV2d/2dsb2JhbABZgwkwQ8FMfRZ0giMBAQEDAQEBAWsEBwULAgEIDgoKJCcLJQIEDgUIAQsHh2wGBwW7FY5pAjEHgnZhA4hoiwWEepAXgw+CJw
X-IronPort-AV: E=Sophos;i="4.87,770,1363132800"; d="scan'208";a="216827486"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-4.cisco.com with ESMTP; 30 May 2013 14:23:42 +0000
Received: from xhc-rcd-x02.cisco.com (xhc-rcd-x02.cisco.com [173.37.183.76]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id r4UENg9x021625 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 30 May 2013 14:23:42 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.36]) by xhc-rcd-x02.cisco.com ([173.37.183.76]) with mapi id 14.02.0318.004; Thu, 30 May 2013 09:23:42 -0500
From: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
To: Emil Ivov <emcho@jitsi.org>
Thread-Topic: [MMUSIC] I-D Action: draft-ietf-mmusic-latching-01.txt
Thread-Index: AQHOXUFIqHdsjYWnEU6ksh9SwuofgA==
Date: Thu, 30 May 2013 14:22:45 +0000
Message-ID: <C5E08FE080ACFD4DAE31E4BDBF944EB1135230D4@xmb-aln-x02.cisco.com>
References: <20130507182905.15924.84115.idtracker@ietfa.amsl.com> <C5E08FE080ACFD4DAE31E4BDBF944EB1134DED4A@xmb-aln-x02.cisco.com> <518E169E.4050006@jitsi.org>
In-Reply-To: <518E169E.4050006@jitsi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.20.249.164]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <5C505430DB070D448C2F5BC7D202B027@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "mmusic@ietf.org WG" <mmusic@ietf.org>
Subject: Re: [MMUSIC] I-D Action: draft-ietf-mmusic-latching-01.txt
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2013 14:23:48 -0000

I think you need to start by putting in a reference to 

http://tools.ietf.org/html/rfc3424

and discussing the issues it raises with relation to this draft. 

Next I think you need to add a specific attack where two people are both behind the same CGN. CGN is becoming increasingly common and will result in a large number of people having the same IP address. Unless you have a solutions that secures this type of environment, I think you should put harmful in the title and make the abstract very clear that the IETF does not recommend this and this document explains why. 



On May 11, 2013, at 3:59 AM, Emil Ivov <emcho@jitsi.org> wrote:

> Hey Cullen,
> 
> On 10.05.13, 23:53, Cullen Jennings (fluffy) wrote:
>> 
>> I think the security section series underestimates the security
>> vulnerabilities this introduces.
> 
> If you think we've missed any specific attacks we'd be happy to add them.
> 
>> I'm very sad to see the IETF
>> publishing this at all with anything other than "This is not the
>> recommended way to solve this problem" and why.
> 
> Well that's pretty much what we say:
> 
>    In no way does this document try to make a case for HNT or
>    present it as a solution that is somehow better than
>    alternatives such as ICE. The mechanisms described here, popular
>    as they may be, are not necessarily considered best practice or
>    recommended operation.
> 
> The security considerations section also specifically outlines cases
> where DoS attacks can be performed even with the use of SRTP:
> 
>    For example, in cases where end-to-end encryption is used it
>    would still be possible for an attacker to hijack a session
>    despite the use of SRTP and perform a denial of service attack.
> 
> The point was to show that in spite of all the threat mitigating
> techniques users of latching are still left vulnerable to those.
> 
> I certainly don't understand IETF processes as well as you do, but it is
> my understanding that as an informational document the draft can only do
> so much and that making explicit recommendations for or against
> technologies was for Standards Track documents only. Am I wrong about this?
> 
> My recollection of the Paris and Vancouver meetings (and a quick skim
> through the notes) is that this was also the direction chosen by the WG.
> 
> Again, if you believe that additional text would make things clearer we
> are wide open to suggestions.
> 
> Cheers,
> Emil
> 
> 
>> 
>> 
>> 
>> 
>> On May 7, 2013, at 12:29 PM, internet-drafts@ietf.org wrote:
>> 
>>> 
>>> A New Internet-Draft is available from the on-line Internet-Drafts
>>> directories. This draft is a work item of the Multiparty Multimedia
>>> Session Control Working Group of the IETF.
>>> 
>>> Title           : Latching: Hosted NAT Traversal (HNT) for Media in
>>> Real-Time Communication Author(s)       : Emil Ivov Hadriel Kaplan 
>>> Dan Wing Filename        : draft-ietf-mmusic-latching-01.txt Pages
>>> : 14 Date            : 2013-05-07
>>> 
>>> Abstract: This document describes behavior of signalling
>>> intermediaries in Real-Time Communication (RTC) deployments,
>>> sometimes referred to as Session Border Controllers (SBCs), when
>>> performing Hosted NAT Traversal (HNT).  HNT is a set of mechanisms,
>>> such as media relaying and latching, that such intermediaries use
>>> to enable other RTC devices behind NATs to communicate with each
>>> other.  This document is non-normative, and is only written to
>>> explain HNT in order to provide a reference to the IETF community,
>>> as well as an informative description to manufacturers, and users.
>>> 
>>> 
>>> The IETF datatracker status page for this draft is: 
>>> https://datatracker.ietf.org/doc/draft-ietf-mmusic-latching
>>> 
>>> There's also a htmlized version available at: 
>>> http://tools.ietf.org/html/draft-ietf-mmusic-latching-01
>>> 
>>> A diff from the previous version is available at: 
>>> http://www.ietf.org/rfcdiff?url2=draft-ietf-mmusic-latching-01
>>> 
>>> 
>>> Internet-Drafts are also available by anonymous FTP at: 
>>> ftp://ftp.ietf.org/internet-drafts/
>>> 
>>> _______________________________________________ mmusic mailing
>>> list mmusic@ietf.org https://www.ietf.org/mailman/listinfo/mmusic
>> 
>> _______________________________________________ mmusic mailing list 
>> mmusic@ietf.org https://www.ietf.org/mailman/listinfo/mmusic
>> 
> 
> -- 
> https://jitsi.org

v2.23.0 | Report a Bug | By Email