[MMUSIC] BUNDLE - MID Security - Updated text proposal
Magnus Westerlund <magnus.westerlund@ericsson.com> Wed, 02 November 2016 09:36 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 656E7129A38 for <mmusic@ietfa.amsl.com>; Wed, 2 Nov 2016 02:36:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CmtyJar7zeJz for <mmusic@ietfa.amsl.com>; Wed, 2 Nov 2016 02:36:37 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5544129A34 for <mmusic@ietf.org>; Wed, 2 Nov 2016 02:36:36 -0700 (PDT)
X-AuditID: c1b4fb2d-1dbff700000009f7-dd-5819b3a2f80c
Received: from ESESSHC010.ericsson.se (Unknown_Domain [153.88.183.48]) by (Symantec Mail Security) with SMTP id F5.5F.02551.2A3B9185; Wed, 2 Nov 2016 10:36:35 +0100 (CET)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.50) with Microsoft SMTP Server id 14.3.319.2; Wed, 2 Nov 2016 10:36:33 +0100
To: Eric Rescorla <ekr@rtfm.com>
References: <D41C238A.1095B%christer.holmberg@ericsson.com> <71419d1f-af1d-46e9-401d-81c5df73fc49@ericsson.com> <58510E68-A045-4312-B3B3-3468E83C8EB7@iii.ca> <243c777f-46f9-4053-1588-7e6b58a06c8c@ericsson.com> <D423DEE7.1101D%christer.holmberg@ericsson.com> <D423FEEE.11074%christer.holmberg@ericsson.com> <CABcZeBO7b3XGRTCzN4-Z-6=8sTD3nrr8HtgN1q9np-hZ3tqbMQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B4BD668D1@ESESSMB209.ericsson.se> <CABcZeBNDpt5F_HZeHC9tavPUKzq-Dw3u2SroKcH4U-k-hWNmyg@mail.gmail.com> <4a000249-91d9-f6b3-5b01-4833e6d359fc@ericsson.com> <CABcZeBNwbWWZPcjothhZEv2L8uSpW=stg5-eyxS_nOYUjNwp8A@mail.gmail.com> <53d2e50d-25a5-11da-0062-3bd6dc14fd3b@ericsson.com>
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
Message-ID: <45cc8083-b5d4-3a1a-5691-bdcf3ae27309@ericsson.com>
Date: Wed, 02 Nov 2016 10:36:33 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <53d2e50d-25a5-11da-0062-3bd6dc14fd3b@ericsson.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrBLMWRmVeSWpSXmKPExsUyM2K7ge7izZIRBreecVuseH2O3eLD+h+M FlOXP2axWLHhAKsDi8ff9x+YPJYs+cnkcfn8R0aPyY/bmANYorhsUlJzMstSi/TtErgyOg44 FbwVqDjTdIO9gfEGbxcjJ4eEgInEkvsv2bsYuTiEBNYxShzt2MoC4SxjlGie85EdpEpYwExi 9f6FTCC2iICCxK8/J6CKDrBKfN11mQnEYQbpuLb3IiNIFZuAhcTNH41sXYwcHLwC9hIrmiRA wiwCKhIrph0FGyoqECNx/dkjNhCbV0BQ4uTMJywg5ZwCDhILdtuBhJmBpsycf54RwpaXaN46 mxnEFhLQlmho6mCdwCgwC0n3LCQts5C0LGBkXsUoWpxaXJybbmSsl1qUmVxcnJ+nl5dasokR GL4Ht/zW3cG4+rXjIUYBDkYlHt4PayUihFgTy4orcw8xSnAwK4nwZgCDX4g3JbGyKrUoP76o NCe1+BCjNAeLkjiv2cr74UIC6YklqdmpqQWpRTBZJg5OqQZGv766Dq0Tb6Kux1/5vVwxSPz4 5JX+5n4lnfl2uadfrjRNaj1x3W5tw4rGu+KGv9Yn1NkWZJ+oEAva21T/slxVw8s0+s0hfu26 x728coWmAhLxResZPy7JbAzXf7/Y5F+DAPs7S+FTJtoBF90z63dpyH7fvljrzqSlO6b3htus yD5gw618zVqJpTgj0VCLuag4EQBG55UrWwIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/kX2ka67FMnPrvkppI4gcYXj_Iu0>
Cc: Paul Kyzivat <pkyzivat@alum.mit.edu>, "mmusic@ietf.org" <mmusic@ietf.org>, Cullen Jennings <fluffy@iii.ca>, Christer Holmberg <christer.holmberg@ericsson.com>
Subject: [MMUSIC] BUNDLE - MID Security - Updated text proposal
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2016 09:36:38 -0000
Hi,
I didn't receive any feedback. Below you will find a further updated
text proposal attempting to be non-controversial. If you find the below
erroneous or problematic, I do need you to speak up, because then I
don't understand your issue:
---- Text Proposal ----
The identfication-tag when included in the RTP MID SDES item,
independent of transport, RTCP SDES packet or RTP header extension, can
expose the value to parties beyond the signaling chain. Therefore, the
identification-tag MUST NOT contain any user related information for
privacy reasons, nor hardware based identifiers. That as such
information could enable tracking of the sending end point.
The identification-tag is used to route the media stream to the right
application functionality, thus is important that the value received is
the one intended by the sender. Malicious modifications can result in
that a media stream is wrongly attributed or fails to be played. Thus,
verifying integrity and the authenticity of the source are RECOMMENDED
to prevent these attacks on the application. Security mechanisms for
RTP/RTCP are discussed in Options for Securing RTP Sessions [RFC7201].
---- End of Text Proposal ----
There has been discussion if the MID identification-tag should have a
proposed or mandated construction pattern. I think there are benefits to
that. Using the same ASCII based pattern that RID suggest is fine,
however I think it can clarify which character in the range above dec 48
("0") in the ASCII table should be used, and if one have more tags than
what fits a single character, what one would do in that case.
Cheers
Magnus Westerlund
----------------------------------------------------------------------
Services, Media and Network features, Ericsson Research EAB/TXM
----------------------------------------------------------------------
Ericsson AB | Phone +46 10 7148287
Färögatan 6 | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Christer Holmberg
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Cullen Jennings
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Jonathan Lennox
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Cullen Jennings
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Eric Rescorla
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Christer Holmberg
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Christer Holmberg
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Eric Rescorla
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Christer Holmberg
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Eric Rescorla
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Eric Rescorla
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- [MMUSIC] BUNDLE - MID Security - Updated text pro… Magnus Westerlund
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Cullen Jennings
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Adam Roach
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Magnus Westerlund
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Ted Hardie
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Magnus Westerlund