IETF Logo Mail Archive

Re: [MMUSIC] draft-dtls-sdp: Allow offerer to establish DTLS association before it has received the SDP answer?

Eric Rescorla <ekr@rtfm.com> Fri, 26 May 2017 10:38 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00F50129417 for <mmusic@ietfa.amsl.com>; Fri, 26 May 2017 03:38:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PUEia63RGOdt for <mmusic@ietfa.amsl.com>; Fri, 26 May 2017 03:38:28 -0700 (PDT)
Received: from mail-yb0-x230.google.com (mail-yb0-x230.google.com [IPv6:2607:f8b0:4002:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5086512896F for <mmusic@ietf.org>; Fri, 26 May 2017 03:38:28 -0700 (PDT)
Received: by mail-yb0-x230.google.com with SMTP id p143so1414117yba.2 for <mmusic@ietf.org>; Fri, 26 May 2017 03:38:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=sONnotrUftoJVp5FMJpLaRssVW3SFEYlYRmiAw6OlUo=; b=rNG4hdZFhKb42+YofMWj7V2jJJhLRDFf91EVZUQWBTjYznggUGmxKge1KA+eCWikmc dKkM14lLjBdYAmhFkfgwUnyB3dL8HnT7/w0pSxgvQlHghSX5ptJ97+5DouCvF5gQhr2u KbfHdqLa/mxAXoBWyxSbHe3VbEoBuX81qjCbHQ/IlrvCp3/tOjmCGVnfC5SMAQ2ixpLr e0Q4tcz85cpB3qk3Z10vXfaWvgYuWeJgCt/jRV0FiPkcLTBoiHoPCH+0z6h/TP7XYkym PTrkqc6jMDHJi5z1VyOQptS7fZAM3Jizt/sjNHukZZi3tg/q3ToeNXkT9MwmNfdEVnwb oItw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=sONnotrUftoJVp5FMJpLaRssVW3SFEYlYRmiAw6OlUo=; b=Yt1pqpK2hLdOoOUMPnPR+qbzaAfGKGnft1fG2TM8rvYwEj5mDcTptM5yruljN4gGv2 dMlpgmUtUoEXVEuCtX2KQBhCcogYDJE2piLEoYMzwzHSh1HOWGqlkRhy0GokHJVwlQ2r P8fydFlx3g/UEugMgmtXACnPyJNG+4T3LOZ/vv1i9G4zb7Bc8hJgmXjsRHlqQRBMax2e Q3fY8vY/w4NJmKxMsSgQ4TLK2rvlRm/BUiI6EfrkMS0JlAWoT3oAgmduZ8O/7iIlQXmh CBu0nlUwGsSnNEGSOJm1dUmL4CKWpMTJbE/ISXCsGplswr0+ytjPMuHzrFHFB71lxNYE 9pxA==
X-Gm-Message-State: AODbwcDIEIwE75hqCmM3dC44VkaEjAr++c2WcdcpF3UqIScqikw787M7 aI8WJm3vo5C4Iq0G0AOdkaYUsCXN0fDO
X-Received: by 10.37.174.32 with SMTP id a32mr20076960ybj.50.1495795107540; Fri, 26 May 2017 03:38:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.131.150 with HTTP; Fri, 26 May 2017 03:37:47 -0700 (PDT)
In-Reply-To: <D54DB2E1.1D299%christer.holmberg@ericsson.com>
References: <D5407B8A.1C98B%christer.holmberg@ericsson.com> <CABcZeBN+91+kf8j599CpdiHu62QoOu4Xbkb5xhEEwSQp_LGxFw@mail.gmail.com> <CAD5OKxsFwbQPK2jz-BnS3Re6df2tU1RzuFgWx1f8xKio6NdJTQ@mail.gmail.com> <CABcZeBNoOaZaotNjz35CT=9Vb8ktHysnp9hZZu4=yK3oz5=2Fw@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B4CBA529B@ESESSMB109.ericsson.se> <D5487BC2.1CF8E%christer.holmberg@ericsson.com> <CABkgnnXzzKMWrPaGq6mho=Dmq7Hjbi_G4Ng1O6LBCTL-1Pt-hA@mail.gmail.com> <D549E2A8.1D08C%christer.holmberg@ericsson.com> <CABkgnnXY+uwW=iPjT3O=TmnYj4CD-PYRYkSMTWc5QiFEVBsNiA@mail.gmail.com> <D549E62B.1D0A3%christer.holmberg@ericsson.com> <CABkgnnWSm0T3n0Lrqx3WCqDmPutLDXtkfwK8Pc+0fYdJa+q=hw@mail.gmail.com> <D54DB2E1.1D299%christer.holmberg@ericsson.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 26 May 2017 18:37:47 +0800
Message-ID: <CABcZeBN000+Qm=FJpB_6bp8WYQhQ7E84XVYO4bXyby2U-DcWew@mail.gmail.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, "mmusic@ietf.org" <mmusic@ietf.org>
Content-Type: multipart/alternative; boundary="f403045dbf820b15eb05506af079"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/kfl0N1rHTL3dMOJuRCNTLiT6yG4>
Subject: Re: [MMUSIC] draft-dtls-sdp: Allow offerer to establish DTLS association before it has received the SDP answer?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 May 2017 10:38:30 -0000

On Fri, May 26, 2017 at 3:30 PM, Christer Holmberg <
christer.holmberg@ericsson.com> wrote:

>
> Hi,
>
> I have updated the PR. The text now says that the offer must not
> *finalise* the DTLS handshake until it has received the answer.
>

What does that mean? Finalize isn't a DTLS concept.

Also, you say that if you initiate the handshake before the answer
is received you are vulnerable to attacks. What attacks are those?

-Ekr


>
> The text still allows to process media that is received before the answer
> is received. I know Martin doesn¹t like that, and I have no idea what the
> sec people will think about it, but I am trying to find some common
> ground. I want to move the draft forward.
>
> Is this something everyone can live with?
>
> Š
>
>
> >> Also, if I understand the FEDEX use-case, not only would you have to be
> >> able to receive media - if you are e.g., going to provide DTMFs you
> >>could
> >> also have to SEND data? Or?
> >
> >Yeah, sending DTMF to who-knows isn't a good idea.  I'm not clear on
> >whether sending DTMF is part of the arrangement.  Sounds like a great
> >way to avoid tarriffs altogether; I'm surprised that service providers
> >would even allow that.
>
> Actually, before you get the SDP answer you can¹t send any DTMFsŠ
>
> Regards,
>
> Christer
>
> _______________________________________________
> mmusic mailing list
> mmusic@ietf.org
> https://www.ietf.org/mailman/listinfo/mmusic
>

v2.23.0 | Report a Bug | By Email