Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bundle-negotiation-32 - Magnus' comments - MID security
Magnus Westerlund <magnus.westerlund@ericsson.com> Thu, 13 October 2016 09:09 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDB5C1296DF for <mmusic@ietfa.amsl.com>; Thu, 13 Oct 2016 02:09:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NudgaLCkt5RS for <mmusic@ietfa.amsl.com>; Thu, 13 Oct 2016 02:09:14 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A79A1293F2 for <mmusic@ietf.org>; Thu, 13 Oct 2016 02:09:14 -0700 (PDT)
X-AuditID: c1b4fb3a-e95069800000099a-df-57ff4f38bc63
Received: from ESESSHC022.ericsson.se (Unknown_Domain [153.88.183.84]) by (Symantec Mail Security) with SMTP id 6D.AC.02458.83F4FF75; Thu, 13 Oct 2016 11:09:13 +0200 (CEST)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.86) with Microsoft SMTP Server id 14.3.301.0; Thu, 13 Oct 2016 11:09:11 +0200
To: Eric Rescorla <ekr@rtfm.com>, Christer Holmberg <christer.holmberg@ericsson.com>
References: <D41C238A.1095B%christer.holmberg@ericsson.com> <71419d1f-af1d-46e9-401d-81c5df73fc49@ericsson.com> <58510E68-A045-4312-B3B3-3468E83C8EB7@iii.ca> <243c777f-46f9-4053-1588-7e6b58a06c8c@ericsson.com> <D423DEE7.1101D%christer.holmberg@ericsson.com> <D423FEEE.11074%christer.holmberg@ericsson.com> <CABcZeBO7b3XGRTCzN4-Z-6=8sTD3nrr8HtgN1q9np-hZ3tqbMQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B4BD668D1@ESESSMB209.ericsson.se> <CABcZeBNDpt5F_HZeHC9tavPUKzq-Dw3u2SroKcH4U-k-hWNmyg@mail.gmail.com>
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
Message-ID: <4a000249-91d9-f6b3-5b01-4833e6d359fc@ericsson.com>
Date: Thu, 13 Oct 2016 11:09:07 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBNDpt5F_HZeHC9tavPUKzq-Dw3u2SroKcH4U-k-hWNmyg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrKLMWRmVeSWpSXmKPExsUyM2J7iK6l//9wg4MJFiten2O3+LD+B6PF 1OWPWSxWbDjA6sDi8ff9ByaPJUt+MnlcPv+R0WPy4zbmAJYoLpuU1JzMstQifbsEroz3e08w FuySrNhwfDNjA+MOkS5GTg4JAROJzm1nWbsYuTiEBNYzSvT9f8EGkhASWM4osX1LbRcjB4ew QL7E9Cl1IKaIQJjE2rP8EOW9LBLTNt1nBClnFiiQeH5yKwuIzSZgIXHzRyPYGF4Be4kb3ftY QXpZBFQlVhz1BQmLCsRIXH/2CKpEUOLkzCdgrZwCgRLPf/5ighhpITFz/nmo8fISzVtnM0Nc pi3R0NTBOoFRYBaS9llIWmYhaVnAyLyKUbQ4tbg4N93ISC+1KDO5uDg/Ty8vtWQTIzBwD275 bbWD8eBzx0OMAhyMSjy8ClX/woVYE8uKK3MPMUpwMCuJ8Ar5/Q8X4k1JrKxKLcqPLyrNSS0+ xCjNwaIkzmu28n64kEB6YklqdmpqQWoRTJaJg1OqgbFv0vPAxZO2PTW/uq9hyeltaVd8pdTX vCyOumv0Z+mzgLV/hdRvuF8VytowbXefI+v5nmQ//3oex0ydmSbzNy59rfnZ7efyNH2Z3li1 2+93bP8SxmFkIs5T56c3LzBpY3LViRksd69MSOOpecjH3L/9S0U9i+qxrl3Tj4T7s4ScrjD4 mL1O3leJpTgj0VCLuag4EQBzA7haWAIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/mKvPFWjdmf9rnAFiafbMDRN7SSg>
Cc: Cullen Jennings <fluffy@iii.ca>, "mmusic@ietf.org" <mmusic@ietf.org>, Paul Kyzivat <pkyzivat@alum.mit.edu>
Subject: Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bundle-negotiation-32 - Magnus' comments - MID security
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 09:09:17 -0000
Den 2016-10-13 kl. 02:51, skrev Eric Rescorla: > > > On Wed, Oct 12, 2016 at 12:54 PM, Christer Holmberg > <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com>> > wrote: > > Hi,____ > > __ __ > > My intention was not to claim we have consensus. I just wanted to > put forward some text to see whether it’s something we can work on.____ > > __ __ > > Or, would you prefer to not saying anything? > > > I don't think we need to say anything normative. > Can you please be a bit more constructive here? I hope you are not disagreeing with a RECOMMEND for source authentication at least? Having third party attackers being able to change the MID on path that is a quite serious attack, so integrity and source authentication I think is well motivated. Regarding the aspects regarding privacy and information leakage. You previously indicated that you agree that we should at least avoid structured MIDs to avoid that implementation specifics or hardware addresses of source devices leaks this way. This would mean that BUNDLE should contain guidance on how to construct them so this is avoided. This is currently not included. I have no problem with including such recommendations. Do you have a proposal for how to construct them? When we come to the last aspect regarding confidentiality protection of the MID identifiers I can understand the hesitance over this. For some use cases I agree the information leakage is in principal zero, as the fact that the streams are there are present through SSRCs, PTs etc. However, especially for multiple streams originating from a endpoint, rather than a conference mixer, this do exposes information. Here the above discussed recommendations do matters for what information can be leaked. For example if we would sequentially assign identifers, then we exposes the potential sub-selection of streams the signalling agrees on at the RTP layer. If we use random values this exposure can be avoid. I proposed encryption as method that would ensure that we had random identifiers of good properties. But, what is your proposal for how these identifiers should be construct to minimize the exposure of information? I also asked the question if there was issues with encrypting this from a functional perspective? Unless I receive an answer I will assume not, and that it is primarily a hesitant to start using RFC6904. From my perspective, lets settle the guidance for construction, then we can document what the potential remaining risks are in the security consideration. I personally think it is more important to document the risks than absolutely have the RFC2119 recommendation here. Cheers Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Christer Holmberg
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Cullen Jennings
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Jonathan Lennox
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Cullen Jennings
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Eric Rescorla
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Christer Holmberg
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Christer Holmberg
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Eric Rescorla
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Christer Holmberg
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Eric Rescorla
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Eric Rescorla
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- [MMUSIC] BUNDLE - MID Security - Updated text pro… Magnus Westerlund
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Cullen Jennings
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Adam Roach
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Magnus Westerlund
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Ted Hardie
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Magnus Westerlund