IETF Logo Mail Archive

Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bundle-negotiation-32 - Magnus' comments - MID security

Magnus Westerlund <magnus.westerlund@ericsson.com> Thu, 13 October 2016 09:09 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDB5C1296DF for <mmusic@ietfa.amsl.com>; Thu, 13 Oct 2016 02:09:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NudgaLCkt5RS for <mmusic@ietfa.amsl.com>; Thu, 13 Oct 2016 02:09:14 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A79A1293F2 for <mmusic@ietf.org>; Thu, 13 Oct 2016 02:09:14 -0700 (PDT)
X-AuditID: c1b4fb3a-e95069800000099a-df-57ff4f38bc63
Received: from ESESSHC022.ericsson.se (Unknown_Domain [153.88.183.84]) by (Symantec Mail Security) with SMTP id 6D.AC.02458.83F4FF75; Thu, 13 Oct 2016 11:09:13 +0200 (CEST)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.86) with Microsoft SMTP Server id 14.3.301.0; Thu, 13 Oct 2016 11:09:11 +0200
To: Eric Rescorla <ekr@rtfm.com>, Christer Holmberg <christer.holmberg@ericsson.com>
References: <D41C238A.1095B%christer.holmberg@ericsson.com> <71419d1f-af1d-46e9-401d-81c5df73fc49@ericsson.com> <58510E68-A045-4312-B3B3-3468E83C8EB7@iii.ca> <243c777f-46f9-4053-1588-7e6b58a06c8c@ericsson.com> <D423DEE7.1101D%christer.holmberg@ericsson.com> <D423FEEE.11074%christer.holmberg@ericsson.com> <CABcZeBO7b3XGRTCzN4-Z-6=8sTD3nrr8HtgN1q9np-hZ3tqbMQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B4BD668D1@ESESSMB209.ericsson.se> <CABcZeBNDpt5F_HZeHC9tavPUKzq-Dw3u2SroKcH4U-k-hWNmyg@mail.gmail.com>
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
Message-ID: <4a000249-91d9-f6b3-5b01-4833e6d359fc@ericsson.com>
Date: Thu, 13 Oct 2016 11:09:07 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBNDpt5F_HZeHC9tavPUKzq-Dw3u2SroKcH4U-k-hWNmyg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrKLMWRmVeSWpSXmKPExsUyM2J7iK6l//9wg4MJFiten2O3+LD+B6PF 1OWPWSxWbDjA6sDi8ff9ByaPJUt+MnlcPv+R0WPy4zbmAJYoLpuU1JzMstQifbsEroz3e08w FuySrNhwfDNjA+MOkS5GTg4JAROJzm1nWbsYuTiEBNYzSvT9f8EGkhASWM4osX1LbRcjB4ew QL7E9Cl1IKaIQJjE2rP8EOW9LBLTNt1nBClnFiiQeH5yKwuIzSZgIXHzRyPYGF4Be4kb3ftY QXpZBFQlVhz1BQmLCsRIXH/2CKpEUOLkzCdgrZwCgRLPf/5ighhpITFz/nmo8fISzVtnM0Nc pi3R0NTBOoFRYBaS9llIWmYhaVnAyLyKUbQ4tbg4N93ISC+1KDO5uDg/Ty8vtWQTIzBwD275 bbWD8eBzx0OMAhyMSjy8ClX/woVYE8uKK3MPMUpwMCuJ8Ar5/Q8X4k1JrKxKLcqPLyrNSS0+ xCjNwaIkzmu28n64kEB6YklqdmpqQWoRTJaJg1OqgbFv0vPAxZO2PTW/uq9hyeltaVd8pdTX vCyOumv0Z+mzgLV/hdRvuF8VytowbXefI+v5nmQ//3oex0ydmSbzNy59rfnZ7efyNH2Z3li1 2+93bP8SxmFkIs5T56c3LzBpY3LViRksd69MSOOpecjH3L/9S0U9i+qxrl3Tj4T7s4ScrjD4 mL1O3leJpTgj0VCLuag4EQBzA7haWAIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/mKvPFWjdmf9rnAFiafbMDRN7SSg>
Cc: Cullen Jennings <fluffy@iii.ca>, "mmusic@ietf.org" <mmusic@ietf.org>, Paul Kyzivat <pkyzivat@alum.mit.edu>
Subject: Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bundle-negotiation-32 - Magnus' comments - MID security
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 09:09:17 -0000

Den 2016-10-13 kl. 02:51, skrev Eric Rescorla:
>
>
> On Wed, Oct 12, 2016 at 12:54 PM, Christer Holmberg
> <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com>>
> wrote:
>
>     Hi,____
>
>     __ __
>
>     My intention was not to claim we have consensus. I just wanted to
>     put forward some text to see whether it’s something we can work on.____
>
>     __ __
>
>     Or, would you prefer to not saying anything?
>
>
> I don't think we need to say anything normative.
>

Can you please be a bit more constructive here?

I hope you are not disagreeing with a RECOMMEND for source 
authentication at least? Having third party attackers being able to 
change the MID on path that is a quite serious attack, so integrity and 
source authentication I think is well motivated.

Regarding the aspects regarding privacy and information leakage. You 
previously indicated that you agree that we should at least avoid 
structured MIDs to avoid that implementation specifics or hardware 
addresses of source devices leaks this way. This would mean that BUNDLE 
should contain guidance on how to construct them so this is avoided. 
This is currently not included. I have no problem with including such 
recommendations. Do you have a proposal for how to construct them?

When we come to the last aspect regarding confidentiality protection of 
the MID identifiers I can understand the hesitance over this. For some 
use cases I agree the information leakage is in principal zero, as the 
fact that the streams are there are present through SSRCs, PTs etc. 
However, especially for multiple  streams originating from a endpoint, 
rather than a conference mixer, this do exposes information. Here the 
above discussed recommendations do matters for what information can be 
leaked. For example if we would sequentially assign identifers, then we 
exposes the potential sub-selection of streams the signalling agrees on 
at the RTP layer. If we use random values this exposure can be avoid.

I proposed encryption as method that would ensure that we had random 
identifiers of good properties. But, what is your proposal for how these 
identifiers should be construct to minimize the exposure of information?

I also asked the question if there was issues with encrypting this from 
a functional perspective? Unless I receive an answer I will assume not, 
and that it is primarily a hesitant to start using RFC6904.

 From my perspective, lets settle the guidance for construction, then we 
can document what the potential remaining risks are in the security 
consideration. I personally think it is more important to document the 
risks than absolutely have the RFC2119 recommendation here.

Cheers

Magnus Westerlund

----------------------------------------------------------------------
Services, Media and Network features, Ericsson Research EAB/TXM
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Färögatan 6                 | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email