Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bundle-negotiation-32 - Magnus' comments - MID security
Eric Rescorla <ekr@rtfm.com> Thu, 13 October 2016 12:13 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5C64129567 for <mmusic@ietfa.amsl.com>; Thu, 13 Oct 2016 05:13:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4px2LdgNKYRp for <mmusic@ietfa.amsl.com>; Thu, 13 Oct 2016 05:13:22 -0700 (PDT)
Received: from mail-yb0-x22f.google.com (mail-yb0-x22f.google.com [IPv6:2607:f8b0:4002:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23F641294BE for <mmusic@ietf.org>; Thu, 13 Oct 2016 05:13:20 -0700 (PDT)
Received: by mail-yb0-x22f.google.com with SMTP id o189so4458212yba.1 for <mmusic@ietf.org>; Thu, 13 Oct 2016 05:13:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=xAOUDPyQkxhCvV2x2PV7uyT+F6/5ywgEsxMFTpkckEQ=; b=eXmQ550fbnUW/MQRRcUMQtmpoJElyPVNjpkZDXcNl2ZFLAI7GrweLvAktA7CLIh41I ICW4EWYpcMLqvHkwpVocyLXvteP6ZHDGMJumzOOQxVFgPATozEZWUDQE5ySOy9vvrwvG a3cvcr37U8AY52wgqdaLIBmAEYiAwOy7oceIiy2ogsvatYVHRByUq46oDHR02mrF2vTT Mzcy1Xj5RHT3/V2AJTD5J/74fcY4oGtudEcPjbPizT+A4aFusLcFXbjKHFA2WGtAGEtQ lE1QsAkIH+xkSbo2xITk+w8WbfB5lklyc+Cn9brjHrIbEkNxRLtWKqTkf4b3UlUjbdi8 GgQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=xAOUDPyQkxhCvV2x2PV7uyT+F6/5ywgEsxMFTpkckEQ=; b=MIyO5Gm/qdSd2kU+SMkLeceNN/SPDJmnWkBxBHMTSrR+eXWB6pZXBaVWYZB6fsPPrw TQK60ncRE4VoOmmPnuth0XO9M7DpY9fJyAHxruwQYanrEJTHZGZ3JQytdIOl+iH+V9R0 0VwL+PqKvypm7PkhNA9U+sQC5EJ0NBETy2szMZjYMEByiQ5jcWvxZpeGaqzxUchOZvHk P74bHf1lsvgtR33wM5dIPmzLx69pd8flSNyQbWXej4qcusHkVKHn3MyOZt2GmaZm0co1 VXC8eO/3Uyz5roZ0nsF0wIwDtNzbU/QyziTxVJZHJ7cEndknpferERyjCfWV2y2c1Bjl mO0g==
X-Gm-Message-State: AA6/9RnLlcdSviY7KZq2+TJwxRPSJpUSu3lRYhy2YesxZPDIwoYiZN7KLkZ6J4KnHhWTzh2au+Nudlk3Z2D/tA==
X-Received: by 10.37.80.12 with SMTP id e12mr5246065ybb.105.1476360799311; Thu, 13 Oct 2016 05:13:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.75.212 with HTTP; Thu, 13 Oct 2016 05:12:38 -0700 (PDT)
In-Reply-To: <4a000249-91d9-f6b3-5b01-4833e6d359fc@ericsson.com>
References: <D41C238A.1095B%christer.holmberg@ericsson.com> <71419d1f-af1d-46e9-401d-81c5df73fc49@ericsson.com> <58510E68-A045-4312-B3B3-3468E83C8EB7@iii.ca> <243c777f-46f9-4053-1588-7e6b58a06c8c@ericsson.com> <D423DEE7.1101D%christer.holmberg@ericsson.com> <D423FEEE.11074%christer.holmberg@ericsson.com> <CABcZeBO7b3XGRTCzN4-Z-6=8sTD3nrr8HtgN1q9np-hZ3tqbMQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B4BD668D1@ESESSMB209.ericsson.se> <CABcZeBNDpt5F_HZeHC9tavPUKzq-Dw3u2SroKcH4U-k-hWNmyg@mail.gmail.com> <4a000249-91d9-f6b3-5b01-4833e6d359fc@ericsson.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 13 Oct 2016 05:12:38 -0700
Message-ID: <CABcZeBNwbWWZPcjothhZEv2L8uSpW=stg5-eyxS_nOYUjNwp8A@mail.gmail.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
Content-Type: multipart/alternative; boundary="001a113e86cc0108e7053ebe09de"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/vcBbkYM-gIdNRGYdmX-TSS6iQ18>
Cc: Cullen Jennings <fluffy@iii.ca>, "mmusic@ietf.org" <mmusic@ietf.org>, Paul Kyzivat <pkyzivat@alum.mit.edu>, Christer Holmberg <christer.holmberg@ericsson.com>
Subject: Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bundle-negotiation-32 - Magnus' comments - MID security
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 12:13:24 -0000
On Thu, Oct 13, 2016 at 2:09 AM, Magnus Westerlund < magnus.westerlund@ericsson.com> wrote: > Den 2016-10-13 kl. 02:51, skrev Eric Rescorla: > >> >> >> On Wed, Oct 12, 2016 at 12:54 PM, Christer Holmberg >> <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com>> >> wrote: >> >> Hi,____ >> >> __ __ >> >> My intention was not to claim we have consensus. I just wanted to >> put forward some text to see whether it’s something we can work >> on.____ >> >> __ __ >> >> Or, would you prefer to not saying anything? >> >> >> I don't think we need to say anything normative. >> >> > Can you please be a bit more constructive here? > I think I am being constructive. I'm trying to get the draft finished, and this seems to be poorly motivated. I hope you are not disagreeing with a RECOMMEND for source authentication > at least? Having third party attackers being able to change the MID on path > that is a quite serious attack, so integrity and source authentication I > think is well motivated. > There seem to be two cases: 1. You're using SRTP (and this should also include SRTCP). 2. You're not using SRTP. In case #1, then the MID should be integrity protected because it's part of the packet. If not, then I don't think a partial solution helps. Regarding the aspects regarding privacy and information leakage. You > previously indicated that you agree that we should at least avoid > structured MIDs to avoid that implementation specifics or hardware > addresses of source devices leaks this way. No, that's not what I said. Rather, I said: "The first of these seems addressable by guidance about how to construct these IDs. I note that we have only very limited guidance on how to construct ICE ufrag/passwords...." If you think this kind of identifier-generation tracking is an issue, I would suggest doing a broader survey first, rather than focusing on this case. -Ekr This would mean that BUNDLE should contain guidance on how to construct > them so this is avoided. This is currently not included. I have no problem > with including such recommendations. Do you have a proposal for how to > construct them? > > When we come to the last aspect regarding confidentiality protection of > the MID identifiers I can understand the hesitance over this. For some use > cases I agree the information leakage is in principal zero, as the fact > that the streams are there are present through SSRCs, PTs etc. However, > especially for multiple streams originating from a endpoint, rather than a > conference mixer, this do exposes information. Here the above discussed > recommendations do matters for what information can be leaked. For example > if we would sequentially assign identifers, then we exposes the potential > sub-selection of streams the signalling agrees on at the RTP layer. If we > use random values this exposure can be avoid. > > I proposed encryption as method that would ensure that we had random > identifiers of good properties. But, what is your proposal for how these > identifiers should be construct to minimize the exposure of information? > > I also asked the question if there was issues with encrypting this from a > functional perspective? Unless I receive an answer I will assume not, and > that it is primarily a hesitant to start using RFC6904. > > From my perspective, lets settle the guidance for construction, then we > can document what the potential remaining risks are in the security > consideration. I personally think it is more important to document the > risks than absolutely have the RFC2119 recommendation here. > > > Cheers > > Magnus Westerlund > > ---------------------------------------------------------------------- > Services, Media and Network features, Ericsson Research EAB/TXM > ---------------------------------------------------------------------- > Ericsson AB | Phone +46 10 7148287 > Färögatan 6 | Mobile +46 73 0949079 > SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com > ---------------------------------------------------------------------- > >
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Christer Holmberg
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Cullen Jennings
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Jonathan Lennox
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Cullen Jennings
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Eric Rescorla
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Christer Holmberg
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Christer Holmberg
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Eric Rescorla
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Christer Holmberg
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Eric Rescorla
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Eric Rescorla
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- [MMUSIC] BUNDLE - MID Security - Updated text pro… Magnus Westerlund
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Cullen Jennings
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Adam Roach
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Magnus Westerlund
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Ted Hardie
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Magnus Westerlund