IETF Logo Mail Archive

Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bundle-negotiation-32 - Magnus' comments - MID security

Eric Rescorla <ekr@rtfm.com> Thu, 13 October 2016 12:13 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5C64129567 for <mmusic@ietfa.amsl.com>; Thu, 13 Oct 2016 05:13:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4px2LdgNKYRp for <mmusic@ietfa.amsl.com>; Thu, 13 Oct 2016 05:13:22 -0700 (PDT)
Received: from mail-yb0-x22f.google.com (mail-yb0-x22f.google.com [IPv6:2607:f8b0:4002:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23F641294BE for <mmusic@ietf.org>; Thu, 13 Oct 2016 05:13:20 -0700 (PDT)
Received: by mail-yb0-x22f.google.com with SMTP id o189so4458212yba.1 for <mmusic@ietf.org>; Thu, 13 Oct 2016 05:13:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=xAOUDPyQkxhCvV2x2PV7uyT+F6/5ywgEsxMFTpkckEQ=; b=eXmQ550fbnUW/MQRRcUMQtmpoJElyPVNjpkZDXcNl2ZFLAI7GrweLvAktA7CLIh41I ICW4EWYpcMLqvHkwpVocyLXvteP6ZHDGMJumzOOQxVFgPATozEZWUDQE5ySOy9vvrwvG a3cvcr37U8AY52wgqdaLIBmAEYiAwOy7oceIiy2ogsvatYVHRByUq46oDHR02mrF2vTT Mzcy1Xj5RHT3/V2AJTD5J/74fcY4oGtudEcPjbPizT+A4aFusLcFXbjKHFA2WGtAGEtQ lE1QsAkIH+xkSbo2xITk+w8WbfB5lklyc+Cn9brjHrIbEkNxRLtWKqTkf4b3UlUjbdi8 GgQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=xAOUDPyQkxhCvV2x2PV7uyT+F6/5ywgEsxMFTpkckEQ=; b=MIyO5Gm/qdSd2kU+SMkLeceNN/SPDJmnWkBxBHMTSrR+eXWB6pZXBaVWYZB6fsPPrw TQK60ncRE4VoOmmPnuth0XO9M7DpY9fJyAHxruwQYanrEJTHZGZ3JQytdIOl+iH+V9R0 0VwL+PqKvypm7PkhNA9U+sQC5EJ0NBETy2szMZjYMEByiQ5jcWvxZpeGaqzxUchOZvHk P74bHf1lsvgtR33wM5dIPmzLx69pd8flSNyQbWXej4qcusHkVKHn3MyOZt2GmaZm0co1 VXC8eO/3Uyz5roZ0nsF0wIwDtNzbU/QyziTxVJZHJ7cEndknpferERyjCfWV2y2c1Bjl mO0g==
X-Gm-Message-State: AA6/9RnLlcdSviY7KZq2+TJwxRPSJpUSu3lRYhy2YesxZPDIwoYiZN7KLkZ6J4KnHhWTzh2au+Nudlk3Z2D/tA==
X-Received: by 10.37.80.12 with SMTP id e12mr5246065ybb.105.1476360799311; Thu, 13 Oct 2016 05:13:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.75.212 with HTTP; Thu, 13 Oct 2016 05:12:38 -0700 (PDT)
In-Reply-To: <4a000249-91d9-f6b3-5b01-4833e6d359fc@ericsson.com>
References: <D41C238A.1095B%christer.holmberg@ericsson.com> <71419d1f-af1d-46e9-401d-81c5df73fc49@ericsson.com> <58510E68-A045-4312-B3B3-3468E83C8EB7@iii.ca> <243c777f-46f9-4053-1588-7e6b58a06c8c@ericsson.com> <D423DEE7.1101D%christer.holmberg@ericsson.com> <D423FEEE.11074%christer.holmberg@ericsson.com> <CABcZeBO7b3XGRTCzN4-Z-6=8sTD3nrr8HtgN1q9np-hZ3tqbMQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B4BD668D1@ESESSMB209.ericsson.se> <CABcZeBNDpt5F_HZeHC9tavPUKzq-Dw3u2SroKcH4U-k-hWNmyg@mail.gmail.com> <4a000249-91d9-f6b3-5b01-4833e6d359fc@ericsson.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 13 Oct 2016 05:12:38 -0700
Message-ID: <CABcZeBNwbWWZPcjothhZEv2L8uSpW=stg5-eyxS_nOYUjNwp8A@mail.gmail.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
Content-Type: multipart/alternative; boundary="001a113e86cc0108e7053ebe09de"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/vcBbkYM-gIdNRGYdmX-TSS6iQ18>
Cc: Cullen Jennings <fluffy@iii.ca>, "mmusic@ietf.org" <mmusic@ietf.org>, Paul Kyzivat <pkyzivat@alum.mit.edu>, Christer Holmberg <christer.holmberg@ericsson.com>
Subject: Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bundle-negotiation-32 - Magnus' comments - MID security
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 12:13:24 -0000

On Thu, Oct 13, 2016 at 2:09 AM, Magnus Westerlund <
magnus.westerlund@ericsson.com> wrote:

> Den 2016-10-13 kl. 02:51, skrev Eric Rescorla:
>
>>
>>
>> On Wed, Oct 12, 2016 at 12:54 PM, Christer Holmberg
>> <christer.holmberg@ericsson.com <mailto:christer.holmberg@ericsson.com>>
>> wrote:
>>
>>     Hi,____
>>
>>     __ __
>>
>>     My intention was not to claim we have consensus. I just wanted to
>>     put forward some text to see whether it’s something we can work
>> on.____
>>
>>     __ __
>>
>>     Or, would you prefer to not saying anything?
>>
>>
>> I don't think we need to say anything normative.
>>
>>
> Can you please be a bit more constructive here?
>

I think I am being constructive. I'm trying to get the draft finished, and
this seems to be poorly motivated.


I hope you are not disagreeing with a RECOMMEND for source authentication
> at least? Having third party attackers being able to change the MID on path
> that is a quite serious attack, so integrity and source authentication I
> think is well motivated.
>

There seem to be two cases:

1. You're using SRTP (and this should also include SRTCP).
2. You're not using SRTP.

In case #1, then the MID should be integrity protected because it's part of
the packet. If not, then I don't think a partial solution helps.


Regarding the aspects regarding privacy and information leakage. You
> previously indicated that you agree that we should at least avoid
> structured MIDs to avoid that implementation specifics or hardware
> addresses of source devices leaks this way.


No, that's not what I said. Rather, I said:

"The first of these seems addressable by guidance about how to construct
these IDs. I note that we
have only very limited guidance on how to construct ICE ufrag/passwords...."

If you think this kind of identifier-generation tracking is an issue, I
would suggest doing a broader survey
first, rather than focusing on this case.

-Ekr

This would mean that BUNDLE should contain guidance on how to construct
> them so this is avoided. This is currently not included. I have no problem
> with including such recommendations. Do you have a proposal for how to
> construct them?
>
> When we come to the last aspect regarding confidentiality protection of
> the MID identifiers I can understand the hesitance over this. For some use
> cases I agree the information leakage is in principal zero, as the fact
> that the streams are there are present through SSRCs, PTs etc. However,
> especially for multiple  streams originating from a endpoint, rather than a
> conference mixer, this do exposes information. Here the above discussed
> recommendations do matters for what information can be leaked. For example
> if we would sequentially assign identifers, then we exposes the potential
> sub-selection of streams the signalling agrees on at the RTP layer. If we
> use random values this exposure can be avoid.
>
> I proposed encryption as method that would ensure that we had random
> identifiers of good properties. But, what is your proposal for how these
> identifiers should be construct to minimize the exposure of information?
>
> I also asked the question if there was issues with encrypting this from a
> functional perspective? Unless I receive an answer I will assume not, and
> that it is primarily a hesitant to start using RFC6904.
>
> From my perspective, lets settle the guidance for construction, then we
> can document what the potential remaining risks are in the security
> consideration. I personally think it is more important to document the
> risks than absolutely have the RFC2119 recommendation here.
>
>
> Cheers
>
> Magnus Westerlund
>
> ----------------------------------------------------------------------
> Services, Media and Network features, Ericsson Research EAB/TXM
> ----------------------------------------------------------------------
> Ericsson AB                 | Phone  +46 10 7148287
> Färögatan 6                 | Mobile +46 73 0949079
> SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
> ----------------------------------------------------------------------
>
>

v2.23.0 | Report a Bug | By Email