IETF Logo Mail Archive

Re: [MMUSIC] Updates to BUNDLE "Security Considerations"

Christer Holmberg <christer.holmberg@ericsson.com> Tue, 22 November 2016 08:26 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6199612969E; Tue, 22 Nov 2016 00:26:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FhiQsq6AwwTK; Tue, 22 Nov 2016 00:26:57 -0800 (PST)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E69C012969C; Tue, 22 Nov 2016 00:26:56 -0800 (PST)
X-AuditID: c1b4fb3a-d644398000007918-ed-5834014f9010
Received: from ESESSHC001.ericsson.se (Unknown_Domain [153.88.183.21]) by (Symantec Mail Security) with SMTP id F4.81.31000.F4104385; Tue, 22 Nov 2016 09:26:55 +0100 (CET)
Received: from ESESSMB209.ericsson.se ([169.254.9.16]) by ESESSHC001.ericsson.se ([153.88.183.21]) with mapi id 14.03.0319.002; Tue, 22 Nov 2016 09:26:33 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Suhas Nandakumar <suhasietf@gmail.com>, "draft-ietf-mmusic-sdp-bundle-negotiation@ietf.org" <draft-ietf-mmusic-sdp-bundle-negotiation@ietf.org>
Thread-Topic: Updates to BUNDLE "Security Considerations"
Thread-Index: AQHSRJlGQUX7LZdIdUSnwYC4nWxai6DkrWsA
Date: Tue, 22 Nov 2016 08:26:31 +0000
Message-ID: <D459CF9B.13460%christer.holmberg@ericsson.com>
References: <CAMRcRGSMV0n-8fJb5Fiht8_V03h6k0pVuYs0KjyoK3sDVtyRuA@mail.gmail.com>
In-Reply-To: <CAMRcRGSMV0n-8fJb5Fiht8_V03h6k0pVuYs0KjyoK3sDVtyRuA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.9.160926
x-originating-ip: [153.88.183.20]
Content-Type: multipart/alternative; boundary="_000_D459CF9B13460christerholmbergericssoncom_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrLIsWRmVeSWpSXmKPExsUyM2K7qK4/o0mEwacmQYvps96xWUxd/pjF YufcDmYHZo+ds+6yeyxZ8pMpgCmKyyYlNSezLLVI3y6BK2PThrMsBQ+NKi7c2MvUwDhFp4uR k0NCwETi3MGJLF2MXBxCAusYJQ6sfM0IkhASWMwo0XFPvouRg4NNwEKi+582SI2IwHRGiQeH LrCD1DALyEtcWLKGCcQWBqp5O/EcG0i9iIClRPd0Q5CwiICRRMfOg2DlLAKqEgcP/GIGKeEV sJZo2eQNYgoJBEhcnWQKUsEpECjRcnsFWDWjgJjE91MQw5kFxCVuPZnPBHGxgMSSPeeZIWxR iZeP/7GCjBEV0JNYcz8MIqwocXX6cqjWBImN2z+xgdi8AoISJ2c+YZnAKDoLydRZSMpmISmD iBtIvD83nxnC1pZYtvA1lK0vsfHLWUYI21ri0v/lrMhqFjByrGIULU4tLs5NNzLSSy3KTC4u zs/Ty0st2cQIjMSDW35b7WA8+NzxEKMAB6MSD6+Bi3GEEGtiWXFl7iFGCQ5mJRHeQwwmEUK8 KYmVValF+fFFpTmpxYcYpTlYlMR5zVbeDxcSSE8sSc1OTS1ILYLJMnFwSjUwdl1jm2e4zDT/ otkRnYcnNkjE79ivEnV64aZDc+QqcysrLMK+2kz6X+GeVlyr/O3NrcpL58QdT89O4VxlZiuc JqTq/FV+RXb7m//d6yJ3PK4Q+vrm7fupBnlRm9+uluN6e+Ol+MUryYsdTTqc7EQcOFXsd6zd tdZv/jGl/d0vlzspuml4KHGtUWIpzkg01GIuKk4EALaYSdTAAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/vjELL2gr9ePmY-OigFNS-IYYyQc>
Cc: mmusic WG <mmusic@ietf.org>
Subject: Re: [MMUSIC] Updates to BUNDLE "Security Considerations"
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Nov 2016 08:26:59 -0000

Hi,

When you say “put the m-line first” I assume you mean first in the group:BUNDLE attribute list?

Regards,

Christer

From: Suhas Nandakumar <suhasietf@gmail.com<mailto:suhasietf@gmail.com>>
Date: Tuesday 22 November 2016 at 11:20
To: "draft-ietf-mmusic-sdp-bundle-negotiation@ietf.org<mailto:draft-ietf-mmusic-sdp-bundle-negotiation@ietf.org>" <draft-ietf-mmusic-sdp-bundle-negotiation@ietf.org<mailto:draft-ietf-mmusic-sdp-bundle-negotiation@ietf.org>>
Cc: "mmusic@ietf.org<mailto:mmusic@ietf.org>" <mmusic@ietf.org<mailto:mmusic@ietf.org>>
Subject: Updates to BUNDLE "Security Considerations"
Resent-From: <alias-bounces@ietf.org<mailto:alias-bounces@ietf.org>>
Resent-To: Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>>, Harald Alvestrand <harald@alvestrand.no<mailto:harald@alvestrand.no>>, Cullen Jennings <fluffy@iii.ca<mailto:fluffy@iii.ca>>
Resent-Date: Tuesday 22 November 2016 at 11:20

Hello Bundle Authors

   As part of discussions on the Stephen Farrell's "COMMENT" on the SDP Mux Draft during IESG Evaluation, there was a  proposal made to update the Security Considerations section of the BUNDLE draft to address security concern raised by Stephen.

The issue:
   When using a=crypto (TRANSPORT category) attribute across media sections, the Offer/Answer negotiation MAY end up in selecting a media section with a weaker a=crypto line.

The Proposal (from Cullen):

 So here my straw man suggestion ... it seems like the right place to
> mention this is in the security consideration for bundle and point
> out that if you offer multiple m-lines that are bundled, the
> recommendation is for the offers and answers to have the same security
> level or put the m-line with the highest level security first so that
> if bundle is selected, we get the strongest security.


Full discussion can be found here:
 https://www.ietf.org/mail-archive/web/mmusic/current/msg17184.html




Thanks
Suhas

v2.23.0 | Report a Bug | By Email