Re: [MMUSIC] I-D Action: draft-ietf-mmusic-latching-01.txt

Emil Ivov <emcho@jitsi.org> Mon, 10 June 2013 15:16 UTC

Return-Path: <emil@sip-communicator.org>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8542921F9643 for <mmusic@ietfa.amsl.com>; Mon, 10 Jun 2013 08:16:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.155
X-Spam-Level:
X-Spam-Status: No, score=-2.155 tagged_above=-999 required=5 tests=[AWL=0.445, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CrHu4TGW87+p for <mmusic@ietfa.amsl.com>; Mon, 10 Jun 2013 08:16:15 -0700 (PDT)
Received: from mail-wg0-x22f.google.com (mail-wg0-x22f.google.com [IPv6:2a00:1450:400c:c00::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 88E6421F9636 for <mmusic@ietf.org>; Mon, 10 Jun 2013 08:16:13 -0700 (PDT)
Received: by mail-wg0-f47.google.com with SMTP id l18so1489803wgh.2 for <mmusic@ietf.org>; Mon, 10 Jun 2013 08:16:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding:x-gm-message-state; bh=FlHcEJxedcv9Z4ZZ2r0qVZarfmwrAez+D+wpkliweGU=; b=CZ9Rmp3tNTdg5dkNb+LA90Mcy6xJPyZDy0WgzbKoNOvSRwyurPkR5z+QB38S5PkyTL +dfqxh7B1qfft9UdTFzD++r5P6jMwBryKVUpxAhfbuGVRens9EtvP8S1OaanxgVFbwx+ tlHRyA85DZZvsB7+5hB+1H/a1XBE/CmmP3xb23W337QYZfO0g0y2MxovVZr5KkrI43FZ cV4J9WynouRAicOMNThg2dSwyIc0JbiwSjsDwTwP1gN0/9xftXeLX0qhWqkRu7tcVrfG ve2zCekPQ2y5EGtfhP/8udK2JCAK7kLtzqGjJGQ6OfICcEahxt2qiyWYmgiu+fNauEgF Ym1A==
X-Received: by 10.194.119.195 with SMTP id kw3mr5812146wjb.64.1370877372976; Mon, 10 Jun 2013 08:16:12 -0700 (PDT)
Received: from camionet.local (lec67-2-82-226-207-96.fbx.proxad.net. [82.226.207.96]) by mx.google.com with ESMTPSA id h8sm11956160wiz.9.2013.06.10.08.16.11 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 10 Jun 2013 08:16:12 -0700 (PDT)
Message-ID: <51B5EDB9.9030109@jitsi.org>
Date: Mon, 10 Jun 2013 17:16:09 +0200
From: Emil Ivov <emcho@jitsi.org>
Organization: Jitsi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
References: <20130507182905.15924.84115.idtracker@ietfa.amsl.com> <C5E08FE080ACFD4DAE31E4BDBF944EB1134DED4A@xmb-aln-x02.cisco.com> <518E169E.4050006@jitsi.org> <C5E08FE080ACFD4DAE31E4BDBF944EB1135230D4@xmb-aln-x02.cisco.com>
In-Reply-To: <C5E08FE080ACFD4DAE31E4BDBF944EB1135230D4@xmb-aln-x02.cisco.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Gm-Message-State: ALoCoQnCn8aFXl+AyrY6G7JUN2U7JCVtJ3YC6qXfp8gpLNF0nSmknZmohOcVS7qs+48pMIRaGXcQ
Cc: "mmusic@ietf.org WG" <mmusic@ietf.org>
Subject: Re: [MMUSIC] I-D Action: draft-ietf-mmusic-latching-01.txt
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jun 2013 15:16:16 -0000

Hey Cullen,

On 30.05.13, 16:22, Cullen Jennings (fluffy) wrote:
>
> I think you need to start by putting in a reference to
>
> http://tools.ietf.org/html/rfc3424

Indeed. While the issues do not apply to hosted NAT traversal, the 
document does describe many of the reasons why people resorted to 
latching rather than using UNSAF. This is now mentioned and ref-ed in 
the introduction.

> and discussing the issues it raises with relation to this draft.
>
> Next I think you need to add a specific attack where two people are
> both behind the same CGN.

This exact case was already described in the security considerations 
section:

tools.ietf.org/html/draft-ietf-mmusic-latching-02#page-11

(last paragraph on the page)

Cheers,
Emil

> CGN is becoming increasingly common and
> will result in a large number of people having the same IP address.
> Unless you have a solutions that secures this type of environment, I
> think you should put harmful in the title and make the abstract very
> clear that the IETF does not recommend this and this document
> explains why.
>
>
>
> On May 11, 2013, at 3:59 AM, Emil Ivov <emcho@jitsi.org> wrote:
>
>> Hey Cullen,
>>
>> On 10.05.13, 23:53, Cullen Jennings (fluffy) wrote:
>>>
>>> I think the security section series underestimates the security
>>> vulnerabilities this introduces.
>>
>> If you think we've missed any specific attacks we'd be happy to add
>> them.
>>
>>> I'm very sad to see the IETF publishing this at all with anything
>>> other than "This is not the recommended way to solve this
>>> problem" and why.
>>
>> Well that's pretty much what we say:
>>
>> In no way does this document try to make a case for HNT or present
>> it as a solution that is somehow better than alternatives such as
>> ICE. The mechanisms described here, popular as they may be, are not
>> necessarily considered best practice or recommended operation.
>>
>> The security considerations section also specifically outlines
>> cases where DoS attacks can be performed even with the use of
>> SRTP:
>>
>> For example, in cases where end-to-end encryption is used it would
>> still be possible for an attacker to hijack a session despite the
>> use of SRTP and perform a denial of service attack.
>>
>> The point was to show that in spite of all the threat mitigating
>> techniques users of latching are still left vulnerable to those.
>>
>> I certainly don't understand IETF processes as well as you do, but
>> it is my understanding that as an informational document the draft
>> can only do so much and that making explicit recommendations for or
>> against technologies was for Standards Track documents only. Am I
>> wrong about this?
>>
>> My recollection of the Paris and Vancouver meetings (and a quick
>> skim through the notes) is that this was also the direction chosen
>> by the WG.
>>
>> Again, if you believe that additional text would make things
>> clearer we are wide open to suggestions.
>>
>> Cheers, Emil
>>
>>
>>>
>>>
>>>
>>>
>>> On May 7, 2013, at 12:29 PM, internet-drafts@ietf.org wrote:
>>>
>>>>
>>>> A New Internet-Draft is available from the on-line
>>>> Internet-Drafts directories. This draft is a work item of the
>>>> Multiparty Multimedia Session Control Working Group of the
>>>> IETF.
>>>>
>>>> Title           : Latching: Hosted NAT Traversal (HNT) for
>>>> Media in Real-Time Communication Author(s)       : Emil Ivov
>>>> Hadriel Kaplan Dan Wing Filename        :
>>>> draft-ietf-mmusic-latching-01.txt Pages : 14 Date            :
>>>> 2013-05-07
>>>>
>>>> Abstract: This document describes behavior of signalling
>>>> intermediaries in Real-Time Communication (RTC) deployments,
>>>> sometimes referred to as Session Border Controllers (SBCs),
>>>> when performing Hosted NAT Traversal (HNT).  HNT is a set of
>>>> mechanisms, such as media relaying and latching, that such
>>>> intermediaries use to enable other RTC devices behind NATs to
>>>> communicate with each other.  This document is non-normative,
>>>> and is only written to explain HNT in order to provide a
>>>> reference to the IETF community, as well as an informative
>>>> description to manufacturers, and users.
>>>>
>>>>
>>>> The IETF datatracker status page for this draft is:
>>>> https://datatracker.ietf.org/doc/draft-ietf-mmusic-latching
>>>>
>>>> There's also a htmlized version available at:
>>>> http://tools.ietf.org/html/draft-ietf-mmusic-latching-01
>>>>
>>>> A diff from the previous version is available at:
>>>> http://www.ietf.org/rfcdiff?url2=draft-ietf-mmusic-latching-01
>>>>
>>>>
>>>> Internet-Drafts are also available by anonymous FTP at:
>>>> ftp://ftp.ietf.org/internet-drafts/
>>>>
>>>> _______________________________________________ mmusic mailing
>>>> list mmusic@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/mmusic
>>>
>>> _______________________________________________ mmusic mailing
>>> list mmusic@ietf.org
>>> https://www.ietf.org/mailman/listinfo/mmusic
>>>
>>
>> -- https://jitsi.org
>
>

-- 
https://jitsi.org