IETF Logo Mail Archive

Re: [MMUSIC] draft-dtls-sdp: Allow offerer to establish DTLS association before it has received the SDP answer?

Christer Holmberg <christer.holmberg@ericsson.com> Tue, 23 May 2017 09:59 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F581129459 for <mmusic@ietfa.amsl.com>; Tue, 23 May 2017 02:59:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.821
X-Spam-Level:
X-Spam-Status: No, score=-2.821 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dlFfFeaKaFcc for <mmusic@ietfa.amsl.com>; Tue, 23 May 2017 02:59:17 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E124124C27 for <mmusic@ietf.org>; Tue, 23 May 2017 02:59:16 -0700 (PDT)
X-AuditID: c1b4fb2d-5a49e9a000000d37-42-592407f297aa
Received: from ESESSHC005.ericsson.se (Unknown_Domain [153.88.183.33]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 07.E3.03383.2F704295; Tue, 23 May 2017 11:59:14 +0200 (CEST)
Received: from ESESSMB109.ericsson.se ([169.254.9.30]) by ESESSHC005.ericsson.se ([153.88.183.33]) with mapi id 14.03.0339.000; Tue, 23 May 2017 11:59:12 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Martin Thomson <martin.thomson@gmail.com>
CC: Eric Rescorla <ekr@rtfm.com>, Roman Shpount <roman@telurix.com>, "mmusic@ietf.org" <mmusic@ietf.org>
Thread-Topic: [MMUSIC] draft-dtls-sdp: Allow offerer to establish DTLS association before it has received the SDP answer?
Thread-Index: AQHSzg+3LES5P8e96kuYQ2NFd1Iy/aH22hkAgAAInQCAAAaQgIAASbSwgAjtDoD//+kCgIABw7QA
Date: Tue, 23 May 2017 09:59:12 +0000
Message-ID: <D549E2A8.1D08C%christer.holmberg@ericsson.com>
References: <D5407B8A.1C98B%christer.holmberg@ericsson.com> <CABcZeBN+91+kf8j599CpdiHu62QoOu4Xbkb5xhEEwSQp_LGxFw@mail.gmail.com> <CAD5OKxsFwbQPK2jz-BnS3Re6df2tU1RzuFgWx1f8xKio6NdJTQ@mail.gmail.com> <CABcZeBNoOaZaotNjz35CT=9Vb8ktHysnp9hZZu4=yK3oz5=2Fw@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B4CBA529B@ESESSMB109.ericsson.se> <D5487BC2.1CF8E%christer.holmberg@ericsson.com> <CABkgnnXzzKMWrPaGq6mho=Dmq7Hjbi_G4Ng1O6LBCTL-1Pt-hA@mail.gmail.com>
In-Reply-To: <CABkgnnXzzKMWrPaGq6mho=Dmq7Hjbi_G4Ng1O6LBCTL-1Pt-hA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.2.170228
x-originating-ip: [153.88.183.17]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <E2FDD5D75239E748AEE4F07974B71EF8@ericsson.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrAIsWRmVeSWpSXmKPExsUyM2K7ou4ndpVIg2ePlS1WvD7HbnHtzD9G i6nLH7NYzLgwldmBxWPnrLvsHkuW/GTymPy4jdnj1pSCAJYoLpuU1JzMstQifbsEroxTB0+x FLwQqrj6cDF7A2MbfxcjJ4eEgInEjJZXrCC2kMARRomW25JdjFxA9mJGicWT3wAlODjYBCwk uv9pg9SICOhKLDr7gB3EZhbIktjwYSUjSImwQJXEyWd1ECXVEpuPX2SDsKMkug9NYAEpYRFQ lXh+WBwkzCtgLTF731NGiE1nmSVunP3KApLgFAiUWHW/gQnEZhQQk/h+ag0TxCpxiVtP5jNB nCwgsWTPeWYIW1Ti5eN/YOeLCuhJ7Pv3lQ1kl4SAosTyfjmIVj2JG1OnsEHY1hLvDxxmhbC1 JZYtfM0McY+gxMmZT1gmMIrPQrJtFpL2WUjaZyFpn4WkfQEj6ypG0eLU4uLcdCNjvdSizOTi 4vw8vbzUkk2MwHg8uOW37g7G1a8dDzEKcDAq8fC+/KscKcSaWFZcmXuIUYKDWUmEdyKrSqQQ b0piZVVqUX58UWlOavEhRmkOFiVxXod9FyKEBNITS1KzU1MLUotgskwcnFINjMni3pPkXx1J /dkTYMEWXq9efCzOKO3b2fUMfJs/a297/UNoc9DnwriOeU2/X3tJbrimeUZ4XX3MhQ8WG1yY rb42rrvH38rIbXcl831J67oooXWtm5l6uXh9Mx2tnzo/Ezx1P3zT99bJhrurpGdMLz4mfsV8 uvwxmwndLvrm3dVPHgRPsVt5WYmlOCPRUIu5qDgRAGvgvMXDAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/z1RgqBCBCuAsmLkF4KGoQVkURU0>
Subject: Re: [MMUSIC] draft-dtls-sdp: Allow offerer to establish DTLS association before it has received the SDP answer?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 May 2017 09:59:19 -0000

Hi,

>>I have updated the PR. The text now allows the offerer to establish the
>>DTLS
>> association before it has received the SDP answer, but that any media
>> received before the answer shall be considered unauthenticated.
>>
>> https://github.com/cdh4u/draft-dtls-sdp/pull/31
>>
>> I intend to submit a new version of the draft soon, so please indicate
>>if
>> you don¹t agree with the text ­ together with text that you (and
>>hopefully
>> others) would agree too :)
>
>Roman is right here, this is going too far.  As ekr points out, we
>over-corrected by insisting that the handshake not proceed without the
>answer, but doesn't mean that we should let the handshake complete
>without knowing to whom we are completing the handshake with.
>
>There is a case for taking the data you receive and holding it until
>you get an answer; it would be OK to allow that, though it would need
>some careful writing.
>
>However, I believe that the reason we've been asked to do this is in
>aid of actually playing out media from a completely unauthenticated
>source.  That's the point at which this goes pear-shaped.  The whole
>point of this is to provide integrity, and that doesn't happen if an
>attacker gets to provide the first few bits of a stream.
>
>I realize that this makes Cullen's use case harder, but several
>alternative solutions have been offered.
>
>My preference is to forbid handshake completion until the anchors by
>which the handshake is assessed (a=fingerprint, a=tls-id) are
>available.

If I understand correctly, you seem to suggest that we allow the handshake
to ³proceed² (see 1st paragraph of your reply), but not to ³complete². If
so, which endpoint is responsible to make sure that it doesn¹t ³complete²?

>Second in preference to that is to allow received data to be saved,
>but not used.  In no circumstance should we allow data to be *sent*.

I assume that also includes e.g., SCTP messages, i.e., in case of a WebRTC
Data Channel it wouldn¹t be allowed to establish the SCTP association.


Regards,

Christer







>It's very hard to guarantee that an error that is detected on the peer
>will actually result in the connection terminating in a reasonable
>period of time.  The current draft is vague on this point.
>
>p.s., Tim's comment about media vs. data needs to be addressed.

v2.23.0 | Report a Bug | By Email