IETF Logo Mail Archive

[MSEC] Multicast Security Considerations

"Holland, Jake" <jholland@akamai.com> Fri, 12 November 2021 16:06 UTC

Return-Path: <jholland@akamai.com>
X-Original-To: msec@ietfa.amsl.com
Delivered-To: msec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66EAD3A0BAB for <msec@ietfa.amsl.com>; Fri, 12 Nov 2021 08:06:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kAhSPByHv2Pm for <msec@ietfa.amsl.com>; Fri, 12 Nov 2021 08:06:13 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32DC63A0BAC for <msec@ietf.org>; Fri, 12 Nov 2021 08:06:13 -0800 (PST)
Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by m0050095.ppops.net-00190b01. (8.16.1.2/8.16.1.2) with ESMTP id 1ACDv9aS018737 for <msec@ietf.org>; Fri, 12 Nov 2021 16:06:11 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=cLd5h3NSObKAmASAfoTuYLHLkunjucT/e3sxP5UGCoY=; b=JCj2g6m2OGi9/FeIx54Jd7AglxMno27bNA2SE3yj0QRuokh0GWuVofmEZH3nz874+SP+ 3lMBpotCJb23lQviGVFZuHMAYJ3k7jpoOAT+qtCCoQ8wHPmu6+xN1cK2SG7O8+gXKPyX uOlXg1TPYx5PE5Gx47Hls9YiLdt/TEeantAd4yuIxZy2d0AuBjRuYLY/kqI4XTzZXVFD RGlpCL0uQDDkFq6y4dkkCbI2LGleTQt+nFi3xF0NbP5jXTrt4A31sfle9LDZir64LZVf 094zcpkEkjzOkN7fr1VhZfUO7F5grKPgfrKA+fmoPAfxB+8LREDdxVXMikCBCfUWRvbj ww==
Received: from prod-mail-ppoint6 (prod-mail-ppoint6.akamai.com [184.51.33.61] (may be forged)) by m0050095.ppops.net-00190b01. (PPS) with ESMTPS id 3c975war6q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <msec@ietf.org>; Fri, 12 Nov 2021 16:06:10 +0000
Received: from pps.filterd (prod-mail-ppoint6.akamai.com [127.0.0.1]) by prod-mail-ppoint6.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 1ACG4wAt011882 for <msec@ietf.org>; Fri, 12 Nov 2021 11:06:09 -0500
Received: from email.msg.corp.akamai.com ([172.27.123.31]) by prod-mail-ppoint6.akamai.com with ESMTP id 3c81umn31n-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <msec@ietf.org>; Fri, 12 Nov 2021 11:06:09 -0500
Received: from USMA1EX-DAG1MB4.msg.corp.akamai.com (172.27.123.104) by usma1ex-dag1mb6.msg.corp.akamai.com (172.27.123.65) with Microsoft SMTP Server (TLS) id 15.0.1497.24; Fri, 12 Nov 2021 10:58:19 -0500
Received: from USMA1EX-DAG1MB4.msg.corp.akamai.com ([172.27.123.104]) by usma1ex-dag1mb4.msg.corp.akamai.com ([172.27.123.104]) with mapi id 15.00.1497.024; Fri, 12 Nov 2021 10:58:19 -0500
From: "Holland, Jake" <jholland@akamai.com>
To: "msec@ietf.org" <msec@ietf.org>
Thread-Topic: Multicast Security Considerations
Thread-Index: AQHX194cQ6F1odvAEUyvJncgvP4scw==
Date: Fri, 12 Nov 2021 15:58:19 +0000
Message-ID: <C831F66E-3D94-4CBF-9968-97ED2E42638B@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.53.21091200
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.164.43]
Content-Type: text/plain; charset="utf-8"
Content-ID: <00F80145A85FC64697A2BA2CEA1D0C67@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-11-12_05:2021-11-11, 2021-11-12 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 bulkscore=0 phishscore=0 malwarescore=0 adultscore=0 spamscore=0 mlxlogscore=999 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2111120092
X-Proofpoint-ORIG-GUID: kMMfVigQ0LW3Aj59VCFGLXyIoNfDFDI7
X-Proofpoint-GUID: kMMfVigQ0LW3Aj59VCFGLXyIoNfDFDI7
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-11-12_05,2021-11-12_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 impostorscore=0 suspectscore=0 bulkscore=0 spamscore=0 mlxlogscore=972 mlxscore=0 adultscore=0 lowpriorityscore=0 priorityscore=1501 malwarescore=0 phishscore=0 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2111120092
Archived-At: <https://mailarchive.ietf.org/arch/msg/msec/SYxORbBUS7rJg3q3vy9si1YQKJA>
Subject: [MSEC] Multicast Security Considerations
X-BeenThere: msec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multicast Security List <msec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/msec>, <mailto:msec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/msec/>
List-Post: <mailto:msec@ietf.org>
List-Help: <mailto:msec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/msec>, <mailto:msec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Nov 2021 16:06:18 -0000

Hi msec,

I know this WG is shut down and the list is mostly defunct, but for
anyone still on it:

I had a slot in secdispatch last Tuesday to talk about multicast
security:
- https://datatracker.ietf.org/doc/html/draft-krose-multicast-security
- https://www.youtube.com/watch?v=vbbFgM761t4&t=1h37m51s
- https://datatracker.ietf.org/meeting/112/materials/slides-112-secdispatch-multicast-security-privacy-considerations-00

The dispatch decision was to go to a mailing list for further discussion,
possibly msec, or possibly a new one.

The stuff we're looking to get discussed is closely related to msec's
prior work, but I think not fully in-scope for the old msec charter,
mainly because (I think?) the GDOI model may not be fully applicable
to the sort of broadcast TV scale we're aiming to support in the latest
efforts I covered in the secdispatch presentation, as we don't anticipate
having quite the same kind of trusted key server setup, and we aim to
do the Authentication and Integrity constraints differently.  But with
that said, the particulars are open for discussion.

Anyway, my first question is whether anybody objects to opening
discussion on the topic on this list?  The other main option was to
create a new mailing list for the new multicast security discussion, and
I think the opinions of current msec list members would be key.

If we do it here, I'd be inviting all the interested parties I can find
to join and discuss the draft and the plans.  I'd be trying to figure
out if we can get to where a BoF seems useful, and if the problem space
can get the kind of discussion and feedback that it needs to reach a
consensus status on what it takes to deliver multicast safely with the
modern internet's ideas of safety (specifically aiming to include Web
traffic, against the advice of some of the web security luminaries).

Other possibly useful background includes the one review from Ekr on the
secdispatch list and the ensuing discussion:
https://mailarchive.ietf.org/arch/msg/secdispatch/N1jDh7MRHupuPIf1S5BiLDecGGY/

And also the discussion the next day in mboned, where some of the background
work ahead of this has been happening:
https://www.youtube.com/watch?v=xCl9NlRZoik&t=31m24s 
https://datatracker.ietf.org/meeting/112/materials/slides-112-mboned-multicast-to-the-browser-update-00.pdf

Please send back opinions if you have them, else I'll assume it won't
bother anybody to start using this list.

Best,
Jake

v2.23.0 | Report a Bug | By Email