IETF Logo Mail Archive

[Perc] Double Encryption and header extensions issue

Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com> Thu, 30 March 2017 15:16 UTC

Return-Path: <sergio.garcia.murillo@gmail.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 011FE1296B6 for <perc@ietfa.amsl.com>; Thu, 30 Mar 2017 08:16:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sdzDmDnIOQno for <perc@ietfa.amsl.com>; Thu, 30 Mar 2017 08:16:13 -0700 (PDT)
Received: from mail-lf0-x229.google.com (mail-lf0-x229.google.com [IPv6:2a00:1450:4010:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB5F0129681 for <perc@ietf.org>; Thu, 30 Mar 2017 08:16:12 -0700 (PDT)
Received: by mail-lf0-x229.google.com with SMTP id h125so29322078lfe.0 for <perc@ietf.org>; Thu, 30 Mar 2017 08:16:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version; bh=P62GO0hYhubnp49h/E7zzuG8iWbQqKh/ugLLSBuY9V4=; b=Vg8tnmwDm6NUtdvZdVqTAWZFS2mPLfys7/aE0PqBe3Ks29BYcjFZqAVWiskBV99q28 yEjJlsTD6hxyjy5f7tgJtEMBizBgYnmn8pM6/+AyTJFjw9uuJTT0e0Pu6PqY7BMWSVhf VuepnFGL9ZdngONuEd+K0jElJdmEJqdUgz5CB8iSW5Bv1nWnMhR7FT0tMIfd229kUX/1 68Bces3X+RH1Dl/eKtJ6n7vd9s6sst9qqbXKyFEFVOD8rLhkVLiLMuIPkeMXPx3nEbXS qYrl7fsxe1lXEscV4ZXCRUI1PdfqFFxzlVEIbCessCu0zaHgWFLMr5oTYGBoeyT16Cln GeWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version; bh=P62GO0hYhubnp49h/E7zzuG8iWbQqKh/ugLLSBuY9V4=; b=pBiYJ/BkDh+9+Z7sgmsh10rIZDlrxZo9UJBrbFf/H9Tg984O2wHYdCrM237SvLUWKz fVYnqWnYRhx9h/dZJNQoBREQpnwUlfmbLwyMJzvo2GE7t999Em0T4aOu2yb5Xx9zTjr8 lJZ7QwWFuza6bwlM0c5mFLB4tBFeAtRXS7wEdig5kQR5maD+AyZ+cDmu8CSbteLnvvoU Opf70wPDQcHT2Q4cidWNhB2yGhQcZFcGOZgWkJmbhp9bxXs9g/ktpx5SuGzq9oRWOjGP hu5riVflUXl4+l1Prt/M5FD/hpznZAFIWFYfSzNntJ0U/bCsxQ8WGgzjRY7cF13tkg/h IqQQ==
X-Gm-Message-State: AFeK/H1vu4D4o0CzN06TT6R8qQ9U7Yw8P0Hv09c/fRyEVbxCTKSKzq4QV1FNLDxIfGPnaw==
X-Received: by 10.28.45.212 with SMTP id t203mr3839321wmt.37.1490886970957; Thu, 30 Mar 2017 08:16:10 -0700 (PDT)
Received: from [192.168.1.37] (148.red-79-153-126.dynamicip.rima-tde.net. [79.153.126.148]) by smtp.googlemail.com with ESMTPSA id 140sm3615123wmk.12.2017.03.30.08.16.09 for <perc@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 30 Mar 2017 08:16:10 -0700 (PDT)
To: perc@ietf.org
From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Message-ID: <44c5cb73-cb44-0edc-774f-121f349a0aa7@gmail.com>
Date: Thu, 30 Mar 2017 17:16:11 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------9EEE5A7CA46A25CD5E4E858E"
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/1RAcCo_J8hcRDnZm0W1Eg_3eYPc>
Subject: [Perc] Double Encryption and header extensions issue
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 15:16:15 -0000

Hi all,

I have been reviewing the documentation for double encryption and I have 
serious doubts about how the header extensions are handled.

If I have understood it (please correct me if I am wrong) the MD must 
rely all the header extensions present before the OHB to the other peers:

       The Media Distributor MUST NOT delete any header extensions before
       the OHB, but MAY add, delete, or modify any that follow the OHB.

This is an obvious requirement, as to be able to decrypt the inner 
crypto, the end receiver must have the same original rtp packet, which 
includes header extensions.

My concerns is that there are scenarios in which this is not possible:

  * Sender and receiver may not support same set of header extensions
  * Sender and receiver may have negotiated a different id for same
    header extension

In any of the previous scenarios, the receiver will not be able to parse 
the packet correctly, and at best case scenario, it will ignore the 
header extension.

Is there anything that I missing?

Best regards
Sergio

v2.23.0 | Report a Bug | By Email