IETF Logo Mail Archive

Re: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-double-10: (with DISCUSS and COMMENT)

Suhas Nandakumar <suhasietf@gmail.com> Fri, 16 August 2019 14:46 UTC

Return-Path: <suhasietf@gmail.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA5F5120288; Fri, 16 Aug 2019 07:46:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IP_BXQYv6yCd; Fri, 16 Aug 2019 07:46:23 -0700 (PDT)
Received: from mail-vk1-xa34.google.com (mail-vk1-xa34.google.com [IPv6:2607:f8b0:4864:20::a34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DD3B1201DE; Fri, 16 Aug 2019 07:46:23 -0700 (PDT)
Received: by mail-vk1-xa34.google.com with SMTP id b184so1125839vkh.2; Fri, 16 Aug 2019 07:46:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=d2z1HNbDjta8rsIMW/tCBn8YxV3pqiwfO3UfoYr0fI4=; b=JrluIUADJdwz6h2a6LP5jXJ34F5kXJg5w5dhBQA95ktBKNcbw0MCz2kH5zCsLKAZ/P q8Mbqo85PlbVwIySWiy588SqefZkep5+6qABG0ib69ycUR25if8MUJnEkA6XLellsehr zUa8GsJq+bs4RLiVq8WauhrXx5+lmdN7J9+T7lMQUUcFqK8DGcEEmv/TPf6DxKochs6g 5qjent2mRx5KwPUFEDbshZQ3TzgZr+QN30KGTB24YcU1Xt8mkKc/9fRodNhzD17TCYEF 3QRQHab9t61e3uUJ1dWxf2K2agOTQoZt0mz+4PJjBW5f2hfLZK3pIO4hU45dUpYSXSBA 1P5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=d2z1HNbDjta8rsIMW/tCBn8YxV3pqiwfO3UfoYr0fI4=; b=PbPXzfYvM0D8nRBenB5x6BYVsnX25brj++xs2apgIYiCWNh4crN3IZAdAooWqjy0zP dCmXXZXEHcaWDGT24YjYn3KKLSaGtg/QmPKckFo65hS/qQZmpndrtWR4+nPi/8ox4qQS 9N4X4C6OASmwTrVUo5lZ97mojMN7uPJPVzjPFvzQf02hjWJeWE6Fwq64P7fj6IYa7K6d d2VBsQwVnN/5C3vO1xsY2+8T8llLPW8gjQuy5IM05rSqYcVP8m4NueNedsSrPlup6Q8w VBd8aDs2jh4hQXvE0JA/4ASlM1ZKxmTTLH3xlJxkzwX9TeQPiHlxRspuOi30zzaUURNe t/ig==
X-Gm-Message-State: APjAAAWJ4IsfmSzwmRfraw8MXgspCKSoGtli+dYU41cfU/Uv3QwS9rZi qSNwF0FtTL6BTpr5Yrk8JoX8ByjLWVg4mhXZNsFWKg==
X-Google-Smtp-Source: APXvYqw4W9BJRU4iDzAcpwj+hHvRfyefas73f5TBnTq8nXemAOwNQxaYbg5cZUuM8vsrOWEbCGqE7p9QHJaw1sqkvYk=
X-Received: by 2002:a1f:cac3:: with SMTP id a186mr4157776vkg.50.1565966782072; Fri, 16 Aug 2019 07:46:22 -0700 (PDT)
MIME-Version: 1.0
References: <155800082724.19580.16483563575859435866.idtracker@ietfa.amsl.com> <65737EA1-49AF-4EB9-AD1F-25157B3F010D@iii.ca> <HE1PR0701MB25220714DB8E5AE970E0FDFA95DA0@HE1PR0701MB2522.eurprd07.prod.outlook.com> <CAL02cgTf9sMonRFG1qi9pLxuK8ruvxUStdcju8JU_9+5Kty53w@mail.gmail.com>
In-Reply-To: <CAL02cgTf9sMonRFG1qi9pLxuK8ruvxUStdcju8JU_9+5Kty53w@mail.gmail.com>
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Fri, 16 Aug 2019 07:46:08 -0700
Message-ID: <CAMRcRGT-izdwyuLX+kiPL5q5TnhoTKGw_9OJSvkDQo59JujS6w@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Cc: Magnus Westerlund <magnus.westerlund@ericsson.com>, "fluffy@iii.ca" <fluffy@iii.ca>, "iesg@ietf.org" <iesg@ietf.org>, "perc-chairs@ietf.org" <perc-chairs@ietf.org>, "draft-ietf-perc-double@ietf.org" <draft-ietf-perc-double@ietf.org>, "perc@ietf.org" <perc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c68b9405903d0d90"
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/HVD4BTrecMX83rb2M7if8mK2prQ>
Subject: Re: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-double-10: (with DISCUSS and COMMENT)
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Aug 2019 14:46:26 -0000

Hey Magnus

   Wondering if Richard's response answers your question?

Thanks
Suhas

On Mon, Aug 5, 2019 at 7:48 AM Richard Barnes <rlb@ipv.sx> wrote:

> Hey Magnus,
>
> Sorry, should have responded on Point 1.  I think you're just mistaken on
> that point.  Padding is included within the inner encryption.  The double
> transform is an SRTP transform like any other; outside of the SRTP stack,
> there is no "inner" or "outer", just the same old protect and unprotect.
> So padding works the same as it does with any other SRTP transform.
>
> Was there some text in the document that gave you the impression that
> padding was not included under the inner encryption?  The only mention of
> padding I see in the document is in the figure in Appendix A [1], where the
> padding is correctly shown to be within the inner encryption.  Happy to
> clarify if you have some suggestions for how.
>
> --Richard
>
> [1] https://tools.ietf.org/html/draft-ietf-perc-double-11#appendix-A
>
> On Mon, Aug 5, 2019 at 2:32 AM Magnus Westerlund <
> magnus.westerlund@ericsson.com> wrote:
>
>> Hi,
>>
>> Sorry, I missed when this update was submitted, thanks for the reminder.
>>
>> The new version addresses most of my discuss, but missed to do anything
>> about point 1 below.
>>
>> Otherwise it appears to address my discuss points. How do you want to
>> resolve it?
>>
>> Cheers
>>
>> Magnus Westerlund
>>
>> > -----Original Message-----
>> > From: Cullen Jennings <fluffy@iii.ca>
>> > Sent: den 17 maj 2019 20:34
>> > To: Magnus Westerlund <magnus.westerlund@ericsson.com>
>> > Cc: The IESG <iesg@ietf.org>; perc-chairs@ietf.org; draft-ietf-perc-
>> > double@ietf.org; suhasietf@gmail.com; perc@ietf.org
>> > Subject: Re: [Perc] Magnus Westerlund's Discuss on
>> draft-ietf-perc-double-
>> > 10: (with DISCUSS and COMMENT)
>> >
>> > >
>> > > 1. Section 5.1:
>> > >
>> > > To me it appears that one fundamental security flaw exists in the
>> > > definition of the inner encryption. That is the fact that RTP padding
>> > > is not included into the inner encrypted part. This prevents the
>> > > application of RTP padding to prevent the potential privacy leakage
>> > > that "Guidelines for the Use of Variable Bit Rate Audio with Secure
>> > > RTP" (RFC 6562) documents. To prevent this type of information leakage
>> > > and other privacy preserving operations based on applying RTP padding
>> > > it would be necessary to include the RTP padding into the inner
>> > > encrypted envelope. Appendix A figure indicates that is the case, but
>> the
>> > process description in 5.1 is not matching that.
>> > >
>> >
>> > So my read of 5.1 is that does this. Clearly we need to make the text
>> clear
>> > that it does that - what part of the 5.1 makes you think the padding is
>> > stripped from the  payload ?
>> >
>> > Perhaps to make it explicitly clear we should change
>> >
>> > "* Payload: The RTP payload of the original packet”
>> >
>> > to be
>> >
>> > "* Payload (including padding) The RTP payload (including passing) of
>> the
>> > original packet”
>> >
>> >
>> >
>> >
>>
>>

v2.23.0 | Report a Bug | By Email