IETF Logo Mail Archive

Re: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-double-10: (with DISCUSS and COMMENT)

Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 20 May 2019 07:24 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D4B0120139; Mon, 20 May 2019 00:24:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LstkzpQVNCky; Mon, 20 May 2019 00:24:13 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40079.outbound.protection.outlook.com [40.107.4.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A9F11200D5; Mon, 20 May 2019 00:24:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HBBwoHIDMm/+rmW1d0YlFY6dpYtBv0RJp6M7pbKIXgA=; b=JTT29vrbbPVzE6Ge89x7livAYpvOigjLDIKJCi8bD867xuNIOMVeyFoWGWviCdMET0qmMAII4DC5ZQHQzbH83MHmnfNUmcNMoWk62xUbWRycy38KiESgCDpCBjbWljGZO7JHiC5dPL6w0KVEJ6cMpmwBQFt9pYP1gyf/JJmSd3c=
Received: from HE1PR0701MB2522.eurprd07.prod.outlook.com (10.168.128.149) by HE1PR0701MB2649.eurprd07.prod.outlook.com (10.168.186.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.10; Mon, 20 May 2019 07:24:09 +0000
Received: from HE1PR0701MB2522.eurprd07.prod.outlook.com ([fe80::896a:7ada:8bc9:d99d]) by HE1PR0701MB2522.eurprd07.prod.outlook.com ([fe80::896a:7ada:8bc9:d99d%6]) with mapi id 15.20.1922.013; Mon, 20 May 2019 07:24:09 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: Cullen Jennings <fluffy@iii.ca>
CC: The IESG <iesg@ietf.org>, "perc-chairs@ietf.org" <perc-chairs@ietf.org>, "draft-ietf-perc-double@ietf.org" <draft-ietf-perc-double@ietf.org>, "suhasietf@gmail.com" <suhasietf@gmail.com>, "perc@ietf.org" <perc@ietf.org>
Thread-Topic: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-double-10: (with DISCUSS and COMMENT)
Thread-Index: AQHVC85uMqFQ5/RAl0Cyrib7XAHyUA==
Date: Mon, 20 May 2019 07:24:09 +0000
Message-ID: <HE1PR0701MB2522BE3811FBB03C3846F2EF95060@HE1PR0701MB2522.eurprd07.prod.outlook.com>
References: <155800082724.19580.16483563575859435866.idtracker@ietfa.amsl.com> <65737EA1-49AF-4EB9-AD1F-25157B3F010D@iii.ca>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com;
x-originating-ip: [192.176.1.87]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 86e2fcf8-f33d-4e8b-2869-08d6dcf4265f
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:HE1PR0701MB2649;
x-ms-traffictypediagnostic: HE1PR0701MB2649:
x-microsoft-antispam-prvs: <HE1PR0701MB2649A69C9E0CF582A5DF3CAD95060@HE1PR0701MB2649.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 004395A01C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(366004)(39860400002)(346002)(136003)(396003)(199004)(189003)(20264003)(99286004)(53546011)(6506007)(446003)(71190400001)(73956011)(7696005)(66946007)(102836004)(66556008)(66446008)(6116002)(476003)(76116006)(66476007)(71200400001)(64756008)(33656002)(256004)(14444005)(3846002)(76176011)(25786009)(68736007)(7736002)(4326008)(9686003)(486006)(54906003)(81166006)(81156014)(8936002)(44832011)(53936002)(14454004)(8676002)(236005)(66066001)(6436002)(55016002)(2906002)(5660300002)(54896002)(478600001)(86362001)(26005)(6246003)(186003)(74316002)(229853002)(52536014)(6916009)(316002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2649; H:HE1PR0701MB2522.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: XKdxv6/LP6K1j18lhdFG9LRnmdJV4oLRjIVA3e37fy1apAnPr6/dipr7FpbtsKryuev74xOPGREDU7nBeqOtUT7EDCYYRYLgIl0UEuG5B35xcK9FgYJD/5IWmTnkAvHBpcSGtFRxea9arUZse0BxYT+Yui2E03rhhluCZCSIsYjbCQ4zD0/v8N0KqQr9oYB+k7tcSojvknVjaxezruKXEFPMU2mfn6U1PFo5fhHbN8801sLAKOod1Q9EMA0UBhZDimG2fzBn9zpRUTcrAEBr3r1pYAlfSPItBRXGeNMw5C6EwF7C1Cimf4hVjskpNJf5K/mqgO99PyrnsCFpdjfmNstouvVpGq9e4zcqk3VFA7xUZkusxmBU56RWsoUwXfFkAlsJinhVc5BJRac03YibVKh8fDc7tvssdz7PtILHRE4=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB2522BE3811FBB03C3846F2EF95060HE1PR0701MB2522_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 86e2fcf8-f33d-4e8b-2869-08d6dcf4265f
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 May 2019 07:24:09.1653 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: magnus.westerlund@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2649
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/5imt75PLyG0GtyhKydevpgfSE2Y>
Subject: Re: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-double-10: (with DISCUSS and COMMENT)
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 May 2019 07:24:16 -0000

Hi Cullen and WG,

Implementors, please see question at the end!

On 2019-05-17 20:34, Cullen Jennings wrote:


1. Section 5.1:

To me it appears that one fundamental security flaw exists in the definition of
the inner encryption. That is the fact that RTP padding is not included into
the inner encrypted part. This prevents the application of RTP padding to
prevent the potential privacy leakage that "Guidelines for the Use of Variable
Bit Rate Audio with Secure RTP" (RFC 6562) documents. To prevent this type of
information leakage and other privacy preserving operations based on applying
RTP padding it would be necessary to include the RTP padding into the inner
encrypted envelope. Appendix A figure indicates that is the case, but the
process description in 5.1 is not matching that.




So my read of 5.1 is that does this. Clearly we need to make the text clear that it does that - what part of the 5.1 makes you think the padding is stripped from the  payload ?

Perhaps to make it explicitly clear we should change

"* Payload: The RTP payload of the original packet”

to be

"* Payload (including padding) The RTP payload (including passing) of the original packet”

Yes, making it explicit is necessary. The payload and the padding are two distinct protocol parts, thus I think using "Including" is not the right way of formulating it.

I think it would be clearer to do this:

OLD:

   3.  Form a synthetic RTP packet with the following contents:

       *  Header: The RTP header of the original packet with the
          following modifications:

       *  The X bit is set to zero

       *  The header is truncated to remove any extensions (i.e., keep
          only the first 12 + 4 * CC bytes of the header)

       *  Payload: The RTP payload of the original packet

NEW:
   3.  Form a synthetic RTP packet with the following contents:

       *  Header: The RTP header of the original packet with the
          following modifications:

       *  The X bit is set to zero

       *  The header is truncated to remove any extensions (i.e., keep
          only the first 12 + 4 * CC bytes of the header)

       *  Payload: The RTP payload of the original packet

       *  Padding: If padding is applied (P=1), include the padding count octet and any padding octets.


I would also note that likely the padding need to be explicitly discussed
as being applied in the inner stage so that the outer packet generation
don't attempt to strip it away if P=1. Otherwise an MD could screw up the
packet completely.

Actually a question here to the people that has
implementation. If P=1 in the RTP header and they apply only the outer part
of DOUBLE decryption will their stacks actually attempt to strip an RTP padding off using the
OHB config octet as padding byte count?


Cheers



Magnus Westerlund


----------------------------------------------------------------------
Network Architecture & Protocols, Ericsson Research
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Torshamnsgatan 23           | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com<mailto:magnus.westerlund@ericsson.com>
----------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email