IETF Logo Mail Archive

Re: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT)

Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 20 May 2019 07:10 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E016120020; Mon, 20 May 2019 00:10:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dYautrfusYze; Mon, 20 May 2019 00:10:21 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30087.outbound.protection.outlook.com [40.107.3.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B0AD120049; Mon, 20 May 2019 00:10:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=81Qujyq/mp7e6/7zKIHmXND4LgUsyblmifT7mK6NAME=; b=bcL1KiGKC9Pj69GERTg6R1D3S3Li+IrwbslFD3EBufjsuVEUmlMK9ggDHaoOsku+jYqO2QjFVM7ELFd95eKfaXYYHj5IJyRySrP3kfcF5vdLUDQOTIS054qWuzUY5n3yaeTLrbX+6iVm6E0MitRU/T6Y4T0LCbuniub7jll+1zI=
Received: from HE1PR0701MB2522.eurprd07.prod.outlook.com (10.168.128.149) by HE1PR0701MB2891.eurprd07.prod.outlook.com (10.168.92.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.11; Mon, 20 May 2019 07:10:17 +0000
Received: from HE1PR0701MB2522.eurprd07.prod.outlook.com ([fe80::896a:7ada:8bc9:d99d]) by HE1PR0701MB2522.eurprd07.prod.outlook.com ([fe80::896a:7ada:8bc9:d99d%6]) with mapi id 15.20.1922.013; Mon, 20 May 2019 07:10:17 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: Cullen Jennings <fluffy@iii.ca>
CC: Paul Jones <paulej@packetizer.com>, The IESG <iesg@ietf.org>, "nohlmeier@mozilla.com" <nohlmeier@mozilla.com>, "perc-chairs@ietf.org" <perc-chairs@ietf.org>, "perc@ietf.org" <perc@ietf.org>, "draft-ietf-perc-private-media-framework@ietf.org" <draft-ietf-perc-private-media-framework@ietf.org>
Thread-Topic: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT)
Thread-Index: AQHVDLv05Xj4KxTpkE2ssVAnd4w1Bg==
Date: Mon, 20 May 2019 07:10:17 +0000
Message-ID: <HE1PR0701MB252253FCF1EEB0D1BD502D9495060@HE1PR0701MB2522.eurprd07.prod.outlook.com>
References: <155786852996.30194.6992264311523885594.idtracker@ietfa.amsl.com> <eme03c8681-09b1-41be-8d6f-ccd86546cdc4@sydney> <HE1PR0701MB2522CD96FDCB0F920CE2740F950A0@he1pr0701mb2522.eurprd07.prod.outlook.com> <em34aed8b0-2ed1-4e23-a0ee-b2e613076a94@sydney> <HE1PR0701MB25225ED31452D0FCC2787500950B0@HE1PR0701MB2522.eurprd07.prod.outlook.com> <234A5249-3D7B-468C-9A77-72DBBF5CF46A@iii.ca>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com;
x-originating-ip: [192.176.1.87]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a620f759-cfe2-466a-a204-08d6dcf236b9
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:HE1PR0701MB2891;
x-ms-traffictypediagnostic: HE1PR0701MB2891:
x-microsoft-antispam-prvs: <HE1PR0701MB28917B3238F4707BD7C82CCC95060@HE1PR0701MB2891.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 004395A01C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(366004)(346002)(39860400002)(136003)(396003)(199004)(189003)(256004)(6116002)(14454004)(53546011)(6506007)(71200400001)(3846002)(2906002)(14444005)(66066001)(5660300002)(6916009)(25786009)(4326008)(102836004)(476003)(99286004)(446003)(478600001)(76176011)(44832011)(229853002)(33656002)(71190400001)(486006)(316002)(7696005)(64756008)(66446008)(55016002)(8676002)(81156014)(81166006)(54906003)(6436002)(66946007)(66556008)(66476007)(73956011)(76116006)(236005)(54896002)(86362001)(26005)(9686003)(74316002)(8936002)(186003)(52536014)(6246003)(68736007)(7736002)(53936002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2891; H:HE1PR0701MB2522.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: AkIJeIDu3eNTc/D9Yav3nPkk2ZYm+MTjfQhuF2vxLqyxu3lkvA9BhdiyrwUq4StM1KiVzTFwcTxV/FEmQUg8xC4GkTxKwPYn1n8lYNr+Co3YSL8Q7b7b0soj+EIrw0PhlKNPkn6tEU3EHSifDN99snZWmDv/iSRaKH9taaAgjZ7rVaLtVJ+xKJgsFSS1sugY6J//Z3uC2TVoTuTYpp8roig67K6Z6hue1IiTZ99QOF6UyKtbhCi25xEC0QqRilOYyNeOAOb4xy8RETbC21zvcxzApdxlGRoG8DOe+zuzOhbcqCR+o1QNHbRJSOPOtnkgkYIWi6m1fybt99Sl6oSDY+VdL5UL7Cuw+NYw6v4ypoVlGafqXJCUB/RiMvDcs26bTdYLrb7nfFYlhbWFe++nb8NZP48IfE2bpSunp+NqFzg=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB252253FCF1EEB0D1BD502D9495060HE1PR0701MB2522_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a620f759-cfe2-466a-a204-08d6dcf236b9
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 May 2019 07:10:17.5683 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: magnus.westerlund@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2891
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/lV1D0TRgAuDos-lpQ3hOgWrjChA>
Subject: Re: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT)
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 May 2019 07:10:24 -0000

On 2019-05-17 20:24, Cullen Jennings wrote:


On May 17, 2019, at 8:22 AM, Magnus Westerlund <magnus.westerlund@ericsson.com<mailto:magnus.westerlund@ericsson.com>> wrote:

 So far only a single SRTP cipher suits defined provides source authentication properties that allow an endpoint to cryptographically assert that it sent a particular E2E protected packet. Instead, the common property is that one can determine only that any endpoint that has received the KEK has produced the packet.

Magnus, I’m just a bit confused on what the above two senses are trying to say - can you just expand it out a bit more so I get it. I think I am struggling with what cipher you refer to in the first sentense.


The single SRTP cipher suit that exists that provides any stronger source authentication property than, one of those that have the key has generated this message, is to my knowledge TESLA (RFC  4383).

Let me cite one paragraph from Section 3.1 of RFC 7201:

   The source authentication guarantees provided by SRTP depend on the
   cryptographic transform and key management used.  Some transforms
   give strong source authentication even in multiparty sessions; others
   give weaker guarantees and can authenticate group membership but not
   sources.  Timed Efficient Stream Loss-Tolerant Authentication (TESLA)
   [RFC4383] offers a complement to the regular symmetric keyed
   authentication transforms, like HMAC-SHA-1, and can provide
   per-source authentication in some group communication scenarios.  The
   downside is the need for buffering the packets for a while before
   authenticity can be verified.

So as DOUBLE is AES-GCM which falls into the symmetric cipher suits, or cryptographic transform as I think SRTP actually calls it, the only source authentication provided is that who ever generated the packet has the key. If one have the KEK, one will also receive all endpoints used master key and can derive the actual used key that protects the inner payload and generates the integrity tag. Thus, unless the involved parties has been compromised, the source authentication statement provide is: Someone that was given the KEK has generated this inner protected packet.

You are welcome to formulate this property however you want that you think makes sense.

Cheers

Magnus Westerlund

----------------------------------------------------------------------
Network Architecture & Protocols, Ericsson Research
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Torshamnsgatan 23           | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com<mailto:magnus.westerlund@ericsson.com>
----------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email