[Perc] review of draft-ietf-perc-srtp-ekt-diet
Sean Turner <sean@sn3rd.com> Thu, 08 December 2016 15:48 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2928129F04 for <perc@ietfa.amsl.com>; Thu, 8 Dec 2016 07:48:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZgCYWNaND-Qd for <perc@ietfa.amsl.com>; Thu, 8 Dec 2016 07:48:18 -0800 (PST)
Received: from mail-qt0-x231.google.com (mail-qt0-x231.google.com [IPv6:2607:f8b0:400d:c0d::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA259129F0A for <perc@ietf.org>; Thu, 8 Dec 2016 07:48:11 -0800 (PST)
Received: by mail-qt0-x231.google.com with SMTP id n6so415587813qtd.1 for <perc@ietf.org>; Thu, 08 Dec 2016 07:48:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:subject:message-id:date:to :mime-version; bh=vexIW8Sp3PIqGggzVZUG3U/v5jEIlWQ6abm0JBBS9yw=; b=iOySKE6uLYaBhpjhN/3nKhR7Ht7sSgqZ2PIEIB3dQj7aAlHh2apELhguIMrxJtNJtg vHWDxP/o/xa15Jb+4j56lbcnYhSXJXvP2BJMDLb3XP9FmOiegxU9dMhg0QOd3Fh+JSlQ KsUdpZAhchTArZPPnZqaLU5s5YMgSRPxz6Lqs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-transfer-encoding:subject :message-id:date:to:mime-version; bh=vexIW8Sp3PIqGggzVZUG3U/v5jEIlWQ6abm0JBBS9yw=; b=ATnQbsX55h2rjpa1iipXCf3GK7cnsFXyaVkNyHxK9ZYM5wrWRU+sBi9jAxeGMqHtN/ idyFNj1SmrMqMM9IjaVObtj/1n2jBzov6AyAMwyHebZ3so0Z+pPuNC9yZ98bLlDqZ4R1 BM9HSo9gTbQ1Hol/3rLnMx8u9M+FLtnj3mCpgRpJB0nUUrCFEHlKbG6KA9IHMnc0rJEY 4UH1PWiMV9cDbVMTSk8ncktW1mIy3W7SsVW/aI4z0Jie+6oPT02MWON1R27PchdZ0M1U Kh/bq1+HUPj/T7jEo7W76kOL2Xp3/1ZCwljRdtptLFGknNcuF2KYbVHdDCQKb48HyVMe K5Nw==
X-Gm-Message-State: AKaTC03k6hrd6TeOyQGpHEh7KSCDfrPrQtO144nXaa5ccz0RUW1YEZBAEsuiYxiMqpGxpQ==
X-Received: by 10.200.43.120 with SMTP id 53mr63219887qtv.253.1481212090878; Thu, 08 Dec 2016 07:48:10 -0800 (PST)
Received: from [172.16.0.92] (pool-173-73-120-80.washdc.east.verizon.net. [173.73.120.80]) by smtp.gmail.com with ESMTPSA id 1sm17653393qte.46.2016.12.08.07.48.10 for <perc@ietf.org> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 08 Dec 2016 07:48:10 -0800 (PST)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <85FD4558-D946-4A75-944E-D9B1A52F2A4A@sn3rd.com>
Date: Thu, 08 Dec 2016 10:48:08 -0500
To: perc@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/jaBSAU7P7KNWkKtfmG78bbmTb40>
Subject: [Perc] review of draft-ietf-perc-srtp-ekt-diet
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Dec 2016 15:48:21 -0000
I volunteered in Seoul to review the draft. Three bigger picture questions, then a bunch of nits:
0) I suspect the answer to this question is "yeah we know but we don’t want to wait”: DTLS1.3 is going to include a “Key and IV update handshake message" so aren’t we kind of setting up a situation where we’re burning a TLS content type code point for a DTLS1.2-specific protocol? Put another way are you going to redo this for TLS1.3?
1) Based on the DoS security consideration, it appears as if you’re okay with the EKT field not be protected by SRTP. (he asks without having dug into SRTP in a while) There’s really no way to get at integrity protection of the EKT field?
2) s2.2.2, #1: I gotta ask why the MessageType byte isn’t first? Wouldn’t putting the MessageType first allow you avoid buffering everything before proceeding? It seems like you’re counting on nobody sending a string of zeros as the first byte of the EKT field to mess with implementations.
NITS:
0) s2, last paragraph
What happens if an implementation does use SRTP's MKI or with SRTP's <From, To>? Is an error thrown?
1) s2.1, EKTPlaintext
Probably over thinking this, but is the concatentation like so:
+--------------+--------+--------+
| SRTP MK | SSRC | ROC |
+-------------+---------+--------+
I’d be afraid somebody would think it’s the other way around without being more specific. Maybe it’s as easy as: putting something like "SRTP MK || SSRC || ROC, where || denotes concatenation” somewhere in the paragraph.
2) s2.1, EKTMsgLength
Should this be “MUST”: All EKT message other that ShortEKTField must have ...
3) s2.1, MessageType
Maybe it’s late but I’m having trouble parsing this sentence:
Values less than 64 are mandatory to
understand and the whole EKTField SHOULD be discarded if it
contains message type value that is less than 64 and is not
implemented.
Can “and is not implemented” be dropped?
4) s2.2.1
r/needs to be sent/is sent
r/is to be sent/is sent
5) s2.2.1, #4
“EKTMEsgTypeFull” doesn’t appear anywhere else in the draft. I think it’s supposed to “ … Message Type using the FullEKTField format."
also: r/EKT Ciphertext/EKTCiphertext
6) s3.2
To ensure we tick all the coordination boxes, it’s probably worth making sure that this draft also gets sent to the TLS WG during WGLC because it’s defining an extension and a content type.
7) s3.2:
struct {
EKTCipherType ekt_ciphers<0..254>;
} SupportedEKTCiphers;
0..254? Should it be 1..256?
8) s3.2:
r/When the server responds in the
"srtp_ekt_key_transport" in its ServerHello message, it must include
/When the server responds in the
"srtp_ekt_key_transport" in its ServerHello message, it MUST include
9) s5
Should the registries be part of the SDP or RTP parameters group? I.e., collected together with the other SDP parameters?
10) s5.2
I’m assuming the AESKW256 value is 3 on purpose?
Cheers,
spt
- [Perc] review of draft-ietf-perc-srtp-ekt-diet Sean Turner