IETF Logo Mail Archive

Re: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-double-10: (with DISCUSS and COMMENT)

Magnus Westerlund <magnus.westerlund@ericsson.com> Thu, 29 August 2019 09:50 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 344CA120815; Thu, 29 Aug 2019 02:50:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YzRY-ERrG569; Thu, 29 Aug 2019 02:50:04 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20087.outbound.protection.outlook.com [40.107.2.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15E6D12003E; Thu, 29 Aug 2019 02:50:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Y244SFUNiY8n6M9B37nsuWJWRngv4hGt/7J1B5NP8CCEE6zcSHrdOBDyCHZ1aD9RjS6/CuAEZW5zDCbewsGRVb5GRKW93hx4feAKfb67PYulf9OVc5DoJge7PbL1CMtybuUBjn8IuUqEt4lBOkgRyU8G7zHz/9TbwA6zOM3UJeVvu/Umq8+hPy4+kwoC6PNepBZCk6Bzjm3Z1pJpUJDfse8TXOQTmbV793tVZChYu+Cf5rvFrBQrv39s4v4/PEALFOo/a1dGkZ5qT9Jle86TugmKWao3BwK7AU+Tpc2kFxeep6bQ2jZCNvzpVxQa+cA81kU8eaDtlYWEnzFxvRNlCA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EncChcNJVdRWzFsLeYm1voKMO2Aaco3hTWEGq6K+5Vs=; b=CCvY5+u8dbm6TbF1C16gds6PNHH14wCWaEQyMd5TKplNjuk6yWT6zzw9mlB4NwX9Ik5QOWlDVq7wnwQQcjogg5PTK22QKZiZhcHHJz/3G84jGfvnbgKSNJ4NqENNtNFQLXEl76+Y4WYURqaT3qHnLRr/63hFcK9sNLjrPNLSnL9/tWUPLvvsXYhVjssvrsKTnv/2bw3UNTbg0W7dF87zRO1FkMkThuKsQ8QJVpr49ix+uLHD1quAPzcr36MS9g+3Ko333FmCz6Pkpx8Av3TCdQuDaZVLjo21YlKCML3670OFPhBEAT8CnbBjG1IN/P/RK9bHGjtMLXarTjIY/V4OcA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EncChcNJVdRWzFsLeYm1voKMO2Aaco3hTWEGq6K+5Vs=; b=KepYwjQ3l3m8wtPrQwSsYmcV8cl6evGVCjchCvx1kQS2uVg50OzwPNd+GGig4+8Fdbl0ORgpSpPqyEMXndRAdb7uQNbhu61CFF4RybEkEwYojwS91nG+C2gl5gVUuH8XqRNHzWz8lB+KSS0XI9j6rFhuGjjMqKiowpipdE99VXY=
Received: from DB7PR07MB5736.eurprd07.prod.outlook.com (20.177.194.155) by DB7PR07MB5643.eurprd07.prod.outlook.com (20.178.44.221) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.5; Thu, 29 Aug 2019 09:50:01 +0000
Received: from DB7PR07MB5736.eurprd07.prod.outlook.com ([fe80::a935:4edd:29a2:9772]) by DB7PR07MB5736.eurprd07.prod.outlook.com ([fe80::a935:4edd:29a2:9772%6]) with mapi id 15.20.2241.000; Thu, 29 Aug 2019 09:50:01 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "suhasietf@gmail.com" <suhasietf@gmail.com>, "rlb@ipv.sx" <rlb@ipv.sx>
CC: "perc@ietf.org" <perc@ietf.org>, "perc-chairs@ietf.org" <perc-chairs@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-perc-double@ietf.org" <draft-ietf-perc-double@ietf.org>, "fluffy@iii.ca" <fluffy@iii.ca>
Thread-Topic: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-double-10: (with DISCUSS and COMMENT)
Thread-Index: AQHVC85uMqFQ5/RAl0Cyrib7XAHyUKZvpqsAgHzvMNCAAIv1gIARSUAAgBQbigA=
Date: Thu, 29 Aug 2019 09:50:01 +0000
Message-ID: <5cec79c71d859aa95e352824320ad261f8525916.camel@ericsson.com>
References: <155800082724.19580.16483563575859435866.idtracker@ietfa.amsl.com> <65737EA1-49AF-4EB9-AD1F-25157B3F010D@iii.ca> <HE1PR0701MB25220714DB8E5AE970E0FDFA95DA0@HE1PR0701MB2522.eurprd07.prod.outlook.com> <CAL02cgTf9sMonRFG1qi9pLxuK8ruvxUStdcju8JU_9+5Kty53w@mail.gmail.com> <CAMRcRGT-izdwyuLX+kiPL5q5TnhoTKGw_9OJSvkDQo59JujS6w@mail.gmail.com>
In-Reply-To: <CAMRcRGT-izdwyuLX+kiPL5q5TnhoTKGw_9OJSvkDQo59JujS6w@mail.gmail.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com;
x-originating-ip: [192.176.1.84]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 130c0862-8a11-42bc-af14-08d72c6642d6
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(49563074)(7193020); SRVR:DB7PR07MB5643;
x-ms-traffictypediagnostic: DB7PR07MB5643:
x-microsoft-antispam-prvs: <DB7PR07MB5643FBF6E996064982F9488695A20@DB7PR07MB5643.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0144B30E41
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(4636009)(136003)(366004)(396003)(346002)(376002)(39860400002)(51914003)(13464003)(189003)(199004)(14454004)(4326008)(26005)(25786009)(99936001)(102836004)(256004)(186003)(14444005)(316002)(54906003)(110136005)(6506007)(53546011)(99286004)(76176011)(8676002)(2616005)(118296001)(66066001)(81156014)(81166006)(476003)(6486002)(3846002)(5660300002)(2501003)(229853002)(486006)(8936002)(36756003)(86362001)(6116002)(44832011)(6512007)(64756008)(66946007)(91956017)(478600001)(76116006)(6246003)(66446008)(66616009)(66476007)(53936002)(66556008)(71190400001)(305945005)(71200400001)(966005)(446003)(11346002)(7736002)(6306002)(6436002)(2906002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR07MB5643; H:DB7PR07MB5736.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: wIKqfWPq4mqtxnXEz3RqeobtqbZLawa+SsS0bYanl3tOc45pI8OZkhekKuaQKgKzyjGCpWnFpMP/MkgfotITj7kI7NKIUsU6b+/fRZffbLEPMxss2k+0RVfcWrOstrFcA5phCWJ1KdJvMpxYoN9RcxWcj5vSHI64g6LHYpM1Up/f31OPbTlZzTssc4M0XbIvkzXwoxYvI9A9Pde2lf098yZDrhRGs4ftiQQf+uBMECmnaSipp2a12FcCRuaraKBtyRLpywTssfHz8akn4uCQ8gISocRfyYWX+2SGeH0l6uipgyBLIT1hIbQCvm+OfsXqF9L2z1jUT3QNhmx2huEENKyfH8NExuca4jIYY+65RDf22d7yeudOHaciRZBlDH/XaNq7SrgsOgPnIWE+ksNgDlAVtM0LU30WMrCjDgMhius=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-qJ82gbG+x8a4F2ra2C8X"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 130c0862-8a11-42bc-af14-08d72c6642d6
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Aug 2019 09:50:01.4767 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: DkNMwFq7fOYIpvBzoJekOAYx8ESD36ifi4pXqQpmfgR+no7gcMfGKDkJgnrbayEN/VIrhRpQ2rGNpUHukSed2p1jM6+ztTtUnXE+O4dhBUM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB5643
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/pgY1opGruUnpXXVSeUvbeaU97qE>
Subject: Re: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-double-10: (with DISCUSS and COMMENT)
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Aug 2019 09:50:08 -0000

Hi,
Hi,


Back from vacation. 

No Richards explanation doesn't help. Section 5.1 contains a normative
description of how to create a synthetic packet. That description is
not expplicit that the padding shall be part of the information that is
included. Thus, implicitly the described procedure forbidds padding.
Per RFC 3550 the padding is not part of the payload thus the need for
being explicit about that the padding is to be included here. 

My suggestion is still that the following bullet: 

 *  Payload: The RTP payload of the original packet

Is changes to be explicit that padding is to be included:

"* Payload: The RTP payload (including
   padding) of the original packet”

Any other way that makes it explcit that the origianl packets padding
is to be included is fine by me. But it does need to be explcit.

Cheers

Magnus

On Fri, 2019-08-16 at 07:46 -0700, Suhas Nandakumar wrote:
> Hey Magnus
> 
>    Wondering if Richard's response answers your question?
> 
> Thanks
> Suhas
> 
> On Mon, Aug 5, 2019 at 7:48 AM Richard Barnes <rlb@ipv.sx> wrote:
> > Hey Magnus,
> > 
> > Sorry, should have responded on Point 1.  I think you're just
> > mistaken on that point.  Padding is included within the inner
> > encryption.  The double transform is an SRTP transform like any
> > other; outside of the SRTP stack, there is no "inner" or "outer",
> > just the same old protect and unprotect.  So padding works the same
> > as it does with any other SRTP transform.
> > 
> > Was there some text in the document that gave you the impression
> > that padding was not included under the inner encryption?  The only
> > mention of padding I see in the document is in the figure in
> > Appendix A [1], where the padding is correctly shown to be within
> > the inner encryption.  Happy to clarify if you have some
> > suggestions for how.
> > 
> > --Richard
> > 
> > [1] 
> > https://tools.ietf.org/html/draft-ietf-perc-double-11#appendix-A
> > 
> > On Mon, Aug 5, 2019 at 2:32 AM Magnus Westerlund <
> > magnus.westerlund@ericsson.com> wrote:
> > > Hi,
> > > 
> > > Sorry, I missed when this update was submitted, thanks for the
> > > reminder. 
> > > 
> > > The new version addresses most of my discuss, but missed to do
> > > anything about point 1 below. 
> > > 
> > > Otherwise it appears to address my discuss points. How do you
> > > want to resolve it? 
> > > 
> > > Cheers
> > > 
> > > Magnus Westerlund
> > > 
> > > > -----Original Message-----
> > > > From: Cullen Jennings <fluffy@iii.ca>
> > > > Sent: den 17 maj 2019 20:34
> > > > To: Magnus Westerlund <magnus.westerlund@ericsson.com>
> > > > Cc: The IESG <iesg@ietf.org>; perc-chairs@ietf.org; draft-ietf-
> > > perc-
> > > > double@ietf.org; suhasietf@gmail.com; perc@ietf.org
> > > > Subject: Re: [Perc] Magnus Westerlund's Discuss on draft-ietf-
> > > perc-double-
> > > > 10: (with DISCUSS and COMMENT)
> > > > 
> > > > >
> > > > > 1. Section 5.1:
> > > > >
> > > > > To me it appears that one fundamental security flaw exists in
> > > the
> > > > > definition of the inner encryption. That is the fact that RTP
> > > padding
> > > > > is not included into the inner encrypted part. This prevents
> > > the
> > > > > application of RTP padding to prevent the potential privacy
> > > leakage
> > > > > that "Guidelines for the Use of Variable Bit Rate Audio with
> > > Secure
> > > > > RTP" (RFC 6562) documents. To prevent this type of
> > > information leakage
> > > > > and other privacy preserving operations based on applying RTP
> > > padding
> > > > > it would be necessary to include the RTP padding into the
> > > inner
> > > > > encrypted envelope. Appendix A figure indicates that is the
> > > case, but the
> > > > process description in 5.1 is not matching that.
> > > > >
> > > > 
> > > > So my read of 5.1 is that does this. Clearly we need to make
> > > the text clear
> > > > that it does that - what part of the 5.1 makes you think the
> > > padding is
> > > > stripped from the  payload ?
> > > > 
> > > > Perhaps to make it explicitly clear we should change
> > > > 
> > > > "* Payload: The RTP payload of the original packet”
> > > > 
> > > > to be
> > > > 
> > > > "* Payload (including padding) The RTP payload (including
> > > passing) of the
> > > > original packet”
> > > > 
> > > > 
> > > > 
> > > > 
> > > 
-- 
Cheers

Magnus Westerlund 


----------------------------------------------------------------------
Network Architecture & Protocols, Ericsson Research
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Torshamnsgatan 23           | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email