Re: [Perc] Roman Danyliw's Discuss on draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT)
"Paul E. Jones" <paulej@packetizer.com> Fri, 17 May 2019 01:14 UTC
Return-Path: <paulej@packetizer.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFC60120334; Thu, 16 May 2019 18:14:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=packetizer.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zAB6pojI9TYM; Thu, 16 May 2019 18:14:29 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [IPv6:2600:1f18:24d6:2e01:e842:9b2b:72a2:d2c6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A485612014B; Thu, 16 May 2019 18:14:29 -0700 (PDT)
Received: from authuser (localhost [127.0.0.1])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=packetizer.com; s=dublin; t=1558055664; bh=8vsWcQogJhA1SZbH9yVHSvRzhiolEu0J8gaylynXVh4=; h=From:To:Subject:Cc:Date:In-Reply-To:References:Reply-To; b=mMj0e20FlJvUk4+339K6t7OWcQzseO7ikSi/8kejHbe+HOg6WPtSTC0EpZYAmj0pT Ftf8fIZgAUTQ5k4tvSOmAH5zmMlhenR7/5RmW9B8LRuUlBE2siTB7ApJVdIc+5Xaws /taVLUewRpwgWAHcACtWlxbHHpGHvYfa19XNB5JU=
From: "Paul E. Jones" <paulej@packetizer.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
Cc: nohlmeier@mozilla.com, perc-chairs@ietf.org, perc@ietf.org, draft-ietf-perc-private-media-framework@ietf.org
Date: Fri, 17 May 2019 01:14:21 +0000
Message-Id: <em037e7ce0-3675-4952-89e2-27bc8a163694@sydney>
In-Reply-To: <155797155680.30599.3634623355394252682.idtracker@ietfa.amsl.com>
References: <155797155680.30599.3634623355394252682.idtracker@ietfa.amsl.com>
Reply-To: "Paul E. Jones" <paulej@packetizer.com>
User-Agent: eM_Client/7.2.34711.0
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="------=_MBE3DE109D-10AE-461E-9A00-FC793F42FA71"
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/wSbc-ORVEv3pexacyyn273ULMDo>
Subject: Re: [Perc] Roman Danyliw's Discuss on draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT)
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 May 2019 01:14:33 -0000
Roman, Thanks for reviewing the text. Please see comments below: >---------------------------------------------------------------------- >DISCUSS: >---------------------------------------------------------------------- > >I support Magnus’s DISCUSS about the need to further discuss the impact of a >compromised/rogue end-point. In addition to the impersonation of others in the >conference, I am wondering about the impact (perhaps a DoS?) of rogue client >flooding the conference with EKT Key updates. > ACK; will continue to work with Magnus on this. >---------------------------------------------------------------------- >COMMENT: >---------------------------------------------------------------------- > >(1) Section 1. Per “Virtualized public cloud environments have been viewed as >less secure since resources are not always physically controlled by those who >use them and since there are usually several ports open to the public. This >document aims to improve security so as to lower the barrier to taking >advantage of those environments”, I stumbled over these sentences. Improve >security relative to what – self hosted environments? Is the security target >have fewer open ports and secure in the face of an adversary with physical >access to the system? The latter seems like a very high bar and the >corresponding Security Considerations doesn’t seem to rise to that. Improved security relative to traditional switching conferencing platforms wherein there is a media function running on those virtualized hardware platforms holding the keys to encrypt and decrypt media. The number of open ports really doesn't make much difference, but I think whoever crafted that text originally meant to emphasize how porous those platforms can be. I think we could remove the bit about the open ports and it would still convey the intended meaning. Want me to do that? With PERC, an adversary could do anything with the middlebox (even if running in that cloud environment) and the confidentiality of the conference would not be compromised. (PERC does not thwart DOS attacks, but that's not an objective.) How would you suggest we make that clearer? >(2) Section 6.1. “Endpoints have to retain old keys for a period of time to >ensure they can properly decrypt late-arriving or out-of-order packets” seems >to restate what is stated in 4.5.2 using RFC2119 language. Here “endpoints >have to retain”. In Section 4.5.2, “endpoints SHOULD retain”. Which one is >correct? "have to" wasn't intended to be normative. The purpose of the sentence was really to remind readers that there might be quite a few keys held at any given point in time, especially when the conference is rekeyed. But, I can see that wasn't clear. How about this text? Complicating key management is the fact that the KEK can change and, when it does, the Endpoints generate new SRTP master keys that are associated with a new EKT SPI. Endpoints might retain old keys for a period of time to ensure they can properly decrypt late-arriving or out-of-order packets, which means the number of keys held during that period of time might substantially more. >(3) Section 8.1. Per “Off-path attackers could try connecting to different PERC >entities and send specifically crafted packets”, could you be more specific on >the threat. Is this something different than any service being exposed on the >Internet? This is saying that it's not possible for an attacker to send packets of any form that could be misconstrued to be valid media that needs to be forwarded or rendered since packets are authenticated before consumption. (It doesn't prevent a DoS attack, but that's covered in subsequent paragraphs.) But, I can see how this might not make sense. I think a few more words are needed. How is this? Off-path attackers could try connecting to different PERC entities to send specifically crafted packets with an aim of forcing the receiver to forward or render bogus media packets. Endpoints and Media Distributors mitigate such an attack by performing hop-by-hop authentication and discarding packets that fail authentication. >(4) Editorial Nits: >** Section 3. Typo. s/the the/the/ > Oh! An easy one! :) I made those changes above to my local copy, but I'm happy to make additional changes as you suggest if the text still isn't clear. Thanks! Paul
- [Perc] Roman Danyliw's Discuss on draft-ietf-perc… Roman Danyliw via Datatracker
- Re: [Perc] Roman Danyliw's Discuss on draft-ietf-… Paul E. Jones
- Re: [Perc] Roman Danyliw's Discuss on draft-ietf-… Roman Danyliw
- Re: [Perc] Roman Danyliw's Discuss on draft-ietf-… Paul E. Jones