IETF Logo Mail Archive

Re: [rtcweb] Mandating encryption of RTP header extensions for MID and RID SDES items

"Mo Zanaty (mzanaty)" <mzanaty@cisco.com> Sat, 08 October 2016 14:44 UTC

Return-Path: <mzanaty@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AFA3127A90 for <rtcweb@ietfa.amsl.com>; Sat, 8 Oct 2016 07:44:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.517
X-Spam-Level:
X-Spam-Status: No, score=-17.517 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CAB0cHMENIb8 for <rtcweb@ietfa.amsl.com>; Sat, 8 Oct 2016 07:44:27 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11067129539 for <rtcweb@ietf.org>; Sat, 8 Oct 2016 07:44:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3723; q=dns/txt; s=iport; t=1475937867; x=1477147467; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=lNAkD0rz+P967Wvqh+GNgiKQ9VUZUdc6Up/hOOY1Afw=; b=OFLNnSqeU4Ckhyysjgi1BwGIuNF8sEDFm4W8etZdsaJ1WMKjmqYASU/A 8SCmlW2y1l12fKkM7Nm6hTKECN4RMX0WhcswQQgBYCXM8qgXmg1MI8yCo EDM/pKFkKfWVkSKq4BHZJgfn4xQ/7nlX/1jpdCVCZNkun1/wueyGXgsiV 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AVAQBVBflX/4sNJK1cGQEBAQEBAQEBAQEBBwEBAQEBgzwBAQEBAR1XfI0zlwGHW4xWggsbC4UwSgKBejgUAQIBAQEBAQEBXieEYQEBAQMBAQEBCWILBQkCAgEIGCcHGwYGCxQRAgQOBYg2Aw8IDrwNDYNkAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAUFhjiBfYJYgkeCAIMwgi8FiDuGOopVNQGMcYMLCo9qiGOEFIN+AR42S4JrHBmBOnKHfAEBAQ
X-IronPort-AV: E=Sophos;i="5.31,461,1473120000"; d="scan'208";a="333228647"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 08 Oct 2016 14:44:26 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id u98EiQvQ031867 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Sat, 8 Oct 2016 14:44:26 GMT
Received: from xch-aln-005.cisco.com (173.36.7.15) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Sat, 8 Oct 2016 09:44:25 -0500
Received: from xch-aln-005.cisco.com ([173.36.7.15]) by XCH-ALN-005.cisco.com ([173.36.7.15]) with mapi id 15.00.1210.000; Sat, 8 Oct 2016 09:44:25 -0500
From: "Mo Zanaty (mzanaty)" <mzanaty@cisco.com>
To: Bernard Aboba <bernard.aboba@gmail.com>
Thread-Topic: [rtcweb] Mandating encryption of RTP header extensions for MID and RID SDES items
Thread-Index: AQHSIRSvyLgtO7YE+0OQTKhN6ScPbaCeosTH
Date: Sat, 08 Oct 2016 14:44:25 +0000
Message-ID: <E772E39B-80FA-4C82-901F-CE1DBE750027@cisco.com>
References: <e536bad2-08b1-4f77-8c75-6bc3b639c398@ericsson.com> <B6ECFC24-F28E-4E35-9437-B7DACB41EF69@iii.ca>, <DD1447CA-29F2-44FF-B08F-3CC0814C9748@gmail.com>
In-Reply-To: <DD1447CA-29F2-44FF-B08F-3CC0814C9748@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/2t54-fF4wHy-5azbG1PlkmtQj7k>
Cc: RTCWeb IETF <rtcweb@ietf.org>
Subject: Re: [rtcweb] Mandating encryption of RTP header extensions for MID and RID SDES items
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Oct 2016 14:44:29 -0000

MID and RID are similar to PT in this regard. They are all arbitrary values that only have semantic meaning when combined with a media description in external signaling. Any genuine concern over privacy or fingerprinting issues with MID and RID should first consider PT. I'm unaware of any concerns expressed over unencrypted PT.

Note that it is possible to use encrypted SRTCP to convey MID and RID without including them in SRTP packets. One proposed version of the RTP demux rules has explicitly noted this approach of using RTCP to latch MID/RID to an SSRC even if RTP does not contain those header extensions for that SSRC. 

Mandating encrypted SRTCP seems more palatable than mandating encrypted RTP header extensions. But I don't think a good case has been made yet for either, especially considering PT is always unencrypted. 

Mo

On Oct 7, 2016, at 11:33 PM, Bernard Aboba <bernard.aboba@gmail.com> wrote:

I don't see how snooping the MID and RID would provide info that could not be obtained in other ways. For example, an observer can tell audio from video traffic just by looking at packet sizes. Similarly, simulcast streams will originate from different SSRCs so no need to snoop the RID to figure out that there are multiple streams being sent (or even which ones are related since traffic will be correlated).

> On Oct 7, 2016, at 10:41, Cullen Jennings <fluffy@iii.ca> wrote:
> 
> 
> How are these a significant fingerprinting problem ?
> 
> 
>> On Oct 6, 2016, at 7:55 AM, Magnus Westerlund <magnus.westerlund@ericsson.com> wrote:
>> 
>> WG,
>> 
>> After discussion in AVTEXT and MMUSIC regarding the inclusion of MID and RID as SDES items that this do exposes labels that previously only have existed in the signalling plane in the media plane. And especially in the RTP header extensions, where even if the media payload is encrypted the header extension is not encrypted.
>> 
>> The risk with this is primarily a privacy and fingerprinting risk. And the proposed mitgation is encryption of the RTP header extensions in both the bundle and avtext-rid documents.
>> 
>> This leads to the conclusion that for RTCWeb, we must consider to act on these recommendations and decide on which implementation and usage requirement the protection of these field should have.
>> 
>> My proposal is that implementation and use of RFC6904 encryption of the RTP header extensions are REQUIRED. For RTCP it is actually unclear if there is mandatory to use encrypted SRTCP. I think it should be required and that can be clarified in Section 5.5 of draft-ietf-rtcweb-security-arch.
>> 
>> 
>> Opinions?
>> 
>> 
>> Cheers
>> 
>> Magnus Westerlund
>> 
>> ----------------------------------------------------------------------
>> Services, Media and Network features, Ericsson Research EAB/TXM
>> ----------------------------------------------------------------------
>> Ericsson AB                 | Phone  +46 10 7148287
>> Färögatan 6                 | Mobile +46 73 0949079
>> SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
>> ----------------------------------------------------------------------
>> 
>> _______________________________________________
>> rtcweb mailing list
>> rtcweb@ietf.org
>> https://www.ietf.org/mailman/listinfo/rtcweb
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb

_______________________________________________
rtcweb mailing list
rtcweb@ietf.org
https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email