Re: [rtcweb] AVPF [was: Encryption mandate (and offer/answer)]

Christer Holmberg <christer.holmberg@ericsson.com> Fri, 09 September 2011 20:20 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93A2D21F85D1 for <rtcweb@ietfa.amsl.com>; Fri, 9 Sep 2011 13:20:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.524
X-Spam-Level:
X-Spam-Status: No, score=-6.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id icduZ+9A0BgJ for <rtcweb@ietfa.amsl.com>; Fri, 9 Sep 2011 13:20:23 -0700 (PDT)
Received: from mailgw9.se.ericsson.net (mailgw9.se.ericsson.net [193.180.251.57]) by ietfa.amsl.com (Postfix) with ESMTP id F151821F85CE for <rtcweb@ietf.org>; Fri, 9 Sep 2011 13:20:13 -0700 (PDT)
X-AuditID: c1b4fb39-b7bfdae000005125-c9-4e6a757057f0
Received: from esessmw0191.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw9.se.ericsson.net (Symantec Mail Security) with SMTP id D7.47.20773.0757A6E4; Fri, 9 Sep 2011 22:22:08 +0200 (CEST)
Received: from ESESSCMS0356.eemea.ericsson.se ([169.254.1.250]) by esessmw0191.eemea.ericsson.se ([153.88.115.84]) with mapi; Fri, 9 Sep 2011 22:22:08 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: 'Alan Johnston' <alan.b.johnston@gmail.com>, Eric Rescorla <ekr@rtfm.com>
Date: Fri, 9 Sep 2011 22:22:07 +0200
Thread-Topic: [rtcweb] AVPF [was: Encryption mandate (and offer/answer)]
Thread-Index: AcxvJhZdVKRLLlJ2Tymnryzk+6+mBwAB4Fmw
Message-ID: <7F2072F1E0DE894DA4B517B93C6A05852233D45F96@ESESSCMS0356.eemea.ericsson.se>
References: <A444A0F8084434499206E78C106220CA0B00FDB08B@MCHP058A.global-ad.net> <101C6067BEC68246B0C3F6843BCCC1E31018BF6BE2@MCHP058A.global-ad.net> <4E540FE2.7020605@alcatel-lucent.com> <2E239D6FCD033C4BAF15F386A979BF5106423F@sonusinmail02.sonusnet.com> <4E6595E7.7060503@skype.net> <4E661C83.5000103@alcatel-lucent.com> <2E239D6FCD033C4BAF15F386A979BF510F086B@sonusinmail02.sonusnet.com> <4E666926.8050705@skype.net> <43A0D702-1D1F-4B4E-B8E6-C9F1A06E3F8A@edvina.net> <033458F56EC2A64E8D2D7B759FA3E7E7020E64DC@sonusmail04.sonusnet.com> <E4EC1B17-0CC4-4F79-96DD-84E589FCC4F0@edvina.net> <4E67C3F7.7020304@jesup.org> <BE60FA11-8FFF-48E5-9F83-4D84A7FBE2BE@vidyo.com> <4E67F003.6000108@jesup.org> <7F2072F1E0DE894DA4B517B93C6A05852233E8554C@ESESSCMS0356.eemea.ericsson.se> <C3759687E4991243A1A0BD44EAC8230339CA68F054@BE235.mail.lan> <CAOJ7v-2u0UuNXh7bzmZFwiSucbsh=Ps=C3ZM5M3cJrXRmZgODA@mail.gmail.com> <CAKhHsXHXCkNdjtpxCSCk+ABbtxY15GEgouE6X6-sn-LqhnidQw@mail.gmail.com> <4E6A56D4.2030602@skype.net> <CABcZeBOdP6cAqBoiSV-Vdv1_EK3DfgnMamT3t3ccjDOMfELfBw@mail.gmail.com> <CAKhHsXFdU1ZaKQF8hbsOxwTS-_RfmFqQhgzGe=K4mRp+wz+_nQ@mail.gmail.com>
In-Reply-To: <CAKhHsXFdU1ZaKQF8hbsOxwTS-_RfmFqQhgzGe=K4mRp+wz+_nQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAA==
Cc: Randell Jesup <randell-ietf@jesup.org>, Jonathan Lennox <jonathan@vidyo.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] AVPF [was: Encryption mandate (and offer/answer)]
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Sep 2011 20:20:23 -0000

Hi,

In general I agree with Alan that we should try to avoid CapNeg.

Regarding AVPF vs AVP, we also first need to decide whether AVP will be supported in the first place. Then, if we decide to support AVP, we have to make a similar decision whether to use CapNeg or to rely on a "fallback" offer/answer.

Regards,

Christer


 

-----Original Message-----
From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf Of Alan Johnston
Sent: 9. syyskuuta 2011 22:24
To: Eric Rescorla
Cc: Randell Jesup; Jonathan Lennox; rtcweb@ietf.org
Subject: Re: [rtcweb] AVPF [was: Encryption mandate (and offer/answer)]

Ekr is correct.  If we allow RTP, which I think is a mistake, then there is always a downgrade attack.

My point was that if we must support insecure media, we could avoid the complexity of CapNeg by not requiring a single pass non-secure media negotiation.

- Alan -

On Fri, Sep 9, 2011 at 1:35 PM, Eric Rescorla <ekr@rtfm.com> wrote:
> On Fri, Sep 9, 2011 at 11:11 AM, Matthew Kaufman 
> <matthew.kaufman@skype.net> wrote:
>> On 9/9/11 10:47 AM, Alan Johnston wrote:
>>>
>>>   The default will be SRTP - this can be expressed in SDP without 
>>> CapNeg.  Should the RTCWEB clients choose to instead negotiate RTP, 
>>> then this could be done with a second SDP Offer/Answer exchange.
>>
>> I believe you've just designed a downgrade vulnerability.
>
> Unless I'm missing something, if you (a) support an insecure mode and 
> (b) allow negotiation of insecure vs. secure, there's not really any 
> way to avoid a downgrade issue; the attacker can always pretend not to 
> support security and how do you know better? Obviously, it helps if 
> you can negotiate the use or non-use of media security over a 
> secure-ish signaling channel, but that doesn't reduce the threat from 
> the signaling service.
>
> Best,
> -Ekr
>
_______________________________________________
rtcweb mailing list
rtcweb@ietf.org
https://www.ietf.org/mailman/listinfo/rtcweb