IETF Logo Mail Archive

Re: [rtcweb] Secdir last call review of draft-ietf-rtcweb-jsep-23

Harald Alvestrand <harald@alvestrand.no> Sun, 08 October 2017 07:49 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 117EF134D51; Sun, 8 Oct 2017 00:49:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IlRav9wpTFCC; Sun, 8 Oct 2017 00:49:45 -0700 (PDT)
Received: from mork.alvestrand.no (mork.alvestrand.no [IPv6:2001:700:1:2::117]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9032134C42; Sun, 8 Oct 2017 00:49:44 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mork.alvestrand.no (Postfix) with ESMTP id 104187C09FC; Sun, 8 Oct 2017 09:49:43 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at alvestrand.no
Received: from mork.alvestrand.no ([127.0.0.1]) by localhost (mork.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OQ1vgOWDi6_p; Sun, 8 Oct 2017 09:49:41 +0200 (CEST)
Received: from [192.168.8.103] (149-222-232.connect.netcom.no [178.232.222.149]) by mork.alvestrand.no (Postfix) with ESMTPSA id 7C38D7C03BD; Sun, 8 Oct 2017 09:49:40 +0200 (CEST)
Date: Sun, 08 Oct 2017 09:49:30 +0200
User-Agent: K-9 Mail for Android
In-Reply-To: <CAMm+LwhzyYgt3EmcCwNkHO6etAtMwuTofaBXEoaXb+_xQ0+myw@mail.gmail.com>
References: <150729330872.6204.16821957868857533343@ietfa.amsl.com> <3a37950b-676c-05bd-f400-0bd84beacd1b@alvestrand.no> <CAMm+LwhzyYgt3EmcCwNkHO6etAtMwuTofaBXEoaXb+_xQ0+myw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----VFWW9V971VU85Q8MQZY4R6WTQGWAJY"
Content-Transfer-Encoding: 7bit
To: ietf@ietf.org, Phillip Hallam-Baker <hallam@gmail.com>
CC: draft-ietf-rtcweb-jsep.all@ietf.org, "rtcweb@ietf.org" <rtcweb@ietf.org>, IETF Discussion Mailing List <ietf@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
From: Harald Alvestrand <harald@alvestrand.no>
Message-ID: <C53BD82E-628C-4C46-B851-A763C07C2A35@alvestrand.no>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/POnccaODVuSAWINRHhQFm1Rnnw4>
Subject: Re: [rtcweb] Secdir last call review of draft-ietf-rtcweb-jsep-23
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Oct 2017 07:49:48 -0000

Ok, sounds like we're in agreement on what needs to be done to this document based on the review (nothing). Good.

Den 8. oktober 2017 05:18:51 CEST, skrev Phillip Hallam-Baker <hallam@gmail.com>:
>On Sat, Oct 7, 2017 at 10:22 PM, Harald Alvestrand
><harald@alvestrand.no>
>wrote:
>
>> On 10/06/2017 02:35 PM, Phillip Hallam-Baker wrote:
>> > Reviewer: Phillip Hallam-Baker
>> > Review result: Ready
>> >
>> > Given the design constraints in which the protocol operates, it is
>hard
>> to see
>> > how this could be done differently.
>> >
>> > I have two sets of security concerns. One is that implementations
>need
>> to be
>> > designed so as to avoid buffer overrun conditions and also to
>prevent
>> such
>> > conditions leading to a breach. Compression formats such as are
>> inevitably used
>> > in video and image applications tend to make promiscuous use of
>nested
>> length
>> > encoding formats that commonly lead to security vulnerabilities.
>> >
>> > This document does not have such a warning, having a reference on
>most
>> of the
>> > security issues, a warning on this issue should appear in:
>> > https://tools.ietf.org/html/draft-ietf-rtcweb-security-08
>> >
>> > The other security concern is that giving control over the host
>browser
>> to run
>> > pretty much arbitrary code was always going to be a security
>disaster
>> but there
>> > isn't much that can be done at this point.
>> >
>> Participant pushback, I'm neither a WG chair or a document editor:
>>
>>
>> Was this intended as a review of a different document?
>>
>
>​No, I just didn't have any comments on the security considerations in
>this
>one as they are handled in rtcweb-security. and that is the place to
>address the one addressable concern I did have.
>
>
>
>The concern about compression formats seems to be something that
>belongs
>> in compression format specifications, such as those referenced by
>> PAYLOAD et al. As such, it would reasonably belong in
>-rtcweb-security,
>> which pulls in security concerns from a number of fields.
>>
>
>​That is where I suggested it go.
>​
>
>> The generic concern about running Javascript in the browser seems to
>> belong to rtcweb-overview if it belongs anywhere except in a generic
>> architecture critique of the browser ecosystem.
>>
>
>​I wasn't suggesting a change. Just pointing out that we are dealing
>with
>the ​attack model in which the attacker has control of a turing
>complete
>mechanism in the communication channel. Given that one of the authors
>is a
>Security AD, just pointing out that is the set of vectors that would
>cause
>me most concern.
>
>
>
>> If there are concerns specific to JSEP, and the handling of SDP that
>is
>> described in JSEP, it seems appropriate to document them here.
>Generic
>> architectural issues and common security best practices don't seem to
>> have the right home in this document.
>>
>> --
>> Surveillance is pervasive. Go Dark.
>>
>>
>>
>
>
>-- 
>Website: http://hallambaker.com/

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

v2.23.0 | Report a Bug | By Email