IETF Logo Mail Archive

[rtcweb] draft-ietf-rtcweb-security-arch: Questions on SDP identity attribute

Christer Holmberg <christer.holmberg@ericsson.com> Fri, 11 May 2018 10:20 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24C3B12D947 for <rtcweb@ietfa.amsl.com>; Fri, 11 May 2018 03:20:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level:
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OHWDFqMTE5Yy for <rtcweb@ietfa.amsl.com>; Fri, 11 May 2018 03:20:06 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 961A0127078 for <rtcweb@ietf.org>; Fri, 11 May 2018 03:20:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1526034004; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=sx0/abuUqODLjd7k4RV81s2Y3prl0XosyRyUDMslEiI=; b=YfbZjqRKwlJBfmhrzsJYmVN6kaDfOUjQC/oRUQ1pRUCzAIGjzjb6tikxpVndFTvE dBsydgvTBtfeyH5j7aglLXEspZicYhr4v/qjUMWhJlxF5DdpnD8pTsUkDyCdEPUe sm7pXwy6qxH7+L+2hMONqFWvRkQnGtSBn1PDkJ1sihI=;
X-AuditID: c1b4fb2d-a6b079c00000050d-32-5af56e549aed
Received: from ESESSHC003.ericsson.se (Unknown_Domain [153.88.183.27]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 1A.82.01293.45E65FA5; Fri, 11 May 2018 12:20:04 +0200 (CEST)
Received: from ESESSMB109.ericsson.se ([169.254.9.34]) by ESESSHC003.ericsson.se ([153.88.183.27]) with mapi id 14.03.0382.000; Fri, 11 May 2018 12:20:03 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "rtcweb@ietf.org" <rtcweb@ietf.org>
Thread-Topic: draft-ietf-rtcweb-security-arch: Questions on SDP identity attribute
Thread-Index: AQHT6RGfenU2OZxm10q2tYkeSmM/qA==
Date: Fri, 11 May 2018 10:20:03 +0000
Message-ID: <D71B49BA.2F885%christer.holmberg@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.7.170905
x-originating-ip: [131.160.50.130]
Content-Type: multipart/alternative; boundary="_000_D71B49BA2F885christerholmbergericssoncom_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrDLMWRmVeSWpSXmKPExsUyM2K7tG5I3tcog3v3ZCzW/mtnd2D0WLLk J1MAYxSXTUpqTmZZapG+XQJXxoyPc5kKPitX7DvzmrGB8btsFyMnh4SAicSkx8fYuxi5OIQE jjBK3F98lwnCWcwoMWfKR7YuRg4ONgELie5/2iANIgLqEpcfXmAHsYUFfCUmdi9ngYiHSKz5 /ZYdwtaTuNPylQmklUVAVWLNZx+QMK+AtcSB7XPYQGxGATGJ76fWMIHYzALiEreezGeCuEdA Ysme88wQtqjEy8f/WEFsUaCRG07cZgcZKSGgJHF7gxNEa4LEoxnP2CHGC0qcnPmEZQKj0Cwk U2chKZuFpAwibiDx/tx8ZghbW2LZwtdQtr7Exi9nGSFsa4lpl1+gqFnAyLGKUbQ4tbg4N93I WC+1KDO5uDg/Ty8vtWQTIzBODm75rbuDcfVrx0OMAhyMSjy8N/2+RgmxJpYVV+YeYpTgYFYS 4d234kuUEG9KYmVValF+fFFpTmrxIUZpDhYlcV69VXuihATSE0tSs1NTC1KLYLJMHJxSDYw6 zCIVJwu36h+vSOD/pqgepVt7mj9OmM9d7q7l4eUnfDKTV6w5mO+5h9+u7jpjYuZvjTirayYv /r2/xivT2usY2qz3c+7kn98FEpy/hVQ9jGMpe+DjsEf/5W5vGwHxL9ph0y8KOjVviz2T8rm0 7J2Ag8eto7vTPj2/ZM/+o0TGvmlGHUuurxJLcUaioRZzUXEiANIKujSPAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/QETjb8JJI2LXFoQxnAkqBIYdrkk>
Subject: [rtcweb] draft-ietf-rtcweb-security-arch: Questions on SDP identity attribute
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2018 10:20:08 -0000

Hi,

A few questions/comments on the SDP identity attribute.

Q1:
----

The draft says that, at minimum, the fingerprint needs to be bound to the identity.

Does this mean that, in order to include an SDP identity attribute in an offer/answer, the offer/answer MUST also contain at least one SDP fingerprint attribute? Based on the text about generating the identity it seems like that, but it is not very clear in the SDP procedures.


Q2:
----

Section 5.6.4.1 says:

   "The "a=identity" attribute MUST include all
   fingerprint values that are included in "a=fingerprint" lines."

First, related to the generation of the assertion value, it is unclear how this is implemented. For example, is there a separate JSON object (section 5.6.4) provided to the IdP for each fingerprint? The text talks about “single” fingerprint in the object. Or, are all fingerprints included in the same JSON object?

Second, it is unclear what “attribute MUST include all fingerprint values” means. I assume that the attribute will only include a single attribute assertion value, but that the value will be generated by the IdP based on all fingerprint values?


Q3:
----

In the example in Section 5.6.4.1 the SDP fingerprint attribute is included as a session-level attribute. However, it is a media-level attribute. AFAIR, media-level attributes cannot be included as session-level attributes.


Regards,

Christer

v2.23.0 | Report a Bug | By Email