[rtcweb] Consent freshness and message-integrity (Re: Use Case draft - legacy interop)
Harald Alvestrand <harald@alvestrand.no> Mon, 07 May 2012 21:14 UTC
Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C54E121F84E7 for <rtcweb@ietfa.amsl.com>; Mon, 7 May 2012 14:14:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f2PYR+PNNXae for <rtcweb@ietfa.amsl.com>; Mon, 7 May 2012 14:14:37 -0700 (PDT)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id 2FDD421F84CF for <rtcweb@ietf.org>; Mon, 7 May 2012 14:14:37 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 455A539E1E2; Mon, 7 May 2012 23:14:36 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0036lKUo28sW; Mon, 7 May 2012 23:14:35 +0200 (CEST)
Received: from [172.28.93.74] (unknown [74.125.122.49]) by eikenes.alvestrand.no (Postfix) with ESMTPSA id 7C46E39E107; Mon, 7 May 2012 23:14:35 +0200 (CEST)
Message-ID: <4FA83B3A.9070600@alvestrand.no>
Date: Mon, 07 May 2012 23:14:34 +0200
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.28) Gecko/20120313 Thunderbird/3.1.20
MIME-Version: 1.0
To: Dan Wing <dwing@cisco.com>
References: <CA+9kkMCYArLPRP3c00UdOja64WRT6ghN0PSy7XvM_wbxBBB+vA@mail.gmail.com> <2E496AC9-63A0-464A-A628-7407ED8DD9C4@phonefromhere.com> <387F9047F55E8C42850AD6B3A7A03C6C0E23B16B@inba-mail01.sonusnet.com> <E2714FBC-D06B-4A12-9E07-C49EBF55084C@phonefromhere.com> <4F9EC0B2.10903@alcatel-lucent.com> <101C6067BEC68246B0C3F6843BCCC1E31299282765@MCHP058A.global-ad.net> <CAJNg7VKENERKAFA-n5KeoeBNmGgHrnzDOU0BzC9+fSdsuGwdEw@mail.gmail.com> <E17CAD772E76C742B645BD4DC602CD810616F24F@NAHALD.us.int.genesyslab.com> <4FA0F43E.4020308@ericsson.com> <E17CAD772E76C742B645BD4DC602CD810616F336@NAHALD.us.int.genesyslab.com> <4FA1575C.4050508@ericsson.com> <E17CAD772E76C742B645BD4DC602CD810616F4BF@NAHALD.us.int.genesyslab.com> <4FA37A1E.4080806@alvestrand.no> <CALiegf=H5QH_YY-cJ4z29wChWZ-VoQpHvsZCeaJPjTgVp+km3Q@mai l.gmail.com> <0db701cd 2adb$98082f10$c8188d30$@com> <CALiegf=C7a6zeUDHn-Wuku9eFWmADG5N+D8oXSQbwJKSYYjcQg@mail.gmail.com> <0dc901cd2ae3$f9ffb500$edff1f00$@com>
In-Reply-To: <0dc901cd2ae3$f9ffb500$edff1f00$@com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: rtcweb@ietf.org
Subject: [rtcweb] Consent freshness and message-integrity (Re: Use Case draft - legacy interop)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2012 21:14:37 -0000
Forking the thread, since this is a different detail.....
On 05/05/2012 07:24 PM, Dan Wing wrote:
> The other nuance is that, because
> doing the SHA1 for MESSAGE-INTEGRITY isn't needed for consent freshness,
> there is desire to allow those periodic ICE connectivity checks to
> omit the MESSAGE-INTEGRITY, which is a change to ICE. See
> draft-muthu-behave-consent-freshness.
Omitting MESSAGE-INTEGRITY would allow off-path attackers to inject fake
connectivity checks, and thus to simulate continued consent.
If connectivity checks for content freshness are worth doing, they're
worth protecting.
My $0.02.
Harald
- [rtcweb] Use Case draft Ted Hardie
- Re: [rtcweb] Use Case draft Jim Barnett
- Re: [rtcweb] Use Case draft Timothy B. Terriberry
- Re: [rtcweb] Use Case draft Bernard Aboba
- Re: [rtcweb] Use Case draft Ravindran, Parthasarathi
- Re: [rtcweb] Use Case draft Tim Panton
- Re: [rtcweb] Use Case draft Ravindran, Parthasarathi
- Re: [rtcweb] Use Case draft (privacy) Fabio Pietrosanti (naif)
- Re: [rtcweb] Use Case draft (privacy) Ravindran, Parthasarathi
- Re: [rtcweb] Use Case draft (privacy) Hutton, Andrew
- Re: [rtcweb] Use Case draft Stefan Hakansson LK
- Re: [rtcweb] Use Case draft Jim Barnett
- Re: [rtcweb] Use Case draft Tim Panton
- Re: [rtcweb] Use Case draft Igor Faynberg
- Re: [rtcweb] Use Case draft Hutton, Andrew
- Re: [rtcweb] Use Case draft Randell Jesup
- Re: [rtcweb] Use Case draft Randell Jesup
- Re: [rtcweb] Use Case draft Stephan Wenger
- Re: [rtcweb] Use Case draft Randell Jesup
- Re: [rtcweb] Use Case draft Marshall Eubanks
- Re: [rtcweb] Use Case draft Stefan Hakansson LK
- Re: [rtcweb] Use Case draft Tim Panton
- Re: [rtcweb] Use Case draft Jim Barnett
- Re: [rtcweb] Use Case draft Jim Barnett
- Re: [rtcweb] Use Case draft Marshall Eubanks
- Re: [rtcweb] Use Case draft - Eavesdropping. Hutton, Andrew
- Re: [rtcweb] Use Case draft - Eavesdropping. Fabio Pietrosanti (naif)
- Re: [rtcweb] Use Case draft - Eavesdropping. Eric Rescorla
- Re: [rtcweb] Use Case draft - Eavesdropping. Cavigioli, Chris
- Re: [rtcweb] Use Case draft - Eavesdropping. Marshall Eubanks
- Re: [rtcweb] Use Case draft Randell Jesup
- Re: [rtcweb] Use Case draft - Eavesdropping. Randell Jesup
- Re: [rtcweb] Use Case draft - Eavesdropping. Stefan Hakansson LK
- Re: [rtcweb] Use Case draft Stefan Hakansson LK
- Re: [rtcweb] Use Case draft Ravindran, Parthasarathi
- Re: [rtcweb] Use Case draft - Eavesdropping. Harald Alvestrand
- Re: [rtcweb] Use Case draft Stefan Hakansson LK
- Re: [rtcweb] Use Case draft Jim Barnett
- Re: [rtcweb] Use Case draft Stefan Hakansson LK
- Re: [rtcweb] Use Case draft Igor Faynberg
- [rtcweb] interworking with non-WEBRTC endpoints [… Dan Wing
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Iñaki Baz Castillo
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Marshall Eubanks
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Lorenzo Miniero
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Mary Barnes
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Marshall Eubanks
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Fabio Pietrosanti (naif)
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Dan Wing
- Re: [rtcweb] Use Case draft Ravindran, Parthasarathi
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Ravindran, Parthasarathi
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Harald Alvestrand
- Re: [rtcweb] Use Case draft Harald Alvestrand
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Fabio Pietrosanti (naif)
- Re: [rtcweb] Use Case draft Ravindran, Parthasarathi
- Re: [rtcweb] Use Case draft Harald Alvestrand
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] Use Case draft Jim Barnett
- Re: [rtcweb] Use Case draft Stefan Hakansson LK
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Bernard Aboba
- Re: [rtcweb] Use Case draft Jim Barnett
- Re: [rtcweb] Use Case draft - legacy interop Harald Alvestrand
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Neil Stratford
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Iñaki Baz Castillo
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Christer Holmberg
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Iñaki Baz Castillo
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Richard Shockey
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Xavier Marjou
- Re: [rtcweb] Use Case draft - legacy interop Bernard Aboba
- Re: [rtcweb] Use Case draft - legacy interop Iñaki Baz Castillo
- Re: [rtcweb] Use Case draft - legacy interop Dan Wing
- Re: [rtcweb] Use Case draft - legacy interop Iñaki Baz Castillo
- Re: [rtcweb] Use Case draft - legacy interop Bernard Aboba
- Re: [rtcweb] Use Case draft - legacy interop Dan Wing
- Re: [rtcweb] Use Case draft - legacy interop Harald Alvestrand
- [rtcweb] Consent freshness and message-integrity … Harald Alvestrand
- Re: [rtcweb] Consent freshness and message-integr… Dan Wing
- Re: [rtcweb] Consent freshness and message-integr… Harald Alvestrand