Re: [rtcweb] Secdir last call review of draft-ietf-rtcweb-jsep-23
Phillip Hallam-Baker <hallam@gmail.com> Sun, 08 October 2017 03:18 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 046B4133078; Sat, 7 Oct 2017 20:18:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x41vmVNkXSAS; Sat, 7 Oct 2017 20:18:52 -0700 (PDT)
Received: from mail-oi0-x22e.google.com (mail-oi0-x22e.google.com [IPv6:2607:f8b0:4003:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CB321342E1; Sat, 7 Oct 2017 20:18:52 -0700 (PDT)
Received: by mail-oi0-x22e.google.com with SMTP id q4so17369091oic.7; Sat, 07 Oct 2017 20:18:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lx+A0lkljzweP+G5+OilpW8DEDlFKejkf5LHEdXup6c=; b=EESgRA3Zr5kLAXWqC+yQwsPfOv6zirWKbDzo3QrnqaOoou3vcRU1tMkwZNPnBa72p4 RA+gL5Sd1/tCzq+k0P79qgeGgrGSJXGJrneqMY3qlKsZQ1fAYENEpO9FbqPj1g+AQhYT 4oLsg8Di6MeXpWl9+y0je98SnpsTusdzlloyIUsuY5oN1wqNHJWEYVNM6AKOERIDXduc 9tv5htEL9jsFm80qpRkOIe9dkCT2k63R4es+e1T+Cu2ACawQ5/wj/4qxh//+tu7PwyIx QkePZc6yJRjIXYH3sjWWtEsKXG57iKbhIejJmh41GiNzRlQoBJPOeXQ6NWfm5yEnF8s/ gozw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lx+A0lkljzweP+G5+OilpW8DEDlFKejkf5LHEdXup6c=; b=shSaJcsLHad0MIot9AZf+q9XEGB7LrTmf/z0dZkAZSin8fGXc7JMI21Ecif3EEwpMx HBx7ZGbyrlh0pNO+CbNJvmOu2HxmGGV0gkrEHFVKWWPROL5/zyDLa2eL3vZVF6FphVRX NxGlfXQsg5vkc7AvqZi0WtSIlYu+FyJFY/97BeAf0iqWO6qZR68pIpB+kP1VcjJRlJ+S sCblncZMbR05WiJKsM9hEjcAqfQtJySq7BIexK7Y0ll6qfDXk61L09X+h7FV1CquxYWe dMt8meZwbR42tA9gLTGUw8W5hJMMmxvVv3wCjZSuZfIKxQehBYtaDLP60y5T0Od9BmRn 6dFw==
X-Gm-Message-State: AMCzsaVuLSMPg4ASTBgeOJER+Ha3D3uBcKQY7m87PL3C3639+cnmZsiN 6DFTkJKqli2/sKF+cnxu+fDBa4TfIxOXGCjXMlk=
X-Google-Smtp-Source: AOwi7QAbnhNYHDAyax1uc6/u5Ob0c7PGLUZFc9UY5uEpfoK2MVDTQyq5DshoEjrm2fpXV50JYJYuXJgFs8d+GHRqEgI=
X-Received: by 10.157.17.6 with SMTP id g6mr4021245ote.305.1507432731823; Sat, 07 Oct 2017 20:18:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.80.42 with HTTP; Sat, 7 Oct 2017 20:18:51 -0700 (PDT)
In-Reply-To: <3a37950b-676c-05bd-f400-0bd84beacd1b@alvestrand.no>
References: <150729330872.6204.16821957868857533343@ietfa.amsl.com> <3a37950b-676c-05bd-f400-0bd84beacd1b@alvestrand.no>
From: Phillip Hallam-Baker <hallam@gmail.com>
Date: Sat, 07 Oct 2017 23:18:51 -0400
Message-ID: <CAMm+LwhzyYgt3EmcCwNkHO6etAtMwuTofaBXEoaXb+_xQ0+myw@mail.gmail.com>
To: Harald Alvestrand <harald@alvestrand.no>
Cc: "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-rtcweb-jsep.all@ietf.org, "rtcweb@ietf.org" <rtcweb@ietf.org>, IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="001a1146208680d4c9055b00882a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/_ZPHKogqhJSnJuiMGlmR_J77qw8>
Subject: Re: [rtcweb] Secdir last call review of draft-ietf-rtcweb-jsep-23
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Oct 2017 03:18:55 -0000
On Sat, Oct 7, 2017 at 10:22 PM, Harald Alvestrand <harald@alvestrand.no> wrote: > On 10/06/2017 02:35 PM, Phillip Hallam-Baker wrote: > > Reviewer: Phillip Hallam-Baker > > Review result: Ready > > > > Given the design constraints in which the protocol operates, it is hard > to see > > how this could be done differently. > > > > I have two sets of security concerns. One is that implementations need > to be > > designed so as to avoid buffer overrun conditions and also to prevent > such > > conditions leading to a breach. Compression formats such as are > inevitably used > > in video and image applications tend to make promiscuous use of nested > length > > encoding formats that commonly lead to security vulnerabilities. > > > > This document does not have such a warning, having a reference on most > of the > > security issues, a warning on this issue should appear in: > > https://tools.ietf.org/html/draft-ietf-rtcweb-security-08 > > > > The other security concern is that giving control over the host browser > to run > > pretty much arbitrary code was always going to be a security disaster > but there > > isn't much that can be done at this point. > > > Participant pushback, I'm neither a WG chair or a document editor: > > > Was this intended as a review of a different document? > No, I just didn't have any comments on the security considerations in this one as they are handled in rtcweb-security. and that is the place to address the one addressable concern I did have. The concern about compression formats seems to be something that belongs > in compression format specifications, such as those referenced by > PAYLOAD et al. As such, it would reasonably belong in -rtcweb-security, > which pulls in security concerns from a number of fields. > That is where I suggested it go. > The generic concern about running Javascript in the browser seems to > belong to rtcweb-overview if it belongs anywhere except in a generic > architecture critique of the browser ecosystem. > I wasn't suggesting a change. Just pointing out that we are dealing with the attack model in which the attacker has control of a turing complete mechanism in the communication channel. Given that one of the authors is a Security AD, just pointing out that is the set of vectors that would cause me most concern. > If there are concerns specific to JSEP, and the handling of SDP that is > described in JSEP, it seems appropriate to document them here. Generic > architectural issues and common security best practices don't seem to > have the right home in this document. > > -- > Surveillance is pervasive. Go Dark. > > > -- Website: http://hallambaker.com/
- [rtcweb] Secdir last call review of draft-ietf-rt… Phillip Hallam-Baker
- Re: [rtcweb] Secdir last call review of draft-iet… Harald Alvestrand
- Re: [rtcweb] Secdir last call review of draft-iet… Phillip Hallam-Baker
- Re: [rtcweb] Secdir last call review of draft-iet… Harald Alvestrand