IETF Logo Mail Archive

Re: [rtcweb] BUNDLE: Attempting to resolve security consideration

Magnus Westerlund <magnus.westerlund@ericsson.com> Sun, 26 March 2017 18:42 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A315D1274D0; Sun, 26 Mar 2017 11:42:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BR7S-A1Fujil; Sun, 26 Mar 2017 11:42:00 -0700 (PDT)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1174124217; Sun, 26 Mar 2017 11:41:59 -0700 (PDT)
X-AuditID: c1b4fb30-3efff7000000628e-35-58d80b757523
Received: from ESESSHC005.ericsson.se (Unknown_Domain [153.88.183.33]) by (Symantec Mail Security) with SMTP id 02.16.25230.57B08D85; Sun, 26 Mar 2017 20:41:58 +0200 (CEST)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.35) with Microsoft SMTP Server id 14.3.339.0; Sun, 26 Mar 2017 20:41:56 +0200
To: Eric Rescorla <ekr@rtfm.com>
References: <8b2b8754-b10c-6f8e-6262-95cd25374a18@ericsson.com> <CABcZeBMTW48fj=1EMJ3uJCdVqEiYuPk+rDy6h_7W=jh0fu7tNQ@mail.gmail.com> <0827af95-b755-9730-6605-5146967760e7@ericsson.com> <CABcZeBPcqz+NzKp=c5zZd_aDqYHjC6AhOyBMjsOdpKEjGF08qw@mail.gmail.com> <a7070e7a-81dc-ab68-c59b-d4df367029c2@ericsson.com> <CABcZeBM6LMJB2f10+F1jQNinKe4nkNGCRpT6VN1tZPXCLskxHQ@mail.gmail.com> <f390877e-d6be-11cd-8a35-f68546ae4115@ericsson.com> <CABcZeBNAU0eo+nP02LRjP3Cybtrm487wQMtq34zhmeaB+=uHiQ@mail.gmail.com> <29d1f31b-402c-5f31-8eee-f1f066ddce29@ericsson.com> <CABcZeBP_c90N+bWiQXTg8-VvwY4Vme1T0v88DQ4DSW_KnG_Cuw@mail.gmail.com> <314d5af9-018d-8d15-7629-dbcc62fe5a2e@ericsson.com>
CC: "rtcweb@ietf.org" <rtcweb@ietf.org>, "mmusic (E-mail)" <mmusic@ietf.org>
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
Message-ID: <8743844f-3294-ec11-47d5-d642adf5fffc@ericsson.com>
Date: Sun, 26 Mar 2017 13:41:46 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <314d5af9-018d-8d15-7629-dbcc62fe5a2e@ericsson.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrJLMWRmVeSWpSXmKPExsUyM2K7om4Z940Ig5nzOC1WvD7HbjF1+WMW i7X/2tkdmD2WLPnJ5DH5cRtzAFMUl01Kak5mWWqRvl0CV8aEH5vYCg5LVMzfsZqtgXGHcBcj J4eEgInEjpfnGLsYuTiEBNYzSnQ0HWECSQgJLGeU2HNNG8QWFvCSaNs2kRnEFhFQkPj15wQL RMMGVomJW66zgCSYBXwkrmxYxQ5iswlYSNz80cgGYvMK2Ess3tcAZrMIqEr873wHVi8qECPR suQDI0SNoMTJmU+A4hwcnAIOEpvPqEOMtJCYOf88I4QtL9G8dTYzxG3aEg1NHawTGAVmIeme haRlFpKWBYzMqxhFi1OLk3LTjYz0Uosyk4uL8/P08lJLNjECA/Tglt8GOxhfPnc8xCjAwajE w2uw71qEEGtiWXFl7iFGCQ5mJRHe3Sw3IoR4UxIrq1KL8uOLSnNSiw8xSnOwKInzOu67ECEk kJ5YkpqdmlqQWgSTZeLglGpgDJkz0cH658oL9v7B1Zsn5th8ORr5kDWBbV6UjFXV1t6DW4/O /8d5TtJy24N0rX3NW54lqb3/X5S91YDd7oO9zG7Bi0suH9m46l3T0Wc7Zvse9Tb9fiRe4PCq Jp2rwesZ9mh6HeIsK6jviSnYcaIy2LCj5KWDAfO+Y++tHkgJn/c2CNFx+bJughJLcUaioRZz UXEiAJhzXntMAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/cfmA37cURTsfxbg9VILXPnx067A>
Subject: Re: [rtcweb] BUNDLE: Attempting to resolve security consideration
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Mar 2017 18:42:02 -0000

Hi,

I have attempted to address the issue discussed below by reformulating 
that paragraph to read:

    When the BUNDLE extension is used, the set of configurations of the
    security mechanism used in all the bundled media descriptions will
    need to be compatible for simultaneously use, at least per direction
    or endpoint.  When using SRTP this will be the case, at least for the
    IETF defined key-management solutions due to their SDP attributes
    (a=crypto, a=fingerprint, a=mikey) and their classification in
    [I-D.ietf-mmusic-sdp-mux-attributes].


So, does this work?

Cheers

Magnus


Den 2017-03-14 kl. 03:47, skrev Magnus Westerlund:
> Den 2017-03-10 kl. 16:31, skrev Eric Rescorla:
>>
>>        When the BUNDLE extension is used, a single set of security
>>        credentials over the bundled media descriptions will need to be
>> used,
>>        at least per direction or endpoint.
>>
>>
>> Actually, why does this have to be the case? I mean, we require it, but
>> if you have the MID extension, you could easily not do this.
>>
>
> You are correct, this is actually misstating the problem. It is not the
> security credentials that need to be a single set. Any SDP level
> security configuration used on individual media description MUST be
> possible to use when creating a bundle group across the full or a
> sub-set of the media description offered as a bundle group.
>
> This works fine for the below listed ones by following the limiations
> indicated in SDP MUX attributes, i.e. transport or identical. But for a
> future mechanism that is defined with bundle in mind from the start
> could have individual configurations.
>
>>
>>
>>     When using SRTP this will be the
>>        case, at least for the IETF defined key-management solutions
>> due to
>>        their SDP attributes (a=crypto, a=fingerprint, a=mikey) and their
>>        classification in [I-D.ietf-mmusic-sdp-mux-attributes].
>>
>
> I will have to think on how to re-write this.
>
> Cheers
>
> Magnus Westerlund
>
> ----------------------------------------------------------------------
> Media Technologies, Ericsson Research
> ----------------------------------------------------------------------
> Ericsson AB                 | Phone  +46 10 7148287
> Färögatan 6                 | Mobile +46 73 0949079
> SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
> ----------------------------------------------------------------------
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb


-- 

Magnus Westerlund

----------------------------------------------------------------------
Media Technologies, Ericsson Research
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Färögatan 6                 | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email