IETF Logo Mail Archive

Re: [rtcweb] No Interim on SDES at this juncture

Dan Wing <dwing@cisco.com> Thu, 20 June 2013 03:07 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0706211E80A5 for <rtcweb@ietfa.amsl.com>; Wed, 19 Jun 2013 20:07:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.565
X-Spam-Level:
X-Spam-Status: No, score=-110.565 tagged_above=-999 required=5 tests=[AWL=0.033, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MskO61vIMpom for <rtcweb@ietfa.amsl.com>; Wed, 19 Jun 2013 20:07:27 -0700 (PDT)
Received: from mtv-iport-2.cisco.com (mtv-iport-2.cisco.com [173.36.130.13]) by ietfa.amsl.com (Postfix) with ESMTP id 6F9FF21F9FD6 for <rtcweb@ietf.org>; Wed, 19 Jun 2013 20:07:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=27639; q=dns/txt; s=iport; t=1371697647; x=1372907247; h=mime-version:subject:from:in-reply-to:date:cc:message-id: references:to; bh=EQ3yEZljPUiPP5ndLdl1Cvq1gULErldHEVe+uP1s7ls=; b=HU2BX//pTSxzPPLJV+t8Mk/3FTUHRmQhIitP+++925D2mZ1GDaEtRkFl zSzPkcXAeDf8qqBbJqPvTEWdvOKM4AZF16HIWe7FLuqgIQ5RGD1h3wq1S 9BhpD09md38ys1rDsPkbOE+qnYJ6GRnUBN5cFcOGlfK6vumE+lDSjGCOm Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AggGAPtwwlGrRDoH/2dsb2JhbABagkVEMbcohF6DXH0WdIIjAQEBAwEBAQEJG0UCBAcFCQILEQQBAQEVBAIFBwcbDB8JCAYTCRKHbQUNvA4EjXwKBoEGGg4EBgEKHQKCV2EDiSCOIYEpkBuDLxyBEBwCAgUX
X-IronPort-AV: E=Sophos; i="4.87,901,1363132800"; d="scan'208,217"; a="83942593"
Received: from mtv-core-2.cisco.com ([171.68.58.7]) by mtv-iport-2.cisco.com with ESMTP; 20 Jun 2013 03:07:26 +0000
Received: from sjc-vpn3-98.cisco.com (sjc-vpn3-98.cisco.com [10.21.64.98]) by mtv-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id r5K37OfH023098; Thu, 20 Jun 2013 03:07:25 GMT
Content-Type: multipart/alternative; boundary="Apple-Mail=_7D531F8E-D828-4380-8E10-B759DB1654A8"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Dan Wing <dwing@cisco.com>
In-Reply-To: <AE1A6B5FD507DC4FB3C5166F3A05A4841A2C7EF8@TK5EX14MBXC273.redmond.corp.microsoft.com>
Date: Wed, 19 Jun 2013 20:07:24 -0700
Message-Id: <C6C7A844-A897-4F89-8EB4-6C4440D40912@cisco.com>
References: <CA+9kkMDnjCNXGV0GU7x6gbbZMf4WiEuVvCRY8_Fix5tmdOB-Kg@mail.gmail.com> <AD220324-EEE7-4800-8512-FD7BADA9EC34@oracle.com> <CA+9kkMDY2Z_5_1uYJ1K_ZmrJB2a1-RE7V3aPqNHQg82DyagjCg@mail.gmail.com> <2975A93F-44DA-4020-B4DE-42E7ED98C08F@oracle.com> <51BAC9BC.6070708@ericsson.com> <94846970-4694-4EC8-AEFA-AEECEE0135AA@oracle.com> <51C02EE8.5070809@ericsson.com> <AE1A6B5FD507DC4FB3C5166F3A05A4841A2C78AD@TK5EX14MBXC273.redmond.corp.microsoft.com>, <CAL02cgTFSbYSX7v3q37tsjzaPMshyyBroGWr=qmy-HGm82GJFg@mail.gmail.com> <AE1A6B5FD507DC4FB3C5166F3A05A4841A2C7EF8@TK5EX14MBXC273.redmond.corp.microsoft.com>
To: Matthew Kaufman <matthew.kaufman@skype.net>
X-Mailer: Apple Mail (2.1508)
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] No Interim on SDES at this juncture
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jun 2013 03:07:32 -0000

On Jun 18, 2013, at 2:16 PM, Matthew Kaufman (SKYPE) <matthew.kaufman@skype.net> wrote:

> So lets assume the case where I have a web server that is talking to my browser *and* generating SIP traffic to talk to your SDES-capable (and ICE-capable) PBX.

Let's not.  Combining those two functions confuses SDES interworking with the security of everything else.  Yes, it is true that when doing SDES interworking that the security vulnerabilities of SDES are exposed on the SDES portion of the network.  The solution is to quit doing SDES, not more.

-d


> 
> And assume that your PBX initiated the call and picked the keying.
> 
> So in the EKT case we have (for key flow):
>  your PBX -(SDES in SIP)-> my server -(SDES in JSON in HTTPS)-> browser -(EKT)-> a media relay i now need to run
> (for media):
>  browser <--(key that was received over HTTPS and then sent using EKT)--> media relay <--(key that was received via SDES)--> your pbx
> 
> but in the SDES case we have (for key flow):
>  your PBX -(SDES in SIP)-> my server -(SDES in SDP in HTTPS)-> browser (and that's it, because I don't need a media relay in path any more)
> (for media):
>  browser <--(key that was received over HTTPS at the browser, SDES in SDP on SIP side)--> your pbx
> 
> 
> Your diagram is missing the part where the browser either learns the key that it is supposed to ask EKT to set or tells your SIP/SDES side what key it set using EKT. Either way, those keys go over HTTPS to/from the browser, yes?
> 
> Matthew Kaufman
>   
> From: Richard Barnes [rlb@ipv.sx]
> Sent: Tuesday, June 18, 2013 12:32 PM
> To: Matthew Kaufman (SKYPE)
> Cc: Magnus Westerlund; Hadriel Kaplan; rtcweb@ietf.org
> Subject: Re: [rtcweb] No Interim on SDES at this juncture
> 
> On Tue, Jun 18, 2013 at 3:02 PM, Matthew Kaufman (SKYPE)<matthew.kaufman@skype.net> wrote:
> Back on April 25th, I made some claims. I still believe these are true:
> 
> 1. DTLS-SRTP w/EKT is exactly as secure as SDES sent over HTTPS... it is just a different encrypted channel over which the key is set.
> 
> Could you explain this in a little more detail?  I agree that the COMSEC properties are the same, but it seems like the communicating parties are different.
> 
> DTLS-SRTP+EKT:  Browser ---(EKT)---> Gateway ---(SDES)---> Endpoint
> SDES+HTTPS: Browser ---(HTTPS)---> Server ---(???)---> Gateway ---(SDES)---> Endpoint
> 
> That is, in the DTLS-SRTP+EKT case, the key never traverses the server.  Does your argument require that the server and the gateway be equally trusted?  (For example, because the server can choose the gateway.)  It doesn't seem like this is necessarily true in the general case.  
> 
> --Richard
> 
>  
> 2. DTLS-SRTP w/EKT requires a more complex media gateway relationship for interworking (as it needs to be in-path for the keying on that side, despite the use of SDES on the other side).
> 
> 3. DTLS-SRTP w/EKT for interworking exposes the key via SDES on the other side of the interworking relationship anyway, so even though there isn't SDES to the browser there's SDES on the other (likely SIP) side.
> 
> 4. And DTLS-SRTP without EKT fails completely for the cases where the key needs to be set for interworking.
> 
> 5. And finally, to get the browser-to-browser security guarantees you would need to be A) sure that you're really talking browser to browser and not via something else in path (like a mixer) and B) would really prefer that there be no way that the in-path device be able to force a key (thus you'd want to NOT allow EKT in the browser-to-browser case, even though there's no way for a browser to know for sure what it is talking to... I suppose that *if* you trusted your browser and the browser at the other end (which you need to do anyway, because they could just leak keys or media), you could mandate that browsers set some bit that disallows EKT and hope that the other end respects it)
> 
> 
> Since we can't get interworking at all without either DTLS-SRTP + EKT or SDES, and since the security guarantees of DTLS-SRTP + EKT are the same as those of SDES, and since the interworking gateway is made more complex (because the keying must be in-path), I believe the only possible conclusions are A) We accept that interworking with other SRTP systems is desirable and therefore SDES is the best way to achieve that or B) We prevent any interworking with other RTP or SRTP systems.
> 
> As someone who could make some money sending traffic to/from non-RTCWEB networks, I'm a fan of "A".
> 
> And no, I'm not planning on writing a draft that says to just do what we should be doing anyway.
> 
> Matthew Kaufman
> 
> 
> ________________________________________
> From: rtcweb-bounces@ietf.org [rtcweb-bounces@ietf.org] on behalf of Magnus Westerlund [magnus.westerlund@ericsson.com]
> Sent: Tuesday, June 18, 2013 2:56 AM
> To: Hadriel Kaplan
> Cc: rtcweb@ietf.org
> Subject: Re: [rtcweb] No Interim on SDES at this juncture
> 
> Hadirel and WG,
> 
> Please see my response inline.
> 
> On 2013-06-14 18:58, Hadriel Kaplan wrote:
> > You can't be serious. There was exactly ONE email asking for agenda
> > items, here:
> > http://www.ietf.org/mail-archive/web/rtcweb/current/msg07668.html It
> > was sent on May 30th.  It gave a generous 6 days to respond.  Luckily
> > no one ever goes on vacation for longer than 5 days. Instead, two
> > people sent a response on June 10th, a tremendous 11 days after the
> > request.  Outrageous!  That's a almost twice as long as they were
> > given!
> >
> > Thank goodness the chairs detected this monstrous breach of
> > procedure, and thwarted the attempts of anarchy!  I mean if people
> > are allowed to respond to emails so tardily, how can we be expected
> > to get things accomplished as quickly as they've so far been in this
> > WG?!?
> 
> Yes, we have only sent a single email this time, being the second round
> in a short time we tried to schedule this meeting.
> 
> >
> > Sure, an interim for this topic has been waiting for many months if
> > not a whole year, and now that people didn't respond in 6 days but
> > took instead 11 days the topic will be delayed indefinitely yet
> > again... but that's no excuse for blatantly flaunting the rules!
> 
> Yes, there has been difficult finding a time could work for this
> meeting. That was why the agenda request time was short.
> 
> >
> > Personally I saw the email on May 30th, and assumed Oscar and Dan
> > would respond to you for agenda time.  I assumed that if no one had
> > submitted agenda items to you, that the WG Chairs would send out an
> > email warning about that, or perhaps even directly email the people
> > who they expected to submit agenda items.
> >
> 
> Yes, you assumed that someone would respond. Rather than you reaching
> out to verify that others would drive the question for you. Hadriel you
> are apparently very interested in this topic. Why don't you ensure that
> an agenda topic is on the agenda for Berlin? The WG chairs are happy to
> receive agenda requests already now.
> 
> >
> >> If you want to discuss this, write a draft describing how how your
> >> additional keying is to be integrated, what the pro and cons of it.
> >> That will enable direct discussion of a proposal. The WG clearly
> >> are opinionated on this matter, but apparently don't have energy to
> >> produce proposals.
> >
> > There *are* drafts.
> > http://tools.ietf.org/html/draft-wing-rtcweb-sdes-problems-00
> > http://tools.ietf.org/html/draft-ohlsson-rtcweb-sdes-support-01 There
> > are even powerpoint slides, sent to the chairs the last time this
> > meeting almost happened but didn't.
> 
> One of those drafts has been expired since February I would like to
> point out.
> 
> The looking at these drafts, they are neither a proposal for what to
> actually do. Dan Wing's draft is argument in general why SDES would be
> bad for security. Oscar Ohlsson's is an argument for why a number of
> potential risks are not a serious issue and what the other gains of
> using security descriptions are.
> 
> From my perspective I really would like to see some progress in at least
> the proposal for actually adding additional keying to ensure that the
> raised issues in drafts or earlier WG meetings and email discussions are
> meet. Additionally I would really like to see some more details for how
> the actual integration of an additional keying mechanism is supposed to
> work.
> 
> 
> >
> > I think the problem must be that those things weren't signed in
> > triplicate, sent in, sent back, queried, lost, found, subjected to
> > public enquiry, lost again, and finally buried in soft peat for three
> > months and recycled as firelighters.
> 
> No, that is not it. This topic has dragged on for various reasons. Yes
> we chairs are clearly to blame for some of them, like being slow to
> attempt to schedule a meeting. However, after that there has been issues
> finding a suitable time where sufficient mass of people could
> participate. There has been time conflicts with other meetings resulting
> in a cancellation, which in hind sight was unnecessary. Then a
> rescheduling, lurk warm response from the WG, limited agenda items and
> another almost collision resulting another cancellation.
> 
> I am sorry that this makes you frustrated. Well, it makes also me
> frustrated. I wished this topic was dealt with and out of the way, but
> it is not. So, if you want it dealt with. Please request agenda time for
> Berlin and ensure to update any drafts or other material to actually
> take into account what actually has happened in the last 15 months.
> 
> Regards
> 
> Magnus Westerlund
> 
> ----------------------------------------------------------------------
> Multimedia Technologies, Ericsson Research EAB/TVM
> ----------------------------------------------------------------------
> Ericsson AB                | Phone  +46 10 7148287
> Färögatan 6                | Mobile +46 73 0949079
> SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
> ----------------------------------------------------------------------
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email