IETF Logo Mail Archive

Re: [rtcweb] Continuing to assert username/password (Re: FW: Adopting draft-muthu-behave-consent-freshness?)

"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Tue, 17 September 2013 10:05 UTC

Return-Path: <tireddy@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44B8C11E83CF for <rtcweb@ietfa.amsl.com>; Tue, 17 Sep 2013 03:05:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.299
X-Spam-Level:
X-Spam-Status: No, score=-10.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_72=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 41d6fhwzDhIw for <rtcweb@ietfa.amsl.com>; Tue, 17 Sep 2013 03:05:26 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by ietfa.amsl.com (Postfix) with ESMTP id EFA5011E80D1 for <rtcweb@ietf.org>; Tue, 17 Sep 2013 03:05:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6369; q=dns/txt; s=iport; t=1379412326; x=1380621926; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=WCS/7/evX4GHIl+qTloUICW1VMKkv3S/NszgY80wXK4=; b=J7fls4Yco1/XshQb1PLhB5BX2DzYcgWWe1EV6JqO8yInrD0H3RY/KwDr Bj5TqnzmCRDA+EtbyUMYIPBjpqOJ4SeEMgchRs5PeMknmWGv5olEhNigr YweXH7V5/bJcVFCvGPOhiix/bwnmvCDCAZ1OmeAGn5dOuZxAEOgI84Ndr M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AkAFAKkoOFKtJV2c/2dsb2JhbABbgwc4UsBMSoEcFnSCJQEBAQMBAQEBCRFRFwICAgEIEQMBAQEBCg4LBAcbDAsUCAEIAgQBEggRAodiBgy6ZwQEjzIGMgYSgwaBAAOJAIsflVCBZoE+gWokHA
X-IronPort-AV: E=Sophos;i="4.90,922,1371081600"; d="scan'208";a="260547705"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-1.cisco.com with ESMTP; 17 Sep 2013 10:05:25 +0000
Received: from xhc-aln-x05.cisco.com (xhc-aln-x05.cisco.com [173.36.12.79]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id r8HA5Pra008990 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 17 Sep 2013 10:05:25 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.33]) by xhc-aln-x05.cisco.com ([173.36.12.79]) with mapi id 14.02.0318.004; Tue, 17 Sep 2013 05:05:25 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Harald Alvestrand <harald@alvestrand.no>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Thread-Topic: [rtcweb] Continuing to assert username/password (Re: FW: Adopting draft-muthu-behave-consent-freshness?)
Thread-Index: AQHOs4C/clq2b3F4c0Cq3gToydiwV5nJqo4A
Date: Tue, 17 Sep 2013 10:05:24 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A190793B0@xmb-rcd-x10.cisco.com>
References: <E92E67B176B8B64D8D3A8F5E44E9D8F41FF743A0@xmb-aln-x05.cisco.com> <52381402.8070400@alvestrand.no>
In-Reply-To: <52381402.8070400@alvestrand.no>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [173.39.65.226]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [rtcweb] Continuing to assert username/password (Re: FW: Adopting draft-muthu-behave-consent-freshness?)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2013 10:05:31 -0000

Hi Harald,

Please see inline

> -----Original Message-----
> From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf Of
> Harald Alvestrand
> Sent: Tuesday, September 17, 2013 2:04 PM
> To: rtcweb@ietf.org
> Subject: [rtcweb] Continuing to assert username/password (Re: FW: Adopting
> draft-muthu-behave-consent-freshness?)
> 
> Changing subject line in order to make life easier for those who try to
> review comments on the original subject....
> 
> On 09/17/2013 07:10 AM, Ram Mohan R (rmohanr) wrote:
> > Hi Please see inline
> >
> > -----Original Message-----
> > From: Jessie <Lijing>, "Huawei)" <lijing80@huawei.com>
> > Date: Thursday, 12 September 2013 1:27 PM
> > To: "rtcweb@ietf.org" <rtcweb@ietf.org>
> > Subject: [rtcweb] FW:  Adopting draft-muthu-behave-consent-freshness?
> >
> >> Hi all,
> >>
> >> As a newcomer to RTCWEB, I have some doubts after I have read the draft.
> >>
> >> 1. in "4.  Solution Overview", may be it would be better to clarify when
> >> to send a STUN Binding Request(in the middle of a media session or before
> >> sending traffic, during sending traffic or only during silence periods)
> >> and which side to send the request(controlling agent or both sides)?
> > The introduction section explains when consent is needed. During the
> > initial call setup ICE connectivity checks are used. This mechanism
> > described in this document is for periodic consent after initial sessions
> > is setup.
> >
> >> 2. in " 7.  Security Considerations", there are the following words. As
> >> when one agent receives STUN Binding Request, unlike the processing of
> >> indication message, it have to do more processes to send the Response
> >> message, I am not sure whether it is appreciate not to authenticate the
> >> source and respond directly. Is it more open to malicious attacks?
> > I am not clear on what you asking here. The below text just tells that
> > there is no need to re-asserting the username/password that was sent
> > initially during ICE checks. Are you saying this can lead to attacks ? If
> > yes can you explain on what you meant in detail ?
> 
> The text below is wrong.
> 
> If, as is commonly the case, an attacker has the ability to inject
> packets on the wire with the same IP address as the victim, the attacker
> can forge ICE packets.
> 
> If the victim's correspondent checks MESSAGE-INTEGRITY (which implicitly
> checks username and password), he will detect that these packets don't
> have the correct authorization, and throw them away.
> 
> If the victim's correspondent does not check MESSAGE-INTEGRITY, the
> attacker can keep renewing any consent to receive as long as he wants,
> even though the victim wanted to stop consenting.

Since each endpoint contributes at least 24 bits of randomness to the ice-ufrag which provides 48 bits of randomness. It would not be possible for off-path attacker to guess those 48 bits to cause the endpoint to perform HMAC-SHA1 validation of the MESSAGE-INTEGRITY attribute. Hence my understanding is for consent freshness checking MESSAGE-INTEGRITY is not be required, only checking IP address and USERNAME attribute looks sufficient to handle off-path attacks.

-Tiru.

> 
> Since the whole purpose of consent-freshness is to allow the potential
> victim to stop consenting to receiving traffic, checking
> MESSAGE-INTEGRITY (which implictily checks username and password) is
> necessary.
> 
> This whole paragraph should be deleted from the "Security
> Considerations" section and replaced with text properly describing the
> situation.
> 
> >
> > Ram
> >
> >>   "Once that connection to the remote
> >>    peer has been established with ICE, the consent to continue sending
> >>    traffic does not benefit from re-asserting that same username and
> >>    password, so long as the senders and receiver's IP addresses remain
> >>    the same (as they usually do)."
> >>
> >> Neglect my words, if my understandings are wrong.
> >>
> >> Best regards,
> >>
> >> Jessie
> >>
> >> -----Original Message-----
> >> From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf
> >> Of Magnus Westerlund
> >> Sent: Monday, September 09, 2013 4:37 PM
> >> To: rtcweb@ietf.org
> >> Subject: [rtcweb] Adopting draft-muthu-behave-consent-freshness?
> >>
> >> WG,
> >>
> >> This is a call for WG adoption of STUN Usage for Consent Freshness
> >> (draft-muthu-behave-consent-freshness-04). This document defines a STUN
> >> usage for consent freshness. As this requires no protocol extensions we
> >> as intended users can define this usage in our WG. Such work also
> >> matches our charter. The draft-ietf-rtcweb-security-arch-07 is
> >> normatively dependent on this STUN usage.
> >>
> >> Document:
> >> https://datatracker.ietf.org/doc/draft-muthu-behave-consent-freshness/
> >>
> >> WG, please indicate your support or issues with adopting this document
> >> as WG item with a proposed milestone:
> >>
> >> Mar 2014 Send STUN Usage for Consent Freshness to IESG for publication
> >> as proposed standard.
> >>
> >> Cheers
> >>
> >> Magnus Westerlund
> >>
> >> ----------------------------------------------------------------------
> >> Multimedia Technologies, Ericsson Research EAB/TVM
> >> ----------------------------------------------------------------------
> >> Ericsson AB                | Phone  +46 10 7148287
> >> Färögatan 6                | Mobile +46 73 0949079
> >> SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
> >> ----------------------------------------------------------------------
> >>
> >> _______________________________________________
> >> rtcweb mailing list
> >> rtcweb@ietf.org
> >> https://www.ietf.org/mailman/listinfo/rtcweb
> >> _______________________________________________
> >> rtcweb mailing list
> >> rtcweb@ietf.org
> >> https://www.ietf.org/mailman/listinfo/rtcweb
> > _______________________________________________
> > rtcweb mailing list
> > rtcweb@ietf.org
> > https://www.ietf.org/mailman/listinfo/rtcweb
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb

v2.30.2 | Report a Bug | By Email | System Status