IETF Logo Mail Archive

Re: [rtcweb] Security issue: consent refresh

Hadriel Kaplan <HKaplan@acmepacket.com> Fri, 28 October 2011 18:24 UTC

Return-Path: <HKaplan@acmepacket.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86DF721F8A56 for <rtcweb@ietfa.amsl.com>; Fri, 28 Oct 2011 11:24:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.456
X-Spam-Level:
X-Spam-Status: No, score=-2.456 tagged_above=-999 required=5 tests=[AWL=0.143, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HwO-QfT7jJxw for <rtcweb@ietfa.amsl.com>; Fri, 28 Oct 2011 11:24:05 -0700 (PDT)
Received: from etmail.acmepacket.com (etmail.acmepacket.com [216.41.24.6]) by ietfa.amsl.com (Postfix) with ESMTP id D4E3D21F8713 for <rtcweb@ietf.org>; Fri, 28 Oct 2011 11:24:04 -0700 (PDT)
Received: from MAIL2.acmepacket.com (10.0.0.22) by etmail.acmepacket.com (216.41.24.6) with Microsoft SMTP Server (TLS) id 8.2.254.0; Fri, 28 Oct 2011 14:24:01 -0400
Received: from MAIL1.acmepacket.com ([169.254.1.232]) by Mail2.acmepacket.com ([169.254.2.157]) with mapi id 14.01.0270.001; Fri, 28 Oct 2011 14:24:01 -0400
From: Hadriel Kaplan <HKaplan@acmepacket.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
Thread-Topic: [rtcweb] Security issue: consent refresh
Thread-Index: AQHMlZ7D8XS7IkOhHkahsxLL5uYzkw==
Date: Fri, 28 Oct 2011 18:24:01 +0000
Message-ID: <2308DE02-0E63-4CCF-8889-F2E79204C7AF@acmepacket.com>
References: <3FACD0E9-449A-4897-8997-F76B5A41A34E@acmepacket.com> <4EAA7B02.4010400@ericsson.com>
In-Reply-To: <4EAA7B02.4010400@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.0.0.30]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <92A9BC0DB00EC449BDD8808E8BB02EE2@acmepacket.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAQAAAWE=
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Security issue: consent refresh
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2011 18:24:05 -0000

On Oct 28, 2011, at 5:50 AM, Magnus Westerlund wrote:

> On 2011-10-28 02:02, Hadriel Kaplan wrote:
>> 
>> Alternative Proposal: I think one obvious solution is to use a STUN
>> request/response check as a consent refresh.  The STUN check does not
>> need to use SHA-1 stuff, just responding with the same transaction ID
>> as the request should provide enough entropy.  The STUN message could
>> be an existing one from RFC 5389, but it would take a new draft to
>> say "do this" and indicate it in SDP.
> 
> And the reason you are not needing the SHA-1 stuff is that you see no
> need for this consent refresh to continue to verify that the one sending
> the answers echoing the transaction IDs is a node which you provided
> with the credentials? Or which the "evil" webservice has provisioned
> with the credentials from the signalling exchange?

Correct.  Let's assume ICE is used for initial consent.  If you're past the initial consent stage, then some far-end accepted your communication. 

At that point we're at the same stage as if the JS had simply initiated an HTTP connection to another site and it was approved with CORS.  What keeps such an HTTP connection going is simply TCP "consent-refresh" using ACKs and not getting RST/FIN... and we don't need to be stronger than TCP.  Arguably the STUN keepalive would actually be stronger than TCP even without SHA-1, because the STUN 96-bit Transaction-ID is harder to spoof-guess than two 16-bit TCP sequence number fields.

If there is a MitM physically on the path between the Browser and the peer, such a MitM can keep the RTP flowing even if we used RTCP, because it could fake RTCP. (and such a MitM can keep TCP and SCTP going too, fwiw)


>> The downside is any existing RTP devices that already support ICE and
>> RTCP would need to be upgraded in order to talk to WebRTC. I think
>> there's a solution to that too if people think we need to interop
>> with them without upgrading.  One idea is IF RTCP is sufficiently
>> entropic for consent refresh, then we have an escape clause that if
>> the peer doesn't indicate support for this new STUN-based consent
>> refresh, then we allow it to use RTCP as consent refresh.
> 
> If you need this upgrade, why not ensure that they do RTCP? That is more
> useful for also other purpose and may actually ensure that we can
> fulfill some minimal congestion control requirements even in the
> interworking cases. Yes, it is more new code, than tweaking an existing
> ICE stack to do what you suggest.

Because we can't upgrade devices not under our control, as described in draft-kaplan-rtcweb-sip-interworking-requirements-00 section 3.  For some percentage of the WebRTC use-cases, interfacing to deployed SIP devices will need an Inter-Working Function.  Having an IWF system generate fake RTCP is a really bad idea; from a cost, complexity, failure-potential, and architectural basis.  And such an IWF could never remove itself (let media go direct) on a call-by-call basis, because it woul'd never know if the far-end SIP device implements RTCP.

-hadriel

v2.23.0 | Report a Bug | By Email