IETF Logo Mail Archive

Re: [Rum] Magnus Westerlund's Block on charter-ietf-rum-00-02: (with BLOCK)

Adam Roach <adam@nostrum.com> Wed, 10 April 2019 17:27 UTC

Return-Path: <adam@nostrum.com>
X-Original-To: rum@ietfa.amsl.com
Delivered-To: rum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3798A120650; Wed, 10 Apr 2019 10:27:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.679
X-Spam-Level:
X-Spam-Status: No, score=-1.679 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aKxu9b9CtB4b; Wed, 10 Apr 2019 10:27:12 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D45312060E; Wed, 10 Apr 2019 10:27:12 -0700 (PDT)
Received: from MacBook-Pro.roach.at (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x3AHR4VK026894 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 10 Apr 2019 12:27:05 -0500 (CDT) (envelope-from adam@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1554917227; bh=dAbz9OzEHQo3Z+WhvN5P/XjpMmptqDWIuDonEZhfnTo=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=i0FWvQygW8TiCmoNN+0DkWWzVDWU9z/M98aMhIIT257TxhN5AfXBbDjfj7izwNHgE 9/LrDx9ws9Sl+8sp55lD915snMMzvqdd5DAGRV28QQpKf3/JxYo+GS3nboxrgau+e9 so6xQ1DxCU0out4mro6Sw2LK4Csax0QVkhd/dgps=
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be MacBook-Pro.roach.at
To: Brian Rosen <br@brianrosen.net>, Magnus Westerlund <magnus.westerlund@ericsson.com>
Cc: rum@ietf.org, The IESG <iesg@ietf.org>, rum-chairs@ietf.org
References: <155490359622.22876.4380616673767598799.idtracker@ietfa.amsl.com> <BA3E3783-314B-4CCF-B920-3C70C2C9BDBC@brianrosen.net>
From: Adam Roach <adam@nostrum.com>
Message-ID: <5cbae522-4692-d293-e6f8-a69698269f4a@nostrum.com>
Date: Wed, 10 Apr 2019 12:26:59 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <BA3E3783-314B-4CCF-B920-3C70C2C9BDBC@brianrosen.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/rum/OaDCSn4a3tEyHND6h4oyYi2uGBI>
Subject: Re: [Rum] Magnus Westerlund's Block on charter-ietf-rum-00-02: (with BLOCK)
X-BeenThere: rum@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Relay User Machine <rum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rum>, <mailto:rum-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rum/>
List-Post: <mailto:rum@ietf.org>
List-Help: <mailto:rum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rum>, <mailto:rum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2019 17:27:20 -0000

I've added: "The profile will require best-practice security mechanisms 
for SIP-based end devices."

/a

On 4/10/19 9:31 AM, Brian Rosen wrote:
> The profile will most certainly include all the best practice security mechanisms for SIP.  The charter discusses using the most up to date media plane recommendations, which are the WebRTC recommendations, including DTLS-SRTP, and we will require TLS in the signaling plane.   As these are UAs, and not proxy servers, the usual security mechanisms for registration will be required.  We certainly don’t plan to innovate other than exploring the issues raised of explicit man-in-the-middle, but we will require all implementations to maintain current best practice on security mechanisms.  We’ll craft some language to include in the charter.
>
> Maybe: The profile will specify current best practice security mechanisms for SIP based end devices as mandatory to implement
>
>
>
>> On Apr 10, 2019, at 9:39 AM, Magnus Westerlund via Datatracker <noreply@ietf.org> wrote:
>>
>> Magnus Westerlund has entered the following ballot position for
>> charter-ietf-rum-00-02: Block
>>
>> When responding, please keep the subject line intact and reply to all
>> email addresses included in the To and CC lines. (Feel free to cut this
>> introductory paragraph, however.)
>>
>>
>>
>> The document, along with other ballot positions, can be found here:
>> https://datatracker.ietf.org/doc/charter-ietf-rum/
>>
>>
>>
>> ----------------------------------------------------------------------
>> BLOCK:
>> ----------------------------------------------------------------------
>>
>> Why are the no discussion of security mechanism being part of the profile?
>> Considering that the profile includes the media plane, I assume at least
>> mandatory to implement media protection security mechansism and what ciphers
>> should be defined. Then is the of the key-management and its tie into the
>> establishment signalling. I understand that one want to establisha  a border
>> for what is in scope and out of scope. But as I read the charter now it is
>> completely missing.
>>
>> All that I find are this part:
>> The working group will consider issues related to authentication of the
>> parties involved in the video relay call. No protocol changes are anticipated
>> by this work.
>>
>> This sounds like actually discusssing the security model. It is possible to be
>> more explicit of how one handle the fact that one have three parties, where
>> only one part talks to both.
>>
>>
>>
>>

v2.23.0 | Report a Bug | By Email