Re: [secdir] Security review of draft-ietf-avtcore-aria-srtp-09

Woo-Hwan Kim <whkim5@nsr.re.kr> Thu, 06 July 2017 00:10 UTC

Return-Path: <whkim5@nsr.re.kr>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC78113155D for <secdir@ietfa.amsl.com>; Wed, 5 Jul 2017 17:10:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.391
X-Spam-Level:
X-Spam-Status: No, score=0.391 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FSL_HELO_BARE_IP_2=1.499, RDNS_NONE=0.793, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17fKq97bpE34 for <secdir@ietfa.amsl.com>; Wed, 5 Jul 2017 17:10:30 -0700 (PDT)
Received: from spam.nsr.re.kr (unknown [210.104.33.65]) by ietfa.amsl.com (Postfix) with ESMTP id B99D4127286 for <secdir@ietf.org>; Wed, 5 Jul 2017 17:10:29 -0700 (PDT)
Received: from unknown (HELO nsr.re.kr) (210.104.33.70) by 210.104.33.65 with ESMTP; 6 Jul 2017 09:09:11 +0900
X-Original-SENDERIP: 210.104.33.70
X-Original-MAILFROM: whkim5@nsr.re.kr
Received: from 192.168.155.183 ([192.168.155.183]) by mail.nsr.re.kr (Crinity Message Backbone-7.0.1) with SMTP ID 609; Thu, 6 Jul 2017 09:09:53 +0900 (KST)
From: Woo-Hwan Kim <whkim5@nsr.re.kr>
To: 'Ben Laurie' <benl@google.com>, 'The IESG' <iesg@ietf.org>, secdir@ietf.org, draft-ietf-avtcore-aria-srtp.all@ietf.org
References: <CABrd9STW9g5_uct50Vf=KR_6VhkXgCiwFL66yZdYOR7p78Rvsg@mail.gmail.com>
In-Reply-To: <CABrd9STW9g5_uct50Vf=KR_6VhkXgCiwFL66yZdYOR7p78Rvsg@mail.gmail.com>
Date: Thu, 06 Jul 2017 09:10:08 +0900
Message-ID: <000701d2f5ec$3a25d2d0$ae717870$@nsr.re.kr>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQHEfWE+54shbuQ7KD+oG8V/7T/tNKJi3Ylw
Content-Language: ko
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/-FnBuUajBPUk9_UaYPr7vjduI3k>
Subject: Re: [secdir] Security review of draft-ietf-avtcore-aria-srtp-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jul 2017 00:10:32 -0000

Sorry for our late reply and thank you for your comments.

>>I have reviewed this document as part of the security directorate's ongoing effort to review >>all IETF documents being processed by the IESG.  These comments were written primarily for >>the benefit of the security area directors.  Document editors and WG chairs should treat >>these comments just like any other last call comments.
>>
>>The summary of the review is ready with nits.
>>
>>This is essentially a drop-in replacement of AES for SRTP with ARIA, a cipher I've never >>heard of.
>>
>>Because it is a drop-in replacement, it uses SHA-1. Probably it would be better practice to >>update the hash function to something more modern.

We agree. But we think that such updates should be based on the revision of the standard RFC (including RFC 3711). So it may be not possible in this stage.

>>The I-D also somewhat eccentrically says that no security problems have been found with ARIA >>whilst referencing a paper on a meet-in-the-middle attack on reduced round ARIA. I am not >>sure what to make of this, though clearly it is not a fatal flaw.

The reason for referencing the paper [TSL] is that the results of the security analysis on ARIA up to the time when first draft was proposed are summarized in the paper. We wanted that the reference paper is accepted as an evidence of the security of ARIA. Considering the problem you pointed out, however, it seems to be failed to clearly express our intension. So we revised the draft by adding the sentence “Previous security analysis results are summarized in [ATY]”. In addition, we replaced the reference [TSL] by the new reference [ATY] because the results of the security analysis on ARIA have been published to date. This new reference also contains a summary of almost all results of security analysis on ARIA up to date.

Thanks again for your review, and we've posted a revision(-10) that reflects your feedback.

Sincerely, Woo-Hwan Kim