[secdir] secdir review of draft-ietf-avtext-rtp-stream-pause-08

David Mandelberg <david@mandelberg.org> Tue, 11 August 2015 04:45 UTC

Return-Path: <david@mandelberg.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 156C31A004D for <secdir@ietfa.amsl.com>; Mon, 10 Aug 2015 21:45:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Lcm7k-JJROW for <secdir@ietfa.amsl.com>; Mon, 10 Aug 2015 21:45:28 -0700 (PDT)
Received: from nm16-vm6.access.bullet.mail.gq1.yahoo.com (nm16-vm6.access.bullet.mail.gq1.yahoo.com [216.39.63.164]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0D551A004A for <secdir@ietf.org>; Mon, 10 Aug 2015 21:45:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1439268328; bh=wRc8W/YBNemRBto6FJNLn2vGAB6YEeubzs3bc3Lbyic=; h=Date:From:To:Subject:From:Subject; b=anM5Qr6ZSIDKptuBm97OcLYjyYuJ8KET+Dz1tXmYBWts3a2tG6NImmSzLWd5Bcit/8Q+NFJVekNsf6ZdpglOU3dCTlX2KdYK755d5uhZCzt6sXUxOF2rpTkmEtcAGK6VPZIKYgq0ZXEwKtkMtu8IVCJa3gOPhXdLLfzNYdubAiEqkyqmrLZdjfgczoXuDp49z38I7NhSMcFNY/52dllDpdfOI4lkTMGDl1DzlMxICvrI6hRYFK8swgxHnevbEjNfUqm0w+fErfkCqfsk4nRGtJ3BwVraIlpGfQahYi6Oii1NFE05MS0Icm8Xe0zb1hJOhylULZ+icvwNwmsQkcKEGw==
Received: from [216.39.60.167] by nm16.access.bullet.mail.gq1.yahoo.com with NNFMP; 11 Aug 2015 04:45:28 -0000
Received: from [98.138.104.97] by tm3.access.bullet.mail.gq1.yahoo.com with NNFMP; 11 Aug 2015 04:45:28 -0000
Received: from [127.0.0.1] by smtp117.sbc.mail.ne1.yahoo.com with NNFMP; 11 Aug 2015 04:45:28 -0000
X-Yahoo-Newman-Id: 101622.85767.bm@smtp117.sbc.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: 77_RZ4MVM1mY6XfXrFVKsRECV0LXe7nC2SNWcIX2LTAjf63 vATNNAa5Pekp4byhcl6TXE6GAaot2Oe03dMZMVDzd9bADRmhkAjQtQPcGSDy 2UH8DfL6qgKfLLP0skj6AVT_xMc85DNonRE7JJ05kk7x5T9C1FQKOZp1GlMT xXYmztyh5xUMukKDhrDNrj9kiUkoBec3pOjQeL3.6ZexT.ct.HlsbuKvsXQH ZozWaXw4jd0QLcEYiK0dlOTC0_gNHUaxmjyTh1Kt4lh1l1FVVr2IIYoTFzVn gIbGmCGNwIqUS90aFRaJkC0dSXxAmZVbNOds5HTusJzdOecDpz4eLyfQ1iQf HOt_eUfOXRgx6CiTIME90dg4eiS2EVDVi29aqcCNxya1sNu17iKQBEIOMfUm z2qufjvchOIAbzxFIAWzaowDG5FPrnu7QCcX.ONy82.SxbcnYaSvA6qh4XJ7 XjTOb.vBPa_j_j9vfUm2DI8O4f9Myv5hlC_SHhpDpQyBDrsHWMP.bTGHynCe OaCf7RVO2h_ZUb7c9GnzP8WQxud4GNHQJYIQT2g--
X-Yahoo-SMTP: 4kJJK.qswBDPuwyc5wW.BPAQqNXdy5j09UNyeAS0pyOQ708-
Received: from secure.mandelberg.org (c-76-24-31-176.hsd1.ma.comcast.net [76.24.31.176]) by uriel.mandelberg.org (Postfix) with ESMTPSA id 17D891C6052; Tue, 11 Aug 2015 00:45:26 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Date: Tue, 11 Aug 2015 00:45:25 -0400
From: David Mandelberg <david@mandelberg.org>
To: <iesg@ietf.org>, <secdir@ietf.org>, <draft-ietf-avtext-rtp-stream-pause.all@tools.ietf.org>
Message-ID: <063cc84fb1eb8fbef30eda11ea7d8199@mail.mandelberg.org>
X-Sender: david@mandelberg.org
User-Agent: Roundcube Webmail/0.7.2
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/858TyccE-GOZ913QX70pDB9RN4Q>
Subject: [secdir] secdir review of draft-ietf-avtext-rtp-stream-pause-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2015 04:45:30 -0000

Hi,

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
These comments were written primarily for the benefit of the security 
area directors.  Document editors and WG chairs should treat these 
comments just like any other last call comments.

I think this draft is Ready with issues, though the two issues are 
relatively minor:

1. The Security Considerations section talks about protecting against 
injection of PAUSE requests:

    The way of protecting the RTP session from these injections is to
    perform source authentication combined with message integrity, to
    prevent other than intended session participants from sending these
    messages.

I think this paragraph should also mention replay protection, which is 
needed if the 16-bit PauseID wraps around and the attacker has access to 
old PAUSE requests.

2. The next paragraph in Security Considerations talks about protecting 
the multi-party use case against a single malicious participant by 
individually authenticating participants. In addition to per-participant 
authentication, I think there also needs to be a requirement for 
attempted delivery of PAUSE requests to all participants. Without that 
requirement, an attacker could cause the session to cycle through the 
Playing, Pausing, and Paused states. To do that, the attacker would send 
PAUSE requests only to the stream sender, instead of to the whole group. 
Since no other participants receive the PAUSE request, they do not know 
to send disapproving RESUMEs until after the stream sender has already 
paused the stream. (I should note that I'm not particularly familiar 
with multicast network operations. If it's infeasible for one 
participant to send a message to another participant without the rest of 
the group also receiving the message, then I apologize for bringing up a 
non-issue.)

-----

I also have a few nits:

Abstract: The RTCP initialism is used without definition.

Section 5.4: The SR initialism is used without definition.

Section 6.4: I'd suggest changing "As for Paused State" to "As with 
Paused State". That sentence could also be split up for better 
readability.

-- 
David Eric Mandelberg / dseomn
http://david.mandelberg.org/