Re: [secdir] [AVTCORE] Secdir last call review of draft-ietf-avtcore-multi-party-rtt-mix-16
Gunnar Hellström <gunnar.hellstrom@ghaccess.se> Fri, 07 May 2021 20:17 UTC
Return-Path: <gunnar.hellstrom@ghaccess.se>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E82153A312E for <secdir@ietfa.amsl.com>; Fri, 7 May 2021 13:17:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.799
X-Spam-Level:
X-Spam-Status: No, score=-1.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=egensajt.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1klrQmj-hn9G for <secdir@ietfa.amsl.com>; Fri, 7 May 2021 13:17:54 -0700 (PDT)
Received: from smtp.egensajt.se (smtp.egensajt.se [193.42.159.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF02A3A312C for <secdir@ietf.org>; Fri, 7 May 2021 13:17:53 -0700 (PDT)
Received: from [192.168.2.137] (h77-53-37-81.cust.a3fiber.se [77.53.37.81]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: gunnar.hellstrom@ghaccess.se) by smtp.egensajt.se (Postfix) with ESMTPSA id 553B7202E6; Fri, 7 May 2021 22:17:52 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=egensajt.se; s=dkim; t=1620418672; bh=0Pp4ywdnwWFFgURU+dZFIJ3pbudjiBVNJsmNHcxKdMQ=; h=Subject:From:To:References:Date:In-Reply-To:From; b=Flt0mAnlXALTb2/vJ5QlYcV0GfH3Alt71b0ZXfcNJo1rNGnMA/Ec0uNogetR/DjK3 /qO3vDWW7GETqaQXoqSAZYl/FNJIaOxveDHVyVE8n9IQfl6uJYYSxlyaihDfNpBUPa vOTDivziftl69YRWCV/D/1ebIM1OKQX5LLd8GyzI=
From: Gunnar Hellström <gunnar.hellstrom@ghaccess.se>
To: "Salz, Rich" <rsalz@akamai.com>, "secdir@ietf.org" <secdir@ietf.org>
References: <162031178943.8783.4063437681950995450@ietfa.amsl.com> <683ac9fe-b68f-3041-fff4-c26fef3767a8@ghaccess.se> <FF68D2FB-7E52-4CBD-9B63-2E787F1B8B47@akamai.com> <e06e4c6b-6491-ca3c-4617-430b657c4072@ghaccess.se>
Message-ID: <2a8b488f-6389-38ca-037e-b68346420382@ghaccess.se>
Date: Fri, 07 May 2021 22:17:51 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1
MIME-Version: 1.0
In-Reply-To: <e06e4c6b-6491-ca3c-4617-430b657c4072@ghaccess.se>
Content-Type: multipart/alternative; boundary="------------E7673B1337E22B409EE9CB7B"
Content-Language: sv
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/ALIWcgmGb6OOWaKe42b-ZN-RuTw>
X-Mailman-Approved-At: Sat, 08 May 2021 08:10:08 -0700
Subject: Re: [secdir] [AVTCORE] Secdir last call review of draft-ietf-avtcore-multi-party-rtt-mix-16
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2021 20:17:59 -0000
Version -17 of the draft is submitted, with intention to have all Genart and Secdir review comments resolved. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-avtcore-multi-party-rtt-mix/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-avtcore-multi-party-rtt-mix-17.html A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-avtcore-multi-party-rtt-mix-17 Best Regards Gunnar -- Gunnar Hellström GHAccess gunnar.hellstrom@ghaccess.se Den 2021-05-07 kl. 19:47, skrev Gunnar Hellström: > > Thanks. > > I have added this sentence to section 3.19 > > " Further general security considerations are covered in > Section 11." > > Regards > > Gunnar Hellstrom > > -- > Gunnar Hellström > GHAccess > gunnar.hellstrom@ghaccess.se <mailto:gunnar.hellstrom@ghaccess.se> > > > Den 2021-05-07 kl. 18:13, skrev Salz, Rich: >> >> Thanks for the explanation and update. Your updated draft addresses >> my concerns. Perhaps 3.9 should have a forward link to Sec 11 >> >> *From: *Gunnar Hellström <gunnar.hellstrom@ghaccess.se> >> *Date: *Friday, May 7, 2021 at 11:45 AM >> *To: *Rich Salz <rsalz@akamai.com>, "secdir@ietf.org" <secdir@ietf.org> >> *Cc: *"last-call@ietf.org" <last-call@ietf.org>, >> "draft-ietf-avtcore-multi-party-rtt-mix.all@ietf.org" >> <draft-ietf-avtcore-multi-party-rtt-mix.all@ietf.org>, "avt@ietf.org" >> <avt@ietf.org> >> *Subject: *Re: [AVTCORE] Secdir last call review of >> draft-ietf-avtcore-multi-party-rtt-mix-16 >> >> Rich, >> >> Thanks for the review. >> >> I am composing a new version because of the Gen-ART review, and want >> to propose changes to satisfy your comments. >> >> You ask if it is common to have the mixers being trusted. >> >> In the expected first implementation environments for this draft, it >> is. That is in emergency service networks. Also in personal >> communication services it is. >> >> The first implementation environments are also expected to use the >> SIP centralized conference model (RFC 4353 etc.) where all media are >> expected to be mixed centrally. Thus the security aspects would be >> similar for audio, video and real-time text. >> >> I have tried to elaborate a bit more on this in a modified security >> considerations section, currently looking like this and being ready >> for submission together with the changes because of the Gen-ART >> review. Would this satisfy your concerns? >> >> --------Proposed security concerns-------------------- >> >> 11. Security Considerations >> The RTP-mixer model requires the mixer to be allowed to decrypt, >> pack, and encrypt secured text from the conference participants. >> Therefore the mixer needs to be trusted to achieve security in >> confidentiality and integrity. This situation is similar to the >> situation for handling audio and video media in centralized mixers. >> The requirement to transfer information about the user in RTCP >> reports in SDES, CNAME, and NAME fields, and in conference >> notifications, for creation of labels may have privacy concerns as >> already stated in RFC 3550 [RFC3550], and may be restricted for >> privacy reasons. The receiving user will then get a more symbolic >> label for the source. >> Participants with malicious intentions may appear and e.g., disturb >> the multiparty session by emitting a continuous flow of text. They >> may also send text that appears to originate from other participants. >> Counteractions should be to require secure signaling, media and >> authentication, and to provide higher level conference functions >> e.g., for blocking, muting, and expelling participants. >> Further security considerations specific for this application are >> specified in Section 3.19. >> ---------------------------------------------------------- >> Regards >> >> Gunnar >> >> -- >> Gunnar Hellström >> GHAccess >> gunnar.hellstrom@ghaccess.se <mailto:gunnar.hellstrom@ghaccess.se> >> >> Den 2021-05-06 kl. 16:36, skrev Rich Salz via Datatracker: >> >> Reviewer: Rich Salz >> >> Review result: Ready >> >> This review is for the benefit of the Security AD's. Nobody else should read >> >> this. Or, if you read it, treat it as any other last call review :) >> >> I know very little about WebRTC, AVT, etc. >> >> I thought Section 1.2, summary of the alternatives, was great. I wish more >> >> documents did this kind of thing. And similar for all of section 2. The details >> >> in Section 3 about how to comply seem very clear. If I were implementing this, >> >> I could use easily use this as a checklist and test suite. Section 3.19 is the >> >> most important one for transport security. Not knowing the operating >> >> environments, it seems reasonable. >> >> The security considerations seems a little scant, given the opportunity for >> >> privacy concerns of participants and for intruders to disrupt calls. Is it >> >> common that the mixer is a trusted entity? A statement on that either way would >> >> be useful. >> >> _______________________________________________ >> >> Audio/Video Transport Core Maintenance >> >> avt@ietf.org <mailto:avt@ietf.org> >> >> https://www.ietf.org/mailman/listinfo/avt <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/avt__;!!GjvTz_vk!ChNP_4C8_-IG9lEq-LDl930w9i9b8GYIlpcFoBp1nUK7LGxO78Q0hXyqr7QT$> >> >> -- >> Gunnar Hellström >> GHAccess >> gunnar.hellstrom@ghaccess.se <mailto:gunnar.hellstrom@ghaccess.se> > -- > Gunnar Hellström > GHAccess > gunnar.hellstrom@ghaccess.se -- Gunnar Hellström GHAccess gunnar.hellstrom@ghaccess.se
- [secdir] Secdir last call review of draft-ietf-av… Rich Salz via Datatracker
- Re: [secdir] [AVTCORE] Secdir last call review of… Salz, Rich
- Re: [secdir] [AVTCORE] Secdir last call review of… Gunnar Hellström
- Re: [secdir] [AVTCORE] Secdir last call review of… Gunnar Hellström
- Re: [secdir] [AVTCORE] Secdir last call review of… Gunnar Hellström