Re: [secdir] Secdir last call review of draft-ietf-rtcweb-jsep-23
Harald Alvestrand <harald@alvestrand.no> Sun, 08 October 2017 07:49 UTC
Return-Path: <harald@alvestrand.no>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 117EF134D51; Sun, 8 Oct 2017 00:49:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IlRav9wpTFCC; Sun, 8 Oct 2017 00:49:45 -0700 (PDT)
Received: from mork.alvestrand.no (mork.alvestrand.no [IPv6:2001:700:1:2::117]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9032134C42; Sun, 8 Oct 2017 00:49:44 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mork.alvestrand.no (Postfix) with ESMTP id 104187C09FC; Sun, 8 Oct 2017 09:49:43 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at alvestrand.no
Received: from mork.alvestrand.no ([127.0.0.1]) by localhost (mork.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OQ1vgOWDi6_p; Sun, 8 Oct 2017 09:49:41 +0200 (CEST)
Received: from [192.168.8.103] (149-222-232.connect.netcom.no [178.232.222.149]) by mork.alvestrand.no (Postfix) with ESMTPSA id 7C38D7C03BD; Sun, 8 Oct 2017 09:49:40 +0200 (CEST)
Date: Sun, 08 Oct 2017 09:49:30 +0200
User-Agent: K-9 Mail for Android
In-Reply-To: <CAMm+LwhzyYgt3EmcCwNkHO6etAtMwuTofaBXEoaXb+_xQ0+myw@mail.gmail.com>
References: <150729330872.6204.16821957868857533343@ietfa.amsl.com> <3a37950b-676c-05bd-f400-0bd84beacd1b@alvestrand.no> <CAMm+LwhzyYgt3EmcCwNkHO6etAtMwuTofaBXEoaXb+_xQ0+myw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----VFWW9V971VU85Q8MQZY4R6WTQGWAJY"
Content-Transfer-Encoding: 7bit
To: ietf@ietf.org, Phillip Hallam-Baker <hallam@gmail.com>
CC: draft-ietf-rtcweb-jsep.all@ietf.org, "rtcweb@ietf.org" <rtcweb@ietf.org>, IETF Discussion Mailing List <ietf@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
From: Harald Alvestrand <harald@alvestrand.no>
Message-ID: <C53BD82E-628C-4C46-B851-A763C07C2A35@alvestrand.no>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/AueOwZPMBx-V9XRpsynmExNU8LE>
Subject: Re: [secdir] Secdir last call review of draft-ietf-rtcweb-jsep-23
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Oct 2017 07:49:48 -0000
Ok, sounds like we're in agreement on what needs to be done to this document based on the review (nothing). Good. Den 8. oktober 2017 05:18:51 CEST, skrev Phillip Hallam-Baker <hallam@gmail.com>: >On Sat, Oct 7, 2017 at 10:22 PM, Harald Alvestrand ><harald@alvestrand.no> >wrote: > >> On 10/06/2017 02:35 PM, Phillip Hallam-Baker wrote: >> > Reviewer: Phillip Hallam-Baker >> > Review result: Ready >> > >> > Given the design constraints in which the protocol operates, it is >hard >> to see >> > how this could be done differently. >> > >> > I have two sets of security concerns. One is that implementations >need >> to be >> > designed so as to avoid buffer overrun conditions and also to >prevent >> such >> > conditions leading to a breach. Compression formats such as are >> inevitably used >> > in video and image applications tend to make promiscuous use of >nested >> length >> > encoding formats that commonly lead to security vulnerabilities. >> > >> > This document does not have such a warning, having a reference on >most >> of the >> > security issues, a warning on this issue should appear in: >> > https://tools.ietf.org/html/draft-ietf-rtcweb-security-08 >> > >> > The other security concern is that giving control over the host >browser >> to run >> > pretty much arbitrary code was always going to be a security >disaster >> but there >> > isn't much that can be done at this point. >> > >> Participant pushback, I'm neither a WG chair or a document editor: >> >> >> Was this intended as a review of a different document? >> > >No, I just didn't have any comments on the security considerations in >this >one as they are handled in rtcweb-security. and that is the place to >address the one addressable concern I did have. > > > >The concern about compression formats seems to be something that >belongs >> in compression format specifications, such as those referenced by >> PAYLOAD et al. As such, it would reasonably belong in >-rtcweb-security, >> which pulls in security concerns from a number of fields. >> > >That is where I suggested it go. > > >> The generic concern about running Javascript in the browser seems to >> belong to rtcweb-overview if it belongs anywhere except in a generic >> architecture critique of the browser ecosystem. >> > >I wasn't suggesting a change. Just pointing out that we are dealing >with >the attack model in which the attacker has control of a turing >complete >mechanism in the communication channel. Given that one of the authors >is a >Security AD, just pointing out that is the set of vectors that would >cause >me most concern. > > > >> If there are concerns specific to JSEP, and the handling of SDP that >is >> described in JSEP, it seems appropriate to document them here. >Generic >> architectural issues and common security best practices don't seem to >> have the right home in this document. >> >> -- >> Surveillance is pervasive. Go Dark. >> >> >> > > >-- >Website: http://hallambaker.com/ -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
- [secdir] Secdir last call review of draft-ietf-rt… Phillip Hallam-Baker
- Re: [secdir] Secdir last call review of draft-iet… Harald Alvestrand
- Re: [secdir] Secdir last call review of draft-iet… Phillip Hallam-Baker
- Re: [secdir] Secdir last call review of draft-iet… Harald Alvestrand