[secdir] secdir review of draft-ietf-avt-rtp-cnames-02

[Tobias Gondrom <tobias.gondrom@gondrom.org>]

I have reviewed this document as part of the security directorate's  
ongoing effort to review all IETF documents being processed by the  
IESG. These comments were written primarily for the benefit of the  
security area directors. Document editors and WG chairs should treat  
these comments just like any other last call comments.


The Security Considerations section is ok and the draft does not add
further security aspects beyond it.
However there are a number of issues with the draft, including use of
rfc2119 language and hash agility:

1. section 4.2 first bullet point:
spelling:
s/"and endpoint MUST generate and store a Universally"/"an endpoint MUST
generate and store a Universally"

2. COMMENTS/DISCUSS:
section 4.2: the draft makes the distinction between 4 cases:
a) long-term persistent
b) short-term persistent with IPv6
c) short-term persistent with IPv4
d) per-session RTCP CNAME
all use MUST to specify the generated CNAME with _different_ methods. 

This raises a number of potential issues:
2.1. The boundary between the definition of long-term and short-term
with persistence across several related RTP sessions (see 4.1) is not
well defined, thus different MUST clauses for how to treat these two
cases seem problematic. As it can be hard for an application to
determine the difference between across several sessions and long-term.
2.2. Though I understand why a system may not want to use UUID in all
four cases, it is unclear to me why it should be forbidden to use UUID
for scenarios b, c and d. (which is implied by using "MUST" with the
defined method).
2.3. in section 4.2. next to last paragraph it states: (other methods)
"beyond the three methods listed above, are not compliant with this
specification and SHOULD NOT be used."
If the document is std track and updates 3550 and uses "MUST" for the
methods it would be inconsistent to frame it here as "SHOULD NOT".
2.4. Question: which leads to another question: are there upgrade issues
with 3550-applications with this update or is there an upgrade path for
RTP from 3550 to draft-ietf-avt-rtp-cnames?
2.5. case b (IPv6): I understand that one reason for different handling
of IPv4 is NAT and private address spaces. And although NAT with IPv6
should not make sense, in theory this could still happen, so I am not
sure whether these two cases (b and c) can be and need to be handled
differently.

Overall: a solution could be that UUID be allowed for all methods (e.g.
frame it as "MUST use one of the here described methods") and maybe the
unification of case b (short-term IPv6) and c (short-term IPv4) - either
allowing both methods for both and indicating preferred approaches with
"SHOULD" for each of them (e.g. SHOULD use MAC for scenarios of possible
NAT) -  unless the authors can explain why we really need to mandate
these two different scenarios and why IPv6 has not at least in theory
NAT issues?

3. hash agility: in section 4.2 last paragraph the draft mandates for
case d (per-session RTCP CNAMEs ) to use SHA1-HMAC and truncate the
value to 96bit
3.1. DISCUSS: The drafts should not be tied to SHA1 and actually allow
use of other algorithms (e.g. SHA2/SHA-256/-512) as well.

3.2. Question: maybe obvious, but why do you need to truncate the output
to 96bit?

3.3. Clarification: it also states at the end of this paragraph that the
"user@" part of the CNAME "is omitted". Does this mean "MAY be omitted
on single-user systems, and MAY be replaced by an opaque token on
multiuser systems" like for cases a-c or is this intentionally different
and mandatory in d?

Kind regards, Tobias


Tobias Gondrom
email: tobias.gondrom@gondrom.org