IETF Logo Mail Archive

Re: [secdir] draft-ietf-avt-rtp-g719-04, RTP Payload format for G.719

Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 08 December 2008 09:02 UTC

Return-Path: <secdir-bounces@ietf.org>
X-Original-To: secdir-archive@ietf.org
Delivered-To: ietfarch-secdir-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9CFE23A6A71; Mon, 8 Dec 2008 01:02:30 -0800 (PST)
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2D07B3A6A3A for <secdir@core3.amsl.com>; Mon, 8 Dec 2008 01:02:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.355
X-Spam-Level:
X-Spam-Status: No, score=-6.355 tagged_above=-999 required=5 tests=[AWL=0.244, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id doItKxJz28dh for <secdir@core3.amsl.com>; Mon, 8 Dec 2008 01:02:28 -0800 (PST)
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by core3.amsl.com (Postfix) with ESMTP id 1F41A3A6A20 for <secdir@ietf.org>; Mon, 8 Dec 2008 01:02:27 -0800 (PST)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id mB892MIP003895 for <secdir@ietf.org>; Mon, 8 Dec 2008 04:02:22 -0500
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id mB892GOJ003890 for <secdir@PCH.mit.edu>; Mon, 8 Dec 2008 04:02:16 -0500
Received: from mit.edu (M24-004-BARRACUDA-1.MIT.EDU [18.7.7.111]) by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id mB89280W016280 for <secdir@mit.edu>; Mon, 8 Dec 2008 04:02:08 -0500 (EST)
Received: from mailgw4.ericsson.se (mailgw4.ericsson.se [193.180.251.62]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mit.edu (Spam Firewall) with ESMTP id 5CDF6CA2CF8 for <secdir@mit.edu>; Mon, 8 Dec 2008 04:01:50 -0500 (EST)
Received: from mailgw4.ericsson.se (unknown [127.0.0.1]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id 9FB7721561; Mon, 8 Dec 2008 09:58:24 +0100 (CET)
X-AuditID: c1b4fb3e-acf82bb00000537b-b2-493ce1a6f269
Received: from esealmw126.eemea.ericsson.se (unknown [153.88.254.123]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id B22D2214CB; Mon, 8 Dec 2008 09:58:15 +0100 (CET)
Received: from esealmw128.eemea.ericsson.se ([153.88.254.172]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Mon, 8 Dec 2008 09:58:05 +0100
Received: from [147.214.183.72] ([147.214.183.72]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Mon, 8 Dec 2008 09:58:05 +0100
Message-ID: <493CE19D.3020107@ericsson.com>
Date: Mon, 08 Dec 2008 09:58:05 +0100
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Thunderbird 2.0.0.18 (Windows/20081105)
MIME-Version: 1.0
To: Hilarie Orman <ho@alum.mit.edu>
References: <200812080137.mB81bm2G027217@localhost.localdomain>
In-Reply-To: <200812080137.mB81bm2G027217@localhost.localdomain>
X-Enigmail-Version: 0.95.7
X-OriginalArrivalTime: 08 Dec 2008 08:58:05.0698 (UTC) FILETIME=[1583CE20:01C95913]
X-Brightmail-Tracker: AAAAAA==
X-Scanned-By: MIMEDefang 2.42
X-BeenThere: secdir@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Cc: ingemar.s.johansson@ericsson.com, fluffy@cisco.com, secdir@mit.edu, iesg@ietf.org, jon.peterson@neustar.biz
Subject: Re: [secdir] draft-ietf-avt-rtp-g719-04, RTP Payload format for G.719
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: secdir-bounces@ietf.org
Errors-To: secdir-bounces@ietf.org

Hilarie Orman skrev:
> Review of draft-ietf-avt-rtp-g719-04, RTP Payload format for G.719
> 
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors. Document editors and WG chairs should treat
> these comments just like any other review comments.
> 
> The security section discusses the implications of encrypting only
> data, not headers, or of turning encryption on and off in the data
> stream, or authenticating only headers, not data.  Although I agree
> that these are security considerations, I have the feeling that they
> are only part of a larger story about RTP security, something that is
> a superset of SRTP.  If the considerations cannot be mapped to more
> closely to an existing protocol, then they might be out of place in
> this specification.

The security for RTP has never been easy due to that it is a framework
and used in very many different environments. It is true that there
currently are no mechanism that doing security to partial payloads. But
we do have SRTP that only encrypts the payload and not the RTP header.
Due to that people use different security mechanism and may in worst
case go as far as this text implies I think it is of some value of
indicating what must be at least confidentiality protected.

As a writer of many RTP payload formats and a few other RTP extensions I
find it hard to determine what the right level is. Most RTP payload
formats have nothing special to consider. The check list is basically:
- does it contain scripts?
- does it have non-uniform processing?

If not, then confidentiality, integrity and source-authentication is the
issues and the mechanism we do have works normally works on a payload
level, RTP packet level or IP packet level.

The AVT WG do have two documents that are related to this discussion.

One document trying to explain why SRTP isn't a MUST:
http://tools.ietf.org/wg/avt/draft-ietf-avt-srtp-not-mandatory/

The other is the HOW TO guide to write RTP payload formats:

http://tools.ietf.org/wg/avt/draft-ietf-avt-rtp-howto/

Following the later this document goes further than what is recommended
there. However, this text was basically published in a previous payload
format RFC 4352.

Comments on either of documents would be appreciated.

But to conclude, I would leave the details in as they are relevant in
the larger scope. But I think we should consider if the general
recommendations for writing RTP payload formats are correctly scoped.

> 
> I'm uncertain what is intended by this statement in section 10.2:
> 
>    To authenticate the sender of the audio-stream, an external mechanism
>    MUST be used. 
> 
> At first I thought that it meant that the sender of an audio-stream
> MUST be authenticated, but on second reading I think it means "if you
> want to authenticate the sender, you've got to use something not
> specified in this document."  Clarification would help the reader.
> 

Yes, that is the later. And I think removing the upper case MUST will
reduced the confusion. But we can also change the sentence to:

If authentication of the sender of the audio-stream is needed, an
external mechanism must be used.

Cullen, can we add an RFC-editor note for the second issue:

Section 10.2:
OLD:
   To authenticate the sender of the audio-stream, an external mechanism
   MUST be used.

NEW:
If authentication of the sender of the audio-stream is needed, an
external mechanism must be used.


Cheers

Magnus Westerlund

IETF Transport Area Director & TSVWG Chair
----------------------------------------------------------------------
Multimedia Technologies, Ericsson Research EAB/TVM
----------------------------------------------------------------------
Ericsson AB                | Phone  +46 10 7148287
Färögatan 6                | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------
_______________________________________________
secdir mailing list
secdir@mit.edu
https://mailman.mit.edu/mailman/listinfo/secdir
_______________________________________________
secdir mailing list
secdir@ietf.org
https://www.ietf.org/mailman/listinfo/secdir

v2.23.0 | Report a Bug | By Email