IETF Logo Mail Archive

Re: [secdir] Secdir review of draft-ietf-avtcore-rtp-scip-02

"Michael.Faller@gd-ms.com" <Michael.Faller@gd-ms.com> Tue, 06 September 2022 19:28 UTC

Return-Path: <Michael.Faller@gd-ms.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1030FC1522BE; Tue, 6 Sep 2022 12:28:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gd-ms.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id srCop15I42v3; Tue, 6 Sep 2022 12:28:41 -0700 (PDT)
Received: from vadc01-egs01.gd-ms.com (vadc01-egs01.gd-ms.com [137.100.132.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58FB4C1522B1; Tue, 6 Sep 2022 12:28:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gd-ms.com; i=@gd-ms.com; q=dns/txt; s=esa; t=1662492520; x=1694028520; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=Lg+8M32IjLI/uA3okO8hGK7Ilxiwia0DLay6k5cb164=; b=TyDIKgmdeLqq6i2NKDAzsXfv8sor/fA4MQ9mspkzti1OUV5ejLCv+nAk ufMUQW06bWzGDMDYVJYtBpd3jt/mrdxapNsjTbVscddmOPuoVyDUw/KcL 8erMm7Nw7kpyWNMFJCE1Txyk6ZiPDQ2M9bUpViHVWTWaPhmH3XyRghFKH ShjwUlQDAEwtDnMWkyR/+8CsYfbL5dXRHtPTlpdBikG+PQDxBKOVVlBE3 +nfae3vi/1nVvH6UaFNJF0LuVj6+ndqKqo1Bd4lbbfdHT0alHJm+hCJ5Y F2xYqTqeVU8Y1kyjnkeWFyT9Qgovy4VnEEfTup7o8jUG+QM0xtHNHe8ge Q==;
X-IronPort-AV: E=Sophos; i="5.93,294,1654574400"; d="scan'208,217"; a="34399875"
Received: from unknown (HELO eadc-e-fmsprd01.eadc-e.gd-ais.com) ([10.96.30.97]) by vadc01-egs01.gd-ms.com with ESMTP; 06 Sep 2022 15:28:36 -0400
Received: from VADC-MMB03.GD-MS.US (vadc-mmb03.gd-ms.us [10.132.100.63]) by eadc-e-fmsprd01.eadc-e.gd-ais.com (Postfix) with ESMTP id 21048FB04FE; Tue, 6 Sep 2022 19:28:35 +0000 (UTC)
Received: from vadc-mmbbak01.GD-MS.US (10.132.100.161) by VADC-MMB03.GD-MS.US (10.132.100.63) with Microsoft SMTP Server (TLS) id 15.0.1497.36; Tue, 6 Sep 2022 15:25:54 -0400
Received: from VADC-MCA02.GD-MS.US (10.132.100.43) by vadc-mmbbak01.GD-MS.US (10.132.100.161) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Tue, 6 Sep 2022 15:25:54 -0400
Received: from USG02-CY1-obe.outbound.protection.office365.us (137.100.132.86) by VADC-MCA02.GD-MS.US (10.132.100.79) with Microsoft SMTP Server (TLS) id 15.0.1497.36 via Frontend Transport; Tue, 6 Sep 2022 15:25:54 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=o0wPofhFToYS4Fk7j9Z7aKBEBFctEdfTVmOI8iX4FfBLznWl1qmJM84ZselU0DL7nXC3ns1mg5v35hlwlq/npOMpkEsXfIxZXM3FuIShbTZ4IiZMVxuhoBc9fe7mEr/BiQqgyfPcjnB1FLwSiMO09JIoE8fZKaDExHIza6tmJYqbxPRgtFrTxagvVm3ZoHARuYEvvyU+zkNA07Y1298GODXzt2EKaTKX3NQV3TuBWpFi8YEyo00HbBJStWuRFzTkvJibn82Ab/3552QR7UnqaZSP95qASNk9OtvEQOzceTGOwKNxd26r+NAp4nUT3Y7Bthu6Pp5t+owla4Pfwp54+g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TEVp2f/Q1/Pij5zWJGbqSbnjRLETMNxBxAfZ8EHWHnM=; b=KuuyRYAZM5qP8kPKilqVxqHsGHslbJpwRhAEo68pI97fMN6h6Mfo+KXHOYwdpv5uOcuUzoBDCoUyBTBHga+mMlaiWP724d0neUAohcHI4MEdFDmkTEf5NPcTa/b/tSJ7oIOA5tTEItfGeudte7DqMPJOHx89T++FGK7NPgsGW/a6WBCW1K8E9XKnOU0C4kQT0bGZF8rrXfvVjUXGodeFFVq1qR6IsR43uWH1uQuWJ1Hx+gFUFEpGQ7jdbl5hXfVmuhMXAYWVdBnC5b0T/53PYVCUK/R/rzZg4y6qst112VmEWI7RHO8aEb4iRyeBlQNtk4PwmACrVlPC+tQaG9Rc0A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=gd-ms.com; dmarc=pass action=none header.from=gd-ms.com; dkim=pass header.d=gd-ms.com; arc=none
Received: from PH1P110MB1378.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:18d::14) by PH1P110MB1665.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:18a::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.17; Tue, 6 Sep 2022 19:25:52 +0000
Received: from PH1P110MB1378.NAMP110.PROD.OUTLOOK.COM ([fe80::500e:8c9e:20a:87e4]) by PH1P110MB1378.NAMP110.PROD.OUTLOOK.COM ([fe80::500e:8c9e:20a:87e4%7]) with mapi id 15.20.5588.018; Tue, 6 Sep 2022 19:25:52 +0000
From: "Michael.Faller@gd-ms.com" <Michael.Faller@gd-ms.com>
To: Magnus Nyström <magnusn@gmail.com>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-avtcore-rtp-scip@ietf.org" <draft-ietf-avtcore-rtp-scip@ietf.org>
Thread-Topic: Secdir review of draft-ietf-avtcore-rtp-scip-02
Thread-Index: AQHYvPcl7YBZXptKdUmX1O5BdXYGxq3S0nzA
Date: Tue, 06 Sep 2022 19:25:52 +0000
Message-ID: <PH1P110MB137839437540ED32380D2489DC7E9@PH1P110MB1378.NAMP110.PROD.OUTLOOK.COM>
References: <CADajj4ZQnWkjKdWpBgsB0oyX8_Kzj6HOL-Vkm=TrByBQMEJfPw@mail.gmail.com> <CADajj4bCTF5EeF6DZkCHpP0_GTnUYQtqa0OE3qf3Z5_AmKWfyA@mail.gmail.com> <CADajj4YxgdNXkWX7dLP0nBDWXLSKFa8M_KWWCPCgfCibYtWkAw@mail.gmail.com> <CADajj4Yw13QWbSqF_hd+P_fcNA4_YvdwqF=OgJ4pdS_1vrWphA@mail.gmail.com> <CADajj4Zw+Js8neUujMbekReVdMMFcz46NDwdHsMdWXob6Upc_w@mail.gmail.com> <CADajj4aoBaSYTFFnvAjcL7mTnfoUJOWzvve=NRhgB3qe5X8uWQ@mail.gmail.com> <CADajj4ZTBoCHo2=RJhYFNMi+5L5JJwc_EqBkeyYUUfYsVk-vVw@mail.gmail.com> <CADajj4bAjmbXjQkzJPXBihWZko2msmrHG=-4D9zF4YaFAeU0XA@mail.gmail.com> <CADajj4b3iXHJHM8cEiFMJPK3XmcpW=8Cy2ERHpfuGw_NF53S7Q@mail.gmail.com> <CADajj4Y0RN=tMYfqgYG_jbPWyhxpfFNNL6af-AhBWJsnfFKn7A@mail.gmail.com> <CADajj4ab_HXA+kyYE8to7ZVD3XGcNq9X2fYkysBcG4N_VRuQtQ@mail.gmail.com>
In-Reply-To: <CADajj4ab_HXA+kyYE8to7ZVD3XGcNq9X2fYkysBcG4N_VRuQtQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=gd-ms.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 19c6b52c-f543-447e-35ae-08da903d9d08
x-ms-traffictypediagnostic: PH1P110MB1665:EE_
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: OyoMwmzeNnsUUY6gXW2yuw4+38iFQLrsF8oS2hBluADFsqes/4aULRUS7j1Qso+PB+Ut7JQlrG22I4HQrmol4shgoqxVKc73gX/1N71ZgzoxkV/TLS02IY0H2kcUf7c+Nq4Tx4h0t7jKiLUfYCXVFbJqn+schKhZhSThuNyFnXTut5RVnXT4hQA9vnJgKfJpbwFqanm82Da0mh3oSrXO2xL5jq8LU+dvVl8hYPbJC/SOeM2uFjrpSyR3xgDBTAlr8weL4A3kwQgMtwSD+WD/efWAqX9z2xO3UhLQG+N2nkOxnvH7aiJ7OcE6p3+Ybe0hW4lRZ58qun1hOttJua/zR+nXJNKa+mRuO6OIwPlJltFr1fiEknE9PMaHFu8F3+y7+JXqFEjc7rQKFJLB1637W+6uWH994DRMTo6LLDrSxI5V8sPKS5sm1v/9sLly9J+ycKXR/15/GOacXgWZ+jm53DeerqjmGctysaEGDD6VvCaXdru0KFdw4AvTz+Yh0jLH9uFhYZjlqfk0jGOxMDYsioY9Mdr0CT4JJxdD0nqTEC5m9IAQxcL7+JEySqqQcjlaCgOJ3Tmx/8uxW8J3tL2Czwpp0FCQc0K8of4BkYd/Dy4xs0nosqkPrZPHjN+YH9TwXMPpEB3/LQ8xDaqqsyHL4CCoxWV2Au4cLE7xkYOveKyytFUnosP87SK/GgdmYdrG
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH1P110MB1378.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230016)(366004)(6506007)(7696005)(26005)(498600001)(110136005)(9686003)(53546011)(52536014)(38070700005)(33656002)(5660300002)(8936002)(2906002)(55016003)(83380400001)(86362001)(82960400001)(66556008)(66476007)(66446008)(76116006)(8676002)(64756008)(66946007)(122000001)(66574015)(71200400001)(186003)(38100700002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: jLwYGAHFAvas7Uic2hpCFBNZoVlOA8vHTw8dlVN5SGGwY4L/SEdU2HbKg5iPc9Nh1jSEhyD2k2Orrmi6uvncey3as9Chr5gQr3SIbUXsLfs0K+IVBfJDrz43z32Ge9TviEP3g8eUHKO84Y/Qn1Q2ljgeEd3y/+JLGrHuKQZSjJneXyFJrSgVd2LmEt8f7Deb2prbNBRcKXsun6UKyoi6Oi8cTgZmIBo77CK4xeDKpjTyHvkY/A8T9iIfz/hMNyfGrtp/RFF5hKh/zaWVAvvgJWUe2Kmx+cYN4h2f8ODxGS3ClV1eH9eFOSywj54fS7gUvuh7QBxvzCz4A5my0tcGLGLqnEFZwFg/cuhsSzvd6MSNdr7F/7bc4Io5CypYBAVgftNqh1YRz1m9bskgzCld73C8PbXAeTmC0Bu583OzQU8=
Content-Type: multipart/alternative; boundary="_000_PH1P110MB137839437540ED32380D2489DC7E9PH1P110MB1378NAMP_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH1P110MB1378.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 19c6b52c-f543-447e-35ae-08da903d9d08
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Sep 2022 19:25:52.7843 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 7c5a26cf-ddf0-400c-9703-4070b4e3a54d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH1P110MB1665
X-OriginatorOrg: gd-ms.com
X-TM-SNTS-SMTP: 0F0BA3669E587DA04376FB772AFBF8BF35A95D15DD88433827E243751D6521982000:8
X-Content-Scanned: Fidelis Mail
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/J7LnYOHjshP1QDMerKgzhLBlIvU>
Subject: Re: [secdir] Secdir review of draft-ietf-avtcore-rtp-scip-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Sep 2022 19:28:45 -0000

Magnus,

Access to the SCIP standards has been discussed many times over the Draft RFC process.   The AVTCORE resolution was to treat SCIP as an opaque standard similar to RFC 8817 (TSVCIS) which also references SCIP-210. The documents are now under the control of NATO and available for those that need to know.  Before our involvement in the IETF, that was Gov't and SCIP product manufacturers.  Some older versions were made publicly available. However, in general, they have never been publicly available.

The purpose of the IETF draft RFC is to let the globally community know that the codecs necessary to support SCIP are registered as media subtypes and the encrypted information carried in those media subtypes should pass transparently thorough their network.

The inclusion of the email address to NATO is a way request SCIP 210 and that process has been slow, but has worked.  The requests may take days to process.  As for a "definition of the protocol", it is a SCIP device to SCIP device application layer security protocol as defined in SCIP-210.

Regarding the Security Considerations, SCIP does not introduce any new vulnerabilities to an RTP stream.

Michael Faller
Dan Hanson

GENERAL DYNAMICS Mission Systems

This message and/or attachments may include information subject to GDC4S S.P. 1.8.6 and GD Corporate Policy 07-105 and are intended to be accessed only by authorized recipients.  Use, storage and transmission are governed by General Dynamics and its policies. Contractual restrictions apply to third parties.  Recipients should refer to the policies or contract to determine proper handling.  Unauthorized review, use, disclosure or distribution is prohibited.  If you are not an intended recipient, please contact the sender and destroy all copies of the original message.




From: Magnus Nyström <magnusn@gmail.com>
Sent: Wednesday, August 31, 2022 1:04 AM
To: secdir@ietf.org; draft-ietf-avtcore-rtp-scip@ietf.org
Subject: Secdir review of draft-ietf-avtcore-rtp-scip-02

External E-mail --- CAUTION: This email originated from outside GDMS. Do not click links or open attachments unless you recognize the sender and know the content is safe.


I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other comments.

The above mentioned draft describes the RTP payload format of the "Secure Communication Interoperability Protocol" as audio and video media subtypes, with corresponding media subtype definitions.

While the draft as such only provides the payload formats, it seems strange to have an Internet-Draft fully dependent on a protocol which isn't even referenced in the memo. SCIP is mentioned several times, but there's no reference to the definition of the protocol. The only reference is to a "SCIP SIgnaling Plan", but access to that document appears to require an email-based request to a NATO email address. Should such a document become a Standards-track RFC?

The Security Considerations section only talks about possible complexity introduced by the new media subtypes, which may be adequate, but does not discuss general considerations to take in the context of supporting SCIP. To my earlier comment, if SCIP itself isn't readily available, there seems to be a gap here.

Thanks,
-- Magnus

v2.14.0 | Report a Bug | By Email