Re: [secdir] secdir review of draft-ietf-clue-rtp-mapping
Roni Even <roni.even@huawei.com> Thu, 12 January 2017 05:56 UTC
Return-Path: <roni.even@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B7A812948B; Wed, 11 Jan 2017 21:56:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.409
X-Spam-Level:
X-Spam-Status: No, score=-7.409 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vUydIIE8JCPv; Wed, 11 Jan 2017 21:56:29 -0800 (PST)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CA8412943B; Wed, 11 Jan 2017 21:56:27 -0800 (PST)
Received: from 172.18.7.190 (EHLO lhreml708-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CYQ67932; Thu, 12 Jan 2017 05:56:26 +0000 (GMT)
Received: from DGGEMM406-HUB.china.huawei.com (10.3.20.214) by lhreml708-cah.china.huawei.com (10.201.5.202) with Microsoft SMTP Server (TLS) id 14.3.301.0; Thu, 12 Jan 2017 05:56:25 +0000
Received: from DGGEMM506-MBX.china.huawei.com ([169.254.3.117]) by DGGEMM406-HUB.china.huawei.com ([10.3.20.214]) with mapi id 14.03.0301.000; Thu, 12 Jan 2017 13:56:20 +0800
From: Roni Even <roni.even@huawei.com>
To: Dan Harkins <dharkins@lounge.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-clue-rtp-mapping.all@ietf.org" <draft-ietf-clue-rtp-mapping.all@ietf.org>
Thread-Topic: secdir review of draft-ietf-clue-rtp-mapping
Thread-Index: AQHSbDMyJjETUj3gX0KgDullUhuDFqE0VV4A
Date: Thu, 12 Jan 2017 05:56:20 +0000
Message-ID: <6E58094ECC8D8344914996DAD28F1CCD76C67C@DGGEMM506-MBX.china.huawei.com>
References: <80663eab-d5d4-07ae-7aa6-3924a5b7a579@lounge.org> <6E58094ECC8D8344914996DAD28F1CCD76C117@DGGEMM506-MBX.china.huawei.com> <346721a9-b50c-51c5-dbbd-55470091b027@lounge.org>
In-Reply-To: <346721a9-b50c-51c5-dbbd-55470091b027@lounge.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.201.119.125]
Content-Type: multipart/alternative; boundary="_000_6E58094ECC8D8344914996DAD28F1CCD76C67CDGGEMM506MBXchina_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020202.58771A8A.02AC, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.3.117, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: d6a2ef53dea3ee7b874a65371b192f0c
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Jz0APDGlAqe--UcQssN5PejI21U>
Subject: Re: [secdir] secdir review of draft-ietf-clue-rtp-mapping
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jan 2017 05:56:31 -0000
HI Dan, 1. The first two documents are in the RFC editor queue and the third one is well advanced and is an important document for a lot of work in the ART area and is in its final stages. The RFC editor waits for RFCs for normative references before publishing the document. 2. RFC7022 is relevant for all RTP payloads, it updates RFC3550 which is the RTP specification and provide guidelines for choosing RTCP CNAMEs. The CNAME is the identification of the RTP endpoint. The CLUE RTP usage document outlines how to use RTP in CLUE and in the security section we ouline how to address security concerns for RTP by using a specific RTP profile and choosing specific ways to create the relevant parameters. Roni From: Dan Harkins [mailto:dharkins@lounge.org] Sent: יום ד 11 ינואר 2017 19:50 To: Roni Even; iesg@ietf.org; secdir@ietf.org; draft-ietf-clue-rtp-mapping.all@ietf.org Subject: Re: secdir review of draft-ietf-clue-rtp-mapping Hi Roni, On 1/10/17 11:30 PM, Roni Even wrote: Hi Dan, Thanks for the review See inline Roni From: Dan Harkins [mailto:dharkins@lounge.org] Sent: יום ו 06 ינואר 2017 23:52 To: iesg@ietf.org<mailto:iesg@ietf.org>; secdir@ietf.org<mailto:secdir@ietf.org>; draft-ietf-clue-rtp-mapping.all@ietf.org<mailto:draft-ietf-clue-rtp-mapping.all@ietf.org> Subject: secdir review of draft-ietf-clue-rtp-mapping Greetings, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft provides some recommendations and mappings to allow RTP to be used in the CLUE protocol. I believe this draft is Ready with the following nits: 1) it makes normative reference to 3 other I-Ds. I am not familiar with those drafts or their status or whether any of the normative behavior this draft relies upon is contentious or not. Somebody (not me) should make sure that all ducks are in a row before this draft advances. [Roni Even] I assume you are referring to the normative references in general since there all references in the Security section are informational. I'm referring to the 3 Internet-Drafts referenced in the section called "Normative References", section 10.1. An I-D is, as noted, a "work in progress". So you're making a normative reference to a document in a state of flux. That sounds a bit alarming to me. What if, as they progress, the things you are normatively depending on change in a way that make this dependency not work anymore? I'm just saying someone (not me) has to make sure that that does not happen. The alternative is to wait for them to be published and then refer to them as RFCs. 2) having RFC 2119 words in the Security Considerations seems OK for saying things like "CLUE endpoints MUST support RTP/SAVPF and DTLS-SRTP keying [RFC5764]" because it's just saying you need to support something else that is providing you security. But I think MUST language describing how the protocol needs to behave in order to be secure itself belongs outside the Security Considerations. I'm referring to: "Inappropriate choice of CNAME values can be a privacy concern, since long-term persistent CNAME identifiers can be used to track users across multiple calls. CLUE endpoint MUST generate short-term persistent RTCP CNAMES, as specified in RFC7022 [RFC7022], resulting in untraceable CNAME values that alleviate this risk." I suggest placing that in a different section, possibly making a new section that describes has all the various recommendations being made on CLUE in one place. [Roni Even] I am not sure, both cases are the same. RTP has multiple profiles and for security the secure profile MUST be supported. RTP also has CNAME and the creation of CNAME is specified in another document [RFC 7022], for security reasons you MUST choose a specific mode to create the CNAMEs. I am not sure that having a section with all the normative language in the document make much sense since they will be out of context. RFC 7022 does not place a requirement on CLUE endpoints. Its seems this I-D is placing a requirement on CLUE endpoints, namely that they MUST generate RTCP CNAMES per RFC 7022. Now maybe I'm misreading this and there is actually some other RFC that places this requirement on CLUE endpoints. In which case you should refer to that document for the requirement. But if it is this document placing a behavioral requirement on CLUE endpoints, then it is my personal opinion that such a requirement is not appropriate for the Security Considerations. regards, Dan.