[secdir] Security review of draft-ietf-avtcore-aria-srtp-09
Ben Laurie <benl@google.com> Sun, 25 June 2017 20:03 UTC
Return-Path: <benl@google.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62320126BF6 for <secdir@ietfa.amsl.com>; Sun, 25 Jun 2017 13:03:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mYV7sVElGirM for <secdir@ietfa.amsl.com>; Sun, 25 Jun 2017 13:03:12 -0700 (PDT)
Received: from mail-ua0-x22e.google.com (mail-ua0-x22e.google.com [IPv6:2607:f8b0:400c:c08::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C12A71241FC for <secdir@ietf.org>; Sun, 25 Jun 2017 13:03:12 -0700 (PDT)
Received: by mail-ua0-x22e.google.com with SMTP id z22so58725239uah.1 for <secdir@ietf.org>; Sun, 25 Jun 2017 13:03:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=8y+O4Hx34d4YsPPwefjysSO0EU0+Df5uA2B8gF4ByW8=; b=uIJtGcz/gsRErzrPRRolN5S3Y/5RI2Uyt1K1xn8CnJL5scXWeu+ByTD1jUvQPIKYaG 6vLCpENHr9mc1++HbD+A7zbOO5+EV564k/IbhMKV+RHLl5s5g/vG+SCaaA+Hk3m32SL3 zXZHWMQKBl4wz4nv4cl4Dnjzrpt7tjiAvzUJMOxLcUHCXUbT3iXfwPwYObrkLeUP46DW 4hKfe5Kb4qjBJcnBnaC6xnY8N9WNKq0KalUsV3vZttXte3mguevwEfyJAI88VaoEFFHL cmJHYgQjpTWV6QzuTRYm/TdVGCom9VantmZvas0RQAV4q3TP4h7Mm7QeD3FKygzlBRsx gCCg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=8y+O4Hx34d4YsPPwefjysSO0EU0+Df5uA2B8gF4ByW8=; b=mD6YJARMInKGMACanBS6U3ZzGU+IwQaSY2vg/9nbqbzBigP/pXPVa/qdK0gSXLW5X/ G/Spdg+3dM/OP1DiVZGF+MmL3nj6YglSqspdzoWa2mYfSzaasMh2fZRfnNMm/cnphXr4 m6TcnAbqcfaeGAIx9gWR0Lbwho6JKKGheHqTjrAmwYXMYz2hpFvw/N/0i5CSyn5bwtIw Li5d5DhA7XKa4ZlYcMvytPXkfXdHehJPmKMmtUFmolbi61QSBYx2viytwSY36gr5TYX7 nLFyZJauHWvCOnbj0k6xjCICsUqPZk80zOyx7VgBlrH4rYg8acCVEEg+zDfrYrHQQRsH T7Yw==
X-Gm-Message-State: AKS2vOxI7HsXi+J9qSVnZdWVi9UGz/IeFj1Kl+mBFSnFcG3UdrmYmz3S zN4bPC1s8Hb6UG3QzhRcTl/q6Si1oVnW
X-Received: by 10.176.10.13 with SMTP id q13mr10026871uah.54.1498420991530; Sun, 25 Jun 2017 13:03:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.31.48.13 with HTTP; Sun, 25 Jun 2017 13:03:10 -0700 (PDT)
From: Ben Laurie <benl@google.com>
Date: Sun, 25 Jun 2017 21:03:10 +0100
Message-ID: <CABrd9STW9g5_uct50Vf=KR_6VhkXgCiwFL66yZdYOR7p78Rvsg@mail.gmail.com>
To: The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-avtcore-aria-srtp.all@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/MfKhZ3gMtaBQhkFuznvZycvm0kY>
Subject: [secdir] Security review of draft-ietf-avtcore-aria-srtp-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Jun 2017 20:03:14 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is ready with nits. This is essentially a drop-in replacement of AES for SRTP with ARIA, a cipher I've never heard of. Because it is a drop-in replacement, it uses SHA-1. Probably it would be better practice to update the hash function to something more modern. The I-D also somewhat eccentrically says that no security problems have been found with ARIA whilst referencing a paper on a meet-in-the-middle attack on reduced round ARIA. I am not sure what to make of this, though clearly it is not a fatal flaw.
- [secdir] Security review of draft-ietf-avtcore-ar… Ben Laurie
- Re: [secdir] Security review of draft-ietf-avtcor… Woo-Hwan Kim
- Re: [secdir] Security review of draft-ietf-avtcor… Ben Campbell