IETF Logo Mail Archive

Re: [secdir] draft-ietf-avt-rtp-g719-04, RTP Payload format for G.719

Magnus Westerlund <magnus.westerlund@ericsson.com> Tue, 09 December 2008 09:13 UTC

Return-Path: <secdir-bounces@ietf.org>
X-Original-To: secdir-archive@ietf.org
Delivered-To: ietfarch-secdir-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 23C583A6B09; Tue, 9 Dec 2008 01:13:06 -0800 (PST)
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 08DC53A6B08 for <secdir@core3.amsl.com>; Tue, 9 Dec 2008 01:13:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.354
X-Spam-Level:
X-Spam-Status: No, score=-6.354 tagged_above=-999 required=5 tests=[AWL=0.245, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y-st-u9rJhHu for <secdir@core3.amsl.com>; Tue, 9 Dec 2008 01:13:04 -0800 (PST)
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by core3.amsl.com (Postfix) with ESMTP id F22A73A6A7C for <secdir@ietf.org>; Tue, 9 Dec 2008 01:13:03 -0800 (PST)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id mB99Cvs9011509 for <secdir@ietf.org>; Tue, 9 Dec 2008 04:12:57 -0500
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id mB99Cql3011497 for <secdir@PCH.mit.edu>; Tue, 9 Dec 2008 04:12:52 -0500
Received: from mit.edu (W92-130-BARRACUDA-3.MIT.EDU [18.7.21.224]) by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id mB99Cft5009472 for <secdir@mit.edu>; Tue, 9 Dec 2008 04:12:42 -0500 (EST)
Received: from mailgw3.ericsson.se (mailgw3.ericsson.se [193.180.251.60]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mit.edu (Spam Firewall) with ESMTP id C08E71285133 for <secdir@mit.edu>; Tue, 9 Dec 2008 04:12:17 -0500 (EST)
Received: from mailgw3.ericsson.se (unknown [127.0.0.1]) by mailgw3.ericsson.se (Symantec Mail Security) with ESMTP id 7A24154826A; Tue, 9 Dec 2008 10:11:52 +0100 (CET)
X-AuditID: c1b4fb3c-aef60bb00000304c-cb-493e365882f2
Received: from esealmw126.eemea.ericsson.se (unknown [153.88.254.123]) by mailgw3.ericsson.se (Symantec Mail Security) with ESMTP id 6010A520003; Tue, 9 Dec 2008 10:11:52 +0100 (CET)
Received: from esealmw128.eemea.ericsson.se ([153.88.254.172]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Tue, 9 Dec 2008 10:11:52 +0100
Received: from [147.214.183.72] ([147.214.183.72]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Tue, 9 Dec 2008 10:11:52 +0100
Message-ID: <493E3657.1020204@ericsson.com>
Date: Tue, 09 Dec 2008 10:11:51 +0100
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Thunderbird 2.0.0.18 (Windows/20081105)
MIME-Version: 1.0
To: Russ Housley <housley@vigilsec.com>
References: <200812080137.mB81bm2G027217@localhost.localdomain> <493CE19D.3020107@ericsson.com> <20081208172732.8EAED500003@mailgw2.ericsson.se>
In-Reply-To: <20081208172732.8EAED500003@mailgw2.ericsson.se>
X-Enigmail-Version: 0.95.7
X-OriginalArrivalTime: 09 Dec 2008 09:11:52.0166 (UTC) FILETIME=[2C8A9060:01C959DE]
X-Brightmail-Tracker: AAAAAA==
X-Scanned-By: MIMEDefang 2.42
X-BeenThere: secdir@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Cc: fluffy@cisco.com, jon.peterson@neustar.biz, secdir@mit.edu, ingemar.s.johansson@ericsson.com, iesg@ietf.org, csp@csperkins.org, avt-chairs@tools.ietf.org
Subject: Re: [secdir] draft-ietf-avt-rtp-g719-04, RTP Payload format for G.719
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: secdir-bounces@ietf.org
Errors-To: secdir-bounces@ietf.org

Hi,

I will add both the AVT chairs and my co-author on
draft-ietf-avt-srtp-not-mandatory into this thread. Because it does
concern the greater discussion on how to do RTP payload format security
consideration sections.

Russ Housley skrev:
> I do not see this as a complete solution.  I'd like to see a bit of
> discussion about where this mechanism is defined.  Is there an example
> of a media stream format that includes authentication?

I would basically say go read
http://tools.ietf.org/wg/avt/draft-ietf-avt-srtp-not-mandatory/
why this turns into a 200-500 word essay assignment. I can do this but
the above document has been created to avoid having this happening.

So SRTP provides authentication in the sense that you can determine if
the sender is in the group or outside of it based on if it is keyed or
not. If you needed true source authentication then to my knowledge we
end up in IPsec or for point to point case TLS/DTLS with or without SRTP
 do also work. For RTP mixer and multi-point use cases there is no
solution due to that the mixer repackages the material. So the possible
trust models prevents true source authentication in this case.

And to my knowledge there are no format that include authentication,
there is one hach by ISMA that provides ADU level encryption in an
attempt to do DRM. But they use RTP packet level authentication and I
don't think anyone has suggested that you do it at a finer level. If the
current text is read to mean that then I would definitely change it.
Because I don't think the payload format is the right place to do
authentication.

>From my perspective we can resolve this in several ways:

1. Leave as it is and basically say go find a suitable solution.

2. Point to possible solutions in draft-ietf-avt-srtp-not-mandatory with
an informative reference.

3. List explicitly what potential solutions there are without going into
detail, simple provide a list and not comment on when or when they do
work. I would also put a disclaimer saying that there might be
additional solutions that also can meet the threat model one has.

4. Make the essay that tries to provide an overview of the IETF
solutions that exist. The big issue is how far into different threat
models one can go. If one starts discussing this it is soon a multi-page
document in itself.

5. I actually uses the template text from
http://tools.ietf.org/wg/avt/draft-ietf-avt-rtp-howto/
as that seems to work fine and not be raising objections. At least it
went straight through for draft-ietf-avt-rtp-g711wb. The only thing
don't covered by the template in my mind is the interleaving issue which
is a very minor one.

I do seem to get some security discussion every time I bring an RTP
payload format onto the table. Maybe if I was better at following my own
advice in draft-ietf-avt-rtp-howto I would get less issues. It would be
good if we could get at least some current agreement about what the
right level to discuss issues at are and what additional documentation
that do needs to be published so that people doesn't have to repeat it
all the time. Even if it needs to be repeated that we agree on some
wording that we can put into the template in
http://tools.ietf.org/wg/avt/draft-ietf-avt-rtp-howto/

Cheers

Magnus Westerlund

IETF Transport Area Director & TSVWG Chair
----------------------------------------------------------------------
Multimedia Technologies, Ericsson Research EAB/TVM
----------------------------------------------------------------------
Ericsson AB                | Phone  +46 10 7148287
Färögatan 6                | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------
_______________________________________________
secdir mailing list
secdir@mit.edu
https://mailman.mit.edu/mailman/listinfo/secdir
_______________________________________________
secdir mailing list
secdir@ietf.org
https://www.ietf.org/mailman/listinfo/secdir

v2.23.0 | Report a Bug | By Email