Re: [secdir] review of draft-ietf-mmusic-connectivity-precon-06
Sam Hartman <hartmans-ietf@mit.edu> Thu, 08 October 2009 15:08 UTC
Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AAF073A6AA4 for <secdir@core3.amsl.com>; Thu, 8 Oct 2009 08:08:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.428
X-Spam-Level:
X-Spam-Status: No, score=-2.428 tagged_above=-999 required=5 tests=[AWL=-0.163, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ViMHGjAQRI5V for <secdir@core3.amsl.com>; Thu, 8 Oct 2009 08:08:36 -0700 (PDT)
Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by core3.amsl.com (Postfix) with ESMTP id CD8313A6AA2 for <secdir@ietf.org>; Thu, 8 Oct 2009 08:08:35 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id AE07E20205; Thu, 8 Oct 2009 11:10:15 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 7F0CD43C4; Thu, 8 Oct 2009 11:10:01 -0400 (EDT)
To: Stephen Kent <kent@bbn.com>
References: <p06240808c6f371223391@[193.0.26.228]>
From: Sam Hartman <hartmans-ietf@mit.edu>
Date: Thu, 08 Oct 2009 11:10:01 -0400
In-Reply-To: <p06240808c6f371223391@[193.0.26.228]> (Stephen Kent's message of "Thu\, 8 Oct 2009 06\:40\:31 -0400")
Message-ID: <tsliqepx6pi.fsf@mit.edu>
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: fluffy@cisco.com, secdir@ietf.org, oran@cisco.com, Gonzalo.Camarillo@ericsson.com, fandreas@cisco.com, dwing@cisco.com, rjsparks@nostrum.com
Subject: Re: [secdir] review of draft-ietf-mmusic-connectivity-precon-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2009 15:08:36 -0000
>>>>> "Stephen" == Stephen Kent <kent@bbn.com> writes: Stephen> I find this text to be too vague to be useful. It ought Stephen> to cite specific mechanisms in RFCs, at least as Stephen> examples, preferably as recommendations. The lack of Stephen> specific, cited mechanisms makes this section almost Stephen> vacuous. I suggest that the authors revise the text here Stephen> to cite appropriate mechanisms. Arje there any? Last time I looked at ICE, it didn't have integrity mechanisms. Also, let's say that you added an integrity mechanism to ICE. How would it help against attacks that prevented media streams from being established? You could defend against attacks that caused media streams to appear to be established. For example in the DTLS SRTP case, if you wait for the DTLS negotiation to conclude, and if you exchanged a fingerprint in SDP, you have fairly high confidence that you did in fact establish the media stream. I don't know how that interacts with everything else going on in this draft. One question I'd ask is how important are these attacks? The first category in particular--DOS attacks that prevent media streams from appearing to establish--seems quite difficult to defend against. Perhaps documenting it as a residual threat would be appropriate. How much detail we go into to the second class of attack seems to depend on how important of a threat it is. If it is relatively unimportant, perhaps it is sufficient to point out that integrity at the media layer bound to an integrity protected exchange at the SDP layer could be sufficient to defeat the attack. I agree with Steve that specific citations to such mechanisms should be included. However if the attack is more important, then perhaps we need to develop this into specific recommendations for common media stream classes.
- [secdir] review of draft-ietf-mmusic-connectivity… Stephen Kent
- Re: [secdir] review of draft-ietf-mmusic-connecti… Sam Hartman
- Re: [secdir] review of draft-ietf-mmusic-connecti… Stephen Kent
- Re: [secdir] review of draft-ietf-mmusic-connecti… Sam Hartman
- Re: [secdir] review of draft-ietf-mmusic-connecti… Gonzalo Camarillo
- Re: [secdir] review of draft-ietf-mmusic-connecti… Sam Hartman
- Re: [secdir] review of draft-ietf-mmusic-connecti… Dan Wing
- Re: [secdir] review of draft-ietf-mmusic-connecti… Stephen Kent
- Re: [secdir] review of draft-ietf-mmusic-connecti… Sandra Murphy
- Re: [secdir] review of draft-ietf-mmusic-connecti… Gonzalo Camarillo