Re: [secdir] Secdir last call review of draft-ietf-perc-private-media-framework
Vincent Roca <vincent.roca@inria.fr> Mon, 04 March 2019 14:02 UTC
Return-Path: <vincent.roca@inria.fr>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D9A013106B; Mon, 4 Mar 2019 06:02:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bQ80I31_iIJs; Mon, 4 Mar 2019 06:02:19 -0800 (PST)
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBE5B12D4EF; Mon, 4 Mar 2019 06:02:18 -0800 (PST)
X-IronPort-AV: E=Sophos;i="5.58,440,1544482800"; d="scan'208,217";a="371808139"
Received: from moucherotte.inrialpes.fr ([194.199.28.14]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Mar 2019 15:02:16 +0100
From: Vincent Roca <vincent.roca@inria.fr>
Message-Id: <D519986E-441D-4923-A556-6F3793B451BD@inria.fr>
Content-Type: multipart/alternative; boundary="Apple-Mail=_AB4E3043-79C5-4E56-B443-0063ED209835"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Mon, 04 Mar 2019 15:02:16 +0100
In-Reply-To: <CAM5V9Z8Dz=qSB3n+8RGGx0d=1PgLds01asgOGDyhFL81g=TiuQ@mail.gmail.com>
Cc: Vincent Roca <vincent.roca@inria.fr>, secdir@ietf.org, draft-ietf-perc-private-media-framework.all@ietf.org, The IESG <iesg@ietf.org>
To: David Benham <dabenham@gmail.com>, "Paul E. Jones" <paulej@packetizer.com>
References: <155014077570.26619.9407568904769535504@ietfa.amsl.com> <emb104d043-b701-4e92-9e08-1e1815c2981f@sydney> <6882A552-80DF-4322-9683-13D8E655F2DB@inria.fr> <em0afb83b5-7014-4039-88b4-5ae3d87a6b0b@sydney> <DB650EB5-5E7E-46B3-A8B7-524B36D2AC26@inria.fr> <CAM5V9Z8Dz=qSB3n+8RGGx0d=1PgLds01asgOGDyhFL81g=TiuQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/W4ee521y6LY00GHzw3o45ik3XLY>
Subject: Re: [secdir] Secdir last call review of draft-ietf-perc-private-media-framework
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 14:02:23 -0000
Hello David, Paul, all, I gave a look at version -09 of your I-D, here are a few comments. Summary: Almost ready ** Section 8.1 There is a sentence introducing section 8.2, but none for section 8.1. For instance it is not explicitely explained what is meant by « 3rd party attack ». I suggest adding a sentence. ** Section 8.1 You’re saying that "If mutual DTLS authentication is not employed… ». Is it really an optional mechanism? I must admit I haven’t read the rest of your I-D where this is probably explained, I’m just a bit surprised here. ** Section 8.2.2 It is suggested but not clearly said that the replay protection of Section 3.3.2/[RFC3711] MUST be used. The sentence can be understood as replay protection is mandatory, Section 3.3.2 of [RFC3711] is an example of such a mechanism. I don't think this is what you mean. ** Section 8.2.3 Saying that "The delayed playout attack is a variant of the replay attack" is IMHO misleading. Delaying and re-sending a packet already sent are two different attacks (and the fact that replay protection is of no help against delayed packets is a good sign of these differences). I'd remove this sentence altogether. Otherwise, concerning your previous comment: > Follow up question regarding your general comments on sect 8.1 and 8.2 which we have not yet addressed in -09 ; > > > Attacks of section 8.1 seems more realistic to me than attacks of section 8.2 > > because of a weaker attacker model: the attacker is outside of the systems, > > and not necessarily on the path. > > Therefore I would have liked to see more details in section 8.1, that’s all. > > You're asking for greater detail in sect 8.1 precisely because you estimate that third-party attacks (aka outsiders to a given conference) are more likely/common than the attacks we covered in the subsequent 8.2 section. Is that correct? > > If so, I think we could restate some of what we have in sect 8.1 to make it flow better and/or be clearer. But it is not clear to us what we left out detail-wise, or if we left out other attack examples. > > With PERC's HBH integrity checks, authentication as well as HBH and E2E encryption, we can quickly describe in text the prevention/mitigation of attacks on the confidentiality of the media/content - PERCs reason to be - to explain some of the brevity. > > Could you help point us in the right direction with an example or two of the things we should do to detail/elaborate sect 8.1. [VR] I was surprised to see for instance 8 lines of text in section 8.2.2 or 8.2.4 to describe attacks that cannot take place because of the PERC design. That being said, I see that version -09 has a more detailed section 8.1 which is fine. Cheers, Vincent
- [secdir] Secdir last call review of draft-ietf-pe… Vincent Roca
- Re: [secdir] Secdir last call review of draft-iet… Benjamin Kaduk
- Re: [secdir] Secdir last call review of draft-iet… Paul E. Jones
- Re: [secdir] Secdir last call review of draft-iet… Vincent Roca
- Re: [secdir] Secdir last call review of draft-iet… Paul E. Jones
- Re: [secdir] Secdir last call review of draft-iet… Vincent Roca
- Re: [secdir] Secdir last call review of draft-iet… Paul E. Jones
- Re: [secdir] Secdir last call review of draft-iet… David Benham
- Re: [secdir] Secdir last call review of draft-iet… Vincent Roca
- Re: [secdir] Secdir last call review of draft-iet… Paul E. Jones
- Re: [secdir] Secdir last call review of draft-iet… Vincent Roca
- Re: [secdir] Secdir last call review of draft-iet… Paul E. Jones
- Re: [secdir] Secdir last call review of draft-iet… Vincent Roca
- Re: [secdir] Secdir last call review of draft-iet… Paul E. Jones
- Re: [secdir] Secdir last call review of draft-iet… Vincent Roca