IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-siprec-metadata-20

David Mandelberg <david@mandelberg.org> Wed, 17 February 2016 17:54 UTC

Return-Path: <david@mandelberg.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68DB11AD376 for <secdir@ietfa.amsl.com>; Wed, 17 Feb 2016 09:54:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jUQ-im49sZeD for <secdir@ietfa.amsl.com>; Wed, 17 Feb 2016 09:54:34 -0800 (PST)
Received: from nm23-vm9.access.bullet.mail.bf1.yahoo.com (nm23-vm9.access.bullet.mail.bf1.yahoo.com [216.109.115.168]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C57D1ADBF8 for <secdir@ietf.org>; Wed, 17 Feb 2016 09:54:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1455731672; bh=fRiBFqUTeDUWrrPV5ybPvOAyhd5cg5SPYQYeUcBagA4=; h=Subject:To:References:From:Date:In-Reply-To:From:Subject; b=ACcxFMxljLcRPUTympNKQ0vgpfjT/H/2/dXvuHexJrRadRG5nDnfEdCm9VsR7EmyUSr3BG9SIaI8rISruuhTbIz4ASbL58HeYnJSxit8Ls2t0CBT/KJJ5foBLskB/YI37Ob11ZTFfLe2meVHI/3ZLMMDERgR+sUnujOygJgIM1T41B2K42ShLprpTJoE0igo7wObrkekYnvclzLxcv8Oi86qcaAs8ZzooEKfrIp3yVDGkIaJX4z4NMQEqJXBU0WhTmEQyfQh+NYEr0Bkd70LY9bYUd/vx71AUqe62Wd+1J3YFgqPY39r9vXI+4+uGGcZnOGpGCV9rM+o2lgkQkHrtQ==
Received: from [66.196.81.166] by nm23.access.bullet.mail.bf1.yahoo.com with NNFMP; 17 Feb 2016 17:54:32 -0000
Received: from [98.138.104.99] by tm12.access.bullet.mail.bf1.yahoo.com with NNFMP; 17 Feb 2016 17:54:32 -0000
Received: from [127.0.0.1] by smtp119.sbc.mail.ne1.yahoo.com with NNFMP; 17 Feb 2016 17:54:32 -0000
X-Yahoo-Newman-Id: 637618.23535.bm@smtp119.sbc.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: IflOqHAVM1kG1eeFkmsIRe1VkDm6ZUAFPnGZKBf52BNF7VW O4.u9AqyJtnuItlv0SR5oRKnthD.t.pNWNvOnPzqfkziuGE8cGatQm9HxMsg CA7jiuGiVMB2haEDZJ5f6EqX00ZUaxMzkYp3fuUk4mdBvpDk3ZREQozLQhKX jE6vVPJ.vin2GgwkdcLd1Kuw15_s.A7Sua1ub6aRWOfUYaxmGRhcq7KdUu45 Hy_keLxZcW2B0WoCvIDXtzue4TzPBeVLBjDX4ou9uLaJ1dX.tFbRvTlq1CLR z0vjQ7d4l5CIepitGKSV_jUHgEjiR87GR44ylwdTKurfh5mY4VsaepYs9ZlB KMxx66EZYewI1bdgPTHAMi2PbWKgKxq4KchLg7iY0tsc1VDpmemonvX89UtK s8haGxzx_711yWSi8kra53w54Ke4lwy4i4Kw2mC_S3Z3ks5PMA6s6CSLhaWR 01xx5rWWcvU68RVmLrf9mK7i4w2JHeaeh5wBAKX6100hlmA9fMkmO8vuXcP1 3_J7X.VA0SWFgsJLkE4yvZsho_lQGwpTqfaraLg--
X-Yahoo-SMTP: 4kJJK.qswBDPuwyc5wW.BPAQqNXdy5j09UNyeAS0pyOQ708-
Received: from [192.168.1.16] (c-76-24-31-176.hsd1.ma.comcast.net [76.24.31.176]) by uriel.mandelberg.org (Postfix) with ESMTPSA id 094A11C6031; Wed, 17 Feb 2016 12:54:31 -0500 (EST)
To: Paul Kyzivat <pkyzivat@alum.mit.edu>, iesg@ietf.org, secdir@ietf.org, draft-ietf-siprec-metadata.all@tools.ietf.org
References: <56C0EB89.4050409@mandelberg.org> <56C15FB9.8030600@alum.mit.edu>
From: David Mandelberg <david@mandelberg.org>
X-Enigmail-Draft-Status: N1110
Message-ID: <56C4B3D6.6040700@mandelberg.org>
Date: Wed, 17 Feb 2016 12:54:30 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <56C15FB9.8030600@alum.mit.edu>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="CJVROEBCm6qceXRbrfDnG2mTUOjNxhlVN"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/iB_Y_89Aci1lmMn1s8LO6hxGoQg>
Subject: Re: [secdir] secdir review of draft-ietf-siprec-metadata-20
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Feb 2016 17:54:35 -0000

On 02/15/2016 12:18 AM, Paul Kyzivat wrote:
> On 2/14/16 4:03 PM, David Mandelberg wrote:
>> Section 6.10 says that "multiple SRC's [clients] can refer to the same
>> element/UUID (how each SRC learns the UUID here is out of scope of
>> SIPREC)". But what happens if two clients try to define different
>> objects with the same UUID? Does one of the objects take precedence for
>> all clients? If all of the benign clients are relying on referencing an
>> object A with UUID 1, and a malicious client is able to send an object B
>> also with UUID 1, that might compromise the integrity of the metadata
>> sent by the benign clients. This could be mitigated by requiring that
>> UUIDs are generated (pseudo-)randomly and are kept confidential from
>> potential adversaries, but I don't think the draft says either of these
>> things.
> 
> The UUIDs used in the metadata are intended to be *unique*. Distinct
> SRCs that construct new UUIDs are expected to follow the rules for
> constructing them so that they are indeed unique.

Yes, but a malicious SRC probably won't do what you're expecting of a
benign SRC. I agree that the text in the draft is good *if* it were true
that all SRCs are benign.


> If two SRCs use the same UUID it will be because they intentionally
> choose to do so.

Or because the malicious SRC is intentionally choosing to do so, without
permission or cooperation from the benign SRC.

> Typically this will be by some back channel to
> communicate among themselves. (I suppose there could potentially be some
> algorithmic way for them to construct UUIDs in a coordinated way, but I
> won't speculate on that.)
> 
> By design there should be no accidental reuse of UUIDs.

I agree. I'm worried only about malicious reuse of UUIDs.

> 
>     Thanks,
>     Paul
> 


-- 
David Eric Mandelberg / dseomn
http://david.mandelberg.org/

v2.23.0 | Report a Bug | By Email