Re: [secdir] Secdir last call review of draft-ietf-perc-private-media-framework-08

Benjamin Kaduk <kaduk@mit.edu> Fri, 15 February 2019 01:01 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BC6D130E1C; Thu, 14 Feb 2019 17:01:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TKOawq-jrAxt; Thu, 14 Feb 2019 17:01:31 -0800 (PST)
Received: from NAM05-CO1-obe.outbound.protection.outlook.com (mail-eopbgr720112.outbound.protection.outlook.com [40.107.72.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E45B130E3F; Thu, 14 Feb 2019 17:01:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v3zRiwkkR482GC81Qc8ZYIM2wRaq9TYd6j9IxkHDWIA=; b=HPI3+iBMJNhdErSlBfugim5Oo207owrDq/Mq9CK/i7MyRJ/RSbblCbKTbzMsjKKZKshV8cQu5rdrsrjsQJpbS4JjTdmWyeMOkYK3+yEX8hEY9kLeYN5cVOQthv5mHXFUDgcJCgcOzuMNIsm9s2g09dhlTjBosL503QcR/ZmhvK0=
Received: from MWHPR01CA0029.prod.exchangelabs.com (2603:10b6:300:101::15) by DM5PR01MB3289.prod.exchangelabs.com (2603:10b6:3:fd::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1601.19; Fri, 15 Feb 2019 01:01:30 +0000
Received: from CO1NAM03FT060.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e48::200) by MWHPR01CA0029.outlook.office365.com (2603:10b6:300:101::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1622.17 via Frontend Transport; Fri, 15 Feb 2019 01:01:30 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by CO1NAM03FT060.mail.protection.outlook.com (10.152.81.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1580.10 via Frontend Transport; Fri, 15 Feb 2019 01:01:27 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x1F11Nnc017296 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 14 Feb 2019 20:01:25 -0500
Date: Thu, 14 Feb 2019 19:01:23 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Vincent Roca <vincent.roca@inria.fr>
CC: <secdir@ietf.org>, <iesg@ietf.org>, <draft-ietf-perc-private-media-framework.all@ietf.org>
Message-ID: <20190215010122.GS56447@kduck.mit.edu>
References: <155014077570.26619.9407568904769535504@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <155014077570.26619.9407568904769535504@ietfa.amsl.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(346002)(396003)(376002)(39860400002)(136003)(2980300002)(199004)(51914003)(189003)(23726003)(16586007)(106466001)(786003)(4326008)(58126008)(54906003)(76176011)(106002)(186003)(26005)(86362001)(7696005)(316002)(53416004)(97756001)(33656002)(305945005)(88552002)(2906002)(75432002)(8936002)(486006)(26826003)(6246003)(229853002)(50466002)(956004)(478600001)(11346002)(14444005)(426003)(55016002)(356004)(336012)(126002)(46406003)(446003)(6916009)(476003)(246002)(47776003)(8676002)(1076003)(104016004)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR01MB3289; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; A:1; MX:1;
X-Microsoft-Exchange-Diagnostics: 1; CO1NAM03FT060; 1:83vqzQV99GthvfYvaLpop0V8ldW8PEuknRV1dgeg7aWav6QlI9syr7zO1KDNhXLgnHf1l0x+pc2jVWT/cs6lLqhYoFoWljFI0r47GPr7bwMpYKUoBTsDGCOJBmILfEl3kBsZwDCS0pjwLeexh0mgnp4EbuKVDqVCcz2BBmZ+pgI=
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 117b12d5-ca53-4446-ebf7-08d692e11e79
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600110)(711020)(4605077)(4608076)(4709027)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060); SRVR:DM5PR01MB3289;
X-MS-TrafficTypeDiagnostic: DM5PR01MB3289:
X-Microsoft-Exchange-Diagnostics: 1; DM5PR01MB3289; 20:dqNBdMnGyzd4o3PdIz/dC3Xh5Xkzx/mmJcjgibtJGmZ0yc/P0g2IsfERE6g82bwwnuY0QMNi1p8uXUFj+f5gK5AQ3vziyRl3mfsxKhAhUfT+VTQh0Jv9m+OAoo0MA6wZs0jaNfzx+kjDdQzY5Oh/7n0OcUz9A9CMGRWjAOdi+UWTT+15FSr467a+mzNV6HH5Bsl7VrNV+s1BoO5NXUw/C32yMK2ea5i1s+meubbboKXFW94VNY/QIK/0PjMBtQWw+1yn4S73wOQSQObOD3guZWV2KBgCSQ/jmrOK4jcGEZLkoV/JaXQOZNjhpwV+fOe5qnTn9w8hWUasfriskK/TsMlXaD8T4KClbC89O8ukiXiRhCQ4uJtblk63HqacL1rb4Txx27HfPh3fZbPkrzpERIKGcPH9poWX7YQyhkADWkl9AX0fuITJIHNr8UgGEcYrxUFLjXvbgf+mo62aSPCxKhZNmP2tZOjwCOZJBmLDGiFi/7rpANygX5gsOluWteaCzMC3pt2N5+PgmiWa27W8zbWh0dIpNErhUYMAYgAhmtvTo9oJan1AfwdZQmvAMyX92RMcIwejI2pG6DWFd7J0eYZBsZr4w+e+kTqXvuVn+Lo=
X-Microsoft-Antispam-PRVS: <DM5PR01MB328981D860A6C317EC713739A0600@DM5PR01MB3289.prod.exchangelabs.com>
X-Forefront-PRVS: 09497C15EB
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR01MB3289; 23:+1SSBVpS7CyRXX1hH/ZefrMvhrLOknaipxh9WChrD?= =?us-ascii?Q?7i0IVaO9IgOmLy9zbSNx16/74Zt/4v4E4e9evTou6g2MEUosYghYA+EYqEIJ?= =?us-ascii?Q?tZnUVkPMfQZH1uZX2jhcxeVLSfqQDmDocTNoqToA75vIGD6q4qTcL+7leVrv?= =?us-ascii?Q?CPDNt3l0Mtt9rw1kLvco9yWxNBL3aubiq714q3BNP3+SjQGqGpTlL7yq1mK4?= =?us-ascii?Q?sdOR5Lwacx8HyUfHimnwN3GOw9/N3A0IZjVCamEcrHG2oIvIFDHsQ5AIoKuQ?= =?us-ascii?Q?pma8s927MPEH7CrCQDz4aURJ3F2A1MtJdKQM5E538S218DRV5MGadSNuiA5E?= =?us-ascii?Q?MN17ydHjXzaUZnx9XOreCslNduGO+XkLlEbKyNK9f8IBAIYQ7NYNlOCo9V1s?= =?us-ascii?Q?oG+JWSStFNEGnf3SC9HFhru1Wsj7iCQsVjCTtIih1VkTOC1DDfzLj+QexuQy?= =?us-ascii?Q?nxKp1ScddZscPvT5i5L1JH2Qjbp6ea1rxxkRfwhd+QO1Daaj2tp8kjDGhuDE?= =?us-ascii?Q?bmTcu7ze6mnEkINlbeYPg91eDj3LKC5HEbHDD7bhkFxc56/FcoynQEmiR8yP?= =?us-ascii?Q?T5GRcev6zMtPeSzesZNwUiI0zIBzeOk3HyzV3yJ4fxpGskVNAQH2UsMYxIZ3?= =?us-ascii?Q?PfS7AJismUtauFojdFPTEZ/QvwtOBJ0azPRack0yxqr+DpF3ajAyj9joADK6?= =?us-ascii?Q?YdfJUL1vFrYAaqEv9AqWUCgHxzGaTlo2hJYNAlRbPPSrrW8hi7hZAZXgzil8?= =?us-ascii?Q?ruLzSRvlnIcmCK3G6qV+ihDSRF3uKYgMOyBp3hD4I6U6Q6xx3OjORld1sz0Z?= =?us-ascii?Q?iY5KWREp0DJNhiEeRmGvD/bLUy9XgjXitCB5e7RCE4n5yFVUEA9P6PJqsY1k?= =?us-ascii?Q?amfuna3cWLezY6GDqj2MH14FIYcmYn9ARAEmt+7KlKvPXuO8+FeJax5Uj+kc?= =?us-ascii?Q?zLmrLervM8VoNHXgnG4iGsYy3MA6ybvlmEkcFlJMH5EZL6qY8/gCIxE1eJxy?= =?us-ascii?Q?n/95tgSkdjI6UI5z8m/FwWtIbQyE9OR8Afj3iyJlLcdyAFtkx1ih/wN4ALmc?= =?us-ascii?Q?44L/4T4jVQHXbbgJhJe1Jx/RtUCVDv3+4945WicF82MRqiLBu5HZKLemtVtl?= =?us-ascii?Q?VNB61A7aRfPjgixg9bYyyukHbYv/wYf85cr0oAJcQ0JcXW36uVB2QlMELlJv?= =?us-ascii?Q?Lrcvox3cVcghNMMMORzl7sQXlV9xid1RNYN?=
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: lnSsToHint6zkkM8yiT0BRjE0QPvKg7zCgSNXC9iJxSUivim7fSn3qtbzfg0hlj6LXbu3rjrXeuYJwQVVYM6Ug5lPqWZeY01vYaiAPLajllt/Cqqkrc6LKqYm+jAxTYVn2QOq+dt6QkKxHcV3iC3q8d8F6Qqa4nGn6GrVjq9uIAfQs5jVYrKUno1fgMgtwGaEsfnLYcWzwJTzDcv4Gp15Fb3NqkIrpicO60sPh7tgNBjfz8JafwgwR5j+pemd9JKd9J6rWvAQxu2H7SBClyR/wBP9rz+HdbHIrYA/ZI/ajFuuvJc/3TnZBwdsbeRP7IiG6hInJfe1hmwLfFiOuItKHbmso8EgaK/dJRtSgajc3PzBdcd53JJMIrNy2SJQmspX/iJInGv/IBtECnQfd8N+ooH2UwSuNl4HNgLRrAqeKI=
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2019 01:01:27.8708 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 117b12d5-ca53-4446-ebf7-08d692e11e79
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR01MB3289
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/rVt3WJPwhFZm79bZgh8xaIZQP5Y>
Subject: Re: [secdir] Secdir last call review of draft-ietf-perc-private-media-framework-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 01:01:33 -0000

Thanks for the review, Vincent!  On one specific note...

On Thu, Feb 14, 2019 at 02:39:35AM -0800, Vincent Roca wrote:
> 
> ** Section 8.2.4:
> I don't like the way this section is written. It first explains what a Media
> Distributor could do if it could alter a certain header field (in this case
> SSRC), it details the consequences, to finally explain that this is not
> possible. This Security Discussion section is essentially meant to discuss
> remaining security issues or highlight specific aspects, not what could happen
> with a different, non secure, design. This text could also be written the other
> way round: "By including the SSR field into the integrity check, PERC prevents
> splicing attacks where...".

There has been some fairly active discussion on the ietf@ list about topics
including SSRC rewriting; my current suggestion to the authors would be to
retain discussion of the topic but to reframe it as suggested here, "by
including the field into the integrity check, this mechanism avoids
splicing attacks wherein ..."

-Benjamin