Re: [secdir] draft-ietf-avt-rtp-g719-04, RTP Payload format for G.719
Russ Housley <housley@vigilsec.com> Tue, 09 December 2008 15:26 UTC
Return-Path: <secdir-bounces@ietf.org>
X-Original-To: secdir-archive@ietf.org
Delivered-To: ietfarch-secdir-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7B09E3A6B2A; Tue, 9 Dec 2008 07:26:54 -0800 (PST)
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F414D3A6B2A for <secdir@core3.amsl.com>; Tue, 9 Dec 2008 07:26:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.607
X-Spam-Level:
X-Spam-Status: No, score=-104.607 tagged_above=-999 required=5 tests=[AWL=1.992, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lo7NL5FB+lhq for <secdir@core3.amsl.com>; Tue, 9 Dec 2008 07:26:53 -0800 (PST)
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by core3.amsl.com (Postfix) with ESMTP id E35093A68F1 for <secdir@ietf.org>; Tue, 9 Dec 2008 07:26:52 -0800 (PST)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id mB9FQkHZ000859 for <secdir@ietf.org>; Tue, 9 Dec 2008 10:26:47 -0500
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id mB9FQfE0000842 for <secdir@PCH.mit.edu>; Tue, 9 Dec 2008 10:26:41 -0500
Received: from mit.edu (W92-130-BARRACUDA-2.MIT.EDU [18.7.21.223]) by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id mB9FQVqN020643 for <secdir@mit.edu>; Tue, 9 Dec 2008 10:26:32 -0500 (EST)
Received: from woodstock.binhost.com (woodstock.binhost.com [8.8.40.152]) by mit.edu (Spam Firewall) with SMTP id 0B87D113643E for <secdir@mit.edu>; Tue, 9 Dec 2008 10:26:07 -0500 (EST)
Received: (qmail 25118 invoked by uid 0); 9 Dec 2008 15:26:03 -0000
Received: from unknown (HELO THINKPADR52.vigilsec.com) (96.255.143.189) by woodstock.binhost.com with SMTP; 9 Dec 2008 15:26:03 -0000
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Tue, 09 Dec 2008 10:13:48 -0500
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <493E3657.1020204@ericsson.com>
References: <200812080137.mB81bm2G027217@localhost.localdomain> <493CE19D.3020107@ericsson.com> <20081208172732.8EAED500003@mailgw2.ericsson.se> <493E3657.1020204@ericsson.com>
Mime-Version: 1.0
Message-Id: <20081209152607.0B87D113643E@mit.edu>
X-Scanned-By: MIMEDefang 2.42
X-BeenThere: secdir@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Cc: fluffy@cisco.com, jon.peterson@neustar.biz, secdir@mit.edu, ingemar.s.johansson@ericsson.com, iesg@ietf.org, csp@csperkins.org, avt-chairs@tools.ietf.org
Subject: Re: [secdir] draft-ietf-avt-rtp-g719-04, RTP Payload format for G.719
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: secdir-bounces@ietf.org
Errors-To: secdir-bounces@ietf.org
I'm happy to see the draft-ietf-avt-srtp-not-mandatory coming along. I do not want to hold this document to wait for it. I do not know what others think, but either 3 or 5 would work for me. Russ At 04:11 AM 12/9/2008, Magnus Westerlund wrote: >Hi, > >I will add both the AVT chairs and my co-author on >draft-ietf-avt-srtp-not-mandatory into this thread. Because it does >concern the greater discussion on how to do RTP payload format security >consideration sections. > >Russ Housley skrev: > > I do not see this as a complete solution. I'd like to see a bit of > > discussion about where this mechanism is defined. Is there an example > > of a media stream format that includes authentication? > >I would basically say go read >http://tools.ietf.org/wg/avt/draft-ietf-avt-srtp-not-mandatory/ >why this turns into a 200-500 word essay assignment. I can do this but >the above document has been created to avoid having this happening. > >So SRTP provides authentication in the sense that you can determine if >the sender is in the group or outside of it based on if it is keyed or >not. If you needed true source authentication then to my knowledge we >end up in IPsec or for point to point case TLS/DTLS with or without SRTP > do also work. For RTP mixer and multi-point use cases there is no >solution due to that the mixer repackages the material. So the possible >trust models prevents true source authentication in this case. > >And to my knowledge there are no format that include authentication, >there is one hach by ISMA that provides ADU level encryption in an >attempt to do DRM. But they use RTP packet level authentication and I >don't think anyone has suggested that you do it at a finer level. If the >current text is read to mean that then I would definitely change it. >Because I don't think the payload format is the right place to do >authentication. > > From my perspective we can resolve this in several ways: > >1. Leave as it is and basically say go find a suitable solution. > >2. Point to possible solutions in draft-ietf-avt-srtp-not-mandatory with >an informative reference. > >3. List explicitly what potential solutions there are without going into >detail, simple provide a list and not comment on when or when they do >work. I would also put a disclaimer saying that there might be >additional solutions that also can meet the threat model one has. > >4. Make the essay that tries to provide an overview of the IETF >solutions that exist. The big issue is how far into different threat >models one can go. If one starts discussing this it is soon a multi-page >document in itself. > >5. I actually uses the template text from >http://tools.ietf.org/wg/avt/draft-ietf-avt-rtp-howto/ >as that seems to work fine and not be raising objections. At least it >went straight through for draft-ietf-avt-rtp-g711wb. The only thing >don't covered by the template in my mind is the interleaving issue which >is a very minor one. > >I do seem to get some security discussion every time I bring an RTP >payload format onto the table. Maybe if I was better at following my own >advice in draft-ietf-avt-rtp-howto I would get less issues. It would be >good if we could get at least some current agreement about what the >right level to discuss issues at are and what additional documentation >that do needs to be published so that people doesn't have to repeat it >all the time. Even if it needs to be repeated that we agree on some >wording that we can put into the template in >http://tools.ietf.org/wg/avt/draft-ietf-avt-rtp-howto/ > >Cheers > >Magnus Westerlund > >IETF Transport Area Director & TSVWG Chair >---------------------------------------------------------------------- >Multimedia Technologies, Ericsson Research EAB/TVM >---------------------------------------------------------------------- >Ericsson AB | Phone +46 10 7148287 >Färögatan 6 | Mobile +46 73 0949079 >SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com >---------------------------------------------------------------------- _______________________________________________ secdir mailing list secdir@mit.edu https://mailman.mit.edu/mailman/listinfo/secdir _______________________________________________ secdir mailing list secdir@ietf.org https://www.ietf.org/mailman/listinfo/secdir
- [secdir] draft-ietf-avt-rtp-g719-04, RTP Payload … Hilarie Orman
- Re: [secdir] draft-ietf-avt-rtp-g719-04, RTP Payl… Magnus Westerlund
- Re: [secdir] draft-ietf-avt-rtp-g719-04, RTP Payl… Russ Housley
- Re: [secdir] draft-ietf-avt-rtp-g719-04, RTP Payl… Magnus Westerlund
- Re: [secdir] draft-ietf-avt-rtp-g719-04, RTP Payl… Ingemar Johansson S
- Re: [secdir] draft-ietf-avt-rtp-g719-04, RTP Payl… Russ Housley
- Re: [secdir] draft-ietf-avt-rtp-g719-04, RTP Payl… Cullen Jennings
- Re: [secdir] draft-ietf-avt-rtp-g719-04, RTP Payl… Roni Even
- Re: [secdir] draft-ietf-avt-rtp-g719-04, RTP Payl… Magnus Westerlund
- Re: [secdir] draft-ietf-avt-rtp-g719-04, RTP Payl… Cullen Jennings
- Re: [secdir] draft-ietf-avt-rtp-g719-04, RTP Payl… Cullen Jennings
- Re: [secdir] draft-ietf-avt-rtp-g719-04, RTP Payl… Tim Polk
- Re: [secdir] draft-ietf-avt-rtp-g719-04, RTP Payl… Cullen Jennings