[secdir] Security review of draft-ietf-perc-srtp-ekt-diet-08

"Hilarie Orman" <hilarie@purplestreak.com> Fri, 01 February 2019 07:42 UTC

Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6270131106; Thu, 31 Jan 2019 23:42:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g_XSOoxhR_X4; Thu, 31 Jan 2019 23:42:54 -0800 (PST)
Received: from out03.mta.xmission.com (out03.mta.xmission.com [166.70.13.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EE2612875B; Thu, 31 Jan 2019 23:42:54 -0800 (PST)
Received: from in02.mta.xmission.com ([166.70.13.52]) by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1gpTTQ-0006U7-Cm; Fri, 01 Feb 2019 00:42:52 -0700
Received: from [72.250.219.84] (helo=rumpleteazer.rhmr.com) by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1gpTTP-0006CW-NE; Fri, 01 Feb 2019 00:42:52 -0700
Received: from rumpleteazer.rhmr.com (localhost [127.0.0.1]) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id x117gdIx030847; Fri, 1 Feb 2019 00:42:39 -0700
Received: (from hilarie@localhost) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Submit) id x117gdGm030846; Fri, 1 Feb 2019 00:42:39 -0700
Date: Fri, 1 Feb 2019 00:42:39 -0700
Message-Id: <201902010742.x117gdGm030846@rumpleteazer.rhmr.com>
From: "Hilarie Orman" <hilarie@purplestreak.com>
Reply-To: "Hilarie Orman" <hilarie@purplestreak.com>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-rtcweb-fec.all@tools.ietf.org
X-XM-SPF: eid=1gpTTP-0006CW-NE; ; ; mid=<201902010742.x117gdGm030846@rumpleteazer.rhmr.com>; ; ; hst=in02.mta.xmission.com; ; ; ip=72.250.219.84; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-XM-AID: U2FsdGVkX1+3xh4LPwWxBL4RJts0k7kv
X-SA-Exim-Connect-IP: 72.250.219.84
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1
X-Spam-Combo: *********;iesg@ietf.org, secdir@ietf.org, draft-ietf-rtcweb-fec.all@tools.ietf.org
X-Spam-Relay-Country:
X-Spam-Timing: total 378 ms - load_scoreonly_sql: 0.05 (0.0%), signal_user_changed: 3.3 (0.9%), b_tie_ro: 2.2 (0.6%), parse: 0.64 (0.2%), extract_message_metadata: 3.0 (0.8%), get_uri_detail_list: 0.89 (0.2%), tests_pri_-1000: 2.6 (0.7%), tests_pri_-950: 1.25 (0.3%), tests_pri_-900: 1.05 (0.3%), tests_pri_-90: 17 (4.5%), check_bayes: 15 (4.0%), b_tokenize: 4.4 (1.2%), b_tok_get_all: 5.0 (1.3%), b_comp_prob: 1.83 (0.5%), b_tok_touch_all: 2.4 (0.6%), b_finish: 0.54 (0.1%), tests_pri_0: 341 (90.0%), check_dkim_signature: 0.46 (0.1%), check_dkim_adsp: 52 (13.7%), poll_dns_idle: 46 (12.2%), tests_pri_10: 2.1 (0.6%), tests_pri_500: 4.9 (1.3%), rewrite_mail: 0.00 (0.0%)
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/rlMXgykB2D5JAI1slbSINen-zvg>
Subject: [secdir] Security review of draft-ietf-perc-srtp-ekt-diet-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Feb 2019 07:42:56 -0000

Security Review of WebRTC Forward Error Correction Requirements
draft-ietf-rtcweb-fec-08

Do not be alarmed.  I have reviewed this document as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG.  These comments were written primarily
for the benefit of the security area directors.  Document editors and
WG chairs should treat these comments just like any other last call
comments.

The document describes the appropriate uses of FEC for web content when
using WebRTC.  It also describes how to indicate that FEC is being used.

The Security Considerations mention the possibility of additional network
congestion when using FEC.  Although this can be a problem, I do not think
it is a security issue, thus it does not belong in this section.

There is a security-related issue wrt to FEC and encryption.  If the
error model is that message blocks may be lost but not altered in
transit, then FEC with encryption is fine.  But if FEC is added for
the purpose of correcting corrupted bits in a message block, then it
is important that FEC is done after encryption.  The draft seems to
ignore the issue, and it also seems to recommend a processing scheme
that would result in encryption of the FEC data.  If there is a body
of practice for other IETF FEC protocols that explains these issues,
an explicit reference to it in the Security Considerations would be
very helpful.

Hilarie