[secdir] Security review of draft-ietf-perc-srtp-ekt-diet-08
"Hilarie Orman" <hilarie@purplestreak.com> Fri, 01 February 2019 07:42 UTC
Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6270131106; Thu, 31 Jan 2019 23:42:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g_XSOoxhR_X4; Thu, 31 Jan 2019 23:42:54 -0800 (PST)
Received: from out03.mta.xmission.com (out03.mta.xmission.com [166.70.13.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EE2612875B; Thu, 31 Jan 2019 23:42:54 -0800 (PST)
Received: from in02.mta.xmission.com ([166.70.13.52]) by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1gpTTQ-0006U7-Cm; Fri, 01 Feb 2019 00:42:52 -0700
Received: from [72.250.219.84] (helo=rumpleteazer.rhmr.com) by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1gpTTP-0006CW-NE; Fri, 01 Feb 2019 00:42:52 -0700
Received: from rumpleteazer.rhmr.com (localhost [127.0.0.1]) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id x117gdIx030847; Fri, 1 Feb 2019 00:42:39 -0700
Received: (from hilarie@localhost) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Submit) id x117gdGm030846; Fri, 1 Feb 2019 00:42:39 -0700
Date: Fri, 01 Feb 2019 00:42:39 -0700
Message-Id: <201902010742.x117gdGm030846@rumpleteazer.rhmr.com>
From: Hilarie Orman <hilarie@purplestreak.com>
Reply-To: Hilarie Orman <hilarie@purplestreak.com>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-rtcweb-fec.all@tools.ietf.org
X-XM-SPF: eid=1gpTTP-0006CW-NE; ; ; mid=<201902010742.x117gdGm030846@rumpleteazer.rhmr.com>; ; ; hst=in02.mta.xmission.com; ; ; ip=72.250.219.84; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-XM-AID: U2FsdGVkX1+3xh4LPwWxBL4RJts0k7kv
X-SA-Exim-Connect-IP: 72.250.219.84
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1
X-Spam-Combo: *********;iesg@ietf.org, secdir@ietf.org, draft-ietf-rtcweb-fec.all@tools.ietf.org
X-Spam-Relay-Country:
X-Spam-Timing: total 378 ms - load_scoreonly_sql: 0.05 (0.0%), signal_user_changed: 3.3 (0.9%), b_tie_ro: 2.2 (0.6%), parse: 0.64 (0.2%), extract_message_metadata: 3.0 (0.8%), get_uri_detail_list: 0.89 (0.2%), tests_pri_-1000: 2.6 (0.7%), tests_pri_-950: 1.25 (0.3%), tests_pri_-900: 1.05 (0.3%), tests_pri_-90: 17 (4.5%), check_bayes: 15 (4.0%), b_tokenize: 4.4 (1.2%), b_tok_get_all: 5.0 (1.3%), b_comp_prob: 1.83 (0.5%), b_tok_touch_all: 2.4 (0.6%), b_finish: 0.54 (0.1%), tests_pri_0: 341 (90.0%), check_dkim_signature: 0.46 (0.1%), check_dkim_adsp: 52 (13.7%), poll_dns_idle: 46 (12.2%), tests_pri_10: 2.1 (0.6%), tests_pri_500: 4.9 (1.3%), rewrite_mail: 0.00 (0.0%)
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/rlMXgykB2D5JAI1slbSINen-zvg>
Subject: [secdir] Security review of draft-ietf-perc-srtp-ekt-diet-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Feb 2019 07:42:56 -0000
Security Review of WebRTC Forward Error Correction Requirements draft-ietf-rtcweb-fec-08 Do not be alarmed. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The document describes the appropriate uses of FEC for web content when using WebRTC. It also describes how to indicate that FEC is being used. The Security Considerations mention the possibility of additional network congestion when using FEC. Although this can be a problem, I do not think it is a security issue, thus it does not belong in this section. There is a security-related issue wrt to FEC and encryption. If the error model is that message blocks may be lost but not altered in transit, then FEC with encryption is fine. But if FEC is added for the purpose of correcting corrupted bits in a message block, then it is important that FEC is done after encryption. The draft seems to ignore the issue, and it also seems to recommend a processing scheme that would result in encryption of the FEC data. If there is a body of practice for other IETF FEC protocols that explains these issues, an explicit reference to it in the Security Considerations would be very helpful. Hilarie
- [secdir] Security review of draft-ietf-perc-srtp-… Hilarie Orman
- [secdir] Security review of draft-ietf-rtcweb-fec… Ben Campbell
- Re: [secdir] Security review of draft-ietf-rtcweb… Justin Uberti
- Re: [secdir] Security review of draft-ietf-rtcweb… Hilarie Orman
- Re: [secdir] Security review of draft-ietf-rtcweb… Justin Uberti
- Re: [secdir] Security review of draft-ietf-rtcweb… Hilarie Orman
- Re: [secdir] Security review of draft-ietf-rtcweb… Sean Turner