Re: [secdir] Fwd: RE: Stephen Farrell's No Objection on draft-ietf-xrblock-rtcp-xr-discard-14: (with COMMENT)
Uri Blumenthal <uri@MIT.EDU> Wed, 26 June 2013 12:14 UTC
Return-Path: <uri@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E0FE21F9C79 for <secdir@ietfa.amsl.com>; Wed, 26 Jun 2013 05:14:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5j-aFv2QyOmJ for <secdir@ietfa.amsl.com>; Wed, 26 Jun 2013 05:14:41 -0700 (PDT)
Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) by ietfa.amsl.com (Postfix) with ESMTP id 1A0F921F9C3D for <secdir@ietf.org>; Wed, 26 Jun 2013 05:14:40 -0700 (PDT)
X-AuditID: 12074425-b7f0c8e000000953-b3-51cadb2e5018
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id 76.50.02387.E2BDAC15; Wed, 26 Jun 2013 08:14:38 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id r5QCEaJs009752; Wed, 26 Jun 2013 08:14:37 -0400
Received: from [192.168.1.105] (chostler.hsd1.ma.comcast.net [24.62.227.134]) (authenticated bits=0) (User authenticated as uri@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id r5QCEXl1024543 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 26 Jun 2013 08:14:35 -0400
References: <9904FB1B0159DA42B0B887B7FA8119CA1AEEC7@AZ-FFEXMB04.global.avaya.com> <51CABF09.5050107@cs.tcd.ie>
Mime-Version: 1.0 (1.0)
In-Reply-To: <51CABF09.5050107@cs.tcd.ie>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <B88A0920-B905-4A8B-8D1A-387195970B94@mit.edu>
X-Mailer: iPad Mail (10B329)
From: Uri Blumenthal <uri@MIT.EDU>
Date: Wed, 26 Jun 2013 08:14:35 -0400
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrHIsWRmVeSWpSXmKPExsUixG6nrqt3+1SgwY5v+hYfFj5ksZi+9xq7 A5PH2u6rbB5LlvxkCmCK4rJJSc3JLEst0rdL4Mo4cqa84KZyxeszM1kaGFfKdjFyckgImEj8 OLaMGcIWk7hwbz1bFyMXh5DAPkaJyV/fs4MkhAQ2Mko8XOUGlWCSaNo7mwkikSdxbcUx1i5G Dg5eAXGJqwd9QMKcApoSk961sYCEmQV0JCYvZAQJMwvIS2x/OwdsF6+AlcSELpBdIHF1iTf3 V7NB3CAjsXn7Y7C1bAJKEs3NW1hBbGGBMon9j5+DjWQRUJXY2WsAEhYR0JfYu/kc+wRGwVkI N8xC2DsLyd4FjMyrGGVTcqt0cxMzc4pTk3WLkxPz8lKLdC30cjNL9FJTSjcxgoPWRXUH44RD SocYBTgYlXh4FbaeDBRiTSwrrsw9xCjJwaQkyrvi+qlAIb6k/JTKjMTijPii0pzU4kOMEhzM SiK8b+YD5XhTEiurUovyYVLSHCxK4rxit3YGCgmkJ5akZqemFqQWwWRlODiUJHj7bwE1Chal pqdWpGXmlCCkmTg4QYbzAA2fBlLDW1yQmFucmQ6RP8Woy7Fiz9b3jEIsefl5qVLivPNBigRA ijJK8+DmwJLNK0ZxoLeEeVtAqniAiQpu0iugJUxAS2YuAVtSkoiQkmpgNLj3Mch6UoPkyR6F iG371h9Q6f683d93rlXR+z2OaatXlivWns04dbZVJsnYp/uIa1BvIb/upafKi4rCXntsm6lo un6n4aF9zv33IuvKvzU7ruie/ndCQJ3E7Km+VXmVnHplR/+u9NwbNjXTxMjt5uJFD9jqPpqw /X7imVzYtmqlxIUGTakUJZbijERDLeai4kQAmbwWAhEDAAA=
Cc: "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Fwd: RE: Stephen Farrell's No Objection on draft-ietf-xrblock-rtcp-xr-discard-14: (with COMMENT)
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jun 2013 12:14:46 -0000
No promise, I'll try. Tnx! Sent from my iPad On Jun 26, 2013, at 6:14, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Anyone interested in thinking about whether there might be > side-channels caused by xrblock? [1] Or even in just giving > them a general presentation on side-channels to help 'em > figure out if they think there's an issue or not? > > Once the meeting schedule is firmed up I'll maybe ask on > saag but if someone here is interested in helping 'em > just let me know. > > Ta, > S. > > [1] http://tools.ietf.org/wg/xrblock/charters > > > -------- Original Message -------- > Subject: RE: Stephen Farrell's No Objection on > draft-ietf-xrblock-rtcp-xr-discard-14: (with COMMENT) > Date: Wed, 26 Jun 2013 10:06:00 +0000 > From: Romascanu, Dan (Dan) <dromasca@avaya.com> > To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org> > CC: xrblock-chairs@tools.ietf.org <xrblock-chairs@tools.ietf.org>, > draft-ietf-xrblock-rtcp-xr-discard@tools.ietf.org > <draft-ietf-xrblock-rtcp-xr-discard@tools.ietf.org> > > Hi, > > If this is a generic problem that can possibly impact several xrblock > documents, maybe we can have a security expert (a.k.a. co-ponderer) > attend the XRBLOCK meeting and discuss the issue with us. We seem to > have a pretty light wg agenda in Berlin, so it won't be a problem to > find time on it. > > Thanks and Regards, > > Dan > > > > >> -----Original Message----- >> From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] >> Sent: Tuesday, June 25, 2013 8:01 PM >> To: The IESG >> Cc: xrblock-chairs@tools.ietf.org; draft-ietf-xrblock-rtcp-xr- >> discard@tools.ietf.org >> Subject: Stephen Farrell's No Objection on draft-ietf-xrblock-rtcp-xr- >> discard-14: (with COMMENT) >> >> Stephen Farrell has entered the following ballot position for >> draft-ietf-xrblock-rtcp-xr-discard-14: No Objection >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> >> Sam Hartman's secdir review [1] of xr-discard-rle-metrics raised a good >> question that's probably better asked here, or here as well. I'm not >> asking for any change in this or any specific xrblock document, but I >> would ask that the WG do consider this. Sam said: >> >> "Has the WG analyzed implications of providing feedback to an attacker >> on what specific SRTP packets are discarded? In the past we've run into >> trouble with security systems that were too verbose in error reporting. >> As an example, in certain public-key crypto constructions knowing >> whether a packet produced a decoding error vs a signature error after >> decryption can provide an attacker generating forged packets valuable >> information to attack the system. >> >> It's quite possible that SRTP doesn't have problems in this regard. I >> just want to confirm that the analysis has been done." >> >> I think that's a good question because knowing at what stage in a >> security protocol a message was barfed or getting timing statistics can >> expose information about how some crypto operation went wrong, and that >> can be exploited via statistical techniques with a sufficiently large >> number of messages. See for example the lucky-13 attacks against >> certain cryptographic modes in TLS [2] or perhaps the "original" of the >> species, the Bleichenbacher attack. [3] >> >> I suspect the best thing to do might be for the wg to try grab a >> security person and ponder this for a bit, if that's not already been >> done. I'm happy to try help find a co-ponderer if you want:-) Maybe we >> can ambush one in a hallway in Berlin. >> >> [1] http://www.ietf.org/mail-archive/web/secdir/current/msg04048.html >> [2] http://www.isg.rhul.ac.uk/tls/Lucky13.html >> [3] https://en.wikipedia.org/wiki/Adaptive_chosen-ciphertext_attack > > > > _______________________________________________ > secdir mailing list > secdir@ietf.org > https://www.ietf.org/mailman/listinfo/secdir > wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
- [secdir] Fwd: RE: Stephen Farrell's No Objection … Stephen Farrell
- Re: [secdir] Fwd: RE: Stephen Farrell's No Object… Uri Blumenthal