IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-siprec-metadata-20

"Ram Mohan R (rmohanr)" <rmohanr@cisco.com> Mon, 15 February 2016 15:31 UTC

Return-Path: <rmohanr@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D2851A1BC8; Mon, 15 Feb 2016 07:31:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.507
X-Spam-Level:
X-Spam-Status: No, score=-14.507 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sEaAr_4rJL3C; Mon, 15 Feb 2016 07:31:34 -0800 (PST)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8703A1A886B; Mon, 15 Feb 2016 07:31:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3480; q=dns/txt; s=iport; t=1455550294; x=1456759894; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=Fhph6fnQC9wJameTbdlIxLHgilDPfJO6LiGLqd/0jNU=; b=XxTMrg7dSyV4N/KFsYGstPByzoHeFeB1Gp/K4qAG6yERBKYwnuJKKiAE 3RG5Agvt9zch7/C9DEnob+cyGd7vc07rzXk0ZvcaOnHVzMuw4iZH21YPu djaKSY/3RDBoIHD+gkK+SwUnaw4MkAHqdHBMb4Xecf5sdmwZmORg+2aMw U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D7AQD87cFW/4UNJK1eDoMsgT8GuhcBDYFnhg0CgTI4FAEBAQEBAQGBCoRBAQEBBIEFBAIBCA4DAwECAS4yHQgCBAESiBq8ZQEBAQEBAQEBAgEBAQEBAQEBGIpGhBqEUgWNX4kaAY1UgVyEQ4hVjj0BHgEBQoICGYENO2oBh3t8AQEB
X-IronPort-AV: E=Sophos;i="5.22,450,1449532800"; d="scan'208";a="237999114"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 15 Feb 2016 15:31:33 +0000
Received: from XCH-ALN-017.cisco.com (xch-aln-017.cisco.com [173.36.7.27]) by alln-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id u1FFVXWo012758 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 15 Feb 2016 15:31:33 GMT
Received: from xch-rcd-017.cisco.com (173.37.102.27) by XCH-ALN-017.cisco.com (173.36.7.27) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Mon, 15 Feb 2016 09:31:32 -0600
Received: from xch-rcd-017.cisco.com ([173.37.102.27]) by XCH-RCD-017.cisco.com ([173.37.102.27]) with mapi id 15.00.1104.009; Mon, 15 Feb 2016 09:31:32 -0600
From: "Ram Mohan R (rmohanr)" <rmohanr@cisco.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>, David Mandelberg <david@mandelberg.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-siprec-metadata.all@tools.ietf.org" <draft-ietf-siprec-metadata.all@tools.ietf.org>
Thread-Topic: secdir review of draft-ietf-siprec-metadata-20
Thread-Index: AQHRZ2skqSwwLW3R3kyyH9ELbM/sWJ8s9nKAgAEJsIA=
Date: Mon, 15 Feb 2016 15:31:32 +0000
Message-ID: <D2E7EE03.515A3%rmohanr@cisco.com>
References: <56C0EB89.4050409@mandelberg.org> <56C15FB9.8030600@alum.mit.edu>
In-Reply-To: <56C15FB9.8030600@alum.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.0.151221
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.65.58.123]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <0449F8EF2714C84CB2B4F30A6A38E521@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/wqz2iBmb4ORPQ08jz6yz0GxukXY>
X-Mailman-Approved-At: Mon, 15 Feb 2016 07:34:03 -0800
Subject: Re: [secdir] secdir review of draft-ietf-siprec-metadata-20
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2016 15:31:36 -0000

I agree with all of Paul's responses. One more point to add to Paul¹s
response-
1) If two SRCs use the same UUID  (because they intentionally
choose to do so ) it MUST retain the UUID/object mapping. In
other words, if UUID 1 was referring ³participant-1" object in RS1 by
SRC1, the same UUID1 can be used by other SRCs to only refer
Participant-1 and not any other objects.

If it was not clear from the draft we can add a line in draft to the
effect of - " If multiple SRCs use
the same UUID it MUST ensure a UUID is always mapped to same object across
all Recording Sessions".

Regards,
Ram



-----Original Message-----
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Date: Monday, 15 February 2016 at 10:48 AM
To: David Mandelberg <david@mandelberg.org>, "iesg@ietf.org"
<iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>,
"draft-ietf-siprec-metadata.all@tools.ietf.org"
<draft-ietf-siprec-metadata.all@tools.ietf.org>
Subject: Re: secdir review of draft-ietf-siprec-metadata-20
Resent-From: <pkyzivat@alum.mit.edu>
Resent-To: <draft-ietf-siprec-metadata.all@ietf.org>
Resent-Date: Monday, 15 February 2016 at 10:48 AM

>David,
>
>Thank you for the review. I will try to respond. (Note that I haven't
>consulted with the other authors on this response, so they may have
>something else to say.) Please see inline below.
>
>On 2/14/16 4:03 PM, David Mandelberg wrote:
>> Hi,
>>
>> I have reviewed this document as part of the security directorate's
>> ongoing effort to review all IETF documents being processed by the IESG.
>> These comments were written primarily for the benefit of the security
>> area directors. Document editors and WG chairs should treat these
>> comments just like any other last call comments.
>>
>> This document specifies a metadata format for information about recorded
>> SIP sessions. The Security Considerations section has good text about
>> the protection of metadata in this format, but I found one potential
>> security issue with the way an SRS (server) is supposed to handle the
>> metadata. I think this draft is ready with issues.
>>
>> Section 6.10 says that "multiple SRC's [clients] can refer to the same
>> element/UUID (how each SRC learns the UUID here is out of scope of
>> SIPREC)". But what happens if two clients try to define different
>> objects with the same UUID? Does one of the objects take precedence for
>> all clients? If all of the benign clients are relying on referencing an
>> object A with UUID 1, and a malicious client is able to send an object B
>> also with UUID 1, that might compromise the integrity of the metadata
>> sent by the benign clients. This could be mitigated by requiring that
>> UUIDs are generated (pseudo-)randomly and are kept confidential from
>> potential adversaries, but I don't think the draft says either of these
>> things.
>
>The UUIDs used in the metadata are intended to be *unique*. Distinct
>SRCs that construct new UUIDs are expected to follow the rules for
>constructing them so that they are indeed unique.
>
>If two SRCs use the same UUID it will be because they intentionally
>choose to do so. Typically this will be by some back channel to
>communicate among themselves. (I suppose there could potentially be some
>algorithmic way for them to construct UUIDs in a coordinated way, but I
>won't speculate on that.)
>
>By design there should be no accidental reuse of UUIDs.
>
>	Thanks,
>	Paul
>

v2.23.0 | Report a Bug | By Email