[secdir] Secdir last call review of draft-ietf-perc-dtls-tunnel-08

Shawn Emery via Datatracker <noreply@ietf.org> Mon, 07 June 2021 00:54 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 11E5A3A2F33; Sun, 6 Jun 2021 17:54:04 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Shawn Emery via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-perc-dtls-tunnel.all@ietf.org, last-call@ietf.org, perc@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.30.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <162302724403.5524.7530871359171917876@ietfa.amsl.com>
Reply-To: Shawn Emery <shawn.emery@gmail.com>
Date: Sun, 06 Jun 2021 17:54:04 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/zZM4iyg-lbCZ9ShSN4ZkxN7Om-Y>
Subject: [secdir] Secdir last call review of draft-ietf-perc-dtls-tunnel-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2021 00:54:04 -0000

Reviewer: Shawn Emery
Review result: Not Ready

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
Document editors and WG chairs should treat these comments just like any other
last call comments.

This draft specifies a DTLS tunneling protocol for Privacy-Enhanced RTP
Conferencing (PERC).  This entails a key exchange between the conference
end-points and the key distributor through a delegate, media distributor.

The security considerations section does exist and describes that the media
distributor does not introduce any additional security issues given that it is
just on-path with the key exchange between the endpoint and the key
distributor.  Secondly, the key material between the media distributor and key
distributor is protected through the mutually authenticated connection between
the two entities.  Thirdly, the meta data exchanged between the media
distributor and key distributor is not sensitive information, but is still
protected through the TLS connection.  I agree with the above assertions. 
Besides the concerns described in the genart review about the impact of key
material disclosure, the authors should consider the various other forms of
security issues against the protocol, such as downgrade/DoS attacks from
profile negotiation, etc.  The section could list and simply refer to the base
RFCs, 5764, 8871, etc., to provide remediation against these attacks.

General comments:

The example message flow and binary coding was helpful, thank you.

Editorial comments:

s/might might/might/
s/!@RFC4566/RFC4566/g
s/An value/A value/
s/!@RFC8126/RFC8126/
s/material This/material.  This/