Re: [Sip] B2BUA - Security - (Midcom Reqts?)
"Pete Cordell" <pete@tech-know-ware.com> Fri, 06 December 2002 15:36 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA10635 for <sip-archive@odin.ietf.org>; Fri, 6 Dec 2002 10:36:03 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id gB6FcRc00311 for sip-archive@odin.ietf.org; Fri, 6 Dec 2002 10:38:27 -0500
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gB6Fbmv32604; Fri, 6 Dec 2002 10:37:49 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gB6FZpv31829 for <sip@optimus.ietf.org>; Fri, 6 Dec 2002 10:35:51 -0500
Received: from gadolinium.btinternet.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA10428 for <sip@ietf.org>; Fri, 6 Dec 2002 10:32:55 -0500 (EST)
Received: from host213-122-57-72.in-addr.btopenworld.com ([213.122.57.72] helo=tkw) by gadolinium.btinternet.com with smtp (Exim 3.22 #16) id 18KKVx-00051f-00; Fri, 06 Dec 2002 15:35:42 +0000
Message-ID: <014201c29d3d$28d7ea80$0200000a@tkw>
From: Pete Cordell <pete@tech-know-ware.com>
To: Jonathan Rosenberg <jdrosen@dynamicsoft.com>
Cc: sip@ietf.org
References: <DAC3FCB50E31C54987CD10797DA511BA1D2A53@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com> <013d01c29c5d$e4a7f7e0$0200000a@tkw> <3DEF7EAB.2070109@dynamicsoft.com> <009801c29c83$985129e0$0200000a@tkw> <3DF04799.7010208@dynamicsoft.com>
Subject: Re: [Sip] B2BUA - Security - (Midcom Reqts?)
Date: Fri, 06 Dec 2002 15:35:04 -0000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Transfer-Encoding: 7bit
Sender: sip-admin@ietf.org
Errors-To: sip-admin@ietf.org
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Jonathan, Perhaps as you say, we should take a step back. I want to address midcom scenarios shown in the time line shown in section 7.1. of RFC 3303 (Midcom framework) and 2.3.1 and 2.3.2 in draft-ietf-midcom-scenarios-02.txt. The current security situation in SIP makes this problematic, and I don't think there is any chartered item in SIP or SIPPING to address this. I would like there to be a secure mode of operation even for midcom systems that allows encryption and authentication. I would imagine that the IESG would block midcom if it did not allow such security. I think we know enough from a SIP point of view what a midcom solution will need to do to a SIP system. Therefore, I believe we should start work on this sooner rather than later. Perhaps the way to go is for the midcom group to produce a requirements draft detailing what it needs from the SIP world (in its broadest sense) that can be put into SIPPING and hopefully lead to a chartered item. To me the successful conclusion of midcom seems dependent on this sort of work being done. Pete. ----- Original Message ----- From: "Jonathan Rosenberg" <jdrosen@dynamicsoft.com> To: "Pete Cordell" <pete@tech-know-ware.com> Cc: "Christian Huitema" <huitema@windows.microsoft.com>; <sip@ietf.org> Sent: 06 December 2002 06:45 Subject: Re: [Sip] B2BUA - Security > inline as always. But, first, a question. Pete - what are you after? Are > you actually trying to convince the working group to disallow > encryption/authentication over SDP so that your b2bua-thingy can modify > it?? As I have tried to argue in my session policy draft, there are a > LOT of issues with intermediary modification of media information, many > of them related to the kind of things OPES has been dealing with. You > need to consider the problem more broadly. > > > Pete Cordell wrote: > > >>1. modifying SDP in transit to point media streams to an intermediate > >>recording device, allowing attackers to establish wiretaps > > > > > > This is only partially successful. Encryption of RTP is the only complete > > solution. > > True. > > > > > > >>2. downgrading any SRTP keying done in SDP, so that the media itself is > >>not encrypted or integrity protected (this came up during the mmusic > >>session in IETF as a driver for S/MIME) > > > > > > I don't think you need to encrypt the entire SDP body to prevent key > > downgrading. In the absence of any other contraints that might be a simple > > route to go, but if it causes problems (as it is) then we should look at > > other ways. > > You need to protect the key exchanges. I am trying to establish that a > lot of the information in SDP needs to be protected e2e. > > > > > As an aside - This is the sort of reason I would like to get this sort of > > thing on the agenda. It's not that its not possible to enable SIP to meet > > these requirements, there's just not a desire to do among the core SIP > > people. I know why they don't want to do it, but I also think that SIP > > fails to address a whole class of problem as a result. In the long run I > > think that will be detrimental to SIP. > > I have no idea what "it" is in this aside. > > > > > > >>3. launching a DoS attack by sending everyones voice traffic to the > >>intended target. You get huge amplification gains here. Very appealing > >>for hackers! > > > > > > Don't need SDP to do that. I could just rip out the entire SDP and put in a > > new version. I might not get the ports right, but I could probably cause > > enough damage to get my kicks. > > If you rip it out and replace it, and the UA is requiring signed SDP, > then this won't work. > > Another interesting attack I thought of, is to modify the SDP to send > the RTP to a relay, which does forward it to the right destination, but > only after inserting 100ms of delay. The result is that the conversation > takes place, but at lousy quality. Why do this? Maybe a way for one > provider to convince customers of another provider to switch. Dropping > the packets outright might be too overt of an attack, but a subtle > increase in delays... just a thought. > > >>Confidentiality is only one property of security. I am much more > >>concerned about message integrity. > > > > > > Integrity of which bits? And are you sure that maintaining integrity buys > > you anything except for in a few special cases? > > Definitely. > > I don't want someone removing my video stream my session. > I don't want someone to modify my codecs, forcing me to use a lower > quality one when a better one would actually work. > I don't want someone to receive my media when I intended it for the > party I called. > > And so on. The above concerns are real, and cover a good set of the > information in SDP. > > Let me pose the question in reverse. What information in SDP do you feel > is NOT worth protecting? > > -Jonathan R. > -- > Jonathan D. Rosenberg, Ph.D. 72 Eagle Rock Ave. > Chief Scientist First Floor > dynamicsoft East Hanover, NJ 07936 > jdrosen@dynamicsoft.com FAX: (973) 952-5050 > http://www.jdrosen.net PHONE: (973) 952-5000 > http://www.dynamicsoft.com > _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- RE: [Sip] B2BUA Juan-Carlos.Rojas
- [Sip] B2BUA Leonardo Rico
- [Sip] B2BUA Leonardo Rico
- RE: [Sip] B2BUA Dean Willis
- RE: [Sip] B2BUA Dean Willis
- RE: [Sip] B2BUA Prasanna Venkatesh
- RE: [Sip] B2BUA Juan-Carlos.Rojas
- Re: [Sip] B2BUA William Marshall
- Re: [Sip] B2BUA Juan-Carlos.Rojas
- RE: [Sip] B2BUA Phil Reynolds
- RE: [Sip] B2BUA Mary Barnes
- RE: [Sip] B2BUA Mary Barnes
- RE: [Sip] B2BUA Juan-Carlos.Rojas
- RE: [Sip] B2BUA William Marshall
- RE: [Sip] B2BUA Dean Willis
- RE: [Sip] B2BUA Dean Willis
- FW: [Sip] B2BUA Phil Reynolds
- RE: [Sip] B2BUA William Marshall
- RE: [Sip] B2BUA Mary Barnes
- RE: [Sip] B2BUA William Marshall
- RE: [Sip] B2BUA Phil Reynolds
- RE: [Sip] B2BUA aki.niemi
- RE: [Sip] B2BUA Cullen Jennings
- RE: [Sip] B2BUA Roy, Radhika R, ALASO
- RE: [Sip] B2BUA Rosen, Brian
- RE: [Sip] B2BUA Christian Huitema
- RE: [Sip] B2BUA aki.niemi
- RE: [Sip] B2BUA Juan-Carlos.Rojas
- RE: [Sip] B2BUA Rosen, Brian
- RE: [Sip] B2BUA aki.niemi
- [Sip] B2BUA & Max-Forwards Pete Cordell
- Re: [Sip] B2BUA & Max-Forwards Vijay K. Gurbani
- RE: [Sip] B2BUA & Max-Forwards Cullen Jennings
- RE: [Sip] B2BUA Jiri Kuthan
- RE: [Sip] B2BUA Phil Reynolds
- RE: [Sip] B2BUA Jiri Kuthan
- RE: [Sip] B2BUA Jiri Kuthan
- RE: [Sip] B2BUA Henry Sinnreich
- RE: [Sip] B2BUA & Max-Forwards Dean Willis
- RE: [Sip] B2BUA Adam Roach
- RE: [Sip] B2BUA Dean Willis
- Re: [Sip] B2BUA Jonathan Rosenberg
- Re: [Sip] B2BUA Pete Cordell
- Re: [Sip] B2BUA & Max-Forwards Pete Cordell
- Re: [Sip] B2BUA & Max-Forwards Pete Cordell
- Re: [Sip] B2BUA - Security Pete Cordell
- Re: [Sip] B2BUA - (session policy fix) Pete Cordell
- Re: [Sip] B2BUA & Max-Forwards David R. Oran
- RE: [Sip] B2BUA Mary Barnes
- Re: [Sip] B2BUA - Security David R. Oran
- Re: [Sip] B2BUA - Security Jonathan Rosenberg
- Re: [Sip] B2BUA - Security Jari Arkko
- Re: [Sip] B2BUA - Security Pete Cordell
- Re: [Sip] B2BUA & Max-Forwards Pete Cordell
- Re: [Sip] B2BUA - Security Pete Cordell
- Re: [Sip] B2BUA & Max-Forwards Michael Thomas
- RE: [Sip] B2BUA Henry Sinnreich
- Re: [Sip] B2BUA & Max-Forwards Pete Cordell
- Re: [Sip] B2BUA & Max-Forwards David Oran
- RE: [Sip] B2BUA Carr, Steve
- Re: [Sip] B2BUA - Security Jonathan Rosenberg
- Re: [Sip] B2BUA & Max-Forwards Jonathan Rosenberg
- Re: [Sip] B2BUA & Max-Forwards Pete Cordell
- Re: [Sip] B2BUA Pete Cordell
- Re: [Sip] B2BUA - Security - (Midcom Reqts?) Pete Cordell
- Re: [Sip] B2BUA - Security Rohan Mahy
- RE: [Sip] B2BUA Drage, Keith (Keith)
- RE: [Sip] B2BUA Drage, Keith (Keith)
- RE: [Sip] B2BUA Kedar Patil
- RE: [Sip] B2BUA David R. Oran
- RE: [Sip] B2BUA William Marshall
- RE: [Sip] B2BUA Juan-Carlos.Rojas