[Sip] Re: Review of draft-ietf-sip-media-security-requirements-00
Richard Barnes <rbarnes@bbn.com> Tue, 06 November 2007 19:00 UTC
Return-path: <sip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IpTfP-0002yK-7B; Tue, 06 Nov 2007 14:00:51 -0500
Received: from sip by megatron.ietf.org with local (Exim 4.43) id 1IpTfN-0002sq-VT for sip-confirm+ok@megatron.ietf.org; Tue, 06 Nov 2007 14:00:49 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IpTfN-0002sg-KA for sip@ietf.org; Tue, 06 Nov 2007 14:00:49 -0500
Received: from mx12.bbn.com ([128.33.0.81]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IpTfN-0008LT-1g for sip@ietf.org; Tue, 06 Nov 2007 14:00:49 -0500
Received: from mail.bbn.com ([128.33.1.19]) by mx12.bbn.com with esmtp (Exim 4.60) (envelope-from <rbarnes@bbn.com>) id 1IpTfI-0001kj-3a; Tue, 06 Nov 2007 14:00:44 -0500
Received: from ros-dhcp233-050-233.bbn.com ([192.233.50.233] helo=[127.0.0.1]) by mail.bbn.com with esmtp (Exim 4.67) (envelope-from <rbarnes@bbn.com>) id 1IpTfH-0000rY-Ge; Tue, 06 Nov 2007 14:00:43 -0500
Message-ID: <4730B9D9.8000502@bbn.com>
Date: Tue, 06 Nov 2007 14:00:41 -0500
From: Richard Barnes <rbarnes@bbn.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Dan Wing <dwing@cisco.com>
References: <47080AF8.9060303@bbn.com> <033c01c81fe7$cffe11e0$c4f0200a@cisco.com> <47309BA1.7090405@bbn.com> <06d301c8209e$e6dbdf70$c4f0200a@cisco.com>
In-Reply-To: <06d301c8209e$e6dbdf70$c4f0200a@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7fa173a723009a6ca8ce575a65a5d813
Cc: 'IETF SIP List' <sip@ietf.org>, 'Francois Audet' <audet@nortel.com>, "'Fries, Steffen'" <steffen.fries@siemens.com>
Subject: [Sip] Re: Review of draft-ietf-sip-media-security-requirements-00
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Errors-To: sip-bounces@ietf.org
> Disclosing the SRTP via PUBLISH (option (2)) also creates the same > awareness. Acknowledged. R24 cannot be satisfied by a protocol with robust confidentiality protection, without the cooperation of at least one endpoint. The point of confidentiality protection is to prevent access by parties that have not been authorized by the communicants to receive access -- and that's exactly what R24 requires. Conversely, if you want to satisfy R24 with a secure protocol, you need at least one endpoint to give access to the communications. That's not a problem for the security protocol to solve; it's more in the domain of regulation. > Not necessarily. It could be accomplished with DTLS-SRTP with two > DTLS handshakes, like this diagram: Here, let me re-label that: > endpoint man-in-the-middle remote endpoint > | | | > | |<-----make keys----->| > |<-----make keys----->| | Your diagram is exactly a man-in-the-middle attack, just with a special middleman. So if you allow the above functionality, either the protocol can't detect MitM attacks or it can't provide end-to-end authentication. > There are two SRTP keys (A and B), and the middlebox would need > to decrypt SRTP and re-encrypt SRTP. I expect this is not terribly > desirable due to the computational effort to decrypt and re-encrypt > the SRTP traffic. I don't how to transcode encrypted media without decrypting and re-encrypting. I think this is more or less a trade-off you have to accept. > But I'm trying to step back and ensure that it meets with everyone's > requirements regarding recording (for banks, stock brokers, etc.), > and transcoding (compressed codecs to 'standard' codecs). I don't > yet have a message flow for how draft-wing-sipping-srtp-key would > work well with transcoding; what I have sketched out is far > uglier (more messages) than what everyone does for RTP transcoding > today. I'm not sure why you would think that things would be the same as for RTP transcoding. You already have to have a transcoder that does crypto (unless there are techniques I'm not aware of). And there's really only one more message to the flow (at least conceptually; two if you include a response) for the endpoint to deliver key to the middlbox. For a simple case, just have the middlebox act as the presence server in draft-wing-sipping-srtp-key: UAC middlebox UAS | | | |<-------establish keys------>| |---PUBLISH--->| | |<----200------| | | | | Again here, UAC compliance is not an issue, since presumably the UAC wants the services of the middlebox in order for his call to go through. The single major issue is latency, but since we're talking 1-2 UDP messages, that seems like it's about as small as you're going to get. Any smaller, and you'd have to communicate with the middlebox via a key negotiation message, which really dirty protocol design, and doesn't save much (it just makes the keying message bigger/slower). So, in conclusion: -- R24 is incompatible with secure operation, and -- Out-of-band mechanisms seem sufficient for other requirements -- Ergo, R23-35 don't belong in this document --Richard > -d > >> --Richard >> >> >>> R23 refers only to recording of media. This is necessary in many >>> business environments such as banks, stock brokers, catalog >> ordering call >>> centers, and so on. This is a requirement for many businesses. It >>> is not yet clear if draft-wing-sipping-srtp-key (or >> something like it) >>> meets requirement R23. >> It seems like does, provided that (1) endpoints are willing >> to send key >> to authorized listeners, and (2) the delay induced by SIP is >> tolerable. >> Both of these would seem to be true in the enterprise >> environments you >> describe. >> >>> I agree R24 refers to lawful intercept. This is a requirement from >>> other SDOs that need to provide lawful intercept with their >> solutions. >>> Another email on R24 lawful intercept will be forthcoming shortly. >>> R25 reference to 'intermediate nodes' is to transcoders and >> SBCs which >>> handle signaling and media traffic. It seems important >> that any keying >>> mechanism work with such intermediate nodes, as those >> intermediate nodes >>> are common on many SIP networks. > > _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] Review of draft-ietf-sip-media-security-req… Richard Barnes
- RE: [Sip] Review of draft-ietf-sip-media-security… Fries, Steffen
- [Sip] RE: Review of draft-ietf-sip-media-security… Dan Wing
- Re: [Sip] RE: Review of draft-ietf-sip-media-secu… Matt Lepinski
- RE: [Sip] RE: Review of draft-ietf-sip-media-secu… Dan Wing
- [Sip] Re: Review of draft-ietf-sip-media-security… Richard Barnes
- [Sip] RE: Review of draft-ietf-sip-media-security… Dan Wing
- [Sip] Re: Review of draft-ietf-sip-media-security… Richard Barnes