IETF Logo Mail Archive

Re: [siprec] Stephen Farrell's Discuss on draft-ietf-siprec-protocol-17: (with DISCUSS and COMMENT)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 25 September 2015 18:59 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: siprec@ietfa.amsl.com
Delivered-To: siprec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF27B1A883D; Fri, 25 Sep 2015 11:59:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kpKomkhRHsgC; Fri, 25 Sep 2015 11:59:52 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8D8F1A8838; Fri, 25 Sep 2015 11:59:52 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id D04C8BE3E; Fri, 25 Sep 2015 19:59:50 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xoHCtd6C8GgT; Fri, 25 Sep 2015 19:59:48 +0100 (IST)
Received: from [10.20.20.115] (ip-64-134-179-76.public.wayport.net [64.134.179.76]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 3FDF7BE35; Fri, 25 Sep 2015 19:59:47 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1443207588; bh=vMRYBwL4rNe/XzKepWkOGFEpMCfSCYVhR9cD6b8YXrg=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=wRyHeTf6270NBePMXEaUYYXernTwKbzIZy8tvP9ltj90uH9V8BtTh5yNk/Z3mlaGB 0ygZDtMlQSqz7DVfxdFjw7EDRLqvrmov6Oe0qT/sisfHw1TnCnB1cy0u8970O/GfNS Y1udYufX0TX2TO5HqUHkLgr/iyimoSbnVmRpCKD0=
To: Alissa Cooper <alissa@cooperw.in>
References: <20150713233656.26754.53140.idtracker@ietfa.amsl.com> <D1CC0989.526BF%eckelcu@cisco.com> <D1D6C365.535E9%eckelcu@cisco.com> <C8EFABAA-4447-44A7-B7A9-C8C2600EE7DF@cooperw.in> <55F36A9B.5090001@cs.tcd.ie> <D218C0C3.580FD%eckelcu@cisco.com> <C0D5F377-C3AB-49DB-B642-697414CF1CB7@cooperw.in>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
X-Enigmail-Draft-Status: N1110
Message-ID: <560599A2.5000801@cs.tcd.ie>
Date: Fri, 25 Sep 2015 19:59:46 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <C0D5F377-C3AB-49DB-B642-697414CF1CB7@cooperw.in>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/siprec/byot4MuqnP31frGlaVJNpkfOwmY>
Cc: "siprec@ietf.org" <siprec@ietf.org>, "siprec-chairs@ietf.org" <siprec-chairs@ietf.org>, "draft-ietf-siprec-protocol@ietf.org" <draft-ietf-siprec-protocol@ietf.org>, IESG <iesg@ietf.org>, "draft-ietf-siprec-protocol.ad@ietf.org" <draft-ietf-siprec-protocol.ad@ietf.org>, "draft-ietf-siprec-protocol.shepherd@ietf.org" <draft-ietf-siprec-protocol.shepherd@ietf.org>
Subject: Re: [siprec] Stephen Farrell's Discuss on draft-ietf-siprec-protocol-17: (with DISCUSS and COMMENT)
X-BeenThere: siprec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SIP Recording Working Group Discussion List <siprec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/siprec>, <mailto:siprec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/siprec/>
List-Post: <mailto:siprec@ietf.org>
List-Help: <mailto:siprec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/siprec>, <mailto:siprec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Sep 2015 18:59:56 -0000

Hiya,

On 25/09/15 19:00, Alissa Cooper wrote:
> Stephen, does this work for you?

Sorry for the slow response.

> 
> Thanks,
> Alissa
> 
>> On Sep 11, 2015, at 5:34 PM, Charles Eckel (eckelcu) <eckelcu@cisco.com> wrote:
>>
>> I have added the following note to my working version of the draft, which
>> will become draft-ietf-siprec-protocol-18:
>>
>> Note: When using EKT in this manner, it is possible for
>> participants in the CS to send traffic that appears to be from
>> other participants and have this forwarded by the SRC to the SRS
>> within the RS. If this is a concern (e.g. the RS is intended for
>> audit or compliance purposes), EKT is likely not an appropriate
>> choice.

Yes, that addresses the issue, thanks.

I'd suggest s/likely not/not/ would be better.

Cheers,
S.

>>
>>
>> Cheers,
>> Charles
>>
>>
>>
>>
>> On 9/11/15, 4:58 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:
>>
>>>
>>> Hiya,
>>>
>>> On 12/09/15 00:10, Alissa Cooper wrote:
>>>> Stephen, thoughts on this?
>>>
>>> Thought#1: I've lost context;-)
>>>
>>> Thought#2; I met with Charles in Prague after that was sent (I think)
>>> and explained the kinds of change that could sort this out. Basically,
>>> (iirc) either you explain that this scheme is only moderately secure
>>> (so not e.g. suited for large financial transaction scenarios) or else
>>> you change it to ensure that the call participants cannot fake the
>>> recording even if they have access the the right/wrong bit of network.
>>> But I may be mis-remembering.
>>>
>>> Anyway, having met with Charles I think he took an action to figure
>>> out if the above kind of change worked in this case and I don't think
>>> I've heard back since.
>>>
>>> Cheers,
>>> S.
>>>
>>>>
>>>> Thanks,
>>>> Alissa
>>>>
>>>>> On Jul 23, 2015, at 7:19 AM, Charles Eckel (eckelcu)
>>>>> <eckelcu@cisco.com> wrote:
>>>>>
>>>>> Hi Stephen,
>>>>>
>>>>> I was waiting for your answer to this and just now realized you never
>>>>> answered because I never asked anything. Seems my email suffered from
>>>>> being composed over two time periods and my brain lost the context in
>>>>> between. Please see below:
>>>>>
>>>>> On 7/15/15, 1:12 PM, "Charles Eckel (eckelcu)" <eckelcu@cisco.com>
>>>>> wrote:
>>>>>
>>>>>> Hi Stephen,
>>>>>>
>>>>>> Please see in the proposed change (inline) would address your
>>>>>> remaining
>>>>>> concern.
>>>>>>
>>>>>> On 7/13/15, 4:36 PM, "siprec on behalf of Stephen Farrell"
>>>>>> <siprec-bounces@ietf.org on behalf of stephen.farrell@cs.tcd.ie>
>>>>>> wrote:
>>>>>>
>>>>>>> Stephen Farrell has entered the following ballot position for
>>>>>>> draft-ietf-siprec-protocol-17: Discuss
>>>>>>>
>>>>>>> When responding, please keep the subject line intact and reply to all
>>>>>>> email addresses included in the To and CC lines. (Feel free to cut
>>>>>>> this
>>>>>>> introductory paragraph, however.)
>>>>>>>
>>>>>>>
>>>>>>> Please refer to
>>>>>>> https://www.ietf.org/iesg/statement/discuss-criteria.html
>>>>>>> for more information about IESG DISCUSS and COMMENT positions.
>>>>>>>
>>>>>>>
>>>>>>> The document, along with other ballot positions, can be found here:
>>>>>>> https://datatracker.ietf.org/doc/draft-ietf-siprec-protocol/
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ----------------------------------------------------------------------
>>>>>>> DISCUSS:
>>>>>>>
>>>>>>> ----------------------------------------------------------------------
>>>>>>>
>>>>>>>
>>>>>>> (1) cleared
>>>>>>>
>>>>>>> (2) 12.2: Thanks for fixing up the ekt reference. I still
>>>>>>> would like to know how, in a case where the recording
>>>>>>> is for audit/compliance purposes, one can ever allow
>>>>>>> the RS to not be re-encrypted since that creates the
>>>>>>> potential for the CS peers to fake the traffic to the RS.
>>>>>>
>>>>>> Section 12.2 currently reads as follows:
>>>>>>
>>>>>> At a minimum, the SRC and SRS MUST support the SDP
>>>>>> Security Descriptions (SDES) key negotiation mechanism [RFC4568].
>>>>>> For cases in which DTLS-SRTP is used to encrypt a CS media stream, an
>>>>>> SRC may use SRTP Encrypted Key Transport (EKT)
>>>>>> [I-D.ietf-avtcore-srtp-ekt] in order to use SRTP-SDES in the RS
>>>>>> without needing to re-encrypt the media.
>>>>>
>>>>> How about if I add the following text to the next version of the draft?
>>>>>
>>>>>>
>>>>>>
>>>>>> Note that when using EKT in this manner, it is possible for
>>>>>> participants
>>>>>> in the CS to send traffic that appears to be from other participants
>>>>>> and
>>>>>> have this forwarded by the SRC to the SRS within the RS. If this is a
>>>>>> concern (e.g. the RS is intended for audit or compliance purposes),
>>>>>> EKT is
>>>>>> likely not an appropriate choice.
>>>>>
>>>>> Would that address your remaining concern?
>>>>>
>>>>> Cheers,
>>>>> Charles
>>>>>
>>>>>>
>>>>>> Cheers,
>>>>>> Charles
>>>>>>
>>>>>>>
>>>>>>> (3) cleared
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ----------------------------------------------------------------------
>>>>>>> COMMENT:
>>>>>>>
>>>>>>> ----------------------------------------------------------------------
>>>>>>>
>>>>>>>
>>>>>>> I had a discuss point that said: "5.3: How does a UA know if
>>>>>>> it's preference to not be recorded has been ignored?"
>>>>>>> Maybe there's a missing timer there.
>>>>>>>
>>>>>>> I also had a discuss point that said:
>>>>>>> I'll clear once you answer: but wouldn't it be easier
>>>>>>> all around to just mandate use of mutually authenticated
>>>>>>> TLS between SRC and SRS in all cases?  (Even if some
>>>>>>> hop-by-hop stuff is needed when there are proxies between
>>>>>>> SRC and SRS.) Also - how is it ok to ever not re-encrypt
>>>>>>> the media in the RS since if you do not, anyone from the
>>>>>>> CS who has the right session key can send the SRS bogus
>>>>>>> packets that it'll accept.
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> siprec mailing list
>>>>>>> siprec@ietf.org
>>>>>>> https://www.ietf.org/mailman/listinfo/siprec
>>>>>>
>>>>>
>>>>
>>
>

v2.23.0 | Report a Bug | By Email