IETF Logo Mail Archive

Re: [siprec] Stephen Farrell's Discuss on draft-ietf-siprec-protocol-17: (with DISCUSS and COMMENT)

Alissa Cooper <alissa@cooperw.in> Fri, 25 September 2015 18:09 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: siprec@ietfa.amsl.com
Delivered-To: siprec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BED511A03F9 for <siprec@ietfa.amsl.com>; Fri, 25 Sep 2015 11:09:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oCQ6-V72sM_S for <siprec@ietfa.amsl.com>; Fri, 25 Sep 2015 11:09:36 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADD661A1A57 for <siprec@ietf.org>; Fri, 25 Sep 2015 11:09:34 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 2D303202D2 for <siprec@ietf.org>; Fri, 25 Sep 2015 14:00:09 -0400 (EDT)
Received: from frontend1 ([10.202.2.160]) by compute6.internal (MEProxy); Fri, 25 Sep 2015 14:00:09 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=TAeUnRKjCXj+5ZzgdG2wrKdIlB0=; b=XbhGQp iU7ZcPc0ZLVGHezZ2GddhC60cmWMPe3Vd6RVpDnjqF/gU/9lmZXc+TUgpaWL3Hxi Cr47Vw6b3Qdvi/HmnjNgTQfWAJUx+QVAsSmdH9hjUloPbZpdgGrloolmAOawje4b CNT0k4Rw57FoD3h2sfEWzmlVzMYLvdtWaiDz8=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=TAeUnRKjCXj+5Zz gdG2wrKdIlB0=; b=Lpdz2uYvQ8cnoyJHpZpfplOOJwePhy5aDrNuKRtCFGhALkl QfGAQEp8xqkUIbMn9k173FGzI/e2ORxBSEkFE1boErIU3yLiPu43ARnbhBrHldsg 9VE+/KMjJ5j1ZziKdFVSw85cmHxRO4jwMNnENs9O9Dr5jKTLWr8Dw/PWZcDc=
X-Sasl-enc: B3fFRJzIWc9OFpl2Q4GaGglXR6kkk17E+cOG/h7PHI99 1443204008
Received: from dhcp-171-68-20-74.cisco.com (dhcp-171-68-20-74.cisco.com [171.68.20.74]) by mail.messagingengine.com (Postfix) with ESMTPA id EBF29C0001D; Fri, 25 Sep 2015 14:00:07 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <D218C0C3.580FD%eckelcu@cisco.com>
Date: Fri, 25 Sep 2015 11:00:07 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <C0D5F377-C3AB-49DB-B642-697414CF1CB7@cooperw.in>
References: <20150713233656.26754.53140.idtracker@ietfa.amsl.com> <D1CC0989.526BF%eckelcu@cisco.com> <D1D6C365.535E9%eckelcu@cisco.com> <C8EFABAA-4447-44A7-B7A9-C8C2600EE7DF@cooperw.in> <55F36A9B.5090001@cs.tcd.ie> <D218C0C3.580FD%eckelcu@cisco.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/siprec/mPo_lNkXwpvmJWqU_2TDvo9_DPw>
Cc: "siprec@ietf.org" <siprec@ietf.org>, "siprec-chairs@ietf.org" <siprec-chairs@ietf.org>, "draft-ietf-siprec-protocol@ietf.org" <draft-ietf-siprec-protocol@ietf.org>, IESG <iesg@ietf.org>, "draft-ietf-siprec-protocol.ad@ietf.org" <draft-ietf-siprec-protocol.ad@ietf.org>, "draft-ietf-siprec-protocol.shepherd@ietf.org" <draft-ietf-siprec-protocol.shepherd@ietf.org>
Subject: Re: [siprec] Stephen Farrell's Discuss on draft-ietf-siprec-protocol-17: (with DISCUSS and COMMENT)
X-BeenThere: siprec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SIP Recording Working Group Discussion List <siprec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/siprec>, <mailto:siprec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/siprec/>
List-Post: <mailto:siprec@ietf.org>
List-Help: <mailto:siprec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/siprec>, <mailto:siprec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Sep 2015 18:09:37 -0000

Stephen, does this work for you?

Thanks,
Alissa

> On Sep 11, 2015, at 5:34 PM, Charles Eckel (eckelcu) <eckelcu@cisco.com> wrote:
> 
> I have added the following note to my working version of the draft, which
> will become draft-ietf-siprec-protocol-18:
> 
> Note: When using EKT in this manner, it is possible for
> participants in the CS to send traffic that appears to be from
> other participants and have this forwarded by the SRC to the SRS
> within the RS. If this is a concern (e.g. the RS is intended for
> audit or compliance purposes), EKT is likely not an appropriate
> choice.
> 
> 
> Cheers,
> Charles
> 
> 
> 
> 
> On 9/11/15, 4:58 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:
> 
>> 
>> Hiya,
>> 
>> On 12/09/15 00:10, Alissa Cooper wrote:
>>> Stephen, thoughts on this?
>> 
>> Thought#1: I've lost context;-)
>> 
>> Thought#2; I met with Charles in Prague after that was sent (I think)
>> and explained the kinds of change that could sort this out. Basically,
>> (iirc) either you explain that this scheme is only moderately secure
>> (so not e.g. suited for large financial transaction scenarios) or else
>> you change it to ensure that the call participants cannot fake the
>> recording even if they have access the the right/wrong bit of network.
>> But I may be mis-remembering.
>> 
>> Anyway, having met with Charles I think he took an action to figure
>> out if the above kind of change worked in this case and I don't think
>> I've heard back since.
>> 
>> Cheers,
>> S.
>> 
>>> 
>>> Thanks,
>>> Alissa
>>> 
>>>> On Jul 23, 2015, at 7:19 AM, Charles Eckel (eckelcu)
>>>> <eckelcu@cisco.com> wrote:
>>>> 
>>>> Hi Stephen,
>>>> 
>>>> I was waiting for your answer to this and just now realized you never
>>>> answered because I never asked anything. Seems my email suffered from
>>>> being composed over two time periods and my brain lost the context in
>>>> between. Please see below:
>>>> 
>>>> On 7/15/15, 1:12 PM, "Charles Eckel (eckelcu)" <eckelcu@cisco.com>
>>>> wrote:
>>>> 
>>>>> Hi Stephen,
>>>>> 
>>>>> Please see in the proposed change (inline) would address your
>>>>> remaining
>>>>> concern.
>>>>> 
>>>>> On 7/13/15, 4:36 PM, "siprec on behalf of Stephen Farrell"
>>>>> <siprec-bounces@ietf.org on behalf of stephen.farrell@cs.tcd.ie>
>>>>> wrote:
>>>>> 
>>>>>> Stephen Farrell has entered the following ballot position for
>>>>>> draft-ietf-siprec-protocol-17: Discuss
>>>>>> 
>>>>>> When responding, please keep the subject line intact and reply to all
>>>>>> email addresses included in the To and CC lines. (Feel free to cut
>>>>>> this
>>>>>> introductory paragraph, however.)
>>>>>> 
>>>>>> 
>>>>>> Please refer to
>>>>>> https://www.ietf.org/iesg/statement/discuss-criteria.html
>>>>>> for more information about IESG DISCUSS and COMMENT positions.
>>>>>> 
>>>>>> 
>>>>>> The document, along with other ballot positions, can be found here:
>>>>>> https://datatracker.ietf.org/doc/draft-ietf-siprec-protocol/
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> ----------------------------------------------------------------------
>>>>>> DISCUSS:
>>>>>> 
>>>>>> ----------------------------------------------------------------------
>>>>>> 
>>>>>> 
>>>>>> (1) cleared
>>>>>> 
>>>>>> (2) 12.2: Thanks for fixing up the ekt reference. I still
>>>>>> would like to know how, in a case where the recording
>>>>>> is for audit/compliance purposes, one can ever allow
>>>>>> the RS to not be re-encrypted since that creates the
>>>>>> potential for the CS peers to fake the traffic to the RS.
>>>>> 
>>>>> Section 12.2 currently reads as follows:
>>>>> 
>>>>> At a minimum, the SRC and SRS MUST support the SDP
>>>>> Security Descriptions (SDES) key negotiation mechanism [RFC4568].
>>>>> For cases in which DTLS-SRTP is used to encrypt a CS media stream, an
>>>>> SRC may use SRTP Encrypted Key Transport (EKT)
>>>>> [I-D.ietf-avtcore-srtp-ekt] in order to use SRTP-SDES in the RS
>>>>> without needing to re-encrypt the media.
>>>> 
>>>> How about if I add the following text to the next version of the draft?
>>>> 
>>>>> 
>>>>> 
>>>>> Note that when using EKT in this manner, it is possible for
>>>>> participants
>>>>> in the CS to send traffic that appears to be from other participants
>>>>> and
>>>>> have this forwarded by the SRC to the SRS within the RS. If this is a
>>>>> concern (e.g. the RS is intended for audit or compliance purposes),
>>>>> EKT is
>>>>> likely not an appropriate choice.
>>>> 
>>>> Would that address your remaining concern?
>>>> 
>>>> Cheers,
>>>> Charles
>>>> 
>>>>> 
>>>>> Cheers,
>>>>> Charles
>>>>> 
>>>>>> 
>>>>>> (3) cleared
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> ----------------------------------------------------------------------
>>>>>> COMMENT:
>>>>>> 
>>>>>> ----------------------------------------------------------------------
>>>>>> 
>>>>>> 
>>>>>> I had a discuss point that said: "5.3: How does a UA know if
>>>>>> it's preference to not be recorded has been ignored?"
>>>>>> Maybe there's a missing timer there.
>>>>>> 
>>>>>> I also had a discuss point that said:
>>>>>> I'll clear once you answer: but wouldn't it be easier
>>>>>> all around to just mandate use of mutually authenticated
>>>>>> TLS between SRC and SRS in all cases?  (Even if some
>>>>>> hop-by-hop stuff is needed when there are proxies between
>>>>>> SRC and SRS.) Also - how is it ok to ever not re-encrypt
>>>>>> the media in the RS since if you do not, anyone from the
>>>>>> CS who has the right session key can send the SRS bogus
>>>>>> packets that it'll accept.
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> siprec mailing list
>>>>>> siprec@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/siprec
>>>>> 
>>>> 
>>> 
>

v2.23.0 | Report a Bug | By Email