Re: [stir] RFC8224 / Use of a=fingerprint
Chris Wendt <chris-ietf@chriswendt.net> Mon, 26 March 2018 02:26 UTC
Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B12B1242EA for <stir@ietfa.amsl.com>; Sun, 25 Mar 2018 19:26:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IRdBOZ3YnlAK for <stir@ietfa.amsl.com>; Sun, 25 Mar 2018 19:26:21 -0700 (PDT)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACDC2126FDC for <stir@ietf.org>; Sun, 25 Mar 2018 19:26:21 -0700 (PDT)
Received: by mail-qk0-x22c.google.com with SMTP id d206so6250863qkb.0 for <stir@ietf.org>; Sun, 25 Mar 2018 19:26:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=q3HKn5mFiD/BsnfN9o7MWm3YAyj3ulaFU/YAVJAGepQ=; b=okpvlZnSooM0zwr+ovdu7Qzryy7sRaf4hNfOw0+VCEp8hw2OVyO3PbgZfD/AG1JZCE 2mcn5Q24DzDKR+7ByfT9FXs1ANydb0g4yUIfLs2iU90LFwZlwwTUIJgrdSHAaE1CRRKG sJoubReibB90JNjZl1HiNib421Xfi29HFqP86B2dTB5mCGaT5i79ObxKNMQaRcOqTqYX ZSTzPt6/HnFu1oRjTtn4g+7PNa/fivnEUwA7V2WCUhOYOMVxYBt+fDH6ERRfTe56blil +AXPpa0RNjEl2gW2GUq49AJNklukFMEwddfZpUUiGjle/oJ4ZECAdZ8IBPnXeNw+LREW 3P2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=q3HKn5mFiD/BsnfN9o7MWm3YAyj3ulaFU/YAVJAGepQ=; b=PQFmFcOUV/14Vljdi2SLtTSg0iiP+7+swUxc+XXlWFnOTC5kOlaRm3RZuxqdssqJu+ xihhePkSV5Ddg0knPCFx1ZLcVXDAl9Wf23u8Lld0Nx07dYIRD9wKINJ09/K/gTLFXgpH GLGwJbtw45UKF0/7HerfCjnDBWgFtFoHiAyXS9Ff3nDCBN00jBW3amxL4YyYVkJaJcda bsjDOUDolXor119d6sCT8Xe1PFHYyRdo4j6Jf4BJLEzqI2JUutWdfx7V/nyoNnfG64ps NwspvpK8wGPwbSO+Bot27hsZy3j+QqcjTSGo2x9ei7sO0qUJaI/fdinU10+bMiAIPy71 mGCA==
X-Gm-Message-State: AElRT7FsmLA1kr3zt/BOS3rCS5ijiFF0yJnqD36oe1lbmOiTlQNDcIsK OFWPo+mScN+FmH4uFC9CFuGeJA==
X-Google-Smtp-Source: AG47ELvKNZYHahW1jy6IR9GVrQ+OKlx4gfD3vlNZuDP3JAlM7g+xOPdbMw7PG6FOanGzrrVUdjhbOA==
X-Received: by 10.55.105.131 with SMTP id e125mr54275941qkc.322.1522031180696; Sun, 25 Mar 2018 19:26:20 -0700 (PDT)
Received: from ?IPv6:2601:41:c102:3d1e:b54d:7aad:1aec:7fa2? ([2601:41:c102:3d1e:b54d:7aad:1aec:7fa2]) by smtp.gmail.com with ESMTPSA id c5sm10687021qkf.93.2018.03.25.19.26.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 25 Mar 2018 19:26:19 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Chris Wendt <chris-ietf@chriswendt.net>
In-Reply-To: <CY4PR03MB31607CC7753000B808381EECA5A90@CY4PR03MB3160.namprd03.prod.outlook.com>
Date: Sun, 25 Mar 2018 22:26:10 -0400
Cc: "stir@ietf.org" <stir@ietf.org>, "jon.peterson@neustar.biz" <jon.peterson@neustar.biz>
Content-Transfer-Encoding: quoted-printable
Message-Id: <A3AE3A69-2999-4F85-ACF2-4D5C15EE0A9D@chriswendt.net>
References: <CY4PR03MB31607CC7753000B808381EECA5A90@CY4PR03MB3160.namprd03.prod.outlook.com>
To: "Asveren, Tolga" <tasveren@rbbn.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/53pFWwM3oKpijyhdj5wMveRj6JM>
Subject: Re: [stir] RFC8224 / Use of a=fingerprint
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Mar 2018 02:26:23 -0000
MSRP is tcp/tls so doesn’t apply to intended the use of a=fingerprint/mky > On Mar 22, 2018, at 8:14 AM, Asveren, Tolga <tasveren@rbbn.com> wrote: > > A few doubts regarding use of a=fingerprint for RFC8224: > > 4.1. PASSporT Construction > .... > > o Fourth, if the request contains a Session Description Protocol > (SDP) message body and if that SDP contains one or more > "a=fingerprint" attributes, then the JSON key "mky" MUST appear > with the algorithm(s) and value(s) of the fingerprint attributes > (if they differ), following the format given in [RFC8225], > Section 5.2.2. > > > 12.1. Protected Request Fields > .... > When signing a request that contains a fingerprint of keying material > in SDP for DTLS-SRTP [RFC5763], this mechanism always provides a > signature over that fingerprint. This signature prevents certain > classes of impersonation attacks in which an attacker forwards or > cut-and-pastes a legitimate request. Although the target of the > attack may accept the request, the attacker will be unable to > exchange media with the target, as they will not possess a key > corresponding to the fingerprint. For example, there are some > baiting attacks, launched with the REFER method or through social > engineering, where the attacker receives a request from the target > and reoriginates it to a third party. These might not be prevented > by only a signature over the From, To, and Date, but they could be > prevented by securing a fingerprint for DTLS-SRTP. While this is a > different form of impersonation than is commonly used for > robocalling, ultimately there is little purpose in establishing the > identity of the user that originated a SIP request if this assurance > is not coupled with a comparable assurance over the contents of the > subsequent media communication. This signature also reduces the > potential for active eavesdropping attacks against the SIP media. In > environments where DTLS-SRTP is unsupported, however, no field is > signed and no protections are provided. > > i- (with lawyer hat on) > Which one of these statements prevails? I assume it is the former as it is using normative language as "MUST" therefore "a=fingerprint" must be used when it is present. > > ii- (with technical hat on) > Wouldn't the attack vector mentioned in 12.1 be applicable for connection oriented media, e.g. a=fingerprint in SDP is used while establishing a MSRP session (and possibly for other cases) as well? > > Thanks, > Tolga > > _______________________________________________ > stir mailing list > stir@ietf.org > https://www.ietf.org/mailman/listinfo/stir
- [stir] RFC8224 / Use of a=fingerprint Asveren, Tolga
- Re: [stir] RFC8224 / Use of a=fingerprint Chris Wendt
- Re: [stir] RFC8224 / Use of a=fingerprint Asveren, Tolga
- Re: [stir] RFC8224 / Use of a=fingerprint Chris Wendt