IETF Logo Mail Archive

Re: [stir] RFC8224 / Use of a=fingerprint

"Asveren, Tolga" <tasveren@rbbn.com> Mon, 26 March 2018 03:52 UTC

Return-Path: <tasveren@rbbn.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB362120727 for <stir@ietfa.amsl.com>; Sun, 25 Mar 2018 20:52:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.49
X-Spam-Level:
X-Spam-Status: No, score=-2.49 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=sonusnetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9VN2FcMh8fZz for <stir@ietfa.amsl.com>; Sun, 25 Mar 2018 20:52:55 -0700 (PDT)
Received: from us-smtp-delivery-181.mimecast.com (us-smtp-delivery-181.mimecast.com [216.205.24.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D59D21200A0 for <stir@ietf.org>; Sun, 25 Mar 2018 20:52:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=SonusNetworks.onmicrosoft.com; s=selector1-rbbn-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=fM9TkfWCc8/ak/hwPEisA1j219bMLQxEU1wOdzXYU1I=; b=lxI9tgqKBGrp3BEfGkjcdSe8LH5qJR4BeQpcQUojECBJQCnDsrw9lKOGHP2seAyBQ9uMgDSej7pviz7ltlbRmV0qoiCCZUk1lU1Vh3EvqRPD6CoyjPPG7EuYeei/IsNhyjdlpn8Dd9Uv00Qggp7p0OSqSS9rBIWlnvzBS/aKTDw=
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02lp0083.outbound.protection.outlook.com [207.46.163.83]) (Using TLS) by us-smtp-1.mimecast.com with ESMTP id us-mta-239-hiu6oiAFM7u-lUPfwzcqsg-1; Sun, 25 Mar 2018 23:52:52 -0400
Received: from CY4PR03MB3160.namprd03.prod.outlook.com (10.171.245.165) by CY4SPR00MB2510.namprd03.prod.outlook.com (10.175.82.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.609.12; Mon, 26 Mar 2018 03:52:50 +0000
Received: from CY4PR03MB3160.namprd03.prod.outlook.com ([fe80::d8f0:24ac:4222:be23]) by CY4PR03MB3160.namprd03.prod.outlook.com ([fe80::d8f0:24ac:4222:be23%13]) with mapi id 15.20.0609.012; Mon, 26 Mar 2018 03:52:50 +0000
From: "Asveren, Tolga" <tasveren@rbbn.com>
To: Chris Wendt <chris-ietf@chriswendt.net>
CC: "stir@ietf.org" <stir@ietf.org>, "jon.peterson@neustar.biz" <jon.peterson@neustar.biz>
Thread-Topic: [stir] RFC8224 / Use of a=fingerprint
Thread-Index: AdPB1mxgabmHnDCQRziVwwwAjrynywC02EcAAALue6A=
Date: Mon, 26 Mar 2018 03:52:50 +0000
Message-ID: <CY4PR03MB316004D9C8DC50D82D8DC730A5AD0@CY4PR03MB3160.namprd03.prod.outlook.com>
References: <CY4PR03MB31607CC7753000B808381EECA5A90@CY4PR03MB3160.namprd03.prod.outlook.com> <A3AE3A69-2999-4F85-ACF2-4D5C15EE0A9D@chriswendt.net>
In-Reply-To: <A3AE3A69-2999-4F85-ACF2-4D5C15EE0A9D@chriswendt.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [73.29.251.142]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4SPR00MB2510; 7:M5bQOXM2qrqj9UpeV0w57ep2NeiC+ac0rNHNuf/ouiv52Kt4SX24QgvQ9DJnnY20nx41313sO2tnthkNQH6HylZElqJs3uvS5Anwwk0niFpswIw9hjyZBMo11nclFL+dL6RsGVrxdVsA810iayRQeHdvXROSSVqmxNP3Oqe6/CEjnZ5WDm3W/RESQxqiA5YB9hpnudDQQdweVd9OHzOZucqZbIOWWbAsacDZZ8omLCgT+8a5lLHy7RM/g33cMuTH; 20:AsiLwIK/2tKB8EM1s+6G70QO5R2Q4UAjnH1Pnb55Na/HutMyBEXLF+sJXA7vJRtO6fEVEqCTwbtwLW71XnOwlmSrMAm1ykttpAUops/oCY52mLtd6lQN1iKc025aEtJwsgckk5X8FYlKykTYXUGGjtdSNmsZA8+zD+Z55j1cQ8I=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 44111a0b-02e9-40f9-8af9-08d592cd0b90
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:CY4SPR00MB2510;
x-ms-traffictypediagnostic: CY4SPR00MB2510:
x-microsoft-antispam-prvs: <CY4SPR00MB25101B808D9DCD1A16625F1DA5AD0@CY4SPR00MB2510.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231221)(944501327)(52105095)(93006095)(93001095)(3002001)(10201501046)(6041310)(20161123562045)(20161123558120)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:CY4SPR00MB2510; BCL:0; PCL:0; RULEID:; SRVR:CY4SPR00MB2510;
x-forefront-prvs: 06237E4555
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39380400002)(346002)(396003)(39860400002)(376002)(366004)(189003)(199004)(54906003)(6436002)(2906002)(6916009)(106356001)(6246003)(478600001)(5250100002)(86362001)(74316002)(8936002)(7736002)(81156014)(8676002)(3846002)(790700001)(6116002)(68736007)(14454004)(81166006)(97736004)(53936002)(105586002)(5660300001)(966005)(7696005)(11346002)(316002)(3660700001)(25786009)(33656002)(3280700002)(186003)(76176011)(53546011)(6506007)(66066001)(4326008)(446003)(99286004)(2900100001)(59450400001)(236005)(102836004)(19609705001)(55016002)(606006)(9686003)(26005)(229853002)(6306002)(54896002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4SPR00MB2510; H:CY4PR03MB3160.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
x-microsoft-antispam-message-info: VDoYU2RPCgV9eMvOCGIt6GOSDwg9t+itjcKdsZ47/gys8dPIiAGiLnSFcSKwFu1KWdowpEVytOAzG2ae7T53ssxRkStsiSegQ3sm6dSjZ0G0kyf1LV1Pe2L89q6Vn2BZAnXlGZUR0mz0zKdDErwSwmk9AQ/W3NL9xwWNdTyt+TFryXsPPd60YoyrlRsLBS7RATvlqfVuYn8cVV2JSNAyJU/fPolT1va+qz6O0tPElY2a9f1o+TvcwtFx+fJxcZERAD66RxV/jyREG+E/T3IZ3MyQnCaa0WJLtdQIX9kScYJZqMTNmy7UGyflW68Jc3F++you6KZLA8/C8Dm9BByT7w==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
MIME-Version: 1.0
X-OriginatorOrg: rbbn.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 44111a0b-02e9-40f9-8af9-08d592cd0b90
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Mar 2018 03:52:50.1672 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 29a671dc-ed7e-4a54-b1e5-8da1eb495dc3
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4SPR00MB2510
X-MC-Unique: hiu6oiAFM7u-lUPfwzcqsg-1
Content-Type: multipart/alternative; boundary="_000_CY4PR03MB316004D9C8DC50D82D8DC730A5AD0CY4PR03MB3160namp_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/ND44ybUG4qVMG4iY4oLA7wnszcM>
Subject: Re: [stir] RFC8224 / Use of a=fingerprint
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Mar 2018 03:52:58 -0000

Could you elaborate more why it is not applicable? Use of a=fingerprint for MSRP is possible per RFCRFC4975:

14.4.  Using TLS in Peer-to-Peer Mode

   TLS can be used with a self-signed certificate as long as there is a
   mechanism for both sides to ascertain that the other side used the
   correct certificate.  When used with SDP and SIP, the correct
   certificate can be verified by passing a fingerprint of the
   certificate in the SDP and ensuring that the SDP has suitable
   integrity protection.  When SIP is used to transport the SDP, the
   integrity can be provided by the SIP Identity mechanism [17].  The
   rest of this section describes the details of this approach.

Thanks,
Tolga

From: Chris Wendt <chris-ietf@chriswendt.net>
Sent: Sunday, March 25, 2018 10:26 PM
To: Asveren, Tolga <tasveren@rbbn.com>
Cc: stir@ietf.org; jon.peterson@neustar.biz
Subject: Re: [stir] RFC8224 / Use of a=fingerprint

________________________________
NOTICE: This email was received from an EXTERNAL sender
________________________________

MSRP is tcp/tls so doesn’t apply to intended the use of a=fingerprint/mky

> On Mar 22, 2018, at 8:14 AM, Asveren, Tolga <tasveren@rbbn.com<mailto:tasveren@rbbn.com>> wrote:
>
> A few doubts regarding use of a=fingerprint for RFC8224:
>
> 4.1. PASSporT Construction
> ....
>
> o Fourth, if the request contains a Session Description Protocol
> (SDP) message body and if that SDP contains one or more
> "a=fingerprint" attributes, then the JSON key "mky" MUST appear
> with the algorithm(s) and value(s) of the fingerprint attributes
> (if they differ), following the format given in [RFC8225],
> Section 5.2.2.
>
>
> 12.1. Protected Request Fields
> ....
> When signing a request that contains a fingerprint of keying material
> in SDP for DTLS-SRTP [RFC5763], this mechanism always provides a
> signature over that fingerprint. This signature prevents certain
> classes of impersonation attacks in which an attacker forwards or
> cut-and-pastes a legitimate request. Although the target of the
> attack may accept the request, the attacker will be unable to
> exchange media with the target, as they will not possess a key
> corresponding to the fingerprint. For example, there are some
> baiting attacks, launched with the REFER method or through social
> engineering, where the attacker receives a request from the target
> and reoriginates it to a third party. These might not be prevented
> by only a signature over the From, To, and Date, but they could be
> prevented by securing a fingerprint for DTLS-SRTP. While this is a
> different form of impersonation than is commonly used for
> robocalling, ultimately there is little purpose in establishing the
> identity of the user that originated a SIP request if this assurance
> is not coupled with a comparable assurance over the contents of the
> subsequent media communication. This signature also reduces the
> potential for active eavesdropping attacks against the SIP media. In
> environments where DTLS-SRTP is unsupported, however, no field is
> signed and no protections are provided.
>
> i- (with lawyer hat on)
> Which one of these statements prevails? I assume it is the former as it is using normative language as "MUST" therefore "a=fingerprint" must be used when it is present.
>
> ii- (with technical hat on)
> Wouldn't the attack vector mentioned in 12.1 be applicable for connection oriented media, e.g. a=fingerprint in SDP is used while establishing a MSRP session (and possibly for other cases) as well?
>
> Thanks,
> Tolga
>
> _______________________________________________
> stir mailing list
> stir@ietf.org<mailto:stir@ietf.org>
> https://www.ietf.org/mailman/listinfo/stir

v2.23.0 | Report a Bug | By Email