IETF Logo Mail Archive

Re: [stir] RFC8224 / Use of a=fingerprint

Chris Wendt <chris-ietf@chriswendt.net> Tue, 27 March 2018 00:00 UTC

Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FDED120726 for <stir@ietfa.amsl.com>; Mon, 26 Mar 2018 17:00:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RjRl5N08byda for <stir@ietfa.amsl.com>; Mon, 26 Mar 2018 16:59:57 -0700 (PDT)
Received: from mail-qk0-x22b.google.com (mail-qk0-x22b.google.com [IPv6:2607:f8b0:400d:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81AC912895E for <stir@ietf.org>; Mon, 26 Mar 2018 16:59:57 -0700 (PDT)
Received: by mail-qk0-x22b.google.com with SMTP id o184so22076316qkd.13 for <stir@ietf.org>; Mon, 26 Mar 2018 16:59:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=znkVg9D3nWeCXSN3tVg2EPOeLrBykj+jRvinQVK/k8M=; b=gkW/hHWUnP8+ScoqiKjewyU/mgiUe67GVOBbJTH0CO2jCWzSq9xB3+i1vqo4TOtY60 VJ1yrlVIRCrXNVbwPVgpBiyMUAvNYvX8X0J30hZqT9NsP4vOYHOG5/9mdFsUA6DVenb1 Fo6B8JimL5EATE6Vb3deJNJzkm2RpCFZIL8SDiY2zviyivFla4wqpCp0GNwQ07NMNE+G C41OCK1zoqpxRdxz3yiyr/MPFm8FYeZJmrkcypBt6VHwhjvBHudR5I6bW11OW/jlcd/g 6+YFxmZxunD2lvajXG5CYUoup0PduZ5s3tuD6yAtrV774P33hojvxxhXeJ3tReZKAgV7 SMiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=znkVg9D3nWeCXSN3tVg2EPOeLrBykj+jRvinQVK/k8M=; b=uV5VEakWKQ8UO9eZER/PGJHC3xd3HQruGsFaYYKIKygRoewz+yKWIexJqyj8OzjyGt +f5CY6Gi0H+PMK3zZX59mGctLHY6W2cFvZn16icDzQNM/yWSSEGQzWcjmU5IbLX0lD23 HBudt9GFWvQU4KRG7LULCOJxkPBjSA0rNMe3BtF7IyguZEaMW96swJiaP6iN5MFPZIV8 jBsDq5AEnSzu75H+j33v95SpJ1Kv9dxEUVbUbWZ/ig+E0DtrYMh6yMQT1dvy4B3AIiqd decBn4gTCekiyrGrFusuqFs/JuD8TyyGWihaOV4tFDtdwe7NVQYB/kdkxj3j5YAJEA5O EP3g==
X-Gm-Message-State: AElRT7E+0AoBTRIiZ1UzY5CaaCA53HMj042tV2mrbVeeegbNj1nz2iEm Y0uvJYaBuxW83Pf8s6t5j5hOZg==
X-Google-Smtp-Source: AG47ELv/DabX5vOQaMLf0E8Ffd4wmLWGEP9JZAYNgJ2010lZJCM5v+LQtE/hiXo/HC0mQ4GuKrnbjA==
X-Received: by 10.55.169.207 with SMTP id s198mr56100385qke.96.1522108796651; Mon, 26 Mar 2018 16:59:56 -0700 (PDT)
Received: from [172.31.99.30] (96-83-244-75-static.hfc.comcastbusiness.net. [96.83.244.75]) by smtp.gmail.com with ESMTPSA id m31sm11200961qtd.95.2018.03.26.16.59.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Mar 2018 16:59:55 -0700 (PDT)
From: Chris Wendt <chris-ietf@chriswendt.net>
Message-Id: <8A3D65E3-9C98-4013-AB60-02E8F4B025C5@chriswendt.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_03E3987D-28C4-40C9-91BE-0DD9FA86712A"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Date: Mon, 26 Mar 2018 19:59:54 -0400
In-Reply-To: <CY4PR03MB316004D9C8DC50D82D8DC730A5AD0@CY4PR03MB3160.namprd03.prod.outlook.com>
Cc: "stir@ietf.org" <stir@ietf.org>, "jon.peterson@neustar.biz" <jon.peterson@neustar.biz>
To: "Asveren, Tolga" <tasveren@rbbn.com>
References: <CY4PR03MB31607CC7753000B808381EECA5A90@CY4PR03MB3160.namprd03.prod.outlook.com> <A3AE3A69-2999-4F85-ACF2-4D5C15EE0A9D@chriswendt.net> <CY4PR03MB316004D9C8DC50D82D8DC730A5AD0@CY4PR03MB3160.namprd03.prod.outlook.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/QqNQUq9Cn_tWFM7qa4XFJwjDpfU>
Subject: Re: [stir] RFC8224 / Use of a=fingerprint
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2018 00:00:00 -0000

I stand corrected.

Thanks for pointing that out.  It references RFC4474 in that section which RFC8224 replaces, but seems to be to be fairly compatible with the intent of support of fingerprint in RFC8224/8225, although procedures are different of course.


> On Mar 25, 2018, at 11:52 PM, Asveren, Tolga <tasveren@rbbn.com> wrote:
> 
> Could you elaborate more why it is not applicable? Use of a=fingerprint for MSRP is possible per RFCRFC4975:
>  
> 14.4.  Using TLS in Peer-to-Peer Mode
>  
>    TLS can be used with a self-signed certificate as long as there is a
>    mechanism for both sides to ascertain that the other side used the
>    correct certificate.  When used with SDP and SIP, the correct
>    certificate can be verified by passing a fingerprint of the
>    certificate in the SDP and ensuring that the SDP has suitable
>    integrity protection.  When SIP is used to transport the SDP, the
>    integrity can be provided by the SIP Identity mechanism [17].  The
>    rest of this section describes the details of this approach.
>  
> Thanks,
> Tolga
>  
> From: Chris Wendt <chris-ietf@chriswendt.net <mailto:chris-ietf@chriswendt.net>> 
> Sent: Sunday, March 25, 2018 10:26 PM
> To: Asveren, Tolga <tasveren@rbbn.com <mailto:tasveren@rbbn.com>>
> Cc: stir@ietf.org <mailto:stir@ietf.org>; jon.peterson@neustar.biz <mailto:jon.peterson@neustar.biz>
> Subject: Re: [stir] RFC8224 / Use of a=fingerprint
>  
> NOTICE: This email was received from an EXTERNAL sender
> 
> MSRP is tcp/tls so doesn’t apply to intended the use of a=fingerprint/mky
> 
> > On Mar 22, 2018, at 8:14 AM, Asveren, Tolga <tasveren@rbbn.com <mailto:tasveren@rbbn.com>> wrote:
> > 
> > A few doubts regarding use of a=fingerprint for RFC8224:
> > 
> > 4.1. PASSporT Construction
> > ....
> > 
> > o Fourth, if the request contains a Session Description Protocol
> > (SDP) message body and if that SDP contains one or more
> > "a=fingerprint" attributes, then the JSON key "mky" MUST appear
> > with the algorithm(s) and value(s) of the fingerprint attributes
> > (if they differ), following the format given in [RFC8225],
> > Section 5.2.2.
> > 
> > 
> > 12.1. Protected Request Fields
> > ....
> > When signing a request that contains a fingerprint of keying material
> > in SDP for DTLS-SRTP [RFC5763], this mechanism always provides a
> > signature over that fingerprint. This signature prevents certain
> > classes of impersonation attacks in which an attacker forwards or
> > cut-and-pastes a legitimate request. Although the target of the
> > attack may accept the request, the attacker will be unable to
> > exchange media with the target, as they will not possess a key
> > corresponding to the fingerprint. For example, there are some
> > baiting attacks, launched with the REFER method or through social
> > engineering, where the attacker receives a request from the target
> > and reoriginates it to a third party. These might not be prevented
> > by only a signature over the From, To, and Date, but they could be
> > prevented by securing a fingerprint for DTLS-SRTP. While this is a
> > different form of impersonation than is commonly used for
> > robocalling, ultimately there is little purpose in establishing the
> > identity of the user that originated a SIP request if this assurance
> > is not coupled with a comparable assurance over the contents of the
> > subsequent media communication. This signature also reduces the
> > potential for active eavesdropping attacks against the SIP media. In
> > environments where DTLS-SRTP is unsupported, however, no field is
> > signed and no protections are provided.
> > 
> > i- (with lawyer hat on)
> > Which one of these statements prevails? I assume it is the former as it is using normative language as "MUST" therefore "a=fingerprint" must be used when it is present.
> > 
> > ii- (with technical hat on)
> > Wouldn't the attack vector mentioned in 12.1 be applicable for connection oriented media, e.g. a=fingerprint in SDP is used while establishing a MSRP session (and possibly for other cases) as well?
> > 
> > Thanks,
> > Tolga
> > 
> > _______________________________________________
> > stir mailing list
> > stir@ietf.org <mailto:stir@ietf.org>
> > https://www.ietf.org/mailman/listinfo/stir <https://www.ietf.org/mailman/listinfo/stir>

v2.23.0 | Report a Bug | By Email