Re: [straw] B2BUA handling in DTLS-SRTP [was RE: IETF#90: Draft STRAW minutes]
Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com> Wed, 30 July 2014 09:50 UTC
Return-Path: <sergio.garcia.murillo@gmail.com>
X-Original-To: straw@ietfa.amsl.com
Delivered-To: straw@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 747151B2A83 for <straw@ietfa.amsl.com>; Wed, 30 Jul 2014 02:50:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nGNOXDZXSsb7 for <straw@ietfa.amsl.com>; Wed, 30 Jul 2014 02:50:11 -0700 (PDT)
Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com [IPv6:2a00:1450:400c:c05::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF5631B2A3C for <straw@ietf.org>; Wed, 30 Jul 2014 02:50:10 -0700 (PDT)
Received: by mail-wi0-f175.google.com with SMTP id ho1so7165266wib.14 for <straw@ietf.org>; Wed, 30 Jul 2014 02:50:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=KW/WQ0mdMvdHmK6OGGNmgviKUZexgSUIzIs9irL4kZU=; b=nb1pbfCIcYHQkp6zyDWqgU4mTzyi2oApBgshOPzGiei1zXBV0BD/+TfNpHqwyB/DnY GNKyNI6dwJxcxiR4emNlw8PtMHo7c+yXbB1qJhRglnOD+duQqEsiijh56jInMFO2Geop t0sl4DpmFvcUFnNaCud/eCpO3K8LF8XRLBveHVTiS37oJ30IgaWEmlv3yVPGKmnZk84H 2zrFwI5kTs/J1qmWMoPyAULyv9GtpmoO68QaBh4atvrQ2AT8jJoMb82Tol9oi0MAAk+0 O8laVkcJIbGCj78jxUe+L2t0pyD6UPMRcRevgWjkahCvq/nt+waj/hGe+8al1j9t0LZf oifQ==
X-Received: by 10.194.189.230 with SMTP id gl6mr4521336wjc.118.1406713807144; Wed, 30 Jul 2014 02:50:07 -0700 (PDT)
Received: from [192.168.1.37] (228.Red-88-9-161.dynamicIP.rima-tde.net. [88.9.161.228]) by mx.google.com with ESMTPSA id a4sm53489083wie.21.2014.07.30.02.50.05 for <straw@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 30 Jul 2014 02:50:06 -0700 (PDT)
Message-ID: <53D8BFD9.6010702@gmail.com>
Date: Wed, 30 Jul 2014 11:50:17 +0200
From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: straw@ietf.org
References: <7594FB04B1934943A5C02806D1A2204B1D3D5B73@ESESSMB209.ericsson.se> <015701cfab96$5eb380a0$1c1a81e0$@co.in> <53D8BC2D.6050408@cs.tcd.ie>
In-Reply-To: <53D8BC2D.6050408@cs.tcd.ie>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/straw/3FHi3eptG0fZzD6yM0U891_1fpc
Subject: Re: [straw] B2BUA handling in DTLS-SRTP [was RE: IETF#90: Draft STRAW minutes]
X-BeenThere: straw@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Sip Traversal Required for Applications to Work \(STRAW\) working group discussion list" <straw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/straw>, <mailto:straw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/straw/>
List-Post: <mailto:straw@ietf.org>
List-Help: <mailto:straw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/straw>, <mailto:straw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2014 09:50:13 -0000
The sole purpose of a B2BUA is to become and endpoint (well two
endpoints in fact) between two other endpoints:
Back-to-Back User Agent: A back-to-back user agent (B2BUA) is a
logical entity that receives a request and processes it as a
user agent server (UAS). In order to determine how the request
should be answered, it acts as a user agent client (UAC) and
generates requests.
Best regards
Sergio
On 30/07/2014 11:34, Stephen Farrell wrote:
> on vacation, back in a week
>
> terminating DTLS-SRTP is maybe fine but means being one of the
> endpoints intended to be involved in the TLS session. Doing a
> MITM on TLS is not at all fine.
>
> S.
>
> On 30/07/14 02:34, Parthasarathi R wrote:
>> Hi all,
>>
>>
>>
>> I have different view than the security folks look at this draft. This draft
>> intention is not to violate RFC 2804. In case this draft is not
>> standardized, all B2BUA handling DTLS-SRTP will end up in violating RFC 2804
>> due to the lack of guidelines/standards to follow. Please look into this
>> draft from SIP recording architecture in B2BUA (Fig 1 of RFC 7245) usage
>> perspective wherein the senders/receiver is informed about the call
>> recording (like call centre usage scenario) and no RFC 2804 violation.
>>
>>
>>
>> In IETF-90 meeting, the security concerns are raised about this draft usage.
>> It will be good to document as part of this document if it is really
>> security issue. I'm not seeing any major security concerns as B2BUA is yet
>> another UA. Please let me know the list of security concern specific to
>> B2BUA in DTLS-SRTP.
>>
>>
>>
>> In reality, B2BUA terminating DTLS-SRTP is not avoidable because of the
>> different codec profile between the deployed SIP UAs. Say SIPoWS in browser
>> (WebRTC endpoint/SIP UA) uses Opus/G711/VP8 as a codec as of today and SIP
>> Mobile devices uses AMR/AMR-WB/H.264. There is a compulsion to terminate the
>> media in the middle as there is no solution exists in IETF for the same. The
>> lack of standard leads to proprietary session border controller (SBC)
>> solutions which breaks other SIP enhancements as well.
>>
>>
>>
>> Thanks
>>
>> Partha
>>
>>
>>
>> From: straw [mailto:straw-bounces@ietf.org] On Behalf Of Christer Holmberg
>> Sent: Saturday, July 26, 2014 7:54 PM
>> To: straw@ietf.org
>> Cc: Richard Barnes (rlb@ipv.sx); Sean Turner; Stephen Farrell
>> Subject: [straw] IETF#90: Draft STRAW minutes
>>
>>
>>
>> (Co-chair)
>>
>>
>>
>> Hi,
>>
>>
>>
>> Below are the STRAW minutes that the chairs intend to upload.
>>
>>
>>
>> However, before we do that, we would like to ask the community to take a
>> look at least at the notes associated with the DTLS-SRTP presentation, as it
>> caused lots of discussion.
>>
>>
>>
>> Note that the minutes do not contain who-said-what information (that can be
>> found elsewhere), but if you think there are some important things missing,
>> or if you think something is wrong, please let the chairs now.
>>
>>
>>
>> Thanks!
>>
>>
>>
>> Regards,
>>
>>
>>
>> Christer & Victor
>>
>>
>>
>> -------------------
>>
>>
>>
>> IETF 90 - STRAW
>>
>> 1150-1320 EDT Friday Afternoon Session I
>>
>>
>>
>>
>>
>> Topic: Agenda bashing, IETF Note Well and WG status
>>
>> Presenter: Christer Holmberg (co-chair)
>>
>> Slides:
>> http://www.ietf.org/proceedings/90/slides/slides-90-straw-0.pdf
>>
>> Draft: N/A
>>
>>
>>
>>
>>
>> No issues were identified.
>>
>>
>>
>>
>>
>>
>>
>> Topic: Guidelines to support RTCP in B2BUAs
>>
>> Presenter: Lorenzo Miniero
>>
>> Slides:
>> http://www.ietf.org/proceedings/90/slides/slides-90-straw-1.pdf
>>
>> Draft: draft-ietf-straw-b2bua-rtcp
>>
>>
>>
>>
>>
>> It was indicated that XR needs to be looked into, to see whether something
>> needs to be covered in the draft.
>>
>>
>>
>> It was indicated that the terminology will be aligned with the
>> grouping-taxonomy draft. In case there are conflicts, or other issues are
>> found, the STRAW community is requested to provide comments on the
>> grouping-taxonomy draft.
>>
>>
>>
>> It was requested whether the draft should also cover RTP specific issues. It
>> was indicated that the scope of the RTCP, and that we should be very careful
>> about introducing RTP issues. It was recommended to talk to Colin Perkins
>> whether he has any opinions regarding the need to cover RTP.
>>
>>
>>
>> I was asked how the document will relate to the work on multisource
>> optimisation taking place in AVTEXT.
>>
>>
>>
>> It was indicated that the text recommending man in the middle functionality
>> for SRTP most likely will cause issues with IESG. After the DTLS-SRTP
>> discussion (see further down) it was suggested that the RTCP draft should
>> not talk about SRTP.
>>
>>
>>
>>
>>
>>
>>
>> Topic: Taxonomy Discussion
>>
>> Presenter: Lorenzo Miniero
>>
>> Slides:
>> http://www.ietf.org/proceedings/90/slides/slides-90-straw-2.pdf
>>
>> Draft: All STRAW deliveries
>>
>>
>>
>>
>>
>> It was agreed the STRAW shall use the terms in the avtext-grouping-taxonomy
>> document in preference to definitions elsewhere is they are appropriate,
>> with a note indicating any differences in other documents that may influence
>> understanding.
>>
>>
>>
>>
>>
>>
>>
>> Topic: STUN handling in B2BUAs
>>
>> Presenter: Lorenzo Miniero (on behalf of the draft authors)
>>
>> Slides:
>> http://www.ietf.org/proceedings/90/slides/slides-90-straw-3.pdf
>>
>> Draft: draft-ram-straw-b2bua-stun
>>
>>
>>
>>
>>
>> It was indicated that B2BUA, due to policy reasons, may strip candidates
>> from SDP.
>>
>>
>>
>> It was indicated that B2BUAs must be very careful to not perform actions
>> that will cause ICE mismatch.
>>
>>
>>
>> The chair informed the community that a WG adoption request will be sent out
>> within the upcoming weeks.
>>
>>
>>
>> It was indicated that the group needs to follow the ICE bis work taking
>> place in MMUSIC, in case there will be any impacts on the STRAW draft.
>>
>>
>>
>>
>>
>>
>>
>> Topic: DTLS-SRTP handling in B2BUAs
>>
>> Presenter: Lorenzo Miniero (on behalf of the draft authors)
>>
>> Slides:
>> http://www.ietf.org/proceedings/90/slides/slides-90-straw-4.pdf
>>
>> Draft: draft-ram-straw-b2bua-dtls-srtp
>>
>>
>>
>>
>>
>> The presentation triggered lots of discussions and controversy, as it was
>> seen as an attempt to standardize MITM (man in the middle procedures). While
>> people did realize such actions take place in deployments, they claimed that
>> IETF/STRAW should not standardize such procedures. It was also indicated
>> that it goes against a number of BCP specifications, and RFC 2804. Others
>> indicated that the purpose is to make sure that entities doing this kind of
>> functionality do it in a way which does not cause interoperability problems,
>> which could cause people to not use security to begin with.
>>
>>
>>
>> It was indicated that one possible way forward could be to simply document,
>> in an informal delivery, how different vendors do things in the network, but
>> in such case the vendors should also be listed in the document.
>>
>>
>>
>> Before the draft is adopted as a WG item, further discussions need to take
>> place. The ADs will help with finding the correct people (security, IESG,
>> etc) to involve in such discussions. The chair indicated that the draft
>> implements a charter delivery, but that one possible outcome will be to
>> remove/re-scope the charter delivery.
>>
>>
>>
>>
>>
>>
> _______________________________________________
> straw mailing list
> straw@ietf.org
> https://www.ietf.org/mailman/listinfo/straw
- [straw] IETF#90: Draft STRAW minutes Christer Holmberg
- [straw] B2BUA handling in DTLS-SRTP [was RE: IETF… Parthasarathi R
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Stephen Farrell
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Sergio Garcia Murillo
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Christer Holmberg
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Parthasarathi R
- Re: [straw] IETF#90: Draft STRAW minutes Parthasarathi R
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Parthasarathi R
- Re: [straw] IETF#90: Draft STRAW minutes Mary Barnes
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Parthasarathi R
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Christer Holmberg
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Lorenzo Miniero
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Christer Holmberg
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Parthasarathi R
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Lorenzo Miniero
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Stephen Farrell
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Lorenzo Miniero