IETF Logo Mail Archive

[straw] B2BUA handling in DTLS-SRTP [was RE: IETF#90: Draft STRAW minutes]

"Parthasarathi R" <partha@parthasarathi.co.in> Wed, 30 July 2014 01:34 UTC

Return-Path: <partha@parthasarathi.co.in>
X-Original-To: straw@ietfa.amsl.com
Delivered-To: straw@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A7971A04B8 for <straw@ietfa.amsl.com>; Tue, 29 Jul 2014 18:34:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id riuw0mss60bc for <straw@ietfa.amsl.com>; Tue, 29 Jul 2014 18:34:17 -0700 (PDT)
Received: from outbound.mailhostbox.com (outbound.mailhostbox.com [162.222.225.15]) by ietfa.amsl.com (Postfix) with ESMTP id 4415B1B2A3D for <straw@ietf.org>; Tue, 29 Jul 2014 18:34:16 -0700 (PDT)
Received: from userPC (unknown [122.166.176.65]) (Authenticated sender: partha@parthasarathi.co.in) by outbound.mailhostbox.com (Postfix) with ESMTPA id AD9B8190811A; Wed, 30 Jul 2014 01:34:11 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parthasarathi.co.in; s=20120823; t=1406684058; bh=Uti2GhLvSsU3bZKepIDXdpjaDI/nze6N0oEN2g8N6eA=; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID: MIME-Version:Content-Type; b=eDOHj/lfyuHO9eDriFZR9VuaWCxzC8MaJMdnSsrHlcMF4ExGUT7wDBxYs2FjGl/E0 DzOyUszS/KfQvposFcnixbz9wl/Xo/0Lur7QAawFa/7B1PuMsdDKKG9VxrgqN+UdDq 9FJH16DfL3j+fc5u0Q+rJbvPSMYbDUTMbbOh/ixA=
From: Parthasarathi R <partha@parthasarathi.co.in>
To: 'Christer Holmberg' <christer.holmberg@ericsson.com>, straw@ietf.org
References: <7594FB04B1934943A5C02806D1A2204B1D3D5B73@ESESSMB209.ericsson.se>
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B1D3D5B73@ESESSMB209.ericsson.se>
Date: Wed, 30 Jul 2014 07:04:05 +0530
Message-ID: <015701cfab96$5eb380a0$1c1a81e0$@co.in>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0158_01CFABC4.786BBCA0"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac+o3OeZtAp1AN04RPy8c9sDjIscAACtF/nQ
Content-Language: en-us
X-CTCH-RefID: str=0001.0A020206.53D84B98.005C, ss=2, re=0.000, recu=0.000, reip=0.000, cl=2, cld=1, fgs=64
X-CTCH-VOD: Unknown
X-CTCH-Spam: Suspect
X-CTCH-Score: 0.000
X-CTCH-Rules:
X-CTCH-Flags: 64
X-CTCH-ScoreCust: 0.000
X-CTCH-SenderID: partha@parthasarathi.co.in
X-CTCH-SenderID-TotalMessages: 1
X-CTCH-SenderID-TotalSpam: 0
X-CTCH-SenderID-TotalSuspected: 0
X-CTCH-SenderID-TotalBulk: 0
X-CTCH-SenderID-TotalConfirmed: 0
X-CTCH-SenderID-TotalRecipients: 0
X-CTCH-SenderID-TotalVirus: 0
X-CTCH-SenderID-BlueWhiteFlag: 0
X-Scanned-By: MIMEDefang 2.72 on 172.18.214.92
Archived-At: http://mailarchive.ietf.org/arch/msg/straw/6VF8UIjJjofYyRLc_vVOPJkpvMo
Cc: 'Richard Barnes' <rlb@ipv.sx>, 'Sean Turner' <TurnerS@ieca.com>, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
Subject: [straw] B2BUA handling in DTLS-SRTP [was RE: IETF#90: Draft STRAW minutes]
X-BeenThere: straw@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Sip Traversal Required for Applications to Work \(STRAW\) working group discussion list" <straw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/straw>, <mailto:straw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/straw/>
List-Post: <mailto:straw@ietf.org>
List-Help: <mailto:straw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/straw>, <mailto:straw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2014 01:34:28 -0000

Hi all,

 

I have different view than the security folks look at this draft. This draft
intention is not to violate RFC 2804. In case this draft is not
standardized, all B2BUA handling DTLS-SRTP will end up in violating RFC 2804
due to the lack of guidelines/standards to follow. Please look into this
draft from SIP recording architecture in B2BUA (Fig 1 of RFC 7245) usage
perspective wherein the senders/receiver is informed about the call
recording (like call centre usage scenario) and no RFC 2804 violation.

 

In IETF-90 meeting, the security concerns are raised about this draft usage.
It will be good to document as part of this document if it is really
security issue. I'm not seeing any major security concerns as B2BUA is yet
another UA. Please let me know the list of security concern specific to
B2BUA in DTLS-SRTP.

 

In reality, B2BUA terminating DTLS-SRTP is not avoidable because of the
different codec profile between the deployed SIP UAs. Say SIPoWS in browser
(WebRTC endpoint/SIP UA) uses Opus/G711/VP8 as a codec as of today and SIP
Mobile devices uses AMR/AMR-WB/H.264. There is a compulsion to terminate the
media in the middle as there is no solution exists in IETF for the same. The
lack of standard leads to proprietary session border controller (SBC)
solutions which breaks other SIP enhancements as well.

 

Thanks

Partha

 

From: straw [mailto:straw-bounces@ietf.org] On Behalf Of Christer Holmberg
Sent: Saturday, July 26, 2014 7:54 PM
To: straw@ietf.org
Cc: Richard Barnes (rlb@ipv.sx); Sean Turner; Stephen Farrell
Subject: [straw] IETF#90: Draft STRAW minutes

 

(Co-chair)

 

Hi,

 

Below are the STRAW minutes that the chairs intend to upload.

 

However, before we do that, we would like to ask the community to take a
look at least at the notes associated with the DTLS-SRTP presentation, as it
caused lots of discussion.

 

Note that the minutes do not contain who-said-what information (that can be
found elsewhere), but if you think there are some important things missing,
or if you think something is wrong, please let the chairs now.

 

Thanks!

 

Regards,

 

Christer & Victor

 

-------------------

 

IETF 90 - STRAW

1150-1320 EDT    Friday Afternoon Session I

 

 

Topic:     Agenda bashing, IETF Note Well and WG status

Presenter: Christer Holmberg (co-chair)

Slides:
http://www.ietf.org/proceedings/90/slides/slides-90-straw-0.pdf

Draft:     N/A

 

 

No issues were identified.

 

 

 

Topic:     Guidelines to support RTCP in B2BUAs

Presenter: Lorenzo Miniero

Slides:
http://www.ietf.org/proceedings/90/slides/slides-90-straw-1.pdf 

Draft:     draft-ietf-straw-b2bua-rtcp 

 

 

It was indicated that XR needs to be looked into, to see whether something
needs to be covered in the draft.

 

It was indicated that the terminology will be aligned with the
grouping-taxonomy draft. In case there are conflicts, or other issues are
found, the STRAW community is requested to provide comments on the
grouping-taxonomy draft.

 

It was requested whether the draft should also cover RTP specific issues. It
was indicated that the scope of the RTCP, and that we should be very careful
about introducing RTP issues. It was recommended to talk to Colin Perkins
whether he has any opinions regarding the need to cover RTP.

 

I was asked how the document will relate to the work on multisource
optimisation taking place in AVTEXT.

 

It was indicated that the text recommending man in the middle functionality
for SRTP most likely will cause issues with IESG. After the DTLS-SRTP
discussion (see further down) it was suggested that the RTCP draft should
not talk about SRTP.

 

 

 

Topic:     Taxonomy Discussion

Presenter: Lorenzo Miniero

Slides:
http://www.ietf.org/proceedings/90/slides/slides-90-straw-2.pdf 

Draft:     All STRAW deliveries 

 

 

It was agreed the STRAW shall use the terms in the avtext-grouping-taxonomy
document in preference to definitions elsewhere is they are appropriate,
with a note indicating any differences in other documents that may influence
understanding.

 

 

 

Topic:     STUN handling in B2BUAs

Presenter: Lorenzo Miniero (on behalf of the draft authors)

Slides:
http://www.ietf.org/proceedings/90/slides/slides-90-straw-3.pdf 

Draft:     draft-ram-straw-b2bua-stun 

 

 

It was indicated that B2BUA, due to policy reasons, may strip candidates
from SDP.

 

It was indicated that B2BUAs must be very careful to not perform actions
that will cause ICE mismatch.

 

The chair informed the community that a WG adoption request will be sent out
within the upcoming weeks.

 

It was indicated that the group needs to follow the ICE bis work taking
place in MMUSIC, in case there will be any impacts on the STRAW draft.

 

 

 

Topic:     DTLS-SRTP handling in B2BUAs

Presenter: Lorenzo Miniero (on behalf of the draft authors)

Slides:
http://www.ietf.org/proceedings/90/slides/slides-90-straw-4.pdf 

Draft:     draft-ram-straw-b2bua-dtls-srtp 

 

 

The presentation triggered lots of discussions and controversy, as it was
seen as an attempt to standardize MITM (man in the middle procedures). While
people did realize such actions take place in deployments, they claimed that
IETF/STRAW should not standardize such procedures. It was also indicated
that it goes against a number of BCP specifications, and RFC 2804. Others
indicated that the purpose is to make sure that entities doing this kind of
functionality do it in a way which does not cause interoperability problems,
which could cause people to not use security to begin with.

 

It was indicated that one possible way forward could be to simply document,
in an informal delivery, how different vendors do things in the network, but
in such case the vendors should also be listed in the document.

 

Before the draft is adopted as a WG item, further discussions need to take
place. The ADs will help with finding the correct people (security, IESG,
etc) to involve in such discussions. The chair indicated that the draft
implements a charter delivery, but that one possible outcome will be to
remove/re-scope the charter delivery.

v2.23.0 | Report a Bug | By Email