IETF Logo Mail Archive

Re: [straw] Alissa Cooper's Discuss on draft-ietf-straw-b2bua-dtls-srtp-09: (with DISCUSS and COMMENT)

Alissa Cooper <alissa@cooperw.in> Wed, 09 December 2015 18:50 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: straw@ietfa.amsl.com
Delivered-To: straw@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 130301B2CF6 for <straw@ietfa.amsl.com>; Wed, 9 Dec 2015 10:50:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.802
X-Spam-Level:
X-Spam-Status: No, score=-0.802 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1bpRhpjoYUpl for <straw@ietfa.amsl.com>; Wed, 9 Dec 2015 10:50:52 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 461FC1B2D15 for <straw@ietf.org>; Wed, 9 Dec 2015 10:50:52 -0800 (PST)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 5C8DA213DB for <straw@ietf.org>; Wed, 9 Dec 2015 13:50:51 -0500 (EST)
Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Wed, 09 Dec 2015 13:50:51 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=0m1vrQMEwtiRdBXJCT8GAk8lS0M=; b=dkJl2L M8WG9KdzqV5zEuhgK+YOdtoM6Z6OtFI5mtcajSbfs1lItGBjeDBw77FSS5UIb+OW Ee6uCdgTPWcI5JzNel0UkHLf8f5QAYuFzxcOe8WFd/IRtUxp/SSASMe4ptGMNjIU QOUoez395DOSKTxBc0dihnG8kb924yyAudDtg=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=0m1vrQMEwtiRdBX JCT8GAk8lS0M=; b=l36DoGU/qzXVBr91IpFgpb/WlCGcHjbXiM8VvJlfUJ1Mx5/ elG0R4yr8V+MqbcTxCbu9RR1VtTIFnm++ooc1n0b4KrzqmW0T4gN45LvQi1czrAR tvpSTFRKt5YqDEHOBm3dYsBAMcgzE/Ex1cUxNFcV/gF8guOTYC8u78z+DePA=
X-Sasl-enc: ZkgkA/BzSfWwLGKMwFmA/9UarFpxMcno2VLGe7ET1LH3 1449687051
Received: from dhcp-171-68-20-179.cisco.com (dhcp-171-68-20-179.cisco.com [171.68.20.179]) by mail.messagingengine.com (Postfix) with ESMTPA id 7033EC016D5; Wed, 9 Dec 2015 13:50:50 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <DAE78890-C8B2-42DE-BCC3-A994CB9AF668@nostrum.com>
Date: Wed, 09 Dec 2015 10:50:49 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <1D498CDA-C8B6-4215-A718-7C5302B5CF2D@cooperw.in>
References: <20151201045818.23491.19134.idtracker@ietfa.amsl.com> <E63559A7-6A37-496C-AAD9-426AB697FD65@nostrum.com> <D2851411.4B35B%rmohanr@cisco.com> <DB9B999A-DAF0-440B-BDD4-445368AFFCE2@cooperw.in> <DAE78890-C8B2-42DE-BCC3-A994CB9AF668@nostrum.com>
To: Ben Campbell <ben@nostrum.com>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/straw/K_cR-B1gy_dYHfQrEncoW4PcRf0>
Cc: Ram Mohan R <rmohanr@cisco.com>, "draft-ietf-straw-b2bua-dtls-srtp@ietf.org" <draft-ietf-straw-b2bua-dtls-srtp@ietf.org>, "straw-chairs@ietf.org" <straw-chairs@ietf.org>, "straw@ietf.org" <straw@ietf.org>, IESG <iesg@ietf.org>, "christer.holmberg@ericsson.com" <christer.holmberg@ericsson.com>
Subject: Re: [straw] Alissa Cooper's Discuss on draft-ietf-straw-b2bua-dtls-srtp-09: (with DISCUSS and COMMENT)
X-BeenThere: straw@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Sip Traversal Required for Applications to Work \(STRAW\) working group discussion list" <straw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/straw>, <mailto:straw-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/straw/>
List-Post: <mailto:straw@ietf.org>
List-Help: <mailto:straw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/straw>, <mailto:straw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Dec 2015 18:50:54 -0000

> On Dec 3, 2015, at 1:12 PM, Ben Campbell <ben@nostrum.com> wrote:
> 
> On 2 Dec 2015, at 23:17, Alissa Cooper wrote:
> 
>> Could you articulate the reasons why someone would build a B2BUA that
>>>>> follows the recommendations in this draft?
>> 
>> 
>>> 
>>> B2BUAs used in deployments like the above mentioned scenarios can use the
>>> recommendations in this draft.
>> 
>> 
>> Ok. What I am still missing is why this draft needs to be published to make that happen. This is the type of SBC to which the Section 3.1.1 guidance is directed. How does the behavior of existing media-latching SBCs differ from what 3.1.1 tells them to do? And if this type of SBC implementation is the key target audience, doesn’t that make the 3.1.2 guidance essentially no-ops?
> 
> Authors:
> 
> After discussion on today's telechats, and some side discussions with Alissa, I believe this question is the lynch-pin for making any progress. I advise people to work this out first before worrying about the rest of the discussion: Can we articulate how we expect this draft will change implementer and/or operator behavior?
> 
> Obviously B2BUAs that exist for reasons that require modification of RTP/RTCP, or cleartext access to the encrypted bits of SRTP are not going to conform, and are therefore out of scope. The draft doesn't seem to concern itself with b2buas that are not in the media path at all. (Maybe it should, since there are plenty of purely signaling-plane ways to break dtls-srtp?).
> 
> That leaves the question of b2buas in the media path that do not require modification or cleartext access to protected bits in srtp--effectively media-relays as described in 3.1.1 Do we believe people do not know how to build or use such devices without breaking dtls-srtp? Are people aware of such devices that break dtls-srtp when they don't need to? Perhaps by misconfiguration, or because they use SBCs designed for more invasive use cases?

As Ben says, I think this draft would add value if it could articulate the problem statement, including the kinds of B2BUAs that cause the problem, and then articulate a solution that those kinds of B2BUAs have a reasonable chance of implementing given what they are otherwise designed to do.

Alissa

> 
> Thanks!
> 
> Ben.

v2.23.0 | Report a Bug | By Email