Re: [straw] B2BUA handling in DTLS-SRTP [was RE: IETF#90: Draft STRAW minutes]
"Parthasarathi R" <partha@parthasarathi.co.in> Tue, 28 October 2014 23:28 UTC
Return-Path: <partha@parthasarathi.co.in>
X-Original-To: straw@ietfa.amsl.com
Delivered-To: straw@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFF7E1A03E1 for <straw@ietfa.amsl.com>; Tue, 28 Oct 2014 16:28:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.699
X-Spam-Level:
X-Spam-Status: No, score=0.699 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fLnrFal2w_pm for <straw@ietfa.amsl.com>; Tue, 28 Oct 2014 16:28:03 -0700 (PDT)
Received: from outbound.mailhostbox.com (outbound.mailhostbox.com [162.222.225.27]) by ietfa.amsl.com (Postfix) with ESMTP id 7CF5E1A1B64 for <straw@ietf.org>; Tue, 28 Oct 2014 16:28:00 -0700 (PDT)
Received: from userPC (unknown [122.167.202.51]) (Authenticated sender: partha@parthasarathi.co.in) by outbound.mailhostbox.com (Postfix) with ESMTPA id 1E40A3C0392; Tue, 28 Oct 2014 23:27:51 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parthasarathi.co.in; s=20120823; t=1414538879; bh=IgvI8XAMzbYtrW8BU2tOqK0uyDBQ67HLdm67IlGvHHk=; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID: MIME-Version:Content-Type:Content-Transfer-Encoding; b=NFf9yrWTJW+jHAqT6jEEhqvEzxgD9ze9s0piFRnRFdm+en9t60COU0+C/Aklyoutq 6kaKM1d8y9MfUIsaWVa2pH38V/B4LjKEbdOgSpPIDIikw82CrO08hWDKRp4gvLJjR5 18kWittUqIZXoQzfmvTIk6zSRLOCVw8d4ngKx1WI=
From: Parthasarathi R <partha@parthasarathi.co.in>
To: 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>, 'Christer Holmberg' <christer.holmberg@ericsson.com>, straw@ietf.org
References: <7594FB04B1934943A5C02806D1A2204B1D3D5B73@ESESSMB209.ericsson.se> <015701cfab96$5eb380a0$1c1a81e0$@co.in> <53D8BC2D.6050408@cs.tcd.ie>
In-Reply-To: <53D8BC2D.6050408@cs.tcd.ie>
Date: Wed, 29 Oct 2014 04:57:46 +0530
Message-ID: <01f701cff306$cdddeb20$6999c160$@co.in>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac+r2Yquq/a2YoMJTTCgDWFD28Q39BHLIW2w
Content-Language: en-us
X-CTCH-RefID: str=0001.0A020205.5450267F.00D4, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0
X-CTCH-VOD: Unknown
X-CTCH-Spam: Unknown
X-CTCH-Score: 0.000
X-CTCH-Rules: C_4847,
X-CTCH-Flags: 0
X-CTCH-ScoreCust: 0.000
X-CTCH-SenderID: partha@parthasarathi.co.in
X-CTCH-SenderID-TotalMessages: 1
X-CTCH-SenderID-TotalSpam: 0
X-CTCH-SenderID-TotalSuspected: 0
X-CTCH-SenderID-TotalBulk: 0
X-CTCH-SenderID-TotalConfirmed: 0
X-CTCH-SenderID-TotalRecipients: 0
X-CTCH-SenderID-TotalVirus: 0
X-CTCH-SenderID-BlueWhiteFlag: 0
X-Scanned-By: MIMEDefang 2.72 on 172.18.214.93
Archived-At: http://mailarchive.ietf.org/arch/msg/straw/LjNF5rfr7gL0h13B9JaFJQJkVXQ
Cc: 'Richard Barnes' <rlb@ipv.sx>, 'Sean Turner' <TurnerS@ieca.com>
Subject: Re: [straw] B2BUA handling in DTLS-SRTP [was RE: IETF#90: Draft STRAW minutes]
X-BeenThere: straw@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Sip Traversal Required for Applications to Work \(STRAW\) working group discussion list" <straw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/straw>, <mailto:straw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/straw/>
List-Post: <mailto:straw@ietf.org>
List-Help: <mailto:straw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/straw>, <mailto:straw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2014 23:28:11 -0000
Hi all, One of the way to address MITM issue in STRAW WG B2BUA handling of DTLS-SRTP milestone is to focus only on Media relay (Sec 3.1 of draft-ram-straw-b2bua-dtls-srtp-00) and removing "Media Aware or Media Termination" (Sec 3.2 of draft-ram-straw-b2bua-dtls-srtp-00). By this proposal, the scope of the work is to cover only end-to-end DTLS-SRTP through B2BUA. The media relay provides end-to-end security but there are challenges w.r.t NAT, forking, ICE, identity (RTCWeb IdP, RFC4474bis, etc.,) which shall be sorted out in this milestone. During IETF-90 and in the mailing alias, I haven't heard any concern for Media relay handling in B2BUA. please let me know your opinion on the same. Thanks Partha > -----Original Message----- > From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] > Sent: Wednesday, July 30, 2014 3:05 PM > To: Parthasarathi R; 'Christer Holmberg'; straw@ietf.org > Cc: 'Richard Barnes'; 'Sean Turner' > Subject: Re: B2BUA handling in DTLS-SRTP [was RE: [straw] IETF#90: > Draft STRAW minutes] > > > on vacation, back in a week > > terminating DTLS-SRTP is maybe fine but means being one of the > endpoints intended to be involved in the TLS session. Doing a > MITM on TLS is not at all fine. > > S. > > On 30/07/14 02:34, Parthasarathi R wrote: > > Hi all, > > > > > > > > I have different view than the security folks look at this draft. > This draft > > intention is not to violate RFC 2804. In case this draft is not > > standardized, all B2BUA handling DTLS-SRTP will end up in violating > RFC 2804 > > due to the lack of guidelines/standards to follow. Please look into > this > > draft from SIP recording architecture in B2BUA (Fig 1 of RFC 7245) > usage > > perspective wherein the senders/receiver is informed about the call > > recording (like call centre usage scenario) and no RFC 2804 > violation. > > > > > > > > In IETF-90 meeting, the security concerns are raised about this draft > usage. > > It will be good to document as part of this document if it is really > > security issue. I'm not seeing any major security concerns as B2BUA > is yet > > another UA. Please let me know the list of security concern specific > to > > B2BUA in DTLS-SRTP. > > > > > > > > In reality, B2BUA terminating DTLS-SRTP is not avoidable because of > the > > different codec profile between the deployed SIP UAs. Say SIPoWS in > browser > > (WebRTC endpoint/SIP UA) uses Opus/G711/VP8 as a codec as of today > and SIP > > Mobile devices uses AMR/AMR-WB/H.264. There is a compulsion to > terminate the > > media in the middle as there is no solution exists in IETF for the > same. The > > lack of standard leads to proprietary session border controller (SBC) > > solutions which breaks other SIP enhancements as well. > > > > > > > > Thanks > > > > Partha > > > > > > > > From: straw [mailto:straw-bounces@ietf.org] On Behalf Of Christer > Holmberg > > Sent: Saturday, July 26, 2014 7:54 PM > > To: straw@ietf.org > > Cc: Richard Barnes (rlb@ipv.sx); Sean Turner; Stephen Farrell > > Subject: [straw] IETF#90: Draft STRAW minutes > > > > > > > > (Co-chair) > > > > > > > > Hi, > > > > > > > > Below are the STRAW minutes that the chairs intend to upload. > > > > > > > > However, before we do that, we would like to ask the community to > take a > > look at least at the notes associated with the DTLS-SRTP > presentation, as it > > caused lots of discussion. > > > > > > > > Note that the minutes do not contain who-said-what information (that > can be > > found elsewhere), but if you think there are some important things > missing, > > or if you think something is wrong, please let the chairs now. > > > > > > > > Thanks! > > > > > > > > Regards, > > > > > > > > Christer & Victor > > > > > > > > ------------------- > > > > > > > > IETF 90 - STRAW > > > > 1150-1320 EDT Friday Afternoon Session I > > > > > > > > > > > > Topic: Agenda bashing, IETF Note Well and WG status > > > > Presenter: Christer Holmberg (co-chair) > > > > Slides: > > http://www.ietf.org/proceedings/90/slides/slides-90-straw-0.pdf > > > > Draft: N/A > > > > > > > > > > > > No issues were identified. > > > > > > > > > > > > > > > > Topic: Guidelines to support RTCP in B2BUAs > > > > Presenter: Lorenzo Miniero > > > > Slides: > > http://www.ietf.org/proceedings/90/slides/slides-90-straw-1.pdf > > > > Draft: draft-ietf-straw-b2bua-rtcp > > > > > > > > > > > > It was indicated that XR needs to be looked into, to see whether > something > > needs to be covered in the draft. > > > > > > > > It was indicated that the terminology will be aligned with the > > grouping-taxonomy draft. In case there are conflicts, or other issues > are > > found, the STRAW community is requested to provide comments on the > > grouping-taxonomy draft. > > > > > > > > It was requested whether the draft should also cover RTP specific > issues. It > > was indicated that the scope of the RTCP, and that we should be very > careful > > about introducing RTP issues. It was recommended to talk to Colin > Perkins > > whether he has any opinions regarding the need to cover RTP. > > > > > > > > I was asked how the document will relate to the work on multisource > > optimisation taking place in AVTEXT. > > > > > > > > It was indicated that the text recommending man in the middle > functionality > > for SRTP most likely will cause issues with IESG. After the DTLS-SRTP > > discussion (see further down) it was suggested that the RTCP draft > should > > not talk about SRTP. > > > > > > > > > > > > > > > > Topic: Taxonomy Discussion > > > > Presenter: Lorenzo Miniero > > > > Slides: > > http://www.ietf.org/proceedings/90/slides/slides-90-straw-2.pdf > > > > Draft: All STRAW deliveries > > > > > > > > > > > > It was agreed the STRAW shall use the terms in the avtext-grouping- > taxonomy > > document in preference to definitions elsewhere is they are > appropriate, > > with a note indicating any differences in other documents that may > influence > > understanding. > > > > > > > > > > > > > > > > Topic: STUN handling in B2BUAs > > > > Presenter: Lorenzo Miniero (on behalf of the draft authors) > > > > Slides: > > http://www.ietf.org/proceedings/90/slides/slides-90-straw-3.pdf > > > > Draft: draft-ram-straw-b2bua-stun > > > > > > > > > > > > It was indicated that B2BUA, due to policy reasons, may strip > candidates > > from SDP. > > > > > > > > It was indicated that B2BUAs must be very careful to not perform > actions > > that will cause ICE mismatch. > > > > > > > > The chair informed the community that a WG adoption request will be > sent out > > within the upcoming weeks. > > > > > > > > It was indicated that the group needs to follow the ICE bis work > taking > > place in MMUSIC, in case there will be any impacts on the STRAW > draft. > > > > > > > > > > > > > > > > Topic: DTLS-SRTP handling in B2BUAs > > > > Presenter: Lorenzo Miniero (on behalf of the draft authors) > > > > Slides: > > http://www.ietf.org/proceedings/90/slides/slides-90-straw-4.pdf > > > > Draft: draft-ram-straw-b2bua-dtls-srtp > > > > > > > > > > > > The presentation triggered lots of discussions and controversy, as it > was > > seen as an attempt to standardize MITM (man in the middle > procedures). While > > people did realize such actions take place in deployments, they > claimed that > > IETF/STRAW should not standardize such procedures. It was also > indicated > > that it goes against a number of BCP specifications, and RFC 2804. > Others > > indicated that the purpose is to make sure that entities doing this > kind of > > functionality do it in a way which does not cause interoperability > problems, > > which could cause people to not use security to begin with. > > > > > > > > It was indicated that one possible way forward could be to simply > document, > > in an informal delivery, how different vendors do things in the > network, but > > in such case the vendors should also be listed in the document. > > > > > > > > Before the draft is adopted as a WG item, further discussions need to > take > > place. The ADs will help with finding the correct people (security, > IESG, > > etc) to involve in such discussions. The chair indicated that the > draft > > implements a charter delivery, but that one possible outcome will be > to > > remove/re-scope the charter delivery. > > > > > > > > > > > >
- [straw] IETF#90: Draft STRAW minutes Christer Holmberg
- [straw] B2BUA handling in DTLS-SRTP [was RE: IETF… Parthasarathi R
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Stephen Farrell
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Sergio Garcia Murillo
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Christer Holmberg
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Parthasarathi R
- Re: [straw] IETF#90: Draft STRAW minutes Parthasarathi R
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Parthasarathi R
- Re: [straw] IETF#90: Draft STRAW minutes Mary Barnes
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Parthasarathi R
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Christer Holmberg
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Lorenzo Miniero
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Christer Holmberg
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Parthasarathi R
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Lorenzo Miniero
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Stephen Farrell
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Lorenzo Miniero