IETF Logo Mail Archive

Re: [straw] B2BUA handling in DTLS-SRTP [was RE: IETF#90: Draft STRAW minutes]

"Parthasarathi R" <partha@parthasarathi.co.in> Tue, 28 October 2014 23:28 UTC

Return-Path: <partha@parthasarathi.co.in>
X-Original-To: straw@ietfa.amsl.com
Delivered-To: straw@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFF7E1A03E1 for <straw@ietfa.amsl.com>; Tue, 28 Oct 2014 16:28:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.699
X-Spam-Level:
X-Spam-Status: No, score=0.699 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fLnrFal2w_pm for <straw@ietfa.amsl.com>; Tue, 28 Oct 2014 16:28:03 -0700 (PDT)
Received: from outbound.mailhostbox.com (outbound.mailhostbox.com [162.222.225.27]) by ietfa.amsl.com (Postfix) with ESMTP id 7CF5E1A1B64 for <straw@ietf.org>; Tue, 28 Oct 2014 16:28:00 -0700 (PDT)
Received: from userPC (unknown [122.167.202.51]) (Authenticated sender: partha@parthasarathi.co.in) by outbound.mailhostbox.com (Postfix) with ESMTPA id 1E40A3C0392; Tue, 28 Oct 2014 23:27:51 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parthasarathi.co.in; s=20120823; t=1414538879; bh=IgvI8XAMzbYtrW8BU2tOqK0uyDBQ67HLdm67IlGvHHk=; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID: MIME-Version:Content-Type:Content-Transfer-Encoding; b=NFf9yrWTJW+jHAqT6jEEhqvEzxgD9ze9s0piFRnRFdm+en9t60COU0+C/Aklyoutq 6kaKM1d8y9MfUIsaWVa2pH38V/B4LjKEbdOgSpPIDIikw82CrO08hWDKRp4gvLJjR5 18kWittUqIZXoQzfmvTIk6zSRLOCVw8d4ngKx1WI=
From: Parthasarathi R <partha@parthasarathi.co.in>
To: 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>, 'Christer Holmberg' <christer.holmberg@ericsson.com>, straw@ietf.org
References: <7594FB04B1934943A5C02806D1A2204B1D3D5B73@ESESSMB209.ericsson.se> <015701cfab96$5eb380a0$1c1a81e0$@co.in> <53D8BC2D.6050408@cs.tcd.ie>
In-Reply-To: <53D8BC2D.6050408@cs.tcd.ie>
Date: Wed, 29 Oct 2014 04:57:46 +0530
Message-ID: <01f701cff306$cdddeb20$6999c160$@co.in>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac+r2Yquq/a2YoMJTTCgDWFD28Q39BHLIW2w
Content-Language: en-us
X-CTCH-RefID: str=0001.0A020205.5450267F.00D4, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0
X-CTCH-VOD: Unknown
X-CTCH-Spam: Unknown
X-CTCH-Score: 0.000
X-CTCH-Rules: C_4847,
X-CTCH-Flags: 0
X-CTCH-ScoreCust: 0.000
X-CTCH-SenderID: partha@parthasarathi.co.in
X-CTCH-SenderID-TotalMessages: 1
X-CTCH-SenderID-TotalSpam: 0
X-CTCH-SenderID-TotalSuspected: 0
X-CTCH-SenderID-TotalBulk: 0
X-CTCH-SenderID-TotalConfirmed: 0
X-CTCH-SenderID-TotalRecipients: 0
X-CTCH-SenderID-TotalVirus: 0
X-CTCH-SenderID-BlueWhiteFlag: 0
X-Scanned-By: MIMEDefang 2.72 on 172.18.214.93
Archived-At: http://mailarchive.ietf.org/arch/msg/straw/LjNF5rfr7gL0h13B9JaFJQJkVXQ
Cc: 'Richard Barnes' <rlb@ipv.sx>, 'Sean Turner' <TurnerS@ieca.com>
Subject: Re: [straw] B2BUA handling in DTLS-SRTP [was RE: IETF#90: Draft STRAW minutes]
X-BeenThere: straw@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Sip Traversal Required for Applications to Work \(STRAW\) working group discussion list" <straw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/straw>, <mailto:straw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/straw/>
List-Post: <mailto:straw@ietf.org>
List-Help: <mailto:straw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/straw>, <mailto:straw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2014 23:28:11 -0000

Hi all,

One of the way to address MITM issue in STRAW WG B2BUA handling of DTLS-SRTP milestone is to focus only on Media relay (Sec 3.1 of draft-ram-straw-b2bua-dtls-srtp-00) and removing "Media Aware or Media Termination" (Sec 3.2 of draft-ram-straw-b2bua-dtls-srtp-00). 

By this proposal, the scope of the work is to cover only end-to-end DTLS-SRTP through B2BUA. The media relay provides end-to-end security but there are challenges w.r.t NAT, forking, ICE, identity (RTCWeb IdP, RFC4474bis, etc.,) which shall be sorted out in this milestone. 

During IETF-90 and in the mailing alias, I haven't heard any concern for Media relay handling in B2BUA. please let me know your opinion on the same.

Thanks
Partha

> -----Original Message-----
> From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie]
> Sent: Wednesday, July 30, 2014 3:05 PM
> To: Parthasarathi R; 'Christer Holmberg'; straw@ietf.org
> Cc: 'Richard Barnes'; 'Sean Turner'
> Subject: Re: B2BUA handling in DTLS-SRTP [was RE: [straw] IETF#90:
> Draft STRAW minutes]
> 
> 
> on vacation, back in a week
> 
> terminating DTLS-SRTP is maybe fine but means being one of the
> endpoints intended to be involved in the TLS session. Doing a
> MITM on TLS is  not at all fine.
> 
> S.
> 
> On 30/07/14 02:34, Parthasarathi R wrote:
> > Hi all,
> >
> >
> >
> > I have different view than the security folks look at this draft.
> This draft
> > intention is not to violate RFC 2804. In case this draft is not
> > standardized, all B2BUA handling DTLS-SRTP will end up in violating
> RFC 2804
> > due to the lack of guidelines/standards to follow. Please look into
> this
> > draft from SIP recording architecture in B2BUA (Fig 1 of RFC 7245)
> usage
> > perspective wherein the senders/receiver is informed about the call
> > recording (like call centre usage scenario) and no RFC 2804
> violation.
> >
> >
> >
> > In IETF-90 meeting, the security concerns are raised about this draft
> usage.
> > It will be good to document as part of this document if it is really
> > security issue. I'm not seeing any major security concerns as B2BUA
> is yet
> > another UA. Please let me know the list of security concern specific
> to
> > B2BUA in DTLS-SRTP.
> >
> >
> >
> > In reality, B2BUA terminating DTLS-SRTP is not avoidable because of
> the
> > different codec profile between the deployed SIP UAs. Say SIPoWS in
> browser
> > (WebRTC endpoint/SIP UA) uses Opus/G711/VP8 as a codec as of today
> and SIP
> > Mobile devices uses AMR/AMR-WB/H.264. There is a compulsion to
> terminate the
> > media in the middle as there is no solution exists in IETF for the
> same. The
> > lack of standard leads to proprietary session border controller (SBC)
> > solutions which breaks other SIP enhancements as well.
> >
> >
> >
> > Thanks
> >
> > Partha
> >
> >
> >
> > From: straw [mailto:straw-bounces@ietf.org] On Behalf Of Christer
> Holmberg
> > Sent: Saturday, July 26, 2014 7:54 PM
> > To: straw@ietf.org
> > Cc: Richard Barnes (rlb@ipv.sx); Sean Turner; Stephen Farrell
> > Subject: [straw] IETF#90: Draft STRAW minutes
> >
> >
> >
> > (Co-chair)
> >
> >
> >
> > Hi,
> >
> >
> >
> > Below are the STRAW minutes that the chairs intend to upload.
> >
> >
> >
> > However, before we do that, we would like to ask the community to
> take a
> > look at least at the notes associated with the DTLS-SRTP
> presentation, as it
> > caused lots of discussion.
> >
> >
> >
> > Note that the minutes do not contain who-said-what information (that
> can be
> > found elsewhere), but if you think there are some important things
> missing,
> > or if you think something is wrong, please let the chairs now.
> >
> >
> >
> > Thanks!
> >
> >
> >
> > Regards,
> >
> >
> >
> > Christer & Victor
> >
> >
> >
> > -------------------
> >
> >
> >
> > IETF 90 - STRAW
> >
> > 1150-1320 EDT    Friday Afternoon Session I
> >
> >
> >
> >
> >
> > Topic:     Agenda bashing, IETF Note Well and WG status
> >
> > Presenter: Christer Holmberg (co-chair)
> >
> > Slides:
> > http://www.ietf.org/proceedings/90/slides/slides-90-straw-0.pdf
> >
> > Draft:     N/A
> >
> >
> >
> >
> >
> > No issues were identified.
> >
> >
> >
> >
> >
> >
> >
> > Topic:     Guidelines to support RTCP in B2BUAs
> >
> > Presenter: Lorenzo Miniero
> >
> > Slides:
> > http://www.ietf.org/proceedings/90/slides/slides-90-straw-1.pdf
> >
> > Draft:     draft-ietf-straw-b2bua-rtcp
> >
> >
> >
> >
> >
> > It was indicated that XR needs to be looked into, to see whether
> something
> > needs to be covered in the draft.
> >
> >
> >
> > It was indicated that the terminology will be aligned with the
> > grouping-taxonomy draft. In case there are conflicts, or other issues
> are
> > found, the STRAW community is requested to provide comments on the
> > grouping-taxonomy draft.
> >
> >
> >
> > It was requested whether the draft should also cover RTP specific
> issues. It
> > was indicated that the scope of the RTCP, and that we should be very
> careful
> > about introducing RTP issues. It was recommended to talk to Colin
> Perkins
> > whether he has any opinions regarding the need to cover RTP.
> >
> >
> >
> > I was asked how the document will relate to the work on multisource
> > optimisation taking place in AVTEXT.
> >
> >
> >
> > It was indicated that the text recommending man in the middle
> functionality
> > for SRTP most likely will cause issues with IESG. After the DTLS-SRTP
> > discussion (see further down) it was suggested that the RTCP draft
> should
> > not talk about SRTP.
> >
> >
> >
> >
> >
> >
> >
> > Topic:     Taxonomy Discussion
> >
> > Presenter: Lorenzo Miniero
> >
> > Slides:
> > http://www.ietf.org/proceedings/90/slides/slides-90-straw-2.pdf
> >
> > Draft:     All STRAW deliveries
> >
> >
> >
> >
> >
> > It was agreed the STRAW shall use the terms in the avtext-grouping-
> taxonomy
> > document in preference to definitions elsewhere is they are
> appropriate,
> > with a note indicating any differences in other documents that may
> influence
> > understanding.
> >
> >
> >
> >
> >
> >
> >
> > Topic:     STUN handling in B2BUAs
> >
> > Presenter: Lorenzo Miniero (on behalf of the draft authors)
> >
> > Slides:
> > http://www.ietf.org/proceedings/90/slides/slides-90-straw-3.pdf
> >
> > Draft:     draft-ram-straw-b2bua-stun
> >
> >
> >
> >
> >
> > It was indicated that B2BUA, due to policy reasons, may strip
> candidates
> > from SDP.
> >
> >
> >
> > It was indicated that B2BUAs must be very careful to not perform
> actions
> > that will cause ICE mismatch.
> >
> >
> >
> > The chair informed the community that a WG adoption request will be
> sent out
> > within the upcoming weeks.
> >
> >
> >
> > It was indicated that the group needs to follow the ICE bis work
> taking
> > place in MMUSIC, in case there will be any impacts on the STRAW
> draft.
> >
> >
> >
> >
> >
> >
> >
> > Topic:     DTLS-SRTP handling in B2BUAs
> >
> > Presenter: Lorenzo Miniero (on behalf of the draft authors)
> >
> > Slides:
> > http://www.ietf.org/proceedings/90/slides/slides-90-straw-4.pdf
> >
> > Draft:     draft-ram-straw-b2bua-dtls-srtp
> >
> >
> >
> >
> >
> > The presentation triggered lots of discussions and controversy, as it
> was
> > seen as an attempt to standardize MITM (man in the middle
> procedures). While
> > people did realize such actions take place in deployments, they
> claimed that
> > IETF/STRAW should not standardize such procedures. It was also
> indicated
> > that it goes against a number of BCP specifications, and RFC 2804.
> Others
> > indicated that the purpose is to make sure that entities doing this
> kind of
> > functionality do it in a way which does not cause interoperability
> problems,
> > which could cause people to not use security to begin with.
> >
> >
> >
> > It was indicated that one possible way forward could be to simply
> document,
> > in an informal delivery, how different vendors do things in the
> network, but
> > in such case the vendors should also be listed in the document.
> >
> >
> >
> > Before the draft is adopted as a WG item, further discussions need to
> take
> > place. The ADs will help with finding the correct people (security,
> IESG,
> > etc) to involve in such discussions. The chair indicated that the
> draft
> > implements a charter delivery, but that one possible outcome will be
> to
> > remove/re-scope the charter delivery.
> >
> >
> >
> >
> >
> >

v2.23.0 | Report a Bug | By Email