IETF Logo Mail Archive

Re: [straw] AD Evaluation of draft-ietf-straw-b2bua-dtls-srtp-07

"Ben Campbell" <ben@nostrum.com> Fri, 16 October 2015 22:41 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: straw@ietfa.amsl.com
Delivered-To: straw@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98A7B1A6FE9; Fri, 16 Oct 2015 15:41:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7IT5hD56KUmm; Fri, 16 Oct 2015 15:41:13 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F3FE1A6FD6; Fri, 16 Oct 2015 15:41:13 -0700 (PDT)
Received: from [10.0.1.9] (cpe-70-119-203-4.tx.res.rr.com [70.119.203.4]) (authenticated bits=0) by nostrum.com (8.15.2/8.14.9) with ESMTPSA id t9GMf8Te012905 (version=TLSv1 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Fri, 16 Oct 2015 17:41:09 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-70-119-203-4.tx.res.rr.com [70.119.203.4] claimed to be [10.0.1.9]
From: Ben Campbell <ben@nostrum.com>
To: Tirumaleswar Reddy <tireddy@cisco.com>
Date: Fri, 16 Oct 2015 17:41:08 -0500
Message-ID: <31791F35-F3B0-4BF8-8D4C-E95224E168C2@nostrum.com>
In-Reply-To: <5e3c9e3e2f8c4bd8bb594a382a1f2d70@XCH-RCD-017.cisco.com>
References: <5e3c9e3e2f8c4bd8bb594a382a1f2d70@XCH-RCD-017.cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.2r5141)
Archived-At: <http://mailarchive.ietf.org/arch/msg/straw/VsQgizG3Rjb1SZ68EFuuIiRqLVQ>
Cc: Ram Mohan R <rmohanr@cisco.com>, "draft-ietf-straw-b2bua-dtls-srtp.all@ietf.org" <draft-ietf-straw-b2bua-dtls-srtp.all@ietf.org>, "straw@ietf.org" <straw@ietf.org>
Subject: Re: [straw] AD Evaluation of draft-ietf-straw-b2bua-dtls-srtp-07
X-BeenThere: straw@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Sip Traversal Required for Applications to Work \(STRAW\) working group discussion list" <straw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/straw>, <mailto:straw-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/straw/>
List-Post: <mailto:straw@ietf.org>
List-Help: <mailto:straw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/straw>, <mailto:straw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Oct 2015 22:41:15 -0000

Hi,

What's the status of the update?

Also, a few more comments inline:

Thanks!

Ben.


On 9 Oct 2015, at 6:55, Tirumaleswar Reddy (tireddy) wrote:

>> -----Original Message-----
>> From: Ben Campbell [mailto:ben@nostrum.com]
>> Sent: Thursday, October 08, 2015 10:18 PM
>> To: Tirumaleswar Reddy (tireddy)
>> Cc: Ram Mohan R (rmohanr); 
>> draft-ietf-straw-b2bua-dtls-srtp.all@ietf.org;
>> straw@ietf.org
>> Subject: Re: [straw] AD Evaluation of 
>> draft-ietf-straw-b2bua-dtls-srtp-07
>>
>>
>>
>> On 8 Oct 2015, at 10:45, Tirumaleswar Reddy (tireddy) wrote:
>>
>>>> -----Original Message-----
>>>> From: Ben Campbell [mailto:ben@nostrum.com]
>>>> Sent: Thursday, October 08, 2015 6:49 PM
>>>> To: Ram Mohan R (rmohanr)
>>>> Cc: draft-ietf-straw-b2bua-dtls-srtp.all@ietf.org; straw@ietf.org
>>>> Subject: Re: [straw] AD Evaluation of
>>>> draft-ietf-straw-b2bua-dtls-srtp-07
>>>>
>>>> Thanks for the response. Further comments inline. I removed 
>>>> sections
>>>> that don't appear to need further discussion.
>>>>
>>>> Thanks!
>>>>
>>>> Ben.
>>>>
>>>> On 8 Oct 2015, at 4:41, Ram Mohan R (rmohanr) wrote:
>>>>>>
>>>>
>>>> [...]
>>>>
>>>>>>
>>>>>>
>>>>>> Comments and Questions
>>>>>> ======================
>>>>>>
>>>>>> - There's a marked lack of mention of B2BUAs that inspect or 
>>>>>> modify
>>>>>> media content. I realize that this draft does not seek to enable
>>>>>> that particular elephant-in-the-room. Is it worth mentioning them
>>>>>> as out of scope?
>>>>>
>>>>> In section 1.2 (Goals) we can add this text. Is this ok ?
>>>>> EXISTING:
>>>>> The following sections describe the behavior B2BUAs MUST follow in
>>>>> order to avoid any impact to end-to-end DTLS-SRTP sessions.
>>>>>
>>>>>
>>>>> NEW:
>>>>> The following sections describe the behavior B2BUAs can follow to
>>>>> avoid breaking end-to-end DTLS-SRTP sessions.
>>>> B2BUAs terminating DTLS-SRTP
>>>>> session are outside the scope of this document.
>>>
>>> I think the above line is not required. This doc discusses the 
>>> problem
>>> with B2BUAs terminating DTLS-SRTP session, mechanism to detect such
>>> B2BUA and says that B2BUA must not to be enabled in this mode.
>>>
>>
>> See next comment...
>>
>>>>
>>>> I think that's moving in the right direction, but there's normative
>>>> text elsewhere that says b2buas MUST NOT terminate dtls-srtp. Would
>>>> it make sense to say something like "B2BUAs that inspect or modify
>>>> media content are outside the scope of this document"?
>>>>
>>>> Or is it the intent to forbid such devices ?
>>>
>>> The intent is to prohibit such devices because of the privacy 
>>> concern.
>>
>> That's a different answer than Ram gave. Content aware/modifying 
>> B2BUAs
>> cannot both be forbidden and out-of-scope at the same time.
>>
>> I think the confusion here is around whether this draft should say 
>> b2buas
>> MUST not terminate dtls-srtp, or to say that they cannot under most
>> circumstances without breaking 4474/4474bis identity signatures.
>> The former needs 2119 language, the latter is just a statement of 
>> fact.
>
> I think we should go with the former, otherwise it creates a privacy 
> problem.

While I agree with the sentiment, there's a bit of a standing problem 
here. We can't really force B2BUA vendors to even read this spec, much 
less comply with it. So this seems to be an attempt to put requirements 
on devices that don't implement the spec containing the requirement.

So it seems to me the best we can do is take the approach of saying 
something to the effect of "The dtls-srtp framework recommends that 
endpoints use RFC4474 to integrity protect the fingerprint attributes. 
Thus, under most circumstances, B2BUAs cannot terminate the dtls-srtp 
connection without invalidating the signature and causing the session to 
fail."

Basically, that effectively makes the scope of the draft "How b2bua's 
that want to play nice with dtls-srtp" can avoid breaking things".

>
>>
>> There are some exceptions to the "cannot" in the above paragraph. For
>> example, a b2bua that is collocated with the offerer's identity 
>> service could
>> modify fingerprints prior to applying the identity signature. Or 
>> since 5763
>> only says endpoints SHOULD use 4474, a b2bua might see unprotected
>> fingerprints and attempt to modify them.  Does this draft mean to 
>> forbid
>> those behaviors?
>
> Endpoint or SIP proxy in the endpoints network has to insert the 
> identity assertion to avoid B2BUA in the signaling path from 
> terminating the DTLS connection and decrypting the media. WebRTC also 
> has the same problem that without IdP and identity assertion, 
> malicious signaling server can decrypt the media.

Right. I don't think this draft can prevent that. But it can rule it out 
of scope.

>
>>
>>>
>>>>
>>>>>> Does this draft intend to make them illegal for SRTP protected
>>>>>> sessions with it's proscription about terminating dtls?
>>>>>
>>>>> The behaviour for cases where B2BUA terminates DTLS-SRTP is not in
>>>>> the scope of this draft.
>>>>>
>>>>
>>>> See above comment about normative statements concerning the
>>>> termination of dtls-srtp.
>>>>
>>>> [...]
>>>>
>>>>>>
>>>>>> -3.1.1, 3rd paragraph from end: "the B2BUA SHOULD be prepared to
>>>>>> receive DTLS, STUN and media on the ports it advertised to Bob in
>>>>>> the INVITE request. "
>>>>>>
>>>>>> What are the consequences if it's not prepared to do so?
>>>>>
>>>>> The consequences can be - the messages may get dropped which in 
>>>>> turn
>>>>> may delay STUN/DTLS checks and would requires the endpoints to
>>>>> re-transmit the messages.
>>>>>
>>>>
>>>> Given that this is a SHOULD rather than a MUST, it would be useful 
>>>> to
>>>> describe those consequences in the text.
>>>
>>> The other alternative would be to change from SHOULD to MUST and 
>>> avoid
>>> the above problems.
>>
>> I would not object to that--although on reflection, isn't this 
>> requirement true
>> of all b2buas? That is, is it in any way specific to dtls-srtp?  Is 
>> that
>> documented elsewhere?
>
> I don't think any other doc is discussing this point.

Okay. It might have been better to have that in a more general spec than 
this, but it doesn't hurt to have it here as well.

>
>>
>>>
>>>>
>>>> [...]
>>>>
>>>>>>
>>>>>> Also, I think the 4474bis reference needs to be normative, given
>>>>>> that
>>>>>> one needs to understand that draft to implement the normative 
>>>>>> bits
>>>>>> about
>>>>>> modifying anything protected by the signature. OTOH, does this 
>>>>>> need
>>>>>> to
>>>>>> reference 4474bis, or would 4474 suffice?
>>>>>
>>>>> rfc4474bis is appropriate since it defines mechanisms to use SDP
>>>>> parameters (like a=fingerprint) in the Identity header digest.
>>>>> We will use rfc4474bis and make the reference normative.
>>>>
>>>> Your response is reasonable, but keep in mind that will block
>>>> publication of this draft until 4474bis is published.
>>>
>>> Yes, https://tools.ietf.org/html/rfc4474#section-13.1 discusses
>>> signature over the SIP bodies but does not go into detail like
>>> rfc4474bis explains using fingerprint for generating assertion. 
>>> Would
>>> it be okay to have normative reference of rfc4474 and informative
>>> reference of rfc4474bis ?
>>
>> Both protect the fingerprint. 4474 just does it by protecting the 
>> entire
>> body. 4474bis has the may be more deployable. But it seems to me that
>> either work for the purposes of this draft. And since 4474bis 
>> proposes
>> to obsolete 4474, a reference to 4474 will effectively become a
>> reference to 4474bis.
>
> Thanks, will update draft.
>
>>
>>>
>>>
>>>>
>>>>>
>>>>>
>>>>>>
>>>>>> -3.1.2: "The mechanism described in Security Considerations 
>>>>>> section
>>>>>> MUST
>>>>>> be
>>>>>> used by endpoint to detect malicious B2BUA¹s that MAY attempt to
>>>>>> terminate the DTLS-SRTP session."
>>>>>>
>>>>>> I'm not sure it makes sense for this draft to put normative
>>>>>> requirements
>>>>>> on endpoints. Do you mean to say they "can" use
>>>>>> the mechanism?
>>>>>
>>>>> This has to be fixed. The idea is to have either endpoint or the 
>>>>> SIP
>>>>> proxy
>>>>> server in the endpoints network to generate Identity header on
>>>>> behalf
>>>>> of
>>>>> the endpoint and perform identity validation procedure.
>>>>
>>>> I'm not sure I understand what you mean by "this has to be fixed". 
>>>> Do
>>>> you mean fixed in the draft, or that endpoints need to fix 
>>>> behavior?
>>>
>>> I think Ram meant fix the draft.
>>
>> In any case, if this draft places new normative requirements on
>> dtsl-srtp endpoints or identity services, it would need to update 
>> 5763.
>
> Yes, will update that this doc updates 5763.
>
> Cheers,
> -Tiru
>
>>
>> [...]
> _______________________________________________
> straw mailing list
> straw@ietf.org
> https://www.ietf.org/mailman/listinfo/straw

v2.23.0 | Report a Bug | By Email