IETF Logo Mail Archive

Re: [straw] B2BUA handling in DTLS-SRTP [was RE: IETF#90: Draft STRAW minutes]

Christer Holmberg <christer.holmberg@ericsson.com> Wed, 30 July 2014 16:58 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: straw@ietfa.amsl.com
Delivered-To: straw@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09A2A1A026F for <straw@ietfa.amsl.com>; Wed, 30 Jul 2014 09:58:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x-i8FGMZKvHL for <straw@ietfa.amsl.com>; Wed, 30 Jul 2014 09:58:10 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64AB41A01D0 for <straw@ietf.org>; Wed, 30 Jul 2014 09:58:09 -0700 (PDT)
X-AuditID: c1b4fb2d-f798a6d000000e9b-27-53d9241fba4c
Received: from ESESSHC021.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 64.BA.03739.F1429D35; Wed, 30 Jul 2014 18:58:07 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.4]) by ESESSHC021.ericsson.se ([153.88.183.81]) with mapi id 14.03.0174.001; Wed, 30 Jul 2014 18:58:07 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Parthasarathi R <partha@parthasarathi.co.in>, "straw@ietf.org" <straw@ietf.org>
Thread-Topic: B2BUA handling in DTLS-SRTP [was RE: [straw] IETF#90: Draft STRAW minutes]
Thread-Index: AQHPq5ZhnPh8EjJl6UG8BttJ7FbyRJu41wFw
Date: Wed, 30 Jul 2014 16:58:06 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1D3DAC63@ESESSMB209.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B1D3D5B73@ESESSMB209.ericsson.se> <015701cfab96$5eb380a0$1c1a81e0$@co.in>
In-Reply-To: <015701cfab96$5eb380a0$1c1a81e0$@co.in>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.148]
Content-Type: multipart/alternative; boundary="_000_7594FB04B1934943A5C02806D1A2204B1D3DAC63ESESSMB209erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrEIsWRmVeSWpSXmKPExsUyM+Jvja68ys1gg2XntCwmf+pjtZjaZ2sx fe81dotbzY9ZLXacm8DiwOqxtvsqm8edOR9YPZYs+cnkMXnjLBaPD/O/sAewRnHZpKTmZJal FunbJXBlLL3/kbng32PGipmHdrE1MN4+xtjFyMEhIWAiceRRdhcjJ5ApJnHh3nq2LkYuDiGB o4wSkx7sZ4ZwFjFKHD/fAdbAJmAh0f1PG6RBRCBUYvOaPjYQm1mgTGLd/GvMILawQJTE0q/d zBA10RLfls9lgbCNJFY9P8UKYrMIqEp0PV3ECGLzCvhKXH4/lR3EFhIol5g79TQryCpOoNse tOSChBmBbvt+ag0TxCpxiVtP5jNB3CwgsWTPeWYIW1Ti5eN/rBC2kkTjkiesEPX5Eo+vL4Ba JShxcuYTlgmMorOQjJqFpGwWkjKIuI7Egt2f2CBsbYllC18zw9hnDjxmQhZfwMi+ilG0OLW4 ODfdyFgvtSgzubg4P08vL7VkEyMwUg9u+a27g3H1a8dDjAIcjEo8vAmSN4KFWBPLiitzDzFK c7AoifMuOjcvWEggPbEkNTs1tSC1KL6oNCe1+BAjEwenVAOjrCNDYZdIU2Ls7GhelXktmTmy kUJJS7lmTN4atrVRONxL1Yuv+f/eoLLG1oyJ9paR3z5/mVqQ6qlxONamLfRTqdmR2+ccAgL2 PFxkonN/koNj9ZP7VyJLFq/5euzaMbv3Mv8Mm6KSnZK9k2X73fMKPlsXXcxQn25xeM4qa6+k 9+0dL3/NuqbEUpyRaKjFXFScCAD5vRJvtQIAAA==
Archived-At: http://mailarchive.ietf.org/arch/msg/straw/dUDqSYQH8VQOOAZOI00roqSGHDY
Cc: 'Richard Barnes' <rlb@ipv.sx>, 'Sean Turner' <TurnerS@ieca.com>, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
Subject: Re: [straw] B2BUA handling in DTLS-SRTP [was RE: IETF#90: Draft STRAW minutes]
X-BeenThere: straw@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Sip Traversal Required for Applications to Work \(STRAW\) working group discussion list" <straw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/straw>, <mailto:straw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/straw/>
List-Post: <mailto:straw@ietf.org>
List-Help: <mailto:straw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/straw>, <mailto:straw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2014 16:58:17 -0000

Hi Partha,

I am glad you are triggering a discussion on this :)

However, I would ask you to change the subject. The purpose of my e-mail was simply to request whether people have any issues with the meeting minutes as such, e.g. whether they think something is missing, and/or whether the minutes don't reflect what was discussed during the meeting :)

Regards,

Christer

From: Parthasarathi R [mailto:partha@parthasarathi.co.in]
Sent: 30 July 2014 04:34
To: Christer Holmberg; straw@ietf.org
Cc: 'Richard Barnes'; 'Sean Turner'; 'Stephen Farrell'
Subject: B2BUA handling in DTLS-SRTP [was RE: [straw] IETF#90: Draft STRAW minutes]

Hi all,

I have different view than the security folks look at this draft. This draft intention is not to violate RFC 2804. In case this draft is not standardized, all B2BUA handling DTLS-SRTP will end up in violating RFC 2804 due to the lack of guidelines/standards to follow. Please look into this draft from SIP recording architecture in B2BUA (Fig 1 of RFC 7245) usage perspective wherein the senders/receiver is informed about the call recording (like call centre usage scenario) and no RFC 2804 violation.

In IETF-90 meeting, the security concerns are raised about this draft usage. It will be good to document as part of this document if it is really security issue. I'm not seeing any major security concerns as B2BUA is yet another UA. Please let me know the list of security concern specific to B2BUA in DTLS-SRTP.

In reality, B2BUA terminating DTLS-SRTP is not avoidable because of the different codec profile between the deployed SIP UAs. Say SIPoWS in browser (WebRTC endpoint/SIP UA) uses Opus/G711/VP8 as a codec as of today and SIP Mobile devices uses AMR/AMR-WB/H.264. There is a compulsion to terminate the media in the middle as there is no solution exists in IETF for the same. The lack of standard leads to proprietary session border controller (SBC) solutions which breaks other SIP enhancements as well.

Thanks
Partha

From: straw [mailto:straw-bounces@ietf.org] On Behalf Of Christer Holmberg
Sent: Saturday, July 26, 2014 7:54 PM
To: straw@ietf.org<mailto:straw@ietf.org>
Cc: Richard Barnes (rlb@ipv.sx<mailto:rlb@ipv.sx>); Sean Turner; Stephen Farrell
Subject: [straw] IETF#90: Draft STRAW minutes

(Co-chair)

Hi,

Below are the STRAW minutes that the chairs intend to upload.

However, before we do that, we would like to ask the community to take a look at least at the notes associated with the DTLS-SRTP presentation, as it caused lots of discussion.

Note that the minutes do not contain who-said-what information (that can be found elsewhere), but if you think there are some important things missing, or if you think something is wrong, please let the chairs now.

Thanks!

Regards,

Christer & Victor

-------------------


IETF 90 - STRAW

1150-1320 EDT    Friday Afternoon Session I





Topic:     Agenda bashing, IETF Note Well and WG status

Presenter: Christer Holmberg (co-chair)

Slides:       http://www.ietf.org/proceedings/90/slides/slides-90-straw-0.pdf

Draft:     N/A





No issues were identified.







Topic:     Guidelines to support RTCP in B2BUAs

Presenter: Lorenzo Miniero

Slides:       http://www.ietf.org/proceedings/90/slides/slides-90-straw-1.pdf

Draft:     draft-ietf-straw-b2bua-rtcp





It was indicated that XR needs to be looked into, to see whether something needs to be covered in the draft.



It was indicated that the terminology will be aligned with the grouping-taxonomy draft. In case there are conflicts, or other issues are found, the STRAW community is requested to provide comments on the grouping-taxonomy draft.



It was requested whether the draft should also cover RTP specific issues. It was indicated that the scope of the RTCP, and that we should be very careful about introducing RTP issues. It was recommended to talk to Colin Perkins whether he has any opinions regarding the need to cover RTP.



I was asked how the document will relate to the work on multisource optimisation taking place in AVTEXT.



It was indicated that the text recommending man in the middle functionality for SRTP most likely will cause issues with IESG. After the DTLS-SRTP discussion (see further down) it was suggested that the RTCP draft should not talk about SRTP.







Topic:     Taxonomy Discussion

Presenter: Lorenzo Miniero

Slides:       http://www.ietf.org/proceedings/90/slides/slides-90-straw-2.pdf

Draft:     All STRAW deliveries





It was agreed the STRAW shall use the terms in the avtext-grouping-taxonomy document in preference to definitions elsewhere is they are appropriate, with a note indicating any differences in other documents that may influence understanding.







Topic:     STUN handling in B2BUAs

Presenter: Lorenzo Miniero (on behalf of the draft authors)

Slides:       http://www.ietf.org/proceedings/90/slides/slides-90-straw-3.pdf

Draft:     draft-ram-straw-b2bua-stun





It was indicated that B2BUA, due to policy reasons, may strip candidates from SDP.



It was indicated that B2BUAs must be very careful to not perform actions that will cause ICE mismatch.



The chair informed the community that a WG adoption request will be sent out within the upcoming weeks.



It was indicated that the group needs to follow the ICE bis work taking place in MMUSIC, in case there will be any impacts on the STRAW draft.







Topic:     DTLS-SRTP handling in B2BUAs

Presenter: Lorenzo Miniero (on behalf of the draft authors)

Slides:       http://www.ietf.org/proceedings/90/slides/slides-90-straw-4.pdf

Draft:     draft-ram-straw-b2bua-dtls-srtp





The presentation triggered lots of discussions and controversy, as it was seen as an attempt to standardize MITM (man in the middle procedures). While people did realize such actions take place in deployments, they claimed that IETF/STRAW should not standardize such procedures. It was also indicated that it goes against a number of BCP specifications, and RFC 2804. Others indicated that the purpose is to make sure that entities doing this kind of functionality do it in a way which does not cause interoperability problems, which could cause people to not use security to begin with.



It was indicated that one possible way forward could be to simply document, in an informal delivery, how different vendors do things in the network, but in such case the vendors should also be listed in the document.



Before the draft is adopted as a WG item, further discussions need to take place. The ADs will help with finding the correct people (security, IESG, etc) to involve in such discussions. The chair indicated that the draft implements a charter delivery, but that one possible outcome will be to remove/re-scope the charter delivery.

v2.23.0 | Report a Bug | By Email