Re: [straw] B2BUA handling in DTLS-SRTP [was RE: IETF#90: Draft STRAW minutes]
"Parthasarathi R" <partha@parthasarathi.co.in> Thu, 31 July 2014 01:44 UTC
Return-Path: <partha@parthasarathi.co.in>
X-Original-To: straw@ietfa.amsl.com
Delivered-To: straw@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5EA91A03C5 for <straw@ietfa.amsl.com>; Wed, 30 Jul 2014 18:44:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rn3A-r1VMtGA for <straw@ietfa.amsl.com>; Wed, 30 Jul 2014 18:44:30 -0700 (PDT)
Received: from outbound.mailhostbox.com (outbound.mailhostbox.com [162.222.225.12]) by ietfa.amsl.com (Postfix) with ESMTP id 2F7841A016D for <straw@ietf.org>; Wed, 30 Jul 2014 18:44:30 -0700 (PDT)
Received: from userPC (unknown [122.172.204.86]) (Authenticated sender: partha@parthasarathi.co.in) by outbound.mailhostbox.com (Postfix) with ESMTPA id A534019087A2; Thu, 31 Jul 2014 01:44:29 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parthasarathi.co.in; s=20120823; t=1406771072; bh=8Ki+HTjq+0EXbFYFsV2ZjqeuJgTUagtoK+vx9mDYHks=; h=From:To:References:In-Reply-To:Subject:Date:Message-ID: MIME-Version:Content-Type:Content-Transfer-Encoding; b=enfugiQr8PWrtWUkYrWP+S6QuOL9IFrztgkbP8I5QqTQxg8rKft5o6BS0a6DXWZ5i Uhz+R5mv0ej+12GifQMBcWlMfLYcPnKoN7QdxM5bLANfxBqdw3SrPm3Ctl2WhaKJUF DY4qHupr+3aMzA02i8LfwPX93a2ym8goGTcBywHw=
From: Parthasarathi R <partha@parthasarathi.co.in>
To: 'Sergio Garcia Murillo' <sergio.garcia.murillo@gmail.com>, straw@ietf.org
References: <7594FB04B1934943A5C02806D1A2204B1D3D5B73@ESESSMB209.ericsson.se> <015701cfab96$5eb380a0$1c1a81e0$@co.in> <53D8BC2D.6050408@cs.tcd.ie> <53D8BFD9.6010702@gmail.com>
In-Reply-To: <53D8BFD9.6010702@gmail.com>
Date: Thu, 31 Jul 2014 07:14:22 +0530
Message-ID: <009101cfac60$f618c4d0$e24a4e70$@co.in>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac+r26t4VhRRWx8rRc+a4y3eQEG0BgAhFz+A
Content-Language: en-us
X-CTCH-RefID: str=0001.0A020207.53D99F7D.00AB, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0
X-CTCH-VOD: Unknown
X-CTCH-Spam: Unknown
X-CTCH-Score: 0.000
X-CTCH-Rules:
X-CTCH-Flags: 0
X-CTCH-ScoreCust: 0.000
X-CTCH-SenderID: partha@parthasarathi.co.in
X-CTCH-SenderID-TotalMessages: 1
X-CTCH-SenderID-TotalSpam: 0
X-CTCH-SenderID-TotalSuspected: 0
X-CTCH-SenderID-TotalBulk: 0
X-CTCH-SenderID-TotalConfirmed: 0
X-CTCH-SenderID-TotalRecipients: 0
X-CTCH-SenderID-TotalVirus: 0
X-CTCH-SenderID-BlueWhiteFlag: 0
X-Scanned-By: MIMEDefang 2.72 on 172.18.214.92
Archived-At: http://mailarchive.ietf.org/arch/msg/straw/hl5I33qzx8VfN2yAdBYOwQh3VMk
Subject: Re: [straw] B2BUA handling in DTLS-SRTP [was RE: IETF#90: Draft STRAW minutes]
X-BeenThere: straw@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Sip Traversal Required for Applications to Work \(STRAW\) working group discussion list" <straw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/straw>, <mailto:straw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/straw/>
List-Post: <mailto:straw@ietf.org>
List-Help: <mailto:straw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/straw>, <mailto:straw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jul 2014 01:44:32 -0000
I agree with Sergio. Also, Stephen proposal of terminating DTLS-SRTP is weak in security in case of the B2BUA transcoding (one codec to another codec) usecase wherein one of the UA and B2BUA *MUST* communicate using plain RTP. Thanks Partha > -----Original Message----- > From: straw [mailto:straw-bounces@ietf.org] On Behalf Of Sergio Garcia > Murillo > Sent: Wednesday, July 30, 2014 3:20 PM > To: straw@ietf.org > Subject: Re: [straw] B2BUA handling in DTLS-SRTP [was RE: IETF#90: > Draft STRAW minutes] > > The sole purpose of a B2BUA is to become and endpoint (well two > endpoints in fact) between two other endpoints: > > Back-to-Back User Agent: A back-to-back user agent (B2BUA) is a > logical entity that receives a request and processes it as a > user agent server (UAS). In order to determine how the > request > should be answered, it acts as a user agent client (UAC) and > generates requests. > > Best regards > Sergio > > On 30/07/2014 11:34, Stephen Farrell wrote: > > on vacation, back in a week > > > > terminating DTLS-SRTP is maybe fine but means being one of the > > endpoints intended to be involved in the TLS session. Doing a > > MITM on TLS is not at all fine. > > > > S. > > > > On 30/07/14 02:34, Parthasarathi R wrote: > >> Hi all, > >> > >> > >> > >> I have different view than the security folks look at this draft. > This draft > >> intention is not to violate RFC 2804. In case this draft is not > >> standardized, all B2BUA handling DTLS-SRTP will end up in violating > RFC 2804 > >> due to the lack of guidelines/standards to follow. Please look into > this > >> draft from SIP recording architecture in B2BUA (Fig 1 of RFC 7245) > usage > >> perspective wherein the senders/receiver is informed about the call > >> recording (like call centre usage scenario) and no RFC 2804 > violation. > >> > >> > >> > >> In IETF-90 meeting, the security concerns are raised about this > draft usage. > >> It will be good to document as part of this document if it is really > >> security issue. I'm not seeing any major security concerns as B2BUA > is yet > >> another UA. Please let me know the list of security concern specific > to > >> B2BUA in DTLS-SRTP. > >> > >> > >> > >> In reality, B2BUA terminating DTLS-SRTP is not avoidable because of > the > >> different codec profile between the deployed SIP UAs. Say SIPoWS in > browser > >> (WebRTC endpoint/SIP UA) uses Opus/G711/VP8 as a codec as of today > and SIP > >> Mobile devices uses AMR/AMR-WB/H.264. There is a compulsion to > terminate the > >> media in the middle as there is no solution exists in IETF for the > same. The > >> lack of standard leads to proprietary session border controller > (SBC) > >> solutions which breaks other SIP enhancements as well. > >> > >> > >> > >> Thanks > >> > >> Partha > >> > >> > >> > >> From: straw [mailto:straw-bounces@ietf.org] On Behalf Of Christer > Holmberg > >> Sent: Saturday, July 26, 2014 7:54 PM > >> To: straw@ietf.org > >> Cc: Richard Barnes (rlb@ipv.sx); Sean Turner; Stephen Farrell > >> Subject: [straw] IETF#90: Draft STRAW minutes > >> > >> > >> > >> (Co-chair) > >> > >> > >> > >> Hi, > >> > >> > >> > >> Below are the STRAW minutes that the chairs intend to upload. > >> > >> > >> > >> However, before we do that, we would like to ask the community to > take a > >> look at least at the notes associated with the DTLS-SRTP > presentation, as it > >> caused lots of discussion. > >> > >> > >> > >> Note that the minutes do not contain who-said-what information (that > can be > >> found elsewhere), but if you think there are some important things > missing, > >> or if you think something is wrong, please let the chairs now. > >> > >> > >> > >> Thanks! > >> > >> > >> > >> Regards, > >> > >> > >> > >> Christer & Victor > >> > >> > >> > >> ------------------- > >> > >> > >> > >> IETF 90 - STRAW > >> > >> 1150-1320 EDT Friday Afternoon Session I > >> > >> > >> > >> > >> > >> Topic: Agenda bashing, IETF Note Well and WG status > >> > >> Presenter: Christer Holmberg (co-chair) > >> > >> Slides: > >> http://www.ietf.org/proceedings/90/slides/slides-90-straw-0.pdf > >> > >> Draft: N/A > >> > >> > >> > >> > >> > >> No issues were identified. > >> > >> > >> > >> > >> > >> > >> > >> Topic: Guidelines to support RTCP in B2BUAs > >> > >> Presenter: Lorenzo Miniero > >> > >> Slides: > >> http://www.ietf.org/proceedings/90/slides/slides-90-straw-1.pdf > >> > >> Draft: draft-ietf-straw-b2bua-rtcp > >> > >> > >> > >> > >> > >> It was indicated that XR needs to be looked into, to see whether > something > >> needs to be covered in the draft. > >> > >> > >> > >> It was indicated that the terminology will be aligned with the > >> grouping-taxonomy draft. In case there are conflicts, or other > issues are > >> found, the STRAW community is requested to provide comments on the > >> grouping-taxonomy draft. > >> > >> > >> > >> It was requested whether the draft should also cover RTP specific > issues. It > >> was indicated that the scope of the RTCP, and that we should be very > careful > >> about introducing RTP issues. It was recommended to talk to Colin > Perkins > >> whether he has any opinions regarding the need to cover RTP. > >> > >> > >> > >> I was asked how the document will relate to the work on multisource > >> optimisation taking place in AVTEXT. > >> > >> > >> > >> It was indicated that the text recommending man in the middle > functionality > >> for SRTP most likely will cause issues with IESG. After the DTLS- > SRTP > >> discussion (see further down) it was suggested that the RTCP draft > should > >> not talk about SRTP. > >> > >> > >> > >> > >> > >> > >> > >> Topic: Taxonomy Discussion > >> > >> Presenter: Lorenzo Miniero > >> > >> Slides: > >> http://www.ietf.org/proceedings/90/slides/slides-90-straw-2.pdf > >> > >> Draft: All STRAW deliveries > >> > >> > >> > >> > >> > >> It was agreed the STRAW shall use the terms in the avtext-grouping- > taxonomy > >> document in preference to definitions elsewhere is they are > appropriate, > >> with a note indicating any differences in other documents that may > influence > >> understanding. > >> > >> > >> > >> > >> > >> > >> > >> Topic: STUN handling in B2BUAs > >> > >> Presenter: Lorenzo Miniero (on behalf of the draft authors) > >> > >> Slides: > >> http://www.ietf.org/proceedings/90/slides/slides-90-straw-3.pdf > >> > >> Draft: draft-ram-straw-b2bua-stun > >> > >> > >> > >> > >> > >> It was indicated that B2BUA, due to policy reasons, may strip > candidates > >> from SDP. > >> > >> > >> > >> It was indicated that B2BUAs must be very careful to not perform > actions > >> that will cause ICE mismatch. > >> > >> > >> > >> The chair informed the community that a WG adoption request will be > sent out > >> within the upcoming weeks. > >> > >> > >> > >> It was indicated that the group needs to follow the ICE bis work > taking > >> place in MMUSIC, in case there will be any impacts on the STRAW > draft. > >> > >> > >> > >> > >> > >> > >> > >> Topic: DTLS-SRTP handling in B2BUAs > >> > >> Presenter: Lorenzo Miniero (on behalf of the draft authors) > >> > >> Slides: > >> http://www.ietf.org/proceedings/90/slides/slides-90-straw-4.pdf > >> > >> Draft: draft-ram-straw-b2bua-dtls-srtp > >> > >> > >> > >> > >> > >> The presentation triggered lots of discussions and controversy, as > it was > >> seen as an attempt to standardize MITM (man in the middle > procedures). While > >> people did realize such actions take place in deployments, they > claimed that > >> IETF/STRAW should not standardize such procedures. It was also > indicated > >> that it goes against a number of BCP specifications, and RFC 2804. > Others > >> indicated that the purpose is to make sure that entities doing this > kind of > >> functionality do it in a way which does not cause interoperability > problems, > >> which could cause people to not use security to begin with. > >> > >> > >> > >> It was indicated that one possible way forward could be to simply > document, > >> in an informal delivery, how different vendors do things in the > network, but > >> in such case the vendors should also be listed in the document. > >> > >> > >> > >> Before the draft is adopted as a WG item, further discussions need > to take > >> place. The ADs will help with finding the correct people (security, > IESG, > >> etc) to involve in such discussions. The chair indicated that the > draft > >> implements a charter delivery, but that one possible outcome will be > to > >> remove/re-scope the charter delivery. > >> > >> > >> > >> > >> > >> > > _______________________________________________ > > straw mailing list > > straw@ietf.org > > https://www.ietf.org/mailman/listinfo/straw > > _______________________________________________ > straw mailing list > straw@ietf.org > https://www.ietf.org/mailman/listinfo/straw
- [straw] IETF#90: Draft STRAW minutes Christer Holmberg
- [straw] B2BUA handling in DTLS-SRTP [was RE: IETF… Parthasarathi R
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Stephen Farrell
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Sergio Garcia Murillo
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Christer Holmberg
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Parthasarathi R
- Re: [straw] IETF#90: Draft STRAW minutes Parthasarathi R
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Parthasarathi R
- Re: [straw] IETF#90: Draft STRAW minutes Mary Barnes
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Parthasarathi R
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Christer Holmberg
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Lorenzo Miniero
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Christer Holmberg
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Parthasarathi R
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Lorenzo Miniero
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Stephen Farrell
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Lorenzo Miniero