IETF Logo Mail Archive

Re: [straw] Alissa Cooper's Discuss on draft-ietf-straw-b2bua-dtls-srtp-09: (with DISCUSS and COMMENT)

"Ram Mohan R (rmohanr)" <rmohanr@cisco.com> Thu, 31 March 2016 04:57 UTC

Return-Path: <rmohanr@cisco.com>
X-Original-To: straw@ietfa.amsl.com
Delivered-To: straw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B173E12D95A for <straw@ietfa.amsl.com>; Wed, 30 Mar 2016 21:57:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.52
X-Spam-Level:
X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_HTML_ATTACH=0.01, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jFdEJSne-x61 for <straw@ietfa.amsl.com>; Wed, 30 Mar 2016 21:57:39 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6F3712D89C for <straw@ietf.org>; Wed, 30 Mar 2016 21:57:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=127342; q=dns/txt; s=iport; t=1459400259; x=1460609859; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=3Tk9LIIwTZlxL5RqNPVFSHp4uEiCAIePNRQ1Ywg7xg8=; b=jEXMW9dUVb+oaNDWhDK16a4SygBd7pVs0+VWhFTF7HF4akUqV1Ak2Vf+ VHbX0RogQfl46EC5Q4Kc7kzcIwhYrtEh84PdTY/ASnn0ijvScoK5zF7xL 9/EawoLeoHjYzvqcwRb+U3BwZGxyWzIJq+o3p9tE9yQHeuffZ83bMTy2J Y=;
X-Files: Diff_ draft-ietf-straw-b2bua-dtls-srtp-11.txt - draft-ietf-straw-b2bua-dtls-srtp-12.txt.html, draft-ietf-straw-b2bua-dtls-srtp-12.txt : 48476, 30013
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BVAwAtrfxW/4YNJK1TAQmDM1N9BoU/qXQHi0sOgW0DFwELhBOBVwIcgR84FAEBAQEBAQFlJ4RBAQEBBAEBARcBDAY6BwsMBAIBCBABAwECASABAgkCAh8GCx0IAgQBDQUODYd3AxIOkx2dDwaMCQ2FBQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ0IimSCQIFDCwYBBAYBBi4KDAGCTYJcAQSHaY0rgioBBSsBgx+CU4JygmxCgXWBZhc3g3+HP4EbhhaBKYdTAQ8PAUOBTGaBNWwBhzABBxcHGH4BAQE
X-IronPort-AV: E=Sophos;i="5.24,420,1454976000"; d="txt'?html'217?scan'217,208,217";a="86570470"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 31 Mar 2016 04:57:35 +0000
Received: from XCH-RTP-019.cisco.com (xch-rtp-019.cisco.com [64.101.220.159]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id u2V4vZU6030030 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 31 Mar 2016 04:57:35 GMT
Received: from xch-rtp-017.cisco.com (64.101.220.157) by XCH-RTP-019.cisco.com (64.101.220.159) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Thu, 31 Mar 2016 00:57:34 -0400
Received: from xch-rtp-017.cisco.com ([64.101.220.157]) by XCH-RTP-017.cisco.com ([64.101.220.157]) with mapi id 15.00.1104.009; Thu, 31 Mar 2016 00:57:34 -0400
From: "Ram Mohan R (rmohanr)" <rmohanr@cisco.com>
To: "straw@ietf.org" <straw@ietf.org>, Alissa Cooper <alissa@cooperw.in>
Thread-Topic: [straw] Alissa Cooper's Discuss on draft-ietf-straw-b2bua-dtls-srtp-09: (with DISCUSS and COMMENT)
Thread-Index: AQHRiwnWu8NZ8azPRUyaVygyoZCjaw==
Date: Thu, 31 Mar 2016 04:57:34 +0000
Message-ID: <D322AC2A.56904%rmohanr@cisco.com>
References: <20151201045818.23491.19134.idtracker@ietfa.amsl.com> <E63559A7-6A37-496C-AAD9-426AB697FD65@nostrum.com> <D2851411.4B35B%rmohanr@cisco.com> <DB9B999A-DAF0-440B-BDD4-445368AFFCE2@cooperw.in> <DAE78890-C8B2-42DE-BCC3-A994CB9AF668@nostrum.com> <1D498CDA-C8B6-4215-A718-7C5302B5CF2D@cooperw.in> <01E4CF3B-6C31-4A97-8155-8DC06443A7C2@nostrum.com> <A6B3CA82-DC74-48AB-80B7-EBF1462A964E@nostrum.com> <D2C25ED1.4E4DA%rmohanr@cisco.com> <23C852C2-1B96-4739-91ED-8B4C0FF97279@cooperw.in> <D314CB23.5573B%rmohanr@cisco.com> <8C7E62D2-E8A7-4094-92F4-28C17214A1B5@cooperw.in>
In-Reply-To: <8C7E62D2-E8A7-4094-92F4-28C17214A1B5@cooperw.in>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.2.160219
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.196.105.57]
Content-Type: multipart/mixed; boundary="_003_D322AC2A56904rmohanrciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/straw/hmPHZhQGn3KrfyD00hALZke7_vQ>
Cc: Ben Campbell <ben@nostrum.com>, "christer.holmberg@ericsson.com" <christer.holmberg@ericsson.com>
Subject: Re: [straw] Alissa Cooper's Discuss on draft-ietf-straw-b2bua-dtls-srtp-09: (with DISCUSS and COMMENT)
X-BeenThere: straw@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Sip Traversal Required for Applications to Work \(STRAW\) working group discussion list" <straw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/straw>, <mailto:straw-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/straw/>
List-Post: <mailto:straw@ietf.org>
List-Help: <mailto:straw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/straw>, <mailto:straw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Mar 2016 04:57:44 -0000

Thanks to every one for their feedback. Here is the diff attached. I will
publish this during the IETF week.

Regards,
Ram

-----Original Message-----
From: Alissa Cooper <alissa@cooperw.in>
Date: Thursday, 24 March 2016 at 4:31 AM
To: Cisco Employee <rmohanr@cisco.com>
Cc: Ben Campbell <ben@nostrum.com>, "straw@ietf.org" <straw@ietf.org>,
"christer.holmberg@ericsson.com" <christer.holmberg@ericsson.com>
Subject: Re: [straw] Alissa Cooper's Discuss on
draft-ietf-straw-b2bua-dtls-srtp-09: (with DISCUSS and COMMENT)

>Changes look good, thanks. I will clear when you post the rev.
>
>Note that I may move to ABSTAIN as I’m still not 100% convinced of the
>value of this draft. Not sure yet. But I appreciate the additional work
>you put into it.
>
>Alissa
>
>> On Mar 20, 2016, at 9:18 AM, Ram Mohan R (rmohanr) <rmohanr@cisco.com>
>>wrote:
>> 
>> Hi Alissa,
>> 
>> Thanks for your feedback. Please see inline
>> 
>> -----Original Message-----
>> From: Alissa Cooper <alissa@cooperw.in>
>> Date: Saturday, 19 March 2016 at 6:05 PM
>> To: Cisco Employee <rmohanr@cisco.com>
>> Cc: Ben Campbell <ben@nostrum.com>,
>> "draft-ietf-straw-b2bua-dtls-srtp@ietf.org"
>> <draft-ietf-straw-b2bua-dtls-srtp@ietf.org>, "straw-chairs@ietf.org"
>> <straw-chairs@ietf.org>, "straw@ietf.org" <straw@ietf.org>, IESG
>> <iesg@ietf.org>, "christer.holmberg@ericsson.com"
>> <christer.holmberg@ericsson.com>
>> Subject: Re: [straw] Alissa Cooper's Discuss on
>> draft-ietf-straw-b2bua-dtls-srtp-09: (with DISCUSS and COMMENT)
>> 
>>> I took a look at the latest version of this document. It has definitely
>>> improved, but I still find it problematic in a few ways.
>>> 
>>> = Sec 1.1 and 1.2 =
>>> 
>>> The language about the narrow case for which this document’s guidance
>>>is
>>> targeted is better. But I think it needs to emphasize just how much of
>>>a
>>> corner case this is. RFC 7362 recommends against latching, and address
>>> hiding is more often provided using TURN. Rather than saying things
>>>like
>>> "there are certain B2BUAs that are typically deployed for address
>>>hiding
>>> or media latching, as described in [RFC7362]” without any of that
>>> context, I would suggest something like “B2BUAs may be deployed for
>>> address hiding or media latching [RFC7362], although TURN is more often
>>> used for this purpose and media latching is not recommended due to its
>>> security properties.”
>> 
>> 
>> Ok. Will add the suggested text:
>> 
>> EXISTING:
>> However, there are certain B2BUAs
>>   that are typically deployed for address hiding or media latching, as
>>   described in [RFC7362], and such B2BUAs are able to perform their
>>   functions without requiring termination of DTLS-SRTP sessions i.e.
>>   these B2BUAs need not act as DTLS proxy and decrypt the RTP payload.
>> 
>> 
>> NEW:
>> B2BUAs may be deployed for address hiding or media latching [RFC7362],
>> although TURN is more often used for this purpose and media latching is
>>not
>> recommended due to its security properties. Such B2BUAs are able to
>> perform their
>> functions without requiring termination of DTLS-SRTP sessions i.e.
>> these B2BUAs need not act as DTLS proxy and decrypt the RTP payload.
>> 
>> 
>> 
>>> 
>>> = Sec. 1.2 and 7 =
>>> 
>>> I still find it odd to say that various flavors of B2BUA are “outside
>>>the
>>> scope of this document” when in fact the document spends most of its
>>> words describing how those B2BUAs would not be expected to conform to
>>>its
>>> recommendations. Instead of saying that the specific types of
>>> implementations are “outside the scope of this document,” I would
>>> recommend saying that the recommendations made in the document are not
>>> expected to be applied by those types of B2BUAs given deployment
>>>reality.
>> 
>> EXISTING:
>> Those B2BUAs terminating DTLS-SRTP sessions are outside the
>>   scope of this document.
>> 
>> NEW:
>> The recommendations made in this document are not expected to be applied
>> by B2BUAs terminating DTLS-SRTP sessions given deployment reality.
>> 
>> 
>>> 
>>> = Sec 4 and 5 =
>>> 
>>> I gather that these sections are intended to explain which kinds of
>>> B2BUAs are expected to be able to comply with the recommendations in
>>>Sec
>>> 3 and how, which is good. I would recommend making that explicit in the
>>> section headings and the intro to each section. In particular, it’s not
>>> clear to me why the intro to Sec 4 talks about impact on DTLS-SRTP and
>>> the intro to Sec 5 (and the section titles) talk about handling of
>>> DTLS-SRTP. I thought the two sections were supposed to be giving
>>>parallel
>>> explanations for the different kinds of B2BUAs.
>> 
>> I will do the following changes:
>> Titles for Section 4 - “Behavior of Signaling Plane B2BUAs”
>> 
>> Title for Section 5 - “ Behavior of Media Plane B2BUAs”
>> 
>> 
>> Section 4 intro text:
>> EXISTING:
>> Section 3.1 of [RFC7092] describes different categories of signaling
>> plane B2BUAs.  This section explains the impact these B2BUAs can have on
>> end-to-end DTLS-SRTP sessions.
>> NEW:
>> Section 3.1 of [RFC7092] describes different categories of signaling
>> plane B2BUAs.  This section explains how these B2BUAs are expected to
>> comply with the recommendations in Section 3
>> 
>> 
>> Section 5 intro text:
>> EXISTING:
>> This section describes the DTLS-SRTP handling by the different types
>> of media plane B2BUAs defined in [RFC7092].
>> NEW:
>> This section describes how the different types of media plane B2BUAs
>> defined in [RFC7092]
>> are expected to comply with the recommendations in Section 3
>> 
>> 
>> 
>>> 
>>> = Sec 5.1.1 =
>>> 
>>> Per the comment above, this text doesn’t make sense:
>>> 
>>> "A media relay B2BUA, as described in Section 3, forwards the
>>>  certificate fingerprint and SDP setup attribute it receives from one
>>>  endpoint unmodified towards the other endpoint and vice-versa.”
>> 
>> 
>> NEW:
>> 
>> A media relay B2BUA follows the rule 1 mentioned in Section 3 and
>>forwards
>> the certificate fingerprint and SDP setup attribute it receives from one
>> endpoint unmodified towards the other endpoint and vice-versa.
>> 
>> Regards,
>> Ram
>> 
>> 
>>> 
>>> I thought Sec 3 was providing the recommended behavior, and Sec 5 was
>>> talking about how different kinds of B2BUAs have the ability to comply
>>> with those recommendations or not. This makes it sound like Sec 3
>>>defines
>>> the behavior of media relay B2BUAs.
>>> 
>>> Thanks,
>>> Alissa
>>> 
>>> 
>>>> On Jan 17, 2016, at 7:44 PM, Ram Mohan R (rmohanr) <rmohanr@cisco.com>
>>>> wrote:
>>>> 
>>>> Hi Ben,
>>>> 
>>>> We will publish a new revision in the next couple of weeks.
>>>> 
>>>> Regards,
>>>> Ram
>>>> 
>>>> -----Original Message-----
>>>> From: Ben Campbell <ben@nostrum.com>
>>>> Date: Friday, 15 January 2016 at 4:13 AM
>>>> To: "draft-ietf-straw-b2bua-dtls-srtp@ietf.org"
>>>> <draft-ietf-straw-b2bua-dtls-srtp@ietf.org>
>>>> Cc: Cisco Employee <rmohanr@cisco.com>, Alissa Cooper
>>>> <alissa@cooperw.in>,
>>>> "straw-chairs@ietf.org" <straw-chairs@ietf.org>, "straw@ietf.org"
>>>> <straw@ietf.org>, IESG <iesg@ietf.org>,
>>>>"christer.holmberg@ericsson.com"
>>>> <christer.holmberg@ericsson.com>
>>>> Subject: Re: [straw] Alissa Cooper's Discuss on
>>>> draft-ietf-straw-b2bua-dtls-srtp-09: (with DISCUSS and COMMENT)
>>>> 
>>>>> Hi,
>>>>> 
>>>>> What's the status on an update?
>>>>> 
>>>>> Thanks!
>>>>> 
>>>>> Ben.
>>>>> 
>>>>> 
>>>>> On 9 Dec 2015, at 14:25, Ben Campbell wrote:
>>>>> 
>>>>>> I had an offline discussion with Alissa and Barry yesterday. I think
>>>>>> we have a proposed way forward to deal with the "big-picture" issues
>>>>>> from Alissa's discuss. This does not necessarily cover every detail
>>>>>>of
>>>>>> her (or Stephen's) discuss and comments, but I think we need to deal
>>>>>> with the existential stuff first.
>>>>>> 
>>>>>> The draft needs clarifications to the problem statement, the draft
>>>>>> goals and scope, and a clearer separation between normative
>>>>>>statements
>>>>>> and non-normative considerations.
>>>>>> 
>>>>>> I think that would be easiest with some reorganization. Here's a
>>>>>> proposed outline. (I don't think you need to stick to this outline
>>>>>>in
>>>>>> detail, as long as the points are clear)
>>>>>> 
>>>>>> Thanks!
>>>>>> 
>>>>>> Ben.
>>>>>> ----------------
>>>>>> 
>>>>>> Problem:
>>>>>> 
>>>>>> - B2BUAs (especially SBCs) often make e2e dtls-srtp impossible.
>>>>>>There
>>>>>> are use cases where they could do their jobs and still allow e2e
>>>>>> dtls-srtp.
>>>>>> - The dtls-srtp dependency on RFC 4474 makes that hard in many
>>>>>>cases.
>>>>>> - What do we mean by e2e DTLS-SRTP? (I _think_ we mean from the
>>>>>> perspective of the b2bua, where that b2bua is not a party to the
>>>>>> DTLS-SRTP SA, and doesn't have the session key or private keys for
>>>>>> DTLS cert(s).
>>>>>> 
>>>>>> Goals and Scope:
>>>>>> 
>>>>>> - Goal is to provide guidance on how b2buas that could possibly do
>>>>>> their jobs without breaking e2e dtls-srtp to do so.
>>>>>> - B2BUAs exist that will still not allow e2e dtls-srtp for various
>>>>>> reasons. These are out-of-scope, and the draft should not attempt to
>>>>>> make value judgements about them.
>>>>>> - Termination of dtls-srtp at the b2bua is out of scope by
>>>>>>definition
>>>>>> (it's not e2e).
>>>>>> 
>>>>>> Normative rules for B2BUAs to allow e2e DTLS-SRTP:
>>>>>> 
>>>>>> - Consider both media signaling layers (including for non-media-path
>>>>>> b2buas)
>>>>>> - Discuss differences for 4474 and 4474bis, including how a b2bua
>>>>>> might tell them apart.(Hopefully 4474 will be obsolete soon, but we
>>>>>> should still discuss it, since it has significant impact on things
>>>>>> like media-latching since it signs the entire SDP payload.)
>>>>>> - Discuss differences if the b2bua acts as a 4474/4474bis
>>>>>> authenticator and/or verifier.
>>>>>> 
>>>>>> Implications/considerations for each b2bua type (non-normative):
>>>>>> 
>>>>>> - How do the normative requirements in the previous sections impact
>>>>>> the various b2bua types.
>>>>>> 
>>>>>> Normal security and privacy considerations.
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> On 9 Dec 2015, at 12:50, Alissa Cooper wrote:
>>>>>> 
>>>>>>>> On Dec 3, 2015, at 1:12 PM, Ben Campbell <ben@nostrum.com> wrote:
>>>>>>>> 
>>>>>>>> On 2 Dec 2015, at 23:17, Alissa Cooper wrote:
>>>>>>>> 
>>>>>>>>> Could you articulate the reasons why someone would build a B2BUA
>>>>>>>>> that
>>>>>>>>>>>> follows the recommendations in this draft?
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> B2BUAs used in deployments like the above mentioned scenarios
>>>>>>>>>>can
>>>>>>>>>> use the
>>>>>>>>>> recommendations in this draft.
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> Ok. What I am still missing is why this draft needs to be
>>>>>>>>>published
>>>>>>>>> to make that happen. This is the type of SBC to which the Section
>>>>>>>>> 3.1.1 guidance is directed. How does the behavior of existing
>>>>>>>>> media-latching SBCs differ from what 3.1.1 tells them to do? And
>>>>>>>>>if
>>>>>>>>> this type of SBC implementation is the key target audience,
>>>>>>>>> doesn¹t that make the 3.1.2 guidance essentially no-ops?
>>>>>>>> 
>>>>>>>> Authors:
>>>>>>>> 
>>>>>>>> After discussion on today's telechats, and some side discussions
>>>>>>>> with Alissa, I believe this question is the lynch-pin for making
>>>>>>>>any
>>>>>>>> progress. I advise people to work this out first before worrying
>>>>>>>> about the rest of the discussion: Can we articulate how we expect
>>>>>>>> this draft will change implementer and/or operator behavior?
>>>>>>>> 
>>>>>>>> Obviously B2BUAs that exist for reasons that require modification
>>>>>>>>of
>>>>>>>> RTP/RTCP, or cleartext access to the encrypted bits of SRTP are
>>>>>>>>not
>>>>>>>> going to conform, and are therefore out of scope. The draft
>>>>>>>>doesn't
>>>>>>>> seem to concern itself with b2buas that are not in the media path
>>>>>>>>at
>>>>>>>> all. (Maybe it should, since there are plenty of purely
>>>>>>>> signaling-plane ways to break dtls-srtp?).
>>>>>>>> 
>>>>>>>> That leaves the question of b2buas in the media path that do not
>>>>>>>> require modification or cleartext access to protected bits in
>>>>>>>> srtp--effectively media-relays as described in 3.1.1 Do we believe
>>>>>>>> people do not know how to build or use such devices without
>>>>>>>>breaking
>>>>>>>> dtls-srtp? Are people aware of such devices that break dtls-srtp
>>>>>>>> when they don't need to? Perhaps by misconfiguration, or because
>>>>>>>> they use SBCs designed for more invasive use cases?
>>>>>>> 
>>>>>>> As Ben says, I think this draft would add value if it could
>>>>>>> articulate the problem statement, including the kinds of B2BUAs
>>>>>>>that
>>>>>>> cause the problem, and then articulate a solution that those kinds
>>>>>>>of
>>>>>>> B2BUAs have a reasonable chance of implementing given what they are
>>>>>>> otherwise designed to do.
>>>>>>> 
>>>>>>> Alissa
>>>>>>> 
>>>>>>>> 
>>>>>>>> Thanks!
>>>>>>>> 
>>>>>>>> Ben.
>>>>>> 
>>>>>> _______________________________________________
>>>>>> straw mailing list
>>>>>> straw@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/straw
>>>> 
>>> 
>> 
>

v2.23.0 | Report a Bug | By Email