Re: [straw] B2BUA handling in DTLS-SRTP [was RE: IETF#90: Draft STRAW minutes]
Christer Holmberg <christer.holmberg@ericsson.com> Wed, 29 October 2014 06:49 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: straw@ietfa.amsl.com
Delivered-To: straw@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E08341A1A04 for <straw@ietfa.amsl.com>; Tue, 28 Oct 2014 23:49:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2DNHPI4eW2YH for <straw@ietfa.amsl.com>; Tue, 28 Oct 2014 23:49:22 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40D5F1A19F0 for <straw@ietf.org>; Tue, 28 Oct 2014 23:49:21 -0700 (PDT)
X-AuditID: c1b4fb25-f791c6d00000617b-3e-54508dee4ea0
Received: from ESESSHC014.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id EA.6A.24955.EED80545; Wed, 29 Oct 2014 07:49:18 +0100 (CET)
Received: from ESESSMB209.ericsson.se ([169.254.9.163]) by ESESSHC014.ericsson.se ([153.88.183.60]) with mapi id 14.03.0174.001; Wed, 29 Oct 2014 07:49:18 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Parthasarathi R <partha@parthasarathi.co.in>, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>, "straw@ietf.org" <straw@ietf.org>
Thread-Topic: B2BUA handling in DTLS-SRTP [was RE: [straw] IETF#90: Draft STRAW minutes]
Thread-Index: AQHPq5ZhnPh8EjJl6UG8BttJ7FbyRJu4OkGAgI5rXQCAAIuTQA==
Date: Wed, 29 Oct 2014 06:49:17 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1D4D25F2@ESESSMB209.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B1D3D5B73@ESESSMB209.ericsson.se> <015701cfab96$5eb380a0$1c1a81e0$@co.in> <53D8BC2D.6050408@cs.tcd.ie> <01f701cff306$cdddeb20$6999c160$@co.in>
In-Reply-To: <01f701cff306$cdddeb20$6999c160$@co.in>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.17]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupgkeLIzCtJLcpLzFFi42KZGfG3Rvddb0CIwcYvFhaTP/WxWkzts7WY vvcau8Wt5sesFjvOTWBxYPVY232VzePOnA+sHkuW/GTymLxxFovHh/lf2ANYo7hsUlJzMstS i/TtErgyGm6fZS7oS67o69nM2sB4IqGLkZNDQsBEYmP7RUYIW0ziwr31bF2MXBxCAkcYJdae +AKWEBJYwijRsieoi5GDg03AQqL7nzZIjYhAC6PEn839YDXMAs4Slzp3MYHYwgJREku/djOD 2CIC0RLfls9lgbCdJA7uuMIGYrMIqEqsv94N1ssr4Cvxc81iRojF+xglLk94zwqS4AS6rufl a7BBjEDXfT+1hglimbjErSfzmSCuFpBYsuc8M4QtKvHy8T9WkEMlBBQllvfLgZjMApoS63fp Q3QqSkzpfsgOsVZQ4uTMJywTGMVmIRk6C6FjFpKOWUg6FjCyrGIULU4tTspNNzLWSy3KTC4u zs/Ty0st2cQIjLqDW36r7mC8/MbxEKMAB6MSD+8GNv8QIdbEsuLK3EOM0hwsSuK8C8/NCxYS SE8sSc1OTS1ILYovKs1JLT7EyMTBKdXAqF09Q3vT+RlzrS4+ktbZ583vMDtxlfWiPfJnz7x9 9iynIPU6x0wXvpXX579jM33It2bH2tCtLdPWKvKwBH4V7d4m/i9lQdNX75mL509ccqZTrdHZ MnxGb91iz93CC89c+rR7/s2LEy9+st2hfy902fIz13xTZv4I6lLZpiAqqbTrVNGsjFl3d4Uq sRRnJBpqMRcVJwIALAAET5sCAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/straw/pSGjH29-zl2a9oBYA3SDbMIPLDM
Cc: 'Richard Barnes' <rlb@ipv.sx>, 'Sean Turner' <TurnerS@ieca.com>
Subject: Re: [straw] B2BUA handling in DTLS-SRTP [was RE: IETF#90: Draft STRAW minutes]
X-BeenThere: straw@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Sip Traversal Required for Applications to Work \(STRAW\) working group discussion list" <straw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/straw>, <mailto:straw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/straw/>
List-Post: <mailto:straw@ietf.org>
List-Help: <mailto:straw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/straw>, <mailto:straw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Oct 2014 06:49:25 -0000
(As co-chair) Hi, If anyone has an issue with the general approach suggested by Partha, please indicate to on the list, so that we in Honolulu can focus on the technical aspects. Regards, Christer -----Original Message----- From: Parthasarathi R [mailto:partha@parthasarathi.co.in] Sent: 29. lokakuuta 2014 1:28 To: 'Stephen Farrell'; Christer Holmberg; straw@ietf.org Cc: 'Richard Barnes'; 'Sean Turner' Subject: RE: B2BUA handling in DTLS-SRTP [was RE: [straw] IETF#90: Draft STRAW minutes] Hi all, One of the way to address MITM issue in STRAW WG B2BUA handling of DTLS-SRTP milestone is to focus only on Media relay (Sec 3.1 of draft-ram-straw-b2bua-dtls-srtp-00) and removing "Media Aware or Media Termination" (Sec 3.2 of draft-ram-straw-b2bua-dtls-srtp-00). By this proposal, the scope of the work is to cover only end-to-end DTLS-SRTP through B2BUA. The media relay provides end-to-end security but there are challenges w.r.t NAT, forking, ICE, identity (RTCWeb IdP, RFC4474bis, etc.,) which shall be sorted out in this milestone. During IETF-90 and in the mailing alias, I haven't heard any concern for Media relay handling in B2BUA. please let me know your opinion on the same. Thanks Partha > -----Original Message----- > From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] > Sent: Wednesday, July 30, 2014 3:05 PM > To: Parthasarathi R; 'Christer Holmberg'; straw@ietf.org > Cc: 'Richard Barnes'; 'Sean Turner' > Subject: Re: B2BUA handling in DTLS-SRTP [was RE: [straw] IETF#90: > Draft STRAW minutes] > > > on vacation, back in a week > > terminating DTLS-SRTP is maybe fine but means being one of the > endpoints intended to be involved in the TLS session. Doing a MITM on > TLS is not at all fine. > > S. > > On 30/07/14 02:34, Parthasarathi R wrote: > > Hi all, > > > > > > > > I have different view than the security folks look at this draft. > This draft > > intention is not to violate RFC 2804. In case this draft is not > > standardized, all B2BUA handling DTLS-SRTP will end up in violating > RFC 2804 > > due to the lack of guidelines/standards to follow. Please look into > this > > draft from SIP recording architecture in B2BUA (Fig 1 of RFC 7245) > usage > > perspective wherein the senders/receiver is informed about the call > > recording (like call centre usage scenario) and no RFC 2804 > violation. > > > > > > > > In IETF-90 meeting, the security concerns are raised about this > > draft > usage. > > It will be good to document as part of this document if it is really > > security issue. I'm not seeing any major security concerns as B2BUA > is yet > > another UA. Please let me know the list of security concern specific > to > > B2BUA in DTLS-SRTP. > > > > > > > > In reality, B2BUA terminating DTLS-SRTP is not avoidable because of > the > > different codec profile between the deployed SIP UAs. Say SIPoWS in > browser > > (WebRTC endpoint/SIP UA) uses Opus/G711/VP8 as a codec as of today > and SIP > > Mobile devices uses AMR/AMR-WB/H.264. There is a compulsion to > terminate the > > media in the middle as there is no solution exists in IETF for the > same. The > > lack of standard leads to proprietary session border controller > > (SBC) solutions which breaks other SIP enhancements as well. > > > > > > > > Thanks > > > > Partha > > > > > > > > From: straw [mailto:straw-bounces@ietf.org] On Behalf Of Christer > Holmberg > > Sent: Saturday, July 26, 2014 7:54 PM > > To: straw@ietf.org > > Cc: Richard Barnes (rlb@ipv.sx); Sean Turner; Stephen Farrell > > Subject: [straw] IETF#90: Draft STRAW minutes > > > > > > > > (Co-chair) > > > > > > > > Hi, > > > > > > > > Below are the STRAW minutes that the chairs intend to upload. > > > > > > > > However, before we do that, we would like to ask the community to > take a > > look at least at the notes associated with the DTLS-SRTP > presentation, as it > > caused lots of discussion. > > > > > > > > Note that the minutes do not contain who-said-what information (that > can be > > found elsewhere), but if you think there are some important things > missing, > > or if you think something is wrong, please let the chairs now. > > > > > > > > Thanks! > > > > > > > > Regards, > > > > > > > > Christer & Victor > > > > > > > > ------------------- > > > > > > > > IETF 90 - STRAW > > > > 1150-1320 EDT Friday Afternoon Session I > > > > > > > > > > > > Topic: Agenda bashing, IETF Note Well and WG status > > > > Presenter: Christer Holmberg (co-chair) > > > > Slides: > > http://www.ietf.org/proceedings/90/slides/slides-90-straw-0.pdf > > > > Draft: N/A > > > > > > > > > > > > No issues were identified. > > > > > > > > > > > > > > > > Topic: Guidelines to support RTCP in B2BUAs > > > > Presenter: Lorenzo Miniero > > > > Slides: > > http://www.ietf.org/proceedings/90/slides/slides-90-straw-1.pdf > > > > Draft: draft-ietf-straw-b2bua-rtcp > > > > > > > > > > > > It was indicated that XR needs to be looked into, to see whether > something > > needs to be covered in the draft. > > > > > > > > It was indicated that the terminology will be aligned with the > > grouping-taxonomy draft. In case there are conflicts, or other > > issues > are > > found, the STRAW community is requested to provide comments on the > > grouping-taxonomy draft. > > > > > > > > It was requested whether the draft should also cover RTP specific > issues. It > > was indicated that the scope of the RTCP, and that we should be very > careful > > about introducing RTP issues. It was recommended to talk to Colin > Perkins > > whether he has any opinions regarding the need to cover RTP. > > > > > > > > I was asked how the document will relate to the work on multisource > > optimisation taking place in AVTEXT. > > > > > > > > It was indicated that the text recommending man in the middle > functionality > > for SRTP most likely will cause issues with IESG. After the > > DTLS-SRTP discussion (see further down) it was suggested that the > > RTCP draft > should > > not talk about SRTP. > > > > > > > > > > > > > > > > Topic: Taxonomy Discussion > > > > Presenter: Lorenzo Miniero > > > > Slides: > > http://www.ietf.org/proceedings/90/slides/slides-90-straw-2.pdf > > > > Draft: All STRAW deliveries > > > > > > > > > > > > It was agreed the STRAW shall use the terms in the avtext-grouping- > taxonomy > > document in preference to definitions elsewhere is they are > appropriate, > > with a note indicating any differences in other documents that may > influence > > understanding. > > > > > > > > > > > > > > > > Topic: STUN handling in B2BUAs > > > > Presenter: Lorenzo Miniero (on behalf of the draft authors) > > > > Slides: > > http://www.ietf.org/proceedings/90/slides/slides-90-straw-3.pdf > > > > Draft: draft-ram-straw-b2bua-stun > > > > > > > > > > > > It was indicated that B2BUA, due to policy reasons, may strip > candidates > > from SDP. > > > > > > > > It was indicated that B2BUAs must be very careful to not perform > actions > > that will cause ICE mismatch. > > > > > > > > The chair informed the community that a WG adoption request will be > sent out > > within the upcoming weeks. > > > > > > > > It was indicated that the group needs to follow the ICE bis work > taking > > place in MMUSIC, in case there will be any impacts on the STRAW > draft. > > > > > > > > > > > > > > > > Topic: DTLS-SRTP handling in B2BUAs > > > > Presenter: Lorenzo Miniero (on behalf of the draft authors) > > > > Slides: > > http://www.ietf.org/proceedings/90/slides/slides-90-straw-4.pdf > > > > Draft: draft-ram-straw-b2bua-dtls-srtp > > > > > > > > > > > > The presentation triggered lots of discussions and controversy, as > > it > was > > seen as an attempt to standardize MITM (man in the middle > procedures). While > > people did realize such actions take place in deployments, they > claimed that > > IETF/STRAW should not standardize such procedures. It was also > indicated > > that it goes against a number of BCP specifications, and RFC 2804. > Others > > indicated that the purpose is to make sure that entities doing this > kind of > > functionality do it in a way which does not cause interoperability > problems, > > which could cause people to not use security to begin with. > > > > > > > > It was indicated that one possible way forward could be to simply > document, > > in an informal delivery, how different vendors do things in the > network, but > > in such case the vendors should also be listed in the document. > > > > > > > > Before the draft is adopted as a WG item, further discussions need > > to > take > > place. The ADs will help with finding the correct people (security, > IESG, > > etc) to involve in such discussions. The chair indicated that the > draft > > implements a charter delivery, but that one possible outcome will be > to > > remove/re-scope the charter delivery. > > > > > > > > > > > >
- [straw] IETF#90: Draft STRAW minutes Christer Holmberg
- [straw] B2BUA handling in DTLS-SRTP [was RE: IETF… Parthasarathi R
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Stephen Farrell
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Sergio Garcia Murillo
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Christer Holmberg
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Parthasarathi R
- Re: [straw] IETF#90: Draft STRAW minutes Parthasarathi R
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Parthasarathi R
- Re: [straw] IETF#90: Draft STRAW minutes Mary Barnes
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Parthasarathi R
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Christer Holmberg
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Lorenzo Miniero
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Christer Holmberg
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Parthasarathi R
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Lorenzo Miniero
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Stephen Farrell
- Re: [straw] B2BUA handling in DTLS-SRTP [was RE: … Lorenzo Miniero