Re: [straw] Alissa Cooper's Discuss on draft-ietf-straw-b2bua-dtls-srtp-09: (with DISCUSS and COMMENT)
Alissa Cooper <alissa@cooperw.in> Wed, 23 March 2016 23:00 UTC
Return-Path: <alissa@cooperw.in>
X-Original-To: straw@ietfa.amsl.com
Delivered-To: straw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF26012DA2B for <straw@ietfa.amsl.com>; Wed, 23 Mar 2016 16:00:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cooperw.in header.b=vxBeu9R7; dkim=pass (1024-bit key) header.d=messagingengine.com header.b=s+z6dbPa
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M0cit9RIPdCP for <straw@ietfa.amsl.com>; Wed, 23 Mar 2016 16:00:41 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9646D12DA25 for <straw@ietf.org>; Wed, 23 Mar 2016 16:00:41 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 0991420DDA for <straw@ietf.org>; Wed, 23 Mar 2016 19:00:41 -0400 (EDT)
Received: from frontend2 ([10.202.2.161]) by compute6.internal (MEProxy); Wed, 23 Mar 2016 19:00:41 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=LslND6sSrgodDQrFKdkWGCFxwes=; b=vxBeu9 R7zEhzM0IUqQkZTBw7YIz2BrHOPIVOuGEWlIWubDeDbhKrKEI7WryDd47Fd32np8 3+f3tnnEFurb0jXkLAFxPZl+emIXMqKJltq2rNWwnJpGbwZbtMTowgUjY2V6dEC3 z1Ac64hfeHFJfyDNjwpJseC/iZSHf2qM6smUQ=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=LslND6sSrgodDQr FKdkWGCFxwes=; b=s+z6dbPa1/lQvx/Uvz45h03wvNea5/59tZ2rqZh8t4sCsA5 1JU/uec0F38qK2fEcBVUARRW4/Y4XzkhJxMGNUYcXKJmlFgcMVmja3QoY+6eAKwd MTokQBk7sRJpEij1edXgWn+gX9jqERKBaIrS0k7oCGribh3X5vJV8a05aaNw=
X-Sasl-enc: 9jWkwaa+8SEQXxLDaHCoxrhF60Cg5EQU60K+YMQ1nRTA 1458774040
Received: from dhcp-171-68-122-59.cisco.com (dhcp-171-68-122-59.cisco.com [171.68.122.59]) by mail.messagingengine.com (Postfix) with ESMTPA id 5366C680230; Wed, 23 Mar 2016 19:00:40 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <D314CB23.5573B%rmohanr@cisco.com>
Date: Wed, 23 Mar 2016 16:01:00 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <8C7E62D2-E8A7-4094-92F4-28C17214A1B5@cooperw.in>
References: <20151201045818.23491.19134.idtracker@ietfa.amsl.com> <E63559A7-6A37-496C-AAD9-426AB697FD65@nostrum.com> <D2851411.4B35B%rmohanr@cisco.com> <DB9B999A-DAF0-440B-BDD4-445368AFFCE2@cooperw.in> <DAE78890-C8B2-42DE-BCC3-A994CB9AF668@nostrum.com> <1D498CDA-C8B6-4215-A718-7C5302B5CF2D@cooperw.in> <01E4CF3B-6C31-4A97-8155-8DC06443A7C2@nostrum.com> <A6B3CA82-DC74-48AB-80B7-EBF1462A964E@nostrum.com> <D2C25ED1.4E4DA%rmohanr@cisco.com> <23C852C2-1B96-4739-91ED-8B4C0FF97279@cooperw.in> <D314CB23.5573B%rmohanr@cisco.com>
To: "Ram Mohan R (rmohanr)" <rmohanr@cisco.com>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/straw/snXYd0SX5CFhWP5FSu80rX_TObo>
Cc: Ben Campbell <ben@nostrum.com>, "straw@ietf.org" <straw@ietf.org>, "christer.holmberg@ericsson.com" <christer.holmberg@ericsson.com>
Subject: Re: [straw] Alissa Cooper's Discuss on draft-ietf-straw-b2bua-dtls-srtp-09: (with DISCUSS and COMMENT)
X-BeenThere: straw@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Sip Traversal Required for Applications to Work \(STRAW\) working group discussion list" <straw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/straw>, <mailto:straw-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/straw/>
List-Post: <mailto:straw@ietf.org>
List-Help: <mailto:straw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/straw>, <mailto:straw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2016 23:00:53 -0000
Changes look good, thanks. I will clear when you post the rev. Note that I may move to ABSTAIN as I’m still not 100% convinced of the value of this draft. Not sure yet. But I appreciate the additional work you put into it. Alissa > On Mar 20, 2016, at 9:18 AM, Ram Mohan R (rmohanr) <rmohanr@cisco.com> wrote: > > Hi Alissa, > > Thanks for your feedback. Please see inline > > -----Original Message----- > From: Alissa Cooper <alissa@cooperw.in> > Date: Saturday, 19 March 2016 at 6:05 PM > To: Cisco Employee <rmohanr@cisco.com> > Cc: Ben Campbell <ben@nostrum.com>, > "draft-ietf-straw-b2bua-dtls-srtp@ietf.org" > <draft-ietf-straw-b2bua-dtls-srtp@ietf.org>, "straw-chairs@ietf.org" > <straw-chairs@ietf.org>, "straw@ietf.org" <straw@ietf.org>, IESG > <iesg@ietf.org>, "christer.holmberg@ericsson.com" > <christer.holmberg@ericsson.com> > Subject: Re: [straw] Alissa Cooper's Discuss on > draft-ietf-straw-b2bua-dtls-srtp-09: (with DISCUSS and COMMENT) > >> I took a look at the latest version of this document. It has definitely >> improved, but I still find it problematic in a few ways. >> >> = Sec 1.1 and 1.2 = >> >> The language about the narrow case for which this document’s guidance is >> targeted is better. But I think it needs to emphasize just how much of a >> corner case this is. RFC 7362 recommends against latching, and address >> hiding is more often provided using TURN. Rather than saying things like >> "there are certain B2BUAs that are typically deployed for address hiding >> or media latching, as described in [RFC7362]” without any of that >> context, I would suggest something like “B2BUAs may be deployed for >> address hiding or media latching [RFC7362], although TURN is more often >> used for this purpose and media latching is not recommended due to its >> security properties.” > > > Ok. Will add the suggested text: > > EXISTING: > However, there are certain B2BUAs > that are typically deployed for address hiding or media latching, as > described in [RFC7362], and such B2BUAs are able to perform their > functions without requiring termination of DTLS-SRTP sessions i.e. > these B2BUAs need not act as DTLS proxy and decrypt the RTP payload. > > > NEW: > B2BUAs may be deployed for address hiding or media latching [RFC7362], > although TURN is more often used for this purpose and media latching is not > recommended due to its security properties. Such B2BUAs are able to > perform their > functions without requiring termination of DTLS-SRTP sessions i.e. > these B2BUAs need not act as DTLS proxy and decrypt the RTP payload. > > > >> >> = Sec. 1.2 and 7 = >> >> I still find it odd to say that various flavors of B2BUA are “outside the >> scope of this document” when in fact the document spends most of its >> words describing how those B2BUAs would not be expected to conform to its >> recommendations. Instead of saying that the specific types of >> implementations are “outside the scope of this document,” I would >> recommend saying that the recommendations made in the document are not >> expected to be applied by those types of B2BUAs given deployment reality. > > EXISTING: > Those B2BUAs terminating DTLS-SRTP sessions are outside the > scope of this document. > > NEW: > The recommendations made in this document are not expected to be applied > by B2BUAs terminating DTLS-SRTP sessions given deployment reality. > > >> >> = Sec 4 and 5 = >> >> I gather that these sections are intended to explain which kinds of >> B2BUAs are expected to be able to comply with the recommendations in Sec >> 3 and how, which is good. I would recommend making that explicit in the >> section headings and the intro to each section. In particular, it’s not >> clear to me why the intro to Sec 4 talks about impact on DTLS-SRTP and >> the intro to Sec 5 (and the section titles) talk about handling of >> DTLS-SRTP. I thought the two sections were supposed to be giving parallel >> explanations for the different kinds of B2BUAs. > > I will do the following changes: > Titles for Section 4 - “Behavior of Signaling Plane B2BUAs” > > Title for Section 5 - “ Behavior of Media Plane B2BUAs” > > > Section 4 intro text: > EXISTING: > Section 3.1 of [RFC7092] describes different categories of signaling > plane B2BUAs. This section explains the impact these B2BUAs can have on > end-to-end DTLS-SRTP sessions. > NEW: > Section 3.1 of [RFC7092] describes different categories of signaling > plane B2BUAs. This section explains how these B2BUAs are expected to > comply with the recommendations in Section 3 > > > Section 5 intro text: > EXISTING: > This section describes the DTLS-SRTP handling by the different types > of media plane B2BUAs defined in [RFC7092]. > NEW: > This section describes how the different types of media plane B2BUAs > defined in [RFC7092] > are expected to comply with the recommendations in Section 3 > > > >> >> = Sec 5.1.1 = >> >> Per the comment above, this text doesn’t make sense: >> >> "A media relay B2BUA, as described in Section 3, forwards the >> certificate fingerprint and SDP setup attribute it receives from one >> endpoint unmodified towards the other endpoint and vice-versa.” > > > NEW: > > A media relay B2BUA follows the rule 1 mentioned in Section 3 and forwards > the certificate fingerprint and SDP setup attribute it receives from one > endpoint unmodified towards the other endpoint and vice-versa. > > Regards, > Ram > > >> >> I thought Sec 3 was providing the recommended behavior, and Sec 5 was >> talking about how different kinds of B2BUAs have the ability to comply >> with those recommendations or not. This makes it sound like Sec 3 defines >> the behavior of media relay B2BUAs. >> >> Thanks, >> Alissa >> >> >>> On Jan 17, 2016, at 7:44 PM, Ram Mohan R (rmohanr) <rmohanr@cisco.com> >>> wrote: >>> >>> Hi Ben, >>> >>> We will publish a new revision in the next couple of weeks. >>> >>> Regards, >>> Ram >>> >>> -----Original Message----- >>> From: Ben Campbell <ben@nostrum.com> >>> Date: Friday, 15 January 2016 at 4:13 AM >>> To: "draft-ietf-straw-b2bua-dtls-srtp@ietf.org" >>> <draft-ietf-straw-b2bua-dtls-srtp@ietf.org> >>> Cc: Cisco Employee <rmohanr@cisco.com>, Alissa Cooper >>> <alissa@cooperw.in>, >>> "straw-chairs@ietf.org" <straw-chairs@ietf.org>, "straw@ietf.org" >>> <straw@ietf.org>, IESG <iesg@ietf.org>, "christer.holmberg@ericsson.com" >>> <christer.holmberg@ericsson.com> >>> Subject: Re: [straw] Alissa Cooper's Discuss on >>> draft-ietf-straw-b2bua-dtls-srtp-09: (with DISCUSS and COMMENT) >>> >>>> Hi, >>>> >>>> What's the status on an update? >>>> >>>> Thanks! >>>> >>>> Ben. >>>> >>>> >>>> On 9 Dec 2015, at 14:25, Ben Campbell wrote: >>>> >>>>> I had an offline discussion with Alissa and Barry yesterday. I think >>>>> we have a proposed way forward to deal with the "big-picture" issues >>>>> from Alissa's discuss. This does not necessarily cover every detail of >>>>> her (or Stephen's) discuss and comments, but I think we need to deal >>>>> with the existential stuff first. >>>>> >>>>> The draft needs clarifications to the problem statement, the draft >>>>> goals and scope, and a clearer separation between normative statements >>>>> and non-normative considerations. >>>>> >>>>> I think that would be easiest with some reorganization. Here's a >>>>> proposed outline. (I don't think you need to stick to this outline in >>>>> detail, as long as the points are clear) >>>>> >>>>> Thanks! >>>>> >>>>> Ben. >>>>> ---------------- >>>>> >>>>> Problem: >>>>> >>>>> - B2BUAs (especially SBCs) often make e2e dtls-srtp impossible. There >>>>> are use cases where they could do their jobs and still allow e2e >>>>> dtls-srtp. >>>>> - The dtls-srtp dependency on RFC 4474 makes that hard in many cases. >>>>> - What do we mean by e2e DTLS-SRTP? (I _think_ we mean from the >>>>> perspective of the b2bua, where that b2bua is not a party to the >>>>> DTLS-SRTP SA, and doesn't have the session key or private keys for >>>>> DTLS cert(s). >>>>> >>>>> Goals and Scope: >>>>> >>>>> - Goal is to provide guidance on how b2buas that could possibly do >>>>> their jobs without breaking e2e dtls-srtp to do so. >>>>> - B2BUAs exist that will still not allow e2e dtls-srtp for various >>>>> reasons. These are out-of-scope, and the draft should not attempt to >>>>> make value judgements about them. >>>>> - Termination of dtls-srtp at the b2bua is out of scope by definition >>>>> (it's not e2e). >>>>> >>>>> Normative rules for B2BUAs to allow e2e DTLS-SRTP: >>>>> >>>>> - Consider both media signaling layers (including for non-media-path >>>>> b2buas) >>>>> - Discuss differences for 4474 and 4474bis, including how a b2bua >>>>> might tell them apart.(Hopefully 4474 will be obsolete soon, but we >>>>> should still discuss it, since it has significant impact on things >>>>> like media-latching since it signs the entire SDP payload.) >>>>> - Discuss differences if the b2bua acts as a 4474/4474bis >>>>> authenticator and/or verifier. >>>>> >>>>> Implications/considerations for each b2bua type (non-normative): >>>>> >>>>> - How do the normative requirements in the previous sections impact >>>>> the various b2bua types. >>>>> >>>>> Normal security and privacy considerations. >>>>> >>>>> >>>>> >>>>> On 9 Dec 2015, at 12:50, Alissa Cooper wrote: >>>>> >>>>>>> On Dec 3, 2015, at 1:12 PM, Ben Campbell <ben@nostrum.com> wrote: >>>>>>> >>>>>>> On 2 Dec 2015, at 23:17, Alissa Cooper wrote: >>>>>>> >>>>>>>> Could you articulate the reasons why someone would build a B2BUA >>>>>>>> that >>>>>>>>>>> follows the recommendations in this draft? >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> B2BUAs used in deployments like the above mentioned scenarios can >>>>>>>>> use the >>>>>>>>> recommendations in this draft. >>>>>>>> >>>>>>>> >>>>>>>> Ok. What I am still missing is why this draft needs to be published >>>>>>>> to make that happen. This is the type of SBC to which the Section >>>>>>>> 3.1.1 guidance is directed. How does the behavior of existing >>>>>>>> media-latching SBCs differ from what 3.1.1 tells them to do? And if >>>>>>>> this type of SBC implementation is the key target audience, >>>>>>>> doesn¹t that make the 3.1.2 guidance essentially no-ops? >>>>>>> >>>>>>> Authors: >>>>>>> >>>>>>> After discussion on today's telechats, and some side discussions >>>>>>> with Alissa, I believe this question is the lynch-pin for making any >>>>>>> progress. I advise people to work this out first before worrying >>>>>>> about the rest of the discussion: Can we articulate how we expect >>>>>>> this draft will change implementer and/or operator behavior? >>>>>>> >>>>>>> Obviously B2BUAs that exist for reasons that require modification of >>>>>>> RTP/RTCP, or cleartext access to the encrypted bits of SRTP are not >>>>>>> going to conform, and are therefore out of scope. The draft doesn't >>>>>>> seem to concern itself with b2buas that are not in the media path at >>>>>>> all. (Maybe it should, since there are plenty of purely >>>>>>> signaling-plane ways to break dtls-srtp?). >>>>>>> >>>>>>> That leaves the question of b2buas in the media path that do not >>>>>>> require modification or cleartext access to protected bits in >>>>>>> srtp--effectively media-relays as described in 3.1.1 Do we believe >>>>>>> people do not know how to build or use such devices without breaking >>>>>>> dtls-srtp? Are people aware of such devices that break dtls-srtp >>>>>>> when they don't need to? Perhaps by misconfiguration, or because >>>>>>> they use SBCs designed for more invasive use cases? >>>>>> >>>>>> As Ben says, I think this draft would add value if it could >>>>>> articulate the problem statement, including the kinds of B2BUAs that >>>>>> cause the problem, and then articulate a solution that those kinds of >>>>>> B2BUAs have a reasonable chance of implementing given what they are >>>>>> otherwise designed to do. >>>>>> >>>>>> Alissa >>>>>> >>>>>>> >>>>>>> Thanks! >>>>>>> >>>>>>> Ben. >>>>> >>>>> _______________________________________________ >>>>> straw mailing list >>>>> straw@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/straw >>> >> >
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Ben Campbell
- [straw] Alissa Cooper's Discuss on draft-ietf-str… Alissa Cooper
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Ben Campbell
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Alissa Cooper
- [straw] What is an "end"? Paul Kyzivat
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Alissa Cooper
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Ram Mohan R (rmohanr)
- Re: [straw] What is an "end"? Ram Mohan R (rmohanr)
- Re: [straw] What is an "end"? Paul Kyzivat
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Ben Campbell
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Tirumaleswar Reddy (tireddy)
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Alissa Cooper
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Ben Campbell
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Alissa Cooper
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Ben Campbell
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Ben Campbell
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Ram Mohan R (rmohanr)
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Alissa Cooper
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Ram Mohan R (rmohanr)
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Ben Campbell
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Ram Mohan R (rmohanr)
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Tirumaleswar Reddy (tireddy)
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Ben Campbell
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Tirumaleswar Reddy (tireddy)
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Paul Kyzivat
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Ben Campbell
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Tirumaleswar Reddy (tireddy)
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Ben Campbell
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Tirumaleswar Reddy (tireddy)
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Victor Pascual Avila
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Ben Campbell
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Alissa Cooper
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Alissa Cooper
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Ram Mohan R (rmohanr)
- Re: [straw] Alissa Cooper's Discuss on draft-ietf… Ram Mohan R (rmohanr)