Re: [TLS] Brief Cross-WG review - draft-ietf-mmusic-comedia-tls
Eric Rescorla <ekr@networkresonance.com> Mon, 02 January 2006 19:36 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EtVTz-0001Qg-K4; Mon, 02 Jan 2006 14:36:39 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EtVTx-0001Pv-Ix; Mon, 02 Jan 2006 14:36:38 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA06498; Mon, 2 Jan 2006 14:35:24 -0500 (EST)
Received: from raman.networkresonance.com ([198.144.196.3]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EtVZ4-0002lI-Ri; Mon, 02 Jan 2006 14:41:56 -0500
Received: by raman.networkresonance.com (Postfix, from userid 1001) id 017A61E8C4C; Mon, 2 Jan 2006 11:36:18 -0800 (PST)
To: mankin@psg.com
Subject: Re: [TLS] Brief Cross-WG review - draft-ietf-mmusic-comedia-tls
References: <200601021643.LAA18903@ietf.org>
From: Eric Rescorla <ekr@networkresonance.com>
Date: Mon, 02 Jan 2006 11:36:18 -0800
In-Reply-To: <200601021643.LAA18903@ietf.org> (Allison Mankin's message of "Mon, 02 Jan 2006 08:44:37 -0800")
Message-ID: <86psna8lsd.fsf@raman.networkresonance.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.18 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 082a9cbf4d599f360ac7f815372a6a15
Cc: lennox@cs.columbia.edu, hartmans+ietf@mit.edu, tls@ietf.org, jon.peterson@neustar.biz, mmusic@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@networkresonance.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Sender: tls-bounces@lists.ietf.org
Errors-To: tls-bounces@lists.ietf.org
Review of draft-ietf-mmusic-comedia-tls-05 SUMMARY This draft describes how to use SDP to describe TLS connection-oriented media sessions. The major new thing is putting certificate fingerprints in the SDP m-line so that as long as you have signalling integrity you can prevent MITM attacks without 3rd party certificates. This draft seems like a good idea and the implementation seems basically solid, modulo the comments below. S 5: I agree that it's fine to use the same hash as was used to generate the certificate, but I think you need to explain why it's OK here or in the security considerations section. The key point is that the same security properties are required of the hash here as in the certificate signature. S 6.1: This text seems to imply that you need to have a valid identity in the certificate even if it's self-signed and used with a fingerprint. From a security perspective, that doesn't really add any value, since it's the fingerprint, not the identity, that provides security. S 6.2: certificate does not match the provided fingerprint, or, if there was no fingerprint, the certificate identity is incorrect, the server endpoint MUST either notify the user or terminate the media connection with a bad certificate error. I assume you mean "bad_certificate" here. Also, why are you generating that if no fingerprint is provided? That's not a TLS-level error, it's an error at the upper layer protocol. You shouldn't even be negotiating TLS if there's no fingerprint. Note that when the offer/answer model is being used, it is possible for a media connection to outrace the answer back to the offerer. Thus, if the offerer has offered a 'setup:passive' or 'setup:actpass' role, it MUST (as specified in the Connection-Oriented Media specification [2]) begin listening for an incoming connection as soon as it sends its offer. However, because its peer's media connection may outrace its answer, it MUST NOT definitively accept the peer's certificate until it has received and processed the SDP answer. What does "definitively accept" mean here. What I would assume would be that you would let the TLS handshake complete but then defer some other action till you had the fingrerprint. But what action? _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Brief Cross-WG review - draft-ietf-mmusic-c… Allison Mankin
- Re: [TLS] Brief Cross-WG review - draft-ietf-mmus… Eric Rescorla
- Re: [TLS] Brief Cross-WG review - draft-ietf-mmus… Eric Rescorla
- Re: [TLS] Brief Cross-WG review - draft-ietf-mmus… Eric Rescorla
- Re: [TLS] Brief Cross-WG review - draft-ietf-mmus… Allison Mankin
- Re: [TLS] Brief Cross-WG review - draft-ietf-mmus… Eric Rescorla
- Re: [TLS] Brief Cross-WG review - draft-ietf-mmus… Sam Hartman