Re: [TLS] Brief Cross-WG review - draft-ietf-mmusic-comedia-tls
Eric Rescorla <ekr@networkresonance.com> Mon, 02 January 2006 19:36 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EtVTz-0001Qg-K4; Mon, 02 Jan 2006 14:36:39 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EtVTx-0001Pv-Ix; Mon, 02 Jan 2006 14:36:38 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA06498; Mon, 2 Jan 2006 14:35:24 -0500 (EST)
Received: from raman.networkresonance.com ([198.144.196.3]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EtVZ4-0002lI-Ri; Mon, 02 Jan 2006 14:41:56 -0500
Received: by raman.networkresonance.com (Postfix, from userid 1001) id 017A61E8C4C; Mon, 2 Jan 2006 11:36:18 -0800 (PST)
To: mankin@psg.com
Subject: Re: [TLS] Brief Cross-WG review - draft-ietf-mmusic-comedia-tls
References: <200601021643.LAA18903@ietf.org>
From: Eric Rescorla <ekr@networkresonance.com>
Date: Mon, 02 Jan 2006 11:36:18 -0800
In-Reply-To: <200601021643.LAA18903@ietf.org> (Allison Mankin's message of "Mon, 02 Jan 2006 08:44:37 -0800")
Message-ID: <86psna8lsd.fsf@raman.networkresonance.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.18 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 082a9cbf4d599f360ac7f815372a6a15
Cc: lennox@cs.columbia.edu, hartmans+ietf@mit.edu, tls@ietf.org, jon.peterson@neustar.biz, mmusic@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@networkresonance.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Sender: tls-bounces@lists.ietf.org
Errors-To: tls-bounces@lists.ietf.org
Review of draft-ietf-mmusic-comedia-tls-05
SUMMARY
This draft describes how to use SDP to describe TLS
connection-oriented media sessions. The major new thing is putting
certificate fingerprints in the SDP m-line so that as long as you have
signalling integrity you can prevent MITM attacks without 3rd party
certificates. This draft seems like a good idea and the
implementation seems basically solid, modulo the comments below.
S 5:
I agree that it's fine to use the same hash as was used to
generate the certificate, but I think you need to explain
why it's OK here or in the security considerations section.
The key point is that the same security properties are required
of the hash here as in the certificate signature.
S 6.1:
This text seems to imply that you need to have a valid identity
in the certificate even if it's self-signed and used with a
fingerprint. From a security perspective, that doesn't really
add any value, since it's the fingerprint, not the identity,
that provides security.
S 6.2:
certificate does not match the provided fingerprint, or, if there was
no fingerprint, the certificate identity is incorrect, the server
endpoint MUST either notify the user or terminate the media
connection with a bad certificate error.
I assume you mean "bad_certificate" here. Also, why are you
generating that if no fingerprint is provided? That's not a
TLS-level error, it's an error at the upper layer protocol. You
shouldn't even be negotiating TLS if there's no fingerprint.
Note that when the offer/answer model is being used, it is possible
for a media connection to outrace the answer back to the offerer.
Thus, if the offerer has offered a 'setup:passive' or 'setup:actpass'
role, it MUST (as specified in the Connection-Oriented Media
specification [2]) begin listening for an incoming connection as soon
as it sends its offer. However, because its peer's media connection
may outrace its answer, it MUST NOT definitively accept the peer's
certificate until it has received and processed the SDP answer.
What does "definitively accept" mean here. What I would assume would
be that you would let the TLS handshake complete but then defer
some other action till you had the fingrerprint. But what action?
_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Brief Cross-WG review - draft-ietf-mmusic-c… Allison Mankin
- Re: [TLS] Brief Cross-WG review - draft-ietf-mmus… Eric Rescorla
- Re: [TLS] Brief Cross-WG review - draft-ietf-mmus… Eric Rescorla
- Re: [TLS] Brief Cross-WG review - draft-ietf-mmus… Eric Rescorla
- Re: [TLS] Brief Cross-WG review - draft-ietf-mmus… Allison Mankin
- Re: [TLS] Brief Cross-WG review - draft-ietf-mmus… Eric Rescorla
- Re: [TLS] Brief Cross-WG review - draft-ietf-mmus… Sam Hartman