[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: I-D ACTION:draft-wing-media-security-requirements-00.txt

Howdy,

1) I don't believe there was a vote on "R3: With forking, only the entity to
which the call is finally established, MUST get hold of the media encryption
keys" explicitly.  The slide we voted on was "Forking and Retargeting
MUST/SHOULD be secured".  That was ambiguous, at least for me in Montreal.
The way the slide was discussed it sounded like "do we still need to have a
forked request secured", whereas what I think you really meant, now that I
see this requirement, is "must we prevent all forked parties from seeing the
keys, and instead constrain it to only the final chosen one".  A very
different question, with a very different answer for me.

2) R6: A solution MUST provide protection against passive attacks.  I think
you need to define what a passive attack is in the draft.  It was also an
area where I thought the voting was ambiguous.  In the earlier slides they
implied a proxy, in the SIPS/TLS hop-path of an sdesc request, would be
considered a passive attacker; so sdesc through SIPS through proxies would
not be sufficient to be considered a valid rtpsec model.  But I don't think
that's what the requirement voting slide implied, and not what some people
voted on in Montreal.  At least I didn't.  I was voting that the keys had to
be exchanged over a secure transport mechanism, so that a sniffer wouldn't
see 'em.  Now I know some people here feel a SIPS proxy and a sniffer are
the same thing, but I don't.  :)  But I'd at least like to know whether it
is or not in this draft's view.

-hadriel


> -----Original Message-----
> From: owner-ietf-rtpsec@xxxxxxxxxxxx [mailto:owner-ietf-
> rtpsec@xxxxxxxxxxxx] On Behalf Of Dan Wing
> Sent: Tuesday, October 24, 2006 7:14 PM
> To: ietf-rtpsec@xxxxxxx
> Cc: Steffen Fries; Hannes Tschofenig
> Subject: FW: I-D ACTION:draft-wing-media-security-requirements-00.txt
> 
> Now that the I-D deadlines are passed, I wanted to call RTPSEC's attention
> to our recent submission.  This I-D is intended to summarize the
> requirements from my RTPSEC BoF presentation and discussions on this list.
> 
> Please reply-all with comments or suggestions.
> 
> -d
> 
> 
> > 	Title		: Media Security Requirements
> > 	Author(s)	: D. Wing, et al.
> > 	Filename	: draft-wing-media-security-requirements-00.txt
> > 	Pages		: 19
> > 	Date		: 2006-10-18
> >
> >
> >    A number of proposals have been published to address the need of
> >    securing media traffic.  Different assumptions, requirements, and
> >    usage environments justify every one of them.  This
> >    document aims to summarize the discussed media security
> >    requirements in order progress the work on identifying a
> >    small subset applicable to a large range of deployment
> >    environments.
> >
> >
> > A URL for this Internet-Draft is:
> >
> http://www.ietf.org/internet-drafts/draft-wing-media-security-
> requirements-0
> 0.txt