Re: [clue] Last Call: <draft-ietf-clue-rtp-mapping-10.txt> (Mapping RTP streams to CLUE Media Captures) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Den 2017-01-15 kl. 07:05, skrev Roni Even:
Hi Magnus,
CaptureID here is just conveying the value defined in the CLUE data model
and CLUE protocol defines the security consideration for conveying the
adertized and configured values.
So any security on creating is done in the protocol document

Yes, it is containing a value. And the data model and protocol documents defines the protocol level security requirements and solution. However, as the CaptureID is taken out of the context of the CLUE protocol, and put into RTP/RTCP there needs to be consideration for the implications of that action.

As I don't find any recommendation for how an implementation generates CaptureIDs I could not determine the security sensitivity of the field. That is why I am asking about that aspect. Please provide an analysis of what it may contain, i.e. worst case, and the appropriate recommendation for appropriately securing that field.


As for the header extension, I will add some text

And I think this is relevant also for SDES items in general, not only for the header extension. The security risks and fundamental requirements are shared anyway.

Cheers

Magnus

Roni

-----Original Message-----
From: clue [mailto:clue-bounces@xxxxxxxx] On Behalf Of Magnus Westerlund
Sent: Friday, January 13, 2017 2:22 PM
To: ietf@xxxxxxxx
Cc: draft-ietf-clue-rtp-mapping@xxxxxxxx; clue-chairs@xxxxxxxx;
clue@xxxxxxxx
Subject: Re: [clue] Last Call: <draft-ietf-clue-rtp-mapping-10.txt>
(Mapping RTP
streams to CLUE Media Captures) to Proposed Standard

Hi,

As one of IANA's expert reviewers for the two registries that this
document
attempts to register in, I want to provide some feedback on individual
basis and
directly.

The SDES item registration of the CaptureID is fine with the exception
that it isn't
clear on the security consideration for the CaptureID field as SDES item.
I fail to
find any limitations or even recommendations for how the value is created
by
the implementation. Nor does the security considerations discuss the
potential
risk that the capture ID is privacy sensitive, like "Adrian's Mic" rather
than AC0
as in the example in the data model document. The data model document is
fairly clear on the need for confidentiality and authorization for the
whole data
model document. However, this thinking has not been raised and clarified
in this
specific move of the information into the RTP protocol.

So, I would recommend a discussion in general if the field should have
anonymous labels, that do not contain privacy information. Then one needs
to
be clear on what requirements that puts on transporting this field in RTP.
And
that depends on how certain one can be that it is anonymous or that it may
contain sensitive information and therefore should be confidentiality
protected.
In all cases this field needs integrity and source authentication. Which
should be
made explicit in the security consideration. The clue mapping require
implementation of SRTP with DTLS-SRTP keying, however, it fails to be
specific
on which protection profiles that are to be supported, both for the SRTP
as well
as the crypto functions for the key handshakes in DTLS-SRTP. Thus, I can't
be
certain if the CaptureID will be confidentiality protected or not even in
RTCP.

When it comes to the RTP Header Extension case, the RFC 7941 is very
explicit
about the requirement on doing this security consideration. And I note
that with
the above analysis of what requirements to put, one can ensure that the
right
requirements on the CLUE system to protect any RTP header extension with
the
CaptureID is done. I do note that if confidentiality protection is needed,
this
means additional implementation requirement. Such needs to be defined in
this
or referenced document if that is the case.

This should be fairly straight forward to fix, but needs to be done.

Cheers

Magnus

Den 2016-12-22 kl. 22:18, skrev The IESG:

The IESG has received a request from the ControLling mUltiple streams
for tElepresence WG (clue) to consider the following document:
- 'Mapping RTP streams to CLUE Media Captures'
  <draft-ietf-clue-rtp-mapping-10.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@xxxxxxxx mailing lists by 2017-01-12. Exceptionally, comments may
be sent to iesg@xxxxxxxx instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


   This document describes how the Real Time transport Protocol (RTP) is
   used in the context of the CLUE protocol.  It also describes the
   mechanisms and recommended practice for mapping RTP media streams
   defined in SDP to CLUE Media Captures.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-clue-rtp-mapping/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-clue-rtp-mapping/ballot/


No IPR declarations have been submitted directly on this I-D.







--

Magnus Westerlund

----------------------------------------------------------------------
Services, Media and Network features, Ericsson Research EAB/TXM
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Färögatan 6                 | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@xxxxxxxxxxxx
----------------------------------------------------------------------

_______________________________________________
clue mailing list
clue@xxxxxxxx
https://www.ietf.org/mailman/listinfo/clue




--

Magnus Westerlund

----------------------------------------------------------------------
Services, Media and Network features, Ericsson Research EAB/TXM
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Färögatan 6                 | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@xxxxxxxxxxxx
----------------------------------------------------------------------




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]