[AVT] SRTP and ICMP destination unreachable ...

[John Lazzaro <lazzaro@CS.Berkeley.EDU>]

Hi everyone,

	I'm been doing a code review of the sfront networking system
(which partially implements an authentication system similar to SRTP)
as part of the writing process for the MWPP implementation guide, and
was wondering about this line in the SRTP I-D:

> Message authentication for RTCP is REQUIRED, as it is the control 
> protocol (e.g., it has a BYE packet) for RTP.

	If an implementation follows this advice, should it also
ignore ICMP destination unreachable packets (i.e. the ICMP packet that
results in the ECONNREFUSED errno under UNIX)?

	I'm not well versed at what happens at the network layer with
ICMP, but I was under the impression that it would be pretty easy for
an attacker to send ICMP packets that would end a particular media
stream, if he was able to snoop on the IP headers of the stream in the
clear. So, accepting unauthenticated ICMP destination unreachable
packets would seem to opening up the same attacks as accepting
unauthenticated RTCP BYE commands ...

	I did a quick scan through the SRTP document and didn't see
this issue discussed, my apologies if I missed it ...

-------------------------------------------------------------------------
John Lazzaro -- Research Specialist -- CS Division -- EECS -- UC Berkeley
lazzaro [at] cs [dot] berkeley [dot] edu     www.cs.berkeley.edu/~lazzaro
-------------------------------------------------------------------------

_______________________________________________
Audio/Video Transport Working Group
avt@ietf.org
https://www1.ietf.org/mailman/listinfo/avt