[AVT] Re: SRTP MAC question

["Steven M. Bellovin" <smb@research.att.com>]

In message <E18aoCr-000NW2-00@psg.com>, Allison Mankin writes:
> What I request

>here allows them to have their requirement, it just asks them to
>substantiate it.  In addition, it takes the outcome of the security
>analysis and ensures that the higher risk of easy integrity attacks is
>not accidentally imposed by default on applications that may not have
>the tradeoff made by the SRTP design as written currently.

Put another way -- and you can quote me on this -- I'm quite willing
to accept nominally-insecure options under the following circumstances:

	*) There is a secure option described in the RFC;

	*) The RFC clearly delineates the circumstances under which the
	less-secure option is advisable;

	*) There is a clear, explicit analysis to show why it's needed
	in some circumstances;

	*) There's a thorough explanation of the risks incurred by
	opting for this choice.

In other words -- make sure implementors who aren't security experts 
understands the cost-benefit tradeoff.


		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)


_______________________________________________
Audio/Video Transport Working Group
avt@ietf.org
https://www1.ietf.org/mailman/listinfo/avt