[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[AVT] Re: SRTP MAC question
This seems completely reasonable to me. Especially
about the part re security novices.
Mike
Steven M. Bellovin writes:
> In message <E18aoCr-000NW2-00@psg.com>, Allison Mankin writes:
> > What I request
>
> >here allows them to have their requirement, it just asks them to
> >substantiate it. In addition, it takes the outcome of the security
> >analysis and ensures that the higher risk of easy integrity attacks is
> >not accidentally imposed by default on applications that may not have
> >the tradeoff made by the SRTP design as written currently.
>
> Put another way -- and you can quote me on this -- I'm quite willing
> to accept nominally-insecure options under the following circumstances:
>
> *) There is a secure option described in the RFC;
>
> *) The RFC clearly delineates the circumstances under which the
> less-secure option is advisable;
>
> *) There is a clear, explicit analysis to show why it's needed
> in some circumstances;
>
> *) There's a thorough explanation of the risks incurred by
> opting for this choice.
>
> In other words -- make sure implementors who aren't security experts
> understands the cost-benefit tradeoff.
>
>
> --Steve Bellovin, http://www.research.att.com/~smb (me)
> http://www.wilyhacker.com (2nd edition of "Firewalls" book)
>
>
> _______________________________________________
> Audio/Video Transport Working Group
> avt@ietf.org
> https://www1.ietf.org/mailman/listinfo/avt
_______________________________________________
Audio/Video Transport Working Group
avt@ietf.org
https://www1.ietf.org/mailman/listinfo/avt