[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS

To: Mark Baugher <mbaugher at cisco.com>
Subject: Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
From: Eric Rescorla <ekr at rtfm.com>
Date: Sun, 15 Aug 2004 18:57:11 -0700
Cc: Colin Perkins <csp at csperkins.org>, Mats Näslund <mats.naslund at ericsson.com>, dilkiel at dilkie.com, "Steven M. Bellovin" <smb at research.att.com>, housley at vigilsec.com, IETF AVT WG <avt at ietf.org>, nagendra at cs.stanford.edu
In-reply-to: Your message of "Sun, 15 Aug 2004 15:13:28 PDT." <55C48400-EF08-11D8-9248-000A95DC10F2@cisco.com>
List-help: <mailto:avt-request@ietf.org?subject=help>
List-id: Audio/Video Transport Working Group <avt.ietf.org>
List-post: <mailto:avt@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
Sender: avt-bounces at ietf.org

Mark Baugher <mbaugher at cisco.com> wrote:

> 
> On Aug 14, 2004, at 10:01 AM, Eric Rescorla wrote:
> 
> > Mark Baugher <mbaugher at cisco.com> wrote:
> >
> >> Hi Mats
> >>     Your point is well taken about decoupling SRTP from key
> >>     management, which varies from pairwise key management using (say)
> >>     IKE or MIKEY to broadcast key management using subset difference.
> >>     I don't think DTLS has much relevance to AVT protocols and am
> >>     copying the authors and security ADs to check my reasoning.
> >>     SSL/TLS has been successfully deployed for a class of
> >>     client/server applications.  That is outstanding.  It has some
> >>     vulnerabilities, however, that have been exploited by phishing
> >>     attacks, which is bad.
> >
> > Phishing is a social attack, not an attack on anything specific
> > to SSL.
> 
> Phishing might use more than social engineering, there's a class
> attack against browsers that wrongly route requests such as
> http://www.example.com/some-other-address to some-other-address
> and not to example.com.  The URI comes from a message with a forged
> RFC 2822 from address with example.com as the domain part.  The
> machine at some-other-address is own3d by an attacker, who posts
> a web page that looks like an www.example.com registration web page.
> So far, no SSL is involved in the attack.  It may not be
> needed to fool many users who usually expect the server to
> initiate the session and authenticate _them_ rather than vice
> versa.  I guess this is a social attack, but it's made possible
> because of the nature of the global security system that uses SSL.
> It relies on natural language names and asymmetric authorization/
> authentication where the server typically initiates the secure
> session and then gets much more information from the client than
> the client gets from the server.  The security problems with
> natural language names are considered in section 2 of RFC 2693;
> the problem of asymmetric authorization has been discussed in
> Risks and other places.

All of which would be true with, say, HTTP over IPsec.  Moreover SSL
offers certificate-based client authentication, so it's perfectly
possible to avert this attack using mechanisms already present
in SSL.


> > It would work just as well against, say, HTTP over IPsec.
> 
> It depends on the authorization and credential system, doesn't
> it?

In some theoretical sense, I suppose. In practice, any HTTP over
IPsec system that anyone would be likely use would have similar
properties.


> >>     But regardless of the pros and cons of
> >>     SSL/TLS vs. IPsec, RTP has many peer-to-peer applications.  I
> >>     think that IPsec and/or SRTP can adequately protect almost any
> >>     real-time RTP session between peers or between clients and server.
> >>     I can't think of anything DTLS will do for AVT protocols beyond
> >>     adding an unneeded alternative - and the accompanying confusion -
> >>     to the mix.
> >>
> >>    http://www.ietf.org/internet-drafts/draft-rescorla-dtls-01.txt
> >>    should probably specifically state that it is not appropriate for
> >>    the RTP family of protocols.
> >
> > I don't understand the argument here. Unless there's some technical
> > reason why DTLS won't work for these applications, I don't understand
> > why the existence of alternative mechnisms requires a statement
> > that DTLS is inappropriate...
> 
> Today, there are two practical alternatives for securing SRTP and
> these are IPsec and SRTP.  I think we satisfy the concerns of
> [WHYIPSEC] that are mentioned in draft-rescorla-dtls-01.txt.  Is it
> generally true that having two security protocol alternatives is better
> than three for reasons of relative simplicity of the implementations,
> improved interoperability, and lower development/maintenance costs.
> Why would we add a 3rd protocol?

Are you suggesting that a generic datagram security mechanism is a 
bad thing? 


-Ekr

_______________________________________________
Audio/Video Transport Working Group
avt at ietf.org
https://www1.ietf.org/mailman/listinfo/avt

Follow-Ups:
- Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
  - From: Mark Baugher

References:
- Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
  - From: Mark Baugher

Prev by Date: Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
Next by Date: Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
Previous by thread: Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
Next by thread: Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
Index(es):
- Date
- Thread