Re: [XCON] correction to section 8.2 question

To: "Michael Bober" <michael.p.bober at gmail.com>, <xcon at ietf.org>
Subject: Re: [XCON] correction to section 8.2 question
From: "Mary Barnes" <mary.barnes at nortel.com>
Date: Tue, 28 Apr 2009 08:54:13 -0500
Delivered-to: xcon at core3.amsl.com
In-reply-to: <9520E66537CC4941994C518E3E21091CF6894D at esealmw105.eemea.ericsson.se>
List-archive: <http://www.ietf.org/mail-archive/web/xcon>
List-help: <mailto:xcon-request@ietf.org?subject=help>
List-id: Centralized Conferencing <xcon.ietf.org>
List-post: <mailto:xcon@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/xcon>, <mailto:xcon-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/xcon>, <mailto:xcon-request@ietf.org?subject=unsubscribe>
References: <c19a0b0e0904271039i32bbbe58rd0cf2c2fe491dae8 at mail.gmail.com> <9520E66537CC4941994C518E3E21091CF6894D at esealmw105.eemea.ericsson.se>
Thread-index: AcnHXyUdmulckgLzRuKgIj+uMnEHbAAdL4YwAAzdKZA=
Thread-topic: [XCON] correction to section 8.2 question

Hi Michael,

The XCON FW (RFC 5239) provides an overview of the potential attacks for XCON, as well as some basic security mechanisms that should be supported by a conferencing system and conferencing client.

We will need to provide a detailed description of the security solution for the XCON protocol in the CCMP protocol document:

http://tools.ietf.org/id/draft-ietf-xcon-ccmp-02.txt

Since the protocol is based on HTTP(S), we will be relying on some of the HTTP security mechanisms.

We'll be updating the security section in the next revision and will take your comment into consideration and we'd appreciate additional feedback once we submit the revision.

Thanks,

Mary.

From: xcon-bounces at ietf.org [mailto:xcon-bounces at ietf.org] On Behalf Of Oscar Novo
Sent: Tuesday, April 28, 2009 2:48 AM
To: Michael Bober; xcon at ietf.org
Subject: Re: [XCON] correction to section 8.2 question

Well, I haven't think myself in all the possible attacks but the most important ones related to confidentiality could be:

- An attacker may attempt to get access to confidential information from eavesdropping.

- An attacker may attempt to modify the messages exchange btw the client and server (that's more related to integrity though)

Oscar

From: xcon-bounces at ietf.org [mailto:xcon-bounces at ietf.org] On Behalf Of Michael Bober
Sent: 27. huhtikuuta 2009 20:40
To: xcon at ietf.org
Subject: [XCON] correction to section 8.2 question

To clarify, the following question I submitted was in refference to "draft-ietf-xcon-common-data-model-13.txt":

Section 8.2 discusses confidentiality, and it seems that encryption and
end-to-end authentication provide the most protection for XCON. Since
hacking has been quite newsworthy in the recent weeks, I am interested to
know what kind of attack XCON would be susceptible to, if any.

Michael Bober

References:
- [XCON] correction to section 8.2 question
  - From: Michael Bober
- Re: [XCON] correction to section 8.2 question
  - From: Oscar Novo

Prev by Date: [XCON] BFCP over UDP
Next by Date: Re: [XCON] Centralized Conferencing Manipulation Protocol
Previous by thread: Re: [XCON] correction to section 8.2 question
Next by thread: [XCON] (no subject)
Index(es):
- Date
- Thread

Re: [XCON] correction to section 8.2 question

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.