The IESG has approved the following document: - 'Unknown Key Share Attacks on uses of TLS with the Session Description Protocol (SDP)' (draft-ietf-mmusic-sdp-uks-07.txt) as Proposed Standard
This document is the product of the Multiparty Multimedia Session Control Working Group. The IESG contact persons are Adam Roach, Alexey Melnikov and Barry Leiba. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-mmusic-sdp-uks/ Technical Summary This document describes unknown key-share attacks on the use of Datagram Transport Layer Security for the Secure Real-Time Transport Protocol (DTLS-SRTP). Similar attacks are described on the use of DTLS-SRTP with the identity bindings used in Web Real-Time Communications (WebRTC) and SIP identity. These attacks are difficult to mount, but they cause a victim to be mislead about the identity of a communicating peer. Simple mitigation techniques are defined for each. Working Group Summary The document’s progress through the working group was unremarkable. Document Quality The document was reviewed and discussed by a small group of key MMUSIC and RTCWEB members. No implementations are known. Personnel Who is the Document Shepherd? Who is the Responsible Area Director? The Document Shepherd is Bo Burman. The Responsible AD is Adam Roach. RFC Editor Note Please make the following two changes to the document. In Section 3.2 OLD An "external_id_hash" extension that is any length other than 0 or 32 is invalid and MUST cause the receiving endpoint to generate a fatal "decode_error" alert. NEW An "external_id_hash" extension with a "binding_hash" field that is any length other than 0 or 32 is invalid and MUST cause the receiving endpoint to generate a fatal "decode_error" alert. Section 6 OLD Without identity assertions, the mitigations in this document prevent the session splicing attack described in Section 4. Defense against session concatenation (Section 5) additionally requires protocol peers are not able to claim the certificate fingerprints of other entities. NEW Without identity assertions, the mitigations in this document prevent the session splicing attack described in Section 4. Defense against session concatenation (Section 5) additionally requires that protocol peers are not able to claim the certificate fingerprints of other entities. (Replace "requires" with "requires that") _______________________________________________ IETF-Announce mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-announce
