Unknown Key-Share Attacks on Uses of TLS with the Session Description Protocol (SDP)
RFC 8844
Yes
No Objection
Note: This ballot was opened for revision 06 and is now closed.
Alvaro Retana No Objection
Roman Danyliw (was Discuss) No Objection
Thank you for addressing my DISCUSS and COMMENTs.
Warren Kumari No Objection
(Adam Roach; former steering group member) Yes
(Alexey Melnikov; former steering group member) No Objection
(Alissa Cooper; former steering group member) No Objection
Section 2.3: s/This attack/The unknown key share attack/ Section 3: s/Neither SIP nor WebRTC identity providers are not required/Neither SIP nor WebRTC identity providers are required/
(Barry Leiba; former steering group member) No Objection
(Benjamin Kaduk; former steering group member) (was Discuss) No Objection
Thanks for these updates; they are a big improvement. In Section 3.2 The absence of an identity binding does not relax this requirement; if a peer provided no identity binding, a zero-length extension MUST be present to be considered valid. For some reason my brain keeps trying to tell me that this could be misinterpreted somehow, as implying that if the peer doesn't implement this extension it would be considered invalid. But I don't see any actual specific problems with this text, so it's probably fine. An "external_id_hash" extension that is any length other than 0 or 32 is invalid and MUST cause the receiving endpoint to generate a fatal "decode_error" alert. Very pedantic here, but the numbers aren't quite right, as the "external_id_hash" extension would be length 1 or 33 due to the length octet. We'd have to say that the "binding_hash" is length 0 or 32 to be pedantically correct. Section 6 Without identity assertions, the mitigations in this document prevent the session splicing attack described in Section 4. Defense against session concatenation (Section 5) additionally requires protocol peers are not able to claim the certificate fingerprints of other entities. nit: "requires that".
(Deborah Brungard; former steering group member) No Objection
(Mirja Kühlewind; former steering group member) No Objection
(Suresh Krishnan; former steering group member) No Objection