WG,
Although not produced by this WG, as we are responsible for SRTP it
might be of interest for this community to know that there has been
field an errata on RFC 4771 - "Integrity Transform Carrying Roll-Over
Counter for the Secure Real-time Transport Protocol (SRTP)"
http://www.rfc-editor.org/errata_search.php?eid=3233Errata ID: 3233
Status: Reported
Type: Technical
Reported By: Mats Näslund
Date Reported: 2012-05-28
Section 2 says:
When the receiver receives an SRTP packet, it processes the packet
according to RFC 3711 except that during authentication processing
ROC_local is replaced by ROC_sender (retrieved from the packet).
It should say:
When the receiver receives an SRTP packet, it processes the packet
according to RFC 3711 except that during replay check and authentication
processing
ROC_local is replaced by ROC_sender (retrieved from the packet).
Notes:
While this is typo, it has the unfortunate side effect of creating a
possibility for a replay attack where the attacker injects a previous
message, possibly causing the receiver to loose synch on the ROC value.
This is prevented if the receiver uses ROC_sender in place of ROC_local
during both authentication _and_ replay check.
We thank David McGrew for spotting this error.
--
Cheers
Magnus Westerlund
----------------------------------------------------------------------
Multimedia Technologies, Ericsson Research EAB/TVM
----------------------------------------------------------------------
Ericsson AB | Phone +46 10 7148287
Färögatan 6 | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden| mailto:
magnus.westerlund@...
----------------------------------------------------------------------
_______________________________________________
Audio/Video Transport Core Maintenance
avt@...
https://www.ietf.org/mailman/listinfo/avt
