WARNING: This server is unstable and will be retired in the next days. If you want to keep this forum available, please request immediately a migration on the Nabble Support forum. Forums that don't receive any migration request will be deleted forever.
IETF
 » 
IETF - avt

 « Return to Thread: [AVTCORE] Errata on RFC 4771 - "Integrity Transform Carrying Roll-Over Counter for the Secure Real-time Transport Protocol (SRTP)"

Re: [AVTCORE] Errata on RFC 4771 - "Integrity Transform Carrying Roll-Over Counter for the Secure Real-time Transport Protocol (SRTP)"

by Dan Wing :: Rate this Message:

| View in Thread

> -----Original Message-----
> From: avt-bounces@... [mailto:avt-bounces@...] On Behalf Of
> Magnus Westerlund
> Sent: Monday, May 28, 2012 2:33 AM
> To: IETF AVTCore WG
> Subject: [AVTCORE] Errata on RFC 4771 - "Integrity Transform Carrying
> Roll-Over Counter for the Secure Real-time Transport Protocol (SRTP)"
>
> WG,
>
> Although not produced by this WG, as we are responsible for SRTP it
> might be of interest for this community to know that there has been
> field an errata on RFC 4771 - "Integrity Transform Carrying Roll-Over
> Counter for the Secure Real-time Transport Protocol (SRTP)"
>
> http://www.rfc-editor.org/errata_search.php?eid=3233
>
> Errata ID: 3233
>
> Status: Reported
> Type: Technical
>
> Reported By: Mats Näslund
> Date Reported: 2012-05-28
>
> Section 2 says:
>
> When the receiver receives an SRTP packet, it processes the packet
> according to RFC 3711 except that during authentication processing
> ROC_local is replaced by ROC_sender (retrieved from the packet).
>
>
> It should say:
>
> When the receiver receives an SRTP packet, it processes the packet
> according to RFC 3711 except that during replay check and
> authentication
> processing
> ROC_local is replaced by ROC_sender (retrieved from the packet).
>
>
> Notes:
>
> While this is typo, it has the unfortunate side effect of creating a
> possibility for a replay attack where the attacker injects a previous
> message, possibly causing the receiver to loose synch on the ROC value.
> This is prevented if the receiver uses ROC_sender in place of ROC_local
> during both authentication _and_ replay check.
>
> We thank David McGrew for spotting this error.

I would Approve this errata.  

-d



> --
>
> Cheers
>
>
> Magnus Westerlund
>
> ----------------------------------------------------------------------
> Multimedia Technologies, Ericsson Research EAB/TVM
> ----------------------------------------------------------------------
> Ericsson AB                | Phone  +46 10 7148287
> Färögatan 6                | Mobile +46 73 0949079
> SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@...
> ----------------------------------------------------------------------
>
> _______________________________________________
> Audio/Video Transport Core Maintenance
> avt@...
> https://www.ietf.org/mailman/listinfo/avt

_______________________________________________
Audio/Video Transport Core Maintenance
avt@...
https://www.ietf.org/mailman/listinfo/avt

 « Return to Thread: [AVTCORE] Errata on RFC 4771 - "Integrity Transform Carrying Roll-Over Counter for the Secure Real-time Transport Protocol (SRTP)"

Free embeddable forum powered by Nabble Forum Help