1 / 6

draft-jennings-vipr-overview IETF 81

draft-jennings-vipr-overview IETF 81. Cullen Jennings. Changes. Editorial and typos Header name changed to remove X-Cisco Michael Proctor raised an interesting attack and provided more information about a two existing attacks (more later) . Document Refactoring.

dayo
Download Presentation

draft-jennings-vipr-overview IETF 81

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. draft-jennings-vipr-overviewIETF 81 Cullen Jennings

  2. Changes Editorial and typos Header name changed to remove X-Cisco Michael Proctor raised an interesting attack and provided more information about a two existing attacks (more later)

  3. Document Refactoring • Overview does more than just be an overview • VAP draft contains bits essential to VIPR, but the VAP protocol was meant to be optional • Proposal: • Refactor the drafts to make the rest of the VIPR drafts not normatively dependent on VAP • Refactor to move parts of overview to other drafts or new drafts. Consider moving section 7, 8, 9

  4. Evil Tracking • Attack: Let's assume EvilCorp registers its node-id against the hash of the sales number of its competitor, VictimCorp.  Then, whenever a ViPR-enabled caller tries to call VictimCorp to buy something, a few hours later their ViPR server will attempt to establish a connection to EvilCorp. • Proposal (half baked): blacklist validations with EvilCorp after failed validation • This solution is broken: in normal conditions with no attacks, if networks goes down, domain will get black listed

  5. First Call Problem • Particularly for video systems, the first call and re-validations falls back to the PSTN. This is an awful user experience • Proposal: • Define some more validation protocols based on passing the secret over the PSTN, rapidly detecting, and instantly moving the call to IP • Might try ISDN USI (User Service Information) field • Might try in band audio “flag” sent by sender, then audio secret is sent by receiver • Fingerprint the audio • Watermark inserted in the audio • Send some DTMF like digits at start of call if other side claims to support this type of VIPR validation • Use a “cocktail” approach where try all of the above at the same time

  6. Proposal Find a better editor for overview Refactor documents by Sept 15 Have some assigned reviewers provide reviews Have a virtual interim meeting mid October

More Related