IETF Logo Mail Archive

Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs

Eric Rescorla <ekr@rtfm.com> Thu, 21 June 2012 22:11 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A09621F8649 for <avt@ietfa.amsl.com>; Thu, 21 Jun 2012 15:11:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EIQUCUFda5z2 for <avt@ietfa.amsl.com>; Thu, 21 Jun 2012 15:11:01 -0700 (PDT)
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 5696911E8095 for <avt@ietf.org>; Thu, 21 Jun 2012 15:11:01 -0700 (PDT)
Received: by vbbez10 with SMTP id ez10so664987vbb.31 for <avt@ietf.org>; Thu, 21 Jun 2012 15:11:00 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding :x-gm-message-state; bh=Zcxid7LLsTAXkINs243c7GKmZyJqsHsdolWVJS5pGTA=; b=bo2oLCIrKBLEzeft/x9cm0Pp7YSczRig1rE/MTOMEuD4OlQ9SRlu577Dq36VEn/Rvh JVTkMUvddPp9h/ScCgru6v7w/t/l6AEwLs48ChLRpW7e0YGZmDj56Nqwqh2OEj0V7hvm N87rXu5GH719JKlulCtwZiABz0xznoiFp4v/SRWlL8DBFExZAF1RbQatnoI99KkFmSt+ zplIeGGQ8Hv0WIfjoyD1J6bAPV8n0TxDUmfdRYQb61kaeiQy9xd6rE06XGY1eVfUx8ZS Mwx39Ftb6V9ovOPopqXmWR0RgwQ2fJ5FT//IV3ZVK7yGG8QIkr36chZjbzAMtIx+GZ8/ 3Fvw==
Received: by 10.52.36.33 with SMTP id n1mr9837262vdj.53.1340316660700; Thu, 21 Jun 2012 15:11:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.35.209 with HTTP; Thu, 21 Jun 2012 15:10:20 -0700 (PDT)
X-Originating-IP: [63.245.220.224]
In-Reply-To: <0114FC22-FAE9-491D-8E5B-97A38F7714E7@csperkins.org>
References: <CABcZeBOGHimbibmQNOKrSEKqFRkq7Y1nWfSJJofP5eLZkJ+ULg@mail.gmail.com> <075C431A-A103-4C7E-9D4A-F80CB97DD9FB@csperkins.org> <BB321CED-DBDD-4E6F-997B-8490912F6315@iii.ca> <CABcZeBNvOJJL7YMk4jEQi5g=LbULiNob4LrxUuL-d-qO05_5PQ@mail.gmail.com> <CABkgnnUZOPygWgUQ7f4LnFEjOmQE2vA+KNic0gts3=MTHs8b8Q@mail.gmail.com> <0114FC22-FAE9-491D-8E5B-97A38F7714E7@csperkins.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 21 Jun 2012 15:10:20 -0700
Message-ID: <CABcZeBMU4NNfmWRDXD30OmdvJLCSeJnQPgrkdLBFumepYsFoYg@mail.gmail.com>
To: Colin Perkins <csp@csperkins.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQn/BCCzwdwyGt13NXVmSeBAD9xUqFIAkohOK9Lfh6ICv4tKXBQFeOnMZTXck4MGIaSg7XU6
Cc: rtcweb@ietf.org, Martin Thomson <martin.thomson@gmail.com>, avt@ietf.org, Cullen Jennings <fluffy@iii.ca>
Subject: Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2012 22:11:07 -0000

On Thu, Jun 21, 2012 at 2:54 PM, Colin Perkins <csp@csperkins.org> wrote:
> On 21 Jun 2012, at 20:09, Martin Thomson wrote:
>> On 21 June 2012 05:48, Eric Rescorla <ekr@rtfm.com> wrote:
>>> On Thu, Jun 21, 2012 at 5:39 AM, Cullen Jennings <fluffy@iii.ca> wrote:
>>>> I think what EKR was getting at is that if A call B in one phone call, then day later A wants to make an anonymous call to B, B should not be able to tell the second call is coming from same devices. I think that was part of the goal of 6222 but from EKR's email it looks like it fails to provide that.
>>>
>>> Exactly.
>>
>> I agree with the analysis.  The idea that the same browser could be
>> correlated across two independent sessions bothers me.  Within the one
>> "session", fine - on the contrary, mandatory.  Outside of that, I'd
>> like at least an option for anonymity.
>
> Using SRTP to encrypt the traffic will stop third-parties correlating the sessions, and RTCWeb is mandates SRTP and encryption.

I'm concerned about tracking by people who are second parties.

Consider the case where I call you from an anonymous phone at a domestic
violence shelter. I record the CNAME and then call all the DV shelters until
I determine which one has a CNAME from the same device.

> RFC 6222 does define per-session RTCP CNAME values, if you're concerned about the called party being able to correlate sessions based on the RTCP CNAME. We could mandate those instead of short-term persistent RTCP CNAME values. If that's not sufficient, then someone will need to write a draft that defines a new RTCP CNAME generation algorithm, which this draft can refer to.

The problem is that those per-session CNAME values do not appear to be
unlinkable.
I.e., they are distinct but they are generated from the same
underlying data with
insufficient entropy to prevent someone who knows two CNAMEs from determining
if they are from the same device.

As far as new algorithm goes, is there some reason "Random" isn't good enoguh?

-Ekr

v2.23.0 | Report a Bug | By Email