IETF Logo Mail Archive

Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs

Colin Perkins <csp@csperkins.org> Thu, 21 June 2012 22:28 UTC

Return-Path: <csp@csperkins.org>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06DB511E8088; Thu, 21 Jun 2012 15:28:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id imJjszOGk3fb; Thu, 21 Jun 2012 15:28:55 -0700 (PDT)
Received: from lon1-msapost-1.mail.demon.net (lon1-msapost-1.mail.demon.net [195.173.77.180]) by ietfa.amsl.com (Postfix) with ESMTP id 319BE11E8079; Thu, 21 Jun 2012 15:28:55 -0700 (PDT)
Received: from starkperkins.demon.co.uk ([80.176.158.71] helo=[192.168.0.11]) by lon1-post-1.mail.demon.net with esmtpsa (AUTH csperkins-dwh) (TLSv1:AES128-SHA:128) (Exim 4.69) id 1Shpry-0005NP-Xa; Thu, 21 Jun 2012 22:28:54 +0000
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="iso-8859-1"
From: Colin Perkins <csp@csperkins.org>
In-Reply-To: <CABcZeBMU4NNfmWRDXD30OmdvJLCSeJnQPgrkdLBFumepYsFoYg@mail.gmail.com>
Date: Thu, 21 Jun 2012 23:28:53 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <A09FD671-5818-4881-9DD9-30FC0EA3D7EE@csperkins.org>
References: <CABcZeBOGHimbibmQNOKrSEKqFRkq7Y1nWfSJJofP5eLZkJ+ULg@mail.gmail.com> <075C431A-A103-4C7E-9D4A-F80CB97DD9FB@csperkins.org> <BB321CED-DBDD-4E6F-997B-8490912F6315@iii.ca> <CABcZeBNvOJJL7YMk4jEQi5g=LbULiNob4LrxUuL-d-qO05_5PQ@mail.gmail.com> <CABkgnnUZOPygWgUQ7f4LnFEjOmQE2vA+KNic0gts3=MTHs8b8Q@mail.gmail.com> <0114FC22-FAE9-491D-8E5B-97A38F7714E7@csperkins.org> <CABcZeBMU4NNfmWRDXD30OmdvJLCSeJnQPgrkdLBFumepYsFoYg@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.1278)
Cc: rtcweb@ietf.org, Martin Thomson <martin.thomson@gmail.com>, avt@ietf.org, Cullen Jennings <fluffy@iii.ca>
Subject: Re: [AVTCORE] [rtcweb] Randomly-generated CNAMEs
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2012 22:28:56 -0000

On 21 Jun 2012, at 23:10, Eric Rescorla wrote:
> On Thu, Jun 21, 2012 at 2:54 PM, Colin Perkins <csp@csperkins.org> wrote:
>> On 21 Jun 2012, at 20:09, Martin Thomson wrote:
>>> On 21 June 2012 05:48, Eric Rescorla <ekr@rtfm.com> wrote:
>>>> On Thu, Jun 21, 2012 at 5:39 AM, Cullen Jennings <fluffy@iii.ca> wrote:
>>>>> I think what EKR was getting at is that if A call B in one phone call, then day later A wants to make an anonymous call to B, B should not be able to tell the second call is coming from same devices. I think that was part of the goal of 6222 but from EKR's email it looks like it fails to provide that.
>>>> 
>>>> Exactly.
>>> 
>>> I agree with the analysis.  The idea that the same browser could be
>>> correlated across two independent sessions bothers me.  Within the one
>>> "session", fine - on the contrary, mandatory.  Outside of that, I'd
>>> like at least an option for anonymity.
>> 
>> Using SRTP to encrypt the traffic will stop third-parties correlating the sessions, and RTCWeb is mandates SRTP and encryption.
> 
> I'm concerned about tracking by people who are second parties.
> 
> Consider the case where I call you from an anonymous phone at a domestic violence shelter. I record the CNAME and then call all the DV shelters until I determine which one has a CNAME from the same device.
> 
>> RFC 6222 does define per-session RTCP CNAME values, if you're concerned about the called party being able to correlate sessions based on the RTCP CNAME. We could mandate those instead of short-term persistent RTCP CNAME values. If that's not sufficient, then someone will need to write a draft that defines a new RTCP CNAME generation algorithm, which this draft can refer to.
> 
> The problem is that those per-session CNAME values do not appear to be
> unlinkable. I.e., they are distinct but they are generated from the same underlying data with insufficient entropy to prevent someone who knows two CNAMEs from determining if they are from the same device.
> 
> As far as new algorithm goes, is there some reason "Random" isn't good enoguh?


There's some discussion in RFC 3550 Section 6.5.1 and RFC 6222. It might be possible to use a random choice, provided the same random value is used across all sessions that need to be correlated, and the value is chosen to be unique with high probability. I haven't thought about it in detail. In any case, it's an update to RFC 3550 and RFC 6222, so someone will have to write up the draft defining this. 

-- 
Colin Perkins
http://csperkins.org/

v2.23.0 | Report a Bug | By Email