IETF Logo Mail Archive

Re: [Perc] Last Call: <draft-ietf-perc-private-media-framework-08.txt> (A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing) to Proposed Standard

Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com> Fri, 01 February 2019 17:23 UTC

Return-Path: <sergio.garcia.murillo@gmail.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42E7A1310BA for <perc@ietfa.amsl.com>; Fri, 1 Feb 2019 09:23:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bpCnijuFELF5 for <perc@ietfa.amsl.com>; Fri, 1 Feb 2019 09:23:42 -0800 (PST)
Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B98391310C6 for <perc@ietf.org>; Fri, 1 Feb 2019 09:23:41 -0800 (PST)
Received: by mail-wr1-x432.google.com with SMTP id q18so7903581wrx.9 for <perc@ietf.org>; Fri, 01 Feb 2019 09:23:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=Wu1Gs0EarI7FR4ltVAVLFoE34z1oSx0wC00UMuPjouA=; b=DKXXemCMaNybjXie2aaf/eTZ9AnEEjuLmXic8T5QeRI2Ofxm2idUIuD75XIJFthq08 vx4vARFzpUawRBTbzoKkymYocGCIiQRv/ufHg1WbHMSWvL+3h4uXFCQTqGopWezhjdn7 UlHnTlOl+pdvBy2AJH9LIjbhrt5kUhFZHi4l2yicfrEmrq+yuF6T++AFuWyevXL8GBoZ h3L/vk69s0qQffg4gam3wDP2fY3DmggpNSUV6rUeMzq83kOcXB25NtU5TJ2nXYusn6wH tA3pLutd+gHnZehqEofMmVhjuGbg7i2L00GDfXbid1AUwl4KBTt0IH6BFo1nBZTk3vB4 I/Jw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=Wu1Gs0EarI7FR4ltVAVLFoE34z1oSx0wC00UMuPjouA=; b=WpLzlhZOPL2lErpl5b4A21bX+dDlw9mppR1U0wjH+kkNEth3Beg9LH7nktM8jmaBfy WmCvQrw+qGRo33EsnXtWuoi02z9apdotiR9idRqgogbnIlOgFl+Qe9+8jr8gfZqnTlcR K0iiOssaU6K0YaYu2iqbPW9RmP4dcdht3w9jaTbgyazZfAk07BHSQGs2mJL2pE/oI4TK x7/MiHDZ0X1NvzIl+NEhNAUOb5FEPdurQNVgtX4GFcO/Ow1QV04D7ef+XcBm9W6fjXbK QvnpvubDwHhDH5ukhpXqZ8yOHKDgZ8Fl0GFywvYxnrF9hsNqNd1rtqokIcEi80JWiu6L 77MQ==
X-Gm-Message-State: AJcUuke9cBUUsXrJUx6/lWucpTaZQOXk5EX1dYHoMjzZI9JVeAaGfU/a aeJT0SOGKJSkp6W5WGipvrquwlLG
X-Google-Smtp-Source: ALg8bN6Cu12mRGx6UAsOQ7Nw5zOtmfhadaxW8NPPIgPruKn/YSHn5tYPVK1pfKG5HvNQPPy9HUN11g==
X-Received: by 2002:adf:e64d:: with SMTP id b13mr40467755wrn.276.1549041819946; Fri, 01 Feb 2019 09:23:39 -0800 (PST)
Received: from [192.168.0.11] (79.108.125.160.dyn.user.ono.com. [79.108.125.160]) by smtp.googlemail.com with ESMTPSA id w16sm9713335wrp.1.2019.02.01.09.23.38 for <perc@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 01 Feb 2019 09:23:39 -0800 (PST)
To: perc@ietf.org
References: <154889546931.10496.2408974719921724953.idtracker@ietfa.amsl.com> <CAOW+2dui_imxyysOCrtdH7OiDcbooi83qtCDifEY3HQ6MpigWA@mail.gmail.com> <CAL02cgSip2cLr8a1+zfK2cg+n8gqUMc9CKPmb7mWd2iLSiRf-g@mail.gmail.com>
From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Message-ID: <8e40d0db-cacb-db93-f2fe-db5b4a7cf7cf@gmail.com>
Date: Fri, 01 Feb 2019 18:28:04 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <CAL02cgSip2cLr8a1+zfK2cg+n8gqUMc9CKPmb7mWd2iLSiRf-g@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------10CFD02282DD6F1E2D86CA45"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/Avh1LqMr5_iOadvzBD_pVWkFpwM>
Subject: Re: [Perc] Last Call: <draft-ietf-perc-private-media-framework-08.txt> (A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing) to Proposed Standard
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Feb 2019 17:23:44 -0000

On 01/02/2019 17:18, Richard Barnes wrote:
> So I would propose we add something like the following to this 
> definition:
>
> "In the context of WebRTC, where control of a session is divided 
> between a JavaScript application and a browser, the browser acts as 
> the Trusted Endpoint for purposes of this framework (just as it acts 
> as the endpoint for DTLS-SRTP in one-to-one calls).


If we decide to adopt perc (big if) in webrtc, shouldn't this be defined 
within the 
https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-17 doc ?


    Optimally, we would not rely on trust in any entities other than the
    browser.  However, this is unfortunately not possible if we wish to
    have a functional system.  Other network elements fall into two
    categories: those which can be authenticated by the browser and thus
    can be granted permissions to access sensitive resources, and those
    which cannot be authenticated and thus are untrusted.


WebRTC already IdP as trusted for identity purposes, so it should be up 
to the RTCWEB group to decide what is a trusted endpoint and what is not 
in webrtc. As Bernard is stating, we could decide that there are other 
key management solutions trusted (even in JS or WASM), as for for 
example is being done in EME:

https://github.com/WICG/media-capabilities/blob/master/explainer.md#encryption

Best regards

Sergio

v2.23.0 | Report a Bug | By Email