Re: [rtcweb] Question about srtp_mki in DTLS/SRTP

Simon Perreault <sperreault@jive.com> Wed, 14 January 2015 18:39 UTC

Return-Path: <sperreault@jive.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C10C1ACD04 for <rtcweb@ietfa.amsl.com>; Wed, 14 Jan 2015 10:39:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P6XZHnvF2zEn for <rtcweb@ietfa.amsl.com>; Wed, 14 Jan 2015 10:39:50 -0800 (PST)
Received: from mail-la0-f54.google.com (mail-la0-f54.google.com [209.85.215.54]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A34D1ACD03 for <rtcweb@ietf.org>; Wed, 14 Jan 2015 10:39:49 -0800 (PST)
Received: by mail-la0-f54.google.com with SMTP id pv20so9673998lab.13 for <rtcweb@ietf.org>; Wed, 14 Jan 2015 10:39:48 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=FxgnIQTGnvuvYfQFxkdn+eaCmUvoK0L9PMsGdlvpT9k=; b=j62qXcR0xsWFqzKgU2GhIvuumx1T/6PBmt8bVDvaRpqHveLuS8Wn87SHaNpPNWjMqU fqM98/FOJCWXWBWADE0q6v6eCw1DRgAErh7SuxxDD3PNQRioxZvn5aq1NB+wBZHUgphu 3Z4RGb5+Y0QK0bkUSa8u72G/RqJ8wXR/dp5juE/8Dd+qXbbHiZWGMsQ0DsWzOQw6wckP SNQLsOUYbPVZz86zWlNqRGPekamXqVdVI5+oJz3qaOnCUqJdAfSofSYxWSw6Pn8bwp4S BTtJYW8yLfDpCZ12jzHSGuvExlLHo0BDCRRkxO3AyvYDxdoB2ThIzv9vU71rWqD0iib+ yG9Q==
X-Gm-Message-State: ALoCoQmBwKvSw6omJ7/q+4dlu1nTnkI/sBkL2vWEMPCRbp5suN1bSIsZe/QwqDxAptslAqyT4Bcs
MIME-Version: 1.0
X-Received: by 10.112.159.136 with SMTP id xc8mr5512227lbb.98.1421260788321; Wed, 14 Jan 2015 10:39:48 -0800 (PST)
Received: by 10.25.84.145 with HTTP; Wed, 14 Jan 2015 10:39:48 -0800 (PST)
In-Reply-To: <CABkgnnV-irZn9N7WMTbvn4Vm1Ltqc7tzoCJo3_towfa6PSRwPw@mail.gmail.com>
References: <CAOW+2dvhEzAfyV51p1YWZoc41vih3TKhoArq3CGXzHvSdHEdcA@mail.gmail.com> <CANO7kWBjs4AwyTXXhOBSDqG=y9ThM=XkLyO_S1xPe3naL9za_Q@mail.gmail.com> <CAOW+2dt5k+dbxRbdodu5Sh+t6zzX0bVgXBUMnmSe+kJP2R+LLw@mail.gmail.com> <CANO7kWATfQdMapdCSDYdke+GFxh8OO6NJQob9hNQUDiASrpDtQ@mail.gmail.com> <CABkgnnV-irZn9N7WMTbvn4Vm1Ltqc7tzoCJo3_towfa6PSRwPw@mail.gmail.com>
Date: Wed, 14 Jan 2015 13:39:48 -0500
Message-ID: <CANO7kWADQLXheo6mhgrEt-0XYwXHYbiq8=oOnOxOsqz4diw6nA@mail.gmail.com>
From: Simon Perreault <sperreault@jive.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="001a11c3dbac6be52b050ca110d8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/-YfLKEz-MddXRyzj9LK7GbOT-sc>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Question about srtp_mki in DTLS/SRTP
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jan 2015 18:39:52 -0000

On Wed, Jan 14, 2015 at 12:26 PM, Martin Thomson <martin.thomson@gmail.com>
wrote:
>
> Yes, SRTP doesn't carry the epoch and trial decryption sucks, so the
> MKI is quite attractive... if you rekey.  However, as it stands, very
> few implementations will permit a DTLS re-handshake.  Firefox and
> Chrome actively disable renegotiation (desktop Chrome anyway, I'm not
> 100% on the BoringSSL-based versions, like Android).
>
> Rekeying for very long sessions sounds attractive, but I don't see it
> happening in the short term.  Actually, given expected session
> durations and the likelihood of a connection breaking, I think that
> the number of times when it might be necessary is vanishingly small.


I don't disagree. At 50 packets per second you're good for 497 days without
a rekey. Also, didn't renegotiation just get removed from TLS 1.3 or did I
get that wrong?

Simon