Re: [rtcweb] Consensus call regarding media security
Iñaki Baz Castillo <ibc@aliax.net> Thu, 29 March 2012 17:33 UTC
Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E27A21F884F for <rtcweb@ietfa.amsl.com>; Thu, 29 Mar 2012 10:33:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.626
X-Spam-Level:
X-Spam-Status: No, score=-2.626 tagged_above=-999 required=5 tests=[AWL=0.051, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WROs1nuqnKU1 for <rtcweb@ietfa.amsl.com>; Thu, 29 Mar 2012 10:33:14 -0700 (PDT)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 9511621F8820 for <rtcweb@ietf.org>; Thu, 29 Mar 2012 10:33:13 -0700 (PDT)
Received: by vcbfk13 with SMTP id fk13so1951667vcb.31 for <rtcweb@ietf.org>; Thu, 29 Mar 2012 10:33:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=1EQ/xZM0VtmlgnGeK3it3OJ+u4XBQnBc7MsX/8ZbUe0=; b=nuL7ssQdF/CedQlKBKsFCbFh4ytV8elXFvD8JxUMpIgMOf1Pi0e23F54iKjoyg0br0 0xcVwTHjGkZqJMeNR3W9mcc59Te6CqToHD4ZqitazYUBb3XzWRhlEGJDPZgVyuoao7Hh JFgHIu6PmmaYIf3bq0pw8omTQqusPEMwNYBuyP52XyaPOUOlXriPygLwYCUcreTMLKDC 1HAOOaQXoxxkAx5t6B0lCP/n+idXNsQicOCNmbWMhy8EaimnyrkQ83M0FlHdNrNe17ck viqjUUvr7trHSlBvmy3gYTbjQMDJbS+KzJZ5R3CqceOcaoA2oQqiwDmZTN6O0hJF6wgY f0kA==
Received: by 10.52.15.233 with SMTP id a9mr3022004vdd.34.1333042393159; Thu, 29 Mar 2012 10:33:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.170.165 with HTTP; Thu, 29 Mar 2012 10:32:51 -0700 (PDT)
In-Reply-To: <387F9047F55E8C42850AD6B3A7A03C6C0E221877@inba-mail01.sonusnet.com>
References: <4F732531.2030208@ericsson.com> <387F9047F55E8C42850AD6B3A7A03C6C0E221877@inba-mail01.sonusnet.com>
From: Iñaki Baz Castillo <ibc@aliax.net>
Date: Thu, 29 Mar 2012 19:32:51 +0200
Message-ID: <CALiegfkV=UCfOvcuC_Uwr8wdmHjM0eAYMSjW7Vt52DCqKJRm1Q@mail.gmail.com>
To: "Ravindran, Parthasarathi" <pravindran@sonusnet.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQmjKhT1jQhgQZCahXLHdtiUmHqfNNys5a8egyjzxLTFA0hh0AAzFu6lqLerd1GhXKCnHsON
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Consensus call regarding media security
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2012 17:33:14 -0000
2012/3/29 Ravindran, Parthasarathi <pravindran@sonusnet.com>: > WebRTC trust model has to be considered as one of the main factor for deciding the key mechanism. AFAIK, SDES does not fit into WebRTC as Dr.Evil HTTPS RTCWeb server must be trusted in case of SDES. There is no means to track or analyze whether Dr.Evil involves in monitoring or recording or terminate the media traffic. It will be good in case whoever advocate for SDES explain how SDES fits within WebRTC trust model. If Dr. Evil attaks my back webpage and owns it, and then I visit it (HTTPS with valid certificate) and enter my back credentials... for me that is much worse than the case you describe. Should we drop HTTPS then because it does not fit 100% "security" requirements? BTW: previously you wanted to allow plain RTP in WebRTC... and now DTLS-SRTP is the only valid solution? :) -- Iñaki Baz Castillo <ibc@aliax.net>
- [rtcweb] Consensus call regarding media security Magnus Westerlund
- Re: [rtcweb] Consensus call regarding media secur… Basil Mohamed Gohar
- Re: [rtcweb] Consensus call regarding media secur… Eric Rescorla
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Igor Faynberg
- Re: [rtcweb] Consensus call regarding media secur… Hadriel Kaplan
- Re: [rtcweb] Consensus call regarding media secur… Kevin P. Fleming
- Re: [rtcweb] Consensus call regarding media secur… Fabio Pietrosanti (naif)
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Fabio Pietrosanti (naif)
- Re: [rtcweb] Consensus call regarding media secur… Hadriel Kaplan
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Dan Wing
- Re: [rtcweb] Consensus call regarding media secur… Dan Wing
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Basil Mohamed Gohar
- Re: [rtcweb] Consensus call regarding media secur… Timothy B. Terriberry
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Justin Uberti
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Basil Mohamed Gohar
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Bernard Aboba
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Fabio Pietrosanti (naif)
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Magnus Westerlund
- Re: [rtcweb] Consensus call regarding media secur… Bernard Aboba
- Re: [rtcweb] Consensus call regarding media secur… Justin Uberti
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Hutton, Andrew
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Basil Mohamed Gohar
- Re: [rtcweb] Consensus call regarding media secur… Hutton, Andrew
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Ravindran, Parthasarathi
- Re: [rtcweb] Consensus call regarding media secur… Fabio Pietrosanti (naif)
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Fabio Pietrosanti (naif)
- Re: [rtcweb] Consensus call regarding media secur… Ravindran, Parthasarathi
- Re: [rtcweb] Consensus call regarding media secur… jesse
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- [rtcweb] Which servers to trust (Re: Consensus ca… Harald Alvestrand
- Re: [rtcweb] Which servers to trust (Re: Consensu… Iñaki Baz Castillo
- Re: [rtcweb] Which servers to trust (Re: Consensu… Iñaki Baz Castillo
- Re: [rtcweb] Which servers to trust (Re: Consensu… Randell Jesup
- Re: [rtcweb] Which servers to trust (Re: Consensu… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Magnus Westerlund
- Re: [rtcweb] Consensus call regarding media secur… Eric Rescorla