IETF Logo Mail Archive

Re: [rtcweb] Resolving RTP/SDES question in Paris

Roman Shpount <roman@telurix.com> Tue, 20 March 2012 00:59 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9F5B21F86F9 for <rtcweb@ietfa.amsl.com>; Mon, 19 Mar 2012 17:59:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.759
X-Spam-Level:
X-Spam-Status: No, score=-2.759 tagged_above=-999 required=5 tests=[AWL=0.217, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hSjdspJ-ZWjC for <rtcweb@ietfa.amsl.com>; Mon, 19 Mar 2012 17:59:08 -0700 (PDT)
Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com [209.85.210.44]) by ietfa.amsl.com (Postfix) with ESMTP id 14DEB21F86F7 for <rtcweb@ietf.org>; Mon, 19 Mar 2012 17:59:07 -0700 (PDT)
Received: by dakl33 with SMTP id l33so11843434dak.31 for <rtcweb@ietf.org>; Mon, 19 Mar 2012 17:59:07 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=NbYFtKcRtH1DjGfJrjfdAN+Fao6mZSBgqIM5UTOc4sA=; b=hCYrJe0gKS/h6J35LCPdnfAwPf67UuojBJwbpbNkC6ENaUso7D57W030FuaB22DeCx sC8UtZaKu4rN+XNgl76Tj1WRfheTgxCauGVJ9aOWr3DGKuc+hG5x6sgUsVolpLmmkgi7 Wk2ggNXdHzQGOdvDTw8sKJPj8fFfCy1TtKuFm3O116IOqQI2iXrgfSsfc7A6tQmBXZQt 2wW9J/YkiQEQ8rWBc3MZ9sA364Q8wUMuPwdhFjxffvcawrf3Sa1e/775AksqUJ+qEu6T zGVMY0kbGKg0Yy+SLwwx2mkf/tpSys576ixsavG/X3sOIeUAoENoQ5eFHKhPOn/NPQ87 L/Gw==
Received: by 10.68.191.230 with SMTP id hb6mr44712109pbc.87.1332205147844; Mon, 19 Mar 2012 17:59:07 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by mx.google.com with ESMTPS id p10sm12439587pbo.55.2012.03.19.17.59.05 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 19 Mar 2012 17:59:06 -0700 (PDT)
Received: by pbbrq13 with SMTP id rq13so1501114pbb.31 for <rtcweb@ietf.org>; Mon, 19 Mar 2012 17:59:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.196.163 with SMTP id in3mr6262441pbc.118.1332205145363; Mon, 19 Mar 2012 17:59:05 -0700 (PDT)
Received: by 10.68.6.67 with HTTP; Mon, 19 Mar 2012 17:59:05 -0700 (PDT)
In-Reply-To: <CABcZeBNHY8k5YNiZt2=wqKo1Bkecxvyw4kyGi9W235fmdhwjGw@mail.gmail.com>
References: <4F4759DC.7060303@ericsson.com> <387F9047F55E8C42850AD6B3A7A03C6C0E1FEB69@inba-mail01.sonusnet.com> <CALiegfnkYVEpmPV-zSL_4wOY-HiFZN-qJCQCiioaS=5NaqhLZw@mail.gmail.com> <CAD5OKxvtOAxMBx6xDnyfTnEq76oDEm6uj1xL6wGjjrtKUAHy3g@mail.gmail.com> <CABcZeBNZiotPmCfT53uEo+O0xw4xv6tXW1M_G-3A5BHuncsduA@mail.gmail.com> <CAD5OKxvYOY5JZ2mYNGiH1poUBQkyOOycePFijH5H+SxtcdqujQ@mail.gmail.com> <CABkgnnVe-b6Sv=R67bMJk_NQqQwdrRUn6rBm7Gu_CMcfPQwtEg@mail.gmail.com> <CAD5OKxvZbEJ7sV4WPAYoQapzMR_QwAftj-oKg=ioMKHNT792wQ@mail.gmail.com> <6F428EFD2B8C2F49A2FB1317291A76C113563C5A92@USNAVSXCHMBSA1.ndc.alcatel-lucent.com> <CALiegf=jtkDCS_D0ZFe9UpbiadQ0vsJ+4MppQSbLr-wbaXNrfQ@mail.gmail.com> <BLU169-W29E5B86F9E2C6F3126961C93420@phx.gbl> <CALiegfk2aT+6Psr4nT-hG1G7eYRBfFCcT+25On2O4HfUXJ6-ng@mail.gmail.com> <CAD6AjGSmi9j+sdGWPts20-iwGvGij05ek0OKYEPULC6B=aFpQg@mail.gmail.com> <6F428EFD2B8C2F49A2FB1317291A76C113564482A7@USNAVSXCHMBSA1.ndc.alcatel-lucent.com> <ADBB75F3-E20C-4EC4-B9C3-EF2E4BFF409C@phonefromhere.com> <CAD5OKxvuEV8Vbq3h7=ZgcKmREjmguvz5n-SpXr2n-EY7a_ddxg@mail.gmail.com> <CALiegfk1ozOKPcDjbd3H_z2Edzh4RcZpYyJSWdw_1DJ04muQXA@mail.gmail.com> <CAD5OKxu8-+0O0=eE7mD1hi=nPUpEXczGj=bRNQCQL1BW8c-c-Q@mail.gmail.com> <D75A384B-0F38-4E30-8C03-12E903A69B64@acmepacket.com> <CAD5OKxustPmGJRMKoUU4kXosALpG8RzHC50-sjb5KKUPq3L3XA@mail.gmail.com> <CABcZeBNHY8k5YNiZt2=wqKo1Bkecxvyw4kyGi9W235fmdhwjGw@mail.gmail.com>
Date: Mon, 19 Mar 2012 20:59:05 -0400
Message-ID: <CAD5OKxujAoGaqpAG62X6EQVu5bS5m2a+9DYBP=LYjo1qGtQS6w@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary="e89a8ff1c65a75157104bba22e00"
X-Gm-Message-State: ALoCoQmvaHL3GbNYaCFufpAQyAAFkom+QpYAVYgfWnZrKHRB2hF4pU2mCgHbzAAqtVMAS/89Lnuv
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2012 00:59:08 -0000

On Mon, Mar 19, 2012 at 8:18 PM, Eric Rescorla <ekr@rtfm.com> wrote:

> As discussed in draft-ietf-rtcweb-security, I don't agree that DTLS-SRTP
> without
> identity and SDES-SRTP offer the same level of security. Most of what I
> have
> to say about that is already said there, but briefly:
>
> - DTLS-SRTP is secure against retrospective attack whereas SDES-SRTP is
> not.
> - If there is a mechanism such as fingerprints *is* available for
> checking against
> MITM, then DTLS-SRTP is secure against active attack as well. Additionally,
> the existence of fingerprint type mechanisms acts as a partial deterrent
> against
> MITM attack by the signaling provider even if only a small number of people
> check.
>
>
I agree with you on all of those points. I would prefer that instead of
SDES SRTP support we spent time optimizing DTLS/ICE handshake (and there
are a few drafts on this list related to that). It should be possible to
conduct a secure key exchange at the same time as ICE candidate selection
with no additional overhead. I also understand the argument that most of
the regular users will never check the fingerprint, and this is why I put
SDES-SRTP and DTLS-SRTP in the same group. DTLS-SRTP is more secure then
SDES-SRTP, but it still not enough to tell the user that communication is
secure.

But regardless of all these points, if we allow signaling over HTTP all the
security considerations go out of the window.

For me the ideal solution is:

1. DTLS-SRTP with Identity and any signaling is always allowed and shows
notification that communication is with a known party and secure.
2. DTLS-SRTP with signaling over HTTPS shows notification that
communication is unsecure and with an unknown party
3. SDES SRTP is not supported at all and DTLS/ICE handshake is optimized
instead to reduce call setup time
4. DTLS-SRTP with no ident and RTP with signaling over HTTP are not
recommended, but allowed after a big red sign (or require some advanced
browser setting to enable).

I would also like to have a simplified DTLS specification for DTLS-SRTP,
with as many as possible unnecessary features (encryption algorithms,
cookies and such) removed and only a few required scenarios supported. For
instance, I do not want DTLS on a WebRTC channel start negotiation and end
up with anything except SRTP as an encryption protocol. Ideally, I want
something were an interop test can be developed with a manageable number of
scenarios.

P.S. Sending RSA public key in the session description instead of
fingerprint and then encrypting the SRTP key using this public key and
sending it in the ICE message might be a much simpler call setup mechanism
to implement then bringing the whole DTLS into the stack. This should also
allow us to setup a secure call with no overhead in addition to ICE.
_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email