Re: [rtcweb] Which servers to trust (Re: Consensus call regarding media security)

Iñaki Baz Castillo <ibc@aliax.net> Tue, 03 April 2012 11:55 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C65FB21F875A for <rtcweb@ietfa.amsl.com>; Tue, 3 Apr 2012 04:55:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=0.079, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wg8s9AUoPV25 for <rtcweb@ietfa.amsl.com>; Tue, 3 Apr 2012 04:55:59 -0700 (PDT)
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 0A57221F8759 for <rtcweb@ietf.org>; Tue, 3 Apr 2012 04:55:58 -0700 (PDT)
Received: by vbbez10 with SMTP id ez10so2761255vbb.31 for <rtcweb@ietf.org>; Tue, 03 Apr 2012 04:55:58 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=eagaw3gz14m4sACeCfh6QcJmr7NY2rUIcWnxeE9OFrQ=; b=E0IOOQ28H4XK2GCJWRtUEoe9OhLKe2aw58sjet3w+qe91yshZRrXVGdfHSDrU2yYMX 7j/XBliTCPktftP6w2A6vxTT1SVceeWYpTIc//1iVki6Vpio/mlRlpNa5KbmUqx/zjjZ QQskthj35gKJkD+8aKeDOo8OTfDceNMwg3kR6LmrRh/6JnLwev2wGHs7vWUX6jl3JpNl Xucr9CEBq+hWtE9K9QPiOK8Kl9OEKmbUK1gtVXIMuH8UNHnA4LZWLzCjl3ePmqNjvn1d z+0JKrrfuNY7FrTclsIibCPSmaiKwWWluIf5BaA0vkuUGSaFvACHmIOEWybHDZPpFa57 uZ1A==
Received: by 10.52.27.1 with SMTP id p1mr5505322vdg.17.1333454158494; Tue, 03 Apr 2012 04:55:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.170.165 with HTTP; Tue, 3 Apr 2012 04:55:38 -0700 (PDT)
In-Reply-To: <4F7ACC96.90206@alvestrand.no>
References: <4F732531.2030208@ericsson.com> <387F9047F55E8C42850AD6B3A7A03C6C0E221877@inba-mail01.sonusnet.com> <4F749C82.4070305@infosecurity.ch> <4F7ACC96.90206@alvestrand.no>
From: =?UTF-8?Q?I=C3=B1aki_Baz_Castillo?= <ibc@aliax.net>
Date: Tue, 3 Apr 2012 13:55:38 +0200
Message-ID: <CALiegf=jJ6SfQhbxPXKdDDKqp7bOrpRNVE=RfBs8Ah8zqy9ftQ@mail.gmail.com>
To: Harald Alvestrand <harald@alvestrand.no>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQn1vKWCCEgGdFzxtKnr/wZ0dBjTd3X4++XuBUI7r5fMXjbPFYKwOj4fhBOOMP2K/HFzlStE
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Which servers to trust (Re: Consensus call regarding media security)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Apr 2012 11:55:59 -0000

2012/4/3 Harald Alvestrand <harald@alvestrand.no>:
>> SDES-SRTP provide a very reliable and simple way to let a WebRTC peer to
>> establish security with the server, assuming that it already have
>> established security trough HTTPS/TLS that's a consolidate trust method.
>
> The term "the server" is a fallacy. The Web server and the media gateway (if
> there is one) are likely not the same server, and may even be operated by
> different entities.
> SDES-SRTP forces you to trust both.


If you trust the Web server (i.e. due to HTTPS usage with a valid
server certificate) then you will also trust that the Web server will
not signal your WebRTC communication to a malicious destination, am I
wrong?

Don't take me wrong but, which kind of security obsession are we
trying to satisfy in rtcweb? a media communication is not more
important than a web access to my back website in which I enter my
credit card PIN. Does IETF define "security standards" for POS ("Point
of sale terminal") for making a bank payment via a 3rd web
(e-commerce)? AFAIK not.

If the Web server (assuming HTTPS) is trusted and SDES-SRTP used, we
should trust the communication. If it fails that is because the Web
server has been attacked. If that occurs, it's really worse the case
in which my bank website has been attacked (I'm giving my credit card
PIN to the attacker).


Regards.


-- 
Iñaki Baz Castillo
<ibc@aliax.net>