[rtcweb] Support of SDES in WebRTC
"Fabio Pietrosanti (naif)" <lists@infosecurity.ch> Thu, 29 March 2012 08:54 UTC
Return-Path: <lists@infosecurity.ch>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFE8221F89F2 for <rtcweb@ietfa.amsl.com>; Thu, 29 Mar 2012 01:54:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.284
X-Spam-Level:
X-Spam-Status: No, score=-3.284 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id emuJn23XcqBM for <rtcweb@ietfa.amsl.com>; Thu, 29 Mar 2012 01:54:35 -0700 (PDT)
Received: from mail-ee0-f44.google.com (mail-ee0-f44.google.com [74.125.83.44]) by ietfa.amsl.com (Postfix) with ESMTP id 1288721F89F8 for <rtcweb@ietf.org>; Thu, 29 Mar 2012 01:54:34 -0700 (PDT)
Received: by eeke51 with SMTP id e51so920627eek.31 for <rtcweb@ietf.org>; Thu, 29 Mar 2012 01:54:31 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:subject :x-enigmail-version:content-type:content-transfer-encoding :x-gm-message-state; bh=iC0oCw8K+hqMnny0iPUGc7LfpqfEa26Tilsf0tq51Mc=; b=hA5u508n/8+m94PS/CdTOwUagPM3fa4AybSn0uhmAxezqF3gdd9IGCTaSzWNBvLDi1 Jy0GlK1nlhJig/bP46laJCWD/9ESjaF9jh6Y3Tmx+vZgJeu3V0H/YQqzFQ1sT3GsZIEH uSuRqsQHqVbXVXMsUxXgordvDkEw00vs24X599iE+fYf2o7vr/Fy3d8eR4+dAphjPYgJ zYt2Kv9VhSFUNLR+6XdtJzQGCI/jnRKf+Jz5rvJ55stlwiXAGmLrW6U9d2Hjvcq6w3yT 8cgKqnEPRg5gzjJ3P27NjyrOzgRkjHuGUMwmn1crmn9D7EWar8B3ZPE4y87dSjsoY+5H vprA==
Received: by 10.213.11.15 with SMTP id r15mr2375640ebr.181.1333011271051; Thu, 29 Mar 2012 01:54:31 -0700 (PDT)
Received: from sonyvaiop13.local (93-57-41-37.ip162.fastwebnet.it. [93.57.41.37]) by mx.google.com with ESMTPS id n56sm19318832eeb.4.2012.03.29.01.54.29 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 29 Mar 2012 01:54:30 -0700 (PDT)
Sender: Fabio Pietrosanti <naif@infosecurity.ch>
Message-ID: <4F742344.802@infosecurity.ch>
Date: Thu, 29 Mar 2012 10:54:28 +0200
From: "Fabio Pietrosanti (naif)" <lists@infosecurity.ch>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: "<rtcweb@ietf.org>" <rtcweb@ietf.org>
X-Enigmail-Version: 1.4
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Gm-Message-State: ALoCoQlid0wD98JzLmOYX9lWfu5i42gqQiG6zl+FtAriM3lOlnbw20uR2IyK669xLYSh9vdvU9bT
Subject: [rtcweb] Support of SDES in WebRTC
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2012 08:54:37 -0000
On the topic of SDES vs DTLS-SRTP a very nice analysis has been done on: http://www.potaroo.net/ietf/idref/draft-ohlsson-rtcweb-sdes-support/ Considering how vague are the security implementation consideration of DTLS-SRTP and how widely diffused in SDES-SRTP, i'm wondering whenever we should not mandate the use of SDES-SRTP. That way we would be able to see: - All implementation will start with SDES (simpler and quicker) - For who want enhanced security, greater implementation and interoperability complexity, implement also DTLS-SRTP But for the industry a full cycle of: - Implementation - Stabilization - Interoperability for DTLS-SRTP (that nobody use) may require from 2 up to 4-5 years of time. If we goes for SDES-SRTP by default, as early choice, probably within 1-2 years at maximum we can expect the overall technological ecosystem to be stable and interoperable. Because it will be built on top of existing stable framework. We may save dozens millions of USD of investments costs for the industry and gain some hundreds millions of users year in advance, just because we would save several years of time. I think that those consideration are valuable enough to strongly consider arguments in making SDES-SRTP a preferred, mandatory implementation for WebRTC. -- Fabio Pietrosanti Founder, CTO Tel: +39 02 85961748 (direct) Mobile: +39 340 1801049 E-mail: fabio.pietrosanti@privatewave.com Skype: fpietrosanti Linkedin: http://linkedin.com/in/secret PrivateWave Italia S.p.A. Via Gaetano Giardino 1 - 20123 Milano - Italy www.privatewave.com
- [rtcweb] Support of SDES in WebRTC Fabio Pietrosanti (naif)
- Re: [rtcweb] Support of SDES in WebRTC Oscar Ohlsson
- Re: [rtcweb] Support of SDES in WebRTC Bernard Aboba
- Re: [rtcweb] Support of SDES in WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Support of SDES in WebRTC Fabio Pietrosanti (naif)
- Re: [rtcweb] Support of SDES in WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Support of SDES in WebRTC Oscar Ohlsson
- Re: [rtcweb] Support of SDES in WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Support of SDES in WebRTC Gregory Maxwell
- Re: [rtcweb] Support of SDES in WebRTC Roman Shpount
- Re: [rtcweb] Support of SDES in WebRTC Randell Jesup
- Re: [rtcweb] Support of SDES in WebRTC Oscar Ohlsson
- Re: [rtcweb] Support of SDES in WebRTC (Javascrip… Fabio Pietrosanti (naif)