IETF Logo Mail Archive

Re: [rtcweb] Retransmit: Summary of Alternatives for media keying

Matthew Kaufman <matthew.kaufman@skype.net> Fri, 29 July 2011 05:14 UTC

Return-Path: <matthew.kaufman@skype.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 114A011E808E for <rtcweb@ietfa.amsl.com>; Thu, 28 Jul 2011 22:14:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.446
X-Spam-Level:
X-Spam-Status: No, score=-2.446 tagged_above=-999 required=5 tests=[AWL=0.152, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PhyAO4vVSWQv for <rtcweb@ietfa.amsl.com>; Thu, 28 Jul 2011 22:14:39 -0700 (PDT)
Received: from mx.skype.net (mx.skype.net [78.141.177.88]) by ietfa.amsl.com (Postfix) with ESMTP id 4331511E807F for <rtcweb@ietf.org>; Thu, 28 Jul 2011 22:14:39 -0700 (PDT)
Received: from mx.skype.net (localhost [127.0.0.1]) by mx.skype.net (Postfix) with ESMTP id 82ABE16E2; Fri, 29 Jul 2011 07:14:38 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=skype.net; h=subject :mime-version:content-type:from:in-reply-to:date:cc:message-id :references:to; s=mx; bh=5hb1GGWZVl+ChkSDeP5RrX4o99Q=; b=Mnl2evX cQDSW/ZgagTZyFi8hf1KCtFQv/6pjBz0E6q8AvSKuEfZZFRYnnLCHkal6b06xjr2 lVx4L+7tQ+sDDSC+C1LLSWZEBo7KTzLRP5ozTGdGTIvfXBf5tL/DK28Ixl7G+aKs Rmmz3hAVpuFDlGUJwB7ZaHdCdTNd7MT3WutU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=skype.net; h=subject:mime-version :content-type:from:in-reply-to:date:cc:message-id:references:to; q=dns; s=mx; b=EbUtm8kM2Mp/9tvA4p7HwRAg0MLghRPoytfwPItRvDM3bUiv DzyntKOj6MgLuGasxPYX6nuUD/CJ18tlJHNKni3q2H1iUpPBO48zI9I2dDnuxU2W 1sj7kpDolNUH2pgwVrLcF2Bez0erfuZXJx9QMfCyK78HIQkXXhYCe2yE/Dc=
Received: from zimbra.skype.net (zimbra.skype.net [78.141.177.82]) by mx.skype.net (Postfix) with ESMTP id 73CED7FC; Fri, 29 Jul 2011 07:14:38 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by zimbra.skype.net (Postfix) with ESMTP id 50D4D3507183; Fri, 29 Jul 2011 07:14:38 +0200 (CEST)
X-Virus-Scanned: amavisd-new at lu2-zimbra.skype.net
Received: from zimbra.skype.net ([127.0.0.1]) by localhost (zimbra.skype.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HFkbOnXIxTR5; Fri, 29 Jul 2011 07:14:37 +0200 (CEST)
Received: from dhcp-4649.meeting.ietf.org (dhcp-4649.meeting.ietf.org [130.129.70.73]) by zimbra.skype.net (Postfix) with ESMTPSA id 030A43506E10; Fri, 29 Jul 2011 07:14:36 +0200 (CEST)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: multipart/alternative; boundary="Apple-Mail-1-749310136"
From: Matthew Kaufman <matthew.kaufman@skype.net>
In-Reply-To: <B276AF1C-28CB-414C-9182-522D9E177D94@acmepacket.com>
Date: Fri, 29 Jul 2011 01:14:35 -0400
Message-Id: <91AFB52E-2C41-4218-BFD6-BE2ACCA861C6@skype.net>
References: <12BF9E55-662F-4762-9E47-2BBD3FA5FD93@acmepacket.com> <4E319ABD.9070604@alvestrand.no> <15AFE3C5-8F77-435B-B6DB-E0D081BA9ED2@skype.net> <B276AF1C-28CB-414C-9182-522D9E177D94@acmepacket.com>
To: Hadriel Kaplan <HKaplan@acmepacket.com>
X-Mailer: Apple Mail (2.1082)
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Retransmit: Summary of Alternatives for media keying
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2011 05:14:40 -0000

On Jul 28, 2011, at 6:33 PM, Hadriel Kaplan wrote:

> 
> On Jul 28, 2011, at 1:32 PM, Matthew Kaufman wrote:
>> 
>> You can do that, or you can check the fingerprints via the high path to authenticate each end and prove that there's no MITM on the media path.
> 
> That's assuming the high path itself is secure end-to-end.  Since this group has already agreed to allow HTTP rather than mandate HTTPS, and since it can go from your web service to SIP and beyond, such a guarantee is hard to enforce.


I don't believe we had complete consensus to allow HTTP rather than HTTPS... and of course you are free to not use calling services that aren't using HTTPS, just as you're free to not use web-based email providers or web-based social networking sites that don't require the use of HTTPS.

The guarantee of what happens beyond the service is difficult. The guarantee of what happens within the service goes as far as you can trust the service.

Matthew Kaufman

v2.23.0 | Report a Bug | By Email