Re: [rtcweb] Use case change request: Identity in multiuser calls
Henry Sinnreich <henry.sinnreich@gmail.com> Thu, 11 August 2011 21:09 UTC
Return-Path: <henry.sinnreich@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73DA421F8922 for <rtcweb@ietfa.amsl.com>; Thu, 11 Aug 2011 14:09:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.472
X-Spam-Level:
X-Spam-Status: No, score=-2.472 tagged_above=-999 required=5 tests=[AWL=-0.270, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zC3JFfrmGboF for <rtcweb@ietfa.amsl.com>; Thu, 11 Aug 2011 14:09:12 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id ED40321F884C for <rtcweb@ietf.org>; Thu, 11 Aug 2011 14:09:11 -0700 (PDT)
Received: by yxp4 with SMTP id 4so1881229yxp.31 for <rtcweb@ietf.org>; Thu, 11 Aug 2011 14:09:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :thread-index:in-reply-to:mime-version:content-type; bh=oSBQ7Il5Q4Ju/dmS9LiWMlnbLB6svPtVLZLJyRPe550=; b=nUGAnf6qNGg4aae4MufWDDG5e1Y/OgSNEm9lDD9Ei5V6xQZD7cM4UfcnHSGO1Fpofo jzNGXmn6ruOlW8E7gxAbVO8ymG3B4RGAfjffBkynBotgjwCPWwOUkfDvOjZNz/RArH2X HIcfGvoRyC6Ea+sLgVN1Hr8WCTKCFuy90y37k=
Received: by 10.91.46.25 with SMTP id y25mr91869agj.193.1313096986263; Thu, 11 Aug 2011 14:09:46 -0700 (PDT)
Received: from [192.168.15.2] (cpe-76-184-227-249.tx.res.rr.com [76.184.227.249]) by mx.google.com with ESMTPS id l2sm1900666anm.50.2011.08.11.14.09.44 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 11 Aug 2011 14:09:45 -0700 (PDT)
User-Agent: Microsoft-Entourage/12.30.0.110427
Date: Thu, 11 Aug 2011 16:09:43 -0500
From: Henry Sinnreich <henry.sinnreich@gmail.com>
To: igor.faynberg@alcatel-lucent.com
Message-ID: <CA69AF47.1CBB0%henry.sinnreich@gmail.com>
Thread-Topic: [rtcweb] Use case change request: Identity in multiuser calls
Thread-Index: AcxYav2ELLQbYvzpi0qVGMih6IPPYg==
In-Reply-To: <4E442FD8.6060008@alcatel-lucent.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3395923784_5756586"
Cc: rtcweb@ietf.org, Phil Zimmermann <prz@mit.edu>
Subject: Re: [rtcweb] Use case change request: Identity in multiuser calls
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2011 21:09:13 -0000
> So, if we end up with a "trusted MITM," why not have a trusted central server in the first place? draft-johnston-rtcweb-media-privacy-00 says ZRTP can also support various other scenarios, but how I understand it, no PBX or any intermediary is required. The default scenario is e2e. Maybe the authors copied here can clarify. Thanks, Henry On 8/11/11 2:39 PM, "Igor Faynberg" <igor.faynberg@alcatel-lucent.com> wrote: > Well... > > (I thought that the lawful intercept issue that came up several times is > pertinent here.) But note that this was a parenthetical remark! > > A non-parenthetical one is based on the quote from the cited draft: > > > "In the development of ZRTP, it was realized that there are scenarios > in which the media can not be encrypted end-to-end. For example, > when a client has a trusted server or PBX which provides media > services in the path. For these cases, ZRTP developed mechanisms for > handling a "trusted MiTM" which can terminate than reoriginate the > SRTP encryption." > > > So, if we end up with a "trusted MITM," why not have a trusted central server > in the first place? > > Igor > > P.S.: I have nothing against ZRTP, which has done a thorough and honest job. > I question its applicability to the agreed use cases. Personally I think we > need an all-encompassing solution. > > > On 8/11/2011 3:11 PM, Henry Sinnreich wrote: >> >>> >>> Henry - what sort of mechanism did you have in mind for these anonymous >>> participants to identify themselves to one another? Are you talking >>> about the exchange of credentials using the server as an intermediary in >>> the exchange? Or did you have in mind an exchange outside the server. >>> (E.g. Bob establishes a secure connection to Alice and over it tells her >>> "I'm anon2 in conference foo right now"? >>> >> >> >> The most credible e2e identification that comes to my mind is Phil >> Zimmermann's Zfone technology: >> >> http://www.ietf.org/id/draft-johnston-rtcweb-media-privacy-00.txt >> http://zfoneproject.com/ >> >> Definitely not relying on any "trusted" server :-) >> >> Thanks, Henry >> >> On 8/11/11 11:50 AM, "Paul Kyzivat" <pkyzivat@alum.mit.edu> >> <mailto:pkyzivat@alum.mit.edu> wrote: >> >> >>> >>> On 8/11/11 12:07 PM, Henry Sinnreich wrote: >>> >>>> >>>>> >>>>> The participants are identified to >>>>> each other by the central server >>>>> >>>> >>>> >>>> There may be no contradiction, but just to make sure the scenario, such as >>>> a >>>> confidential business meeting is included (not necessarily a social network >>>> scenario). >>>> >>>> A confidential conference MUST assure that all participants can also be >>>> safely identified first to each other, not necessarily by the server, end >>>> to >>>> end, to the full satisfaction of all the participants, who would otherwise >>>> refuse to continue to speak up or continue to attend at all. >>>> Who provides for the e2e identification? A 3rd party? Inside the app? >>>> >>>> Did I understand correctly there is no contradiction? >>>> Any problem in clarifying this? >>>> >>> >>> >>> This is an example of the sort of thing I was speaking of in my earlier >>> reply - that there are differing levels of identity that may be desired. >>> >>> In some cases, participants may want to be fully anonymous. But even >>> then, it will typically be important that one participant be able to >>> identify *which* of the other (anonymous) participants it is receiving >>> media from. (E.g. by noting which participant in the roster is the >>> current speaker - anon1, anon2, ...) >>> >>> In other cases the participants *true* identities are hidden, but >>> handles/nicknames may be used to identify them in the roster and in >>> chats. ("snoopy" and "red barron" rather than anon1 and anon2.) >>> >>> But in that case there are issues of how the handles are associated with >>> participants. It could be that handles are permanently assigned to real >>> users by the server. Then you can be confident that when talking to >>> "snoopy" it is always someone well defined - same as the last time - >>> without awareness of who that person *actually* is. >>> >>> Alternatively, the server might allow handles to be used on a fcfs basis >>> per conference. Or it might allow handles to be non-unique, so that you >>> could have two "snoopy"s at the same time, bound to unrelated users. >>> >>> Henry - what sort of mechanism did you have in mind for these anonymous >>> participants to identify themselves to one another? Are you talking >>> about the exchange of credentials using the server as an intermediary in >>> the exchange? Or did you have in mind an exchange outside the server. >>> (E.g. Bob establishes a secure connection to Alice and over it tells her >>> "I'm anon2 in conference foo right now"? >>> >>> Thanks, >>> Paul >>> >>> >>>> >>>> Thanks, Henry >>>> >>>> >>>> On 8/10/11 9:16 AM, "Harald Alvestrand"<harald@alvestrand.no> >>>> <mailto:harald@alvestrand.no> wrote: >>>> >>>> >>>>> >>>>> In draft-ietf-rtcweb-use-cases-and-requirements, I would like to extend >>>>> one part of the scenario "4.3.3 Video conferencing system with central >>>>> server". >>>>> >>>>> I would like to add one more paragraph: >>>>> >>>>> "All participant are authenticated by the central server, and authorized >>>>> to connect to the central server. The participants are identified to >>>>> each other by the central server, and the participants do not have >>>>> access to each others' credentials such as e-mail addresses or login IDs". >>>>> >>>>> This is necessary in order to drive use cases that resemble Google >>>>> Hangout, where it is a requirement that people are able to participate >>>>> without disclosing their Google login IDs to each other. >>>>> (in the particular case of Hangout, the display name on their profile >>>>> *is* disclosed ... but that's a different matter) >>>>> >>>>> The reason I think this is important is that it feeds directly into the >>>>> discussion of what WebRTC needs to authorize: The final source or >>>>> destination of media, or the identity of the handler at the first hop. >>>>> In at least the case of Hangouts, the requirement is to *not* authorize >>>>> the final source or destination. >>>>> >>>>> Not sure yet how to formulate that as a requirement, and not sure yet if >>>>> it applies to the cases without a central server, such as 4.2.6. We may >>>>> have to decide. >>>>> >>>>> Harald >>>>> >>>>> >>>>> _______________________________________________ >>>>> rtcweb mailing list >>>>> rtcweb@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/rtcweb >>>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> rtcweb mailing list >>>> rtcweb@ietf.org >>>> https://www.ietf.org/mailman/listinfo/rtcweb >>>> >>>> >>> >>> >>> _______________________________________________ >>> rtcweb mailing list >>> rtcweb@ietf.org >>> https://www.ietf.org/mailman/listinfo/rtcweb >>> >> >> >> >> _______________________________________________ >> rtcweb mailing list >> rtcweb@ietf.org >> https://www.ietf.org/mailman/listinfo/rtcweb >> >
- [rtcweb] Use case change request: Identity in mul… Harald Alvestrand
- Re: [rtcweb] Use case change request: Identity in… Paul Kyzivat
- Re: [rtcweb] Use case change request: Identity in… Randell Jesup
- Re: [rtcweb] Use case change request: Identity in… Stefan Håkansson LK
- Re: [rtcweb] Use case change request: Identity in… Harald Alvestrand
- Re: [rtcweb] Use case change request: Identity in… Stefan Håkansson LK
- Re: [rtcweb] Use case change request: Identity in… Harald Alvestrand
- Re: [rtcweb] Use case change request: Identity in… Harald Alvestrand
- Re: [rtcweb] Use case change request: Identity in… Henry Sinnreich
- Re: [rtcweb] Use case change request: Identity in… Paul Kyzivat
- Re: [rtcweb] Use case change request: Identity in… Igor Faynberg
- Re: [rtcweb] Use case change request: Identity in… Henry Sinnreich
- Re: [rtcweb] Use case change request: Identity in… Igor Faynberg
- Re: [rtcweb] Use case change request: Identity in… Henry Sinnreich
- Re: [rtcweb] Use case change request: Identity in… Randell Jesup
- Re: [rtcweb] Use case change request: Identity in… Igor Faynberg
- Re: [rtcweb] Use case change request: Identity in… Paul Kyzivat
- [rtcweb] Exchange of trusted identities in server… Harald Alvestrand
- Re: [rtcweb] Exchange of trusted identities in se… Igor Faynberg
- Re: [rtcweb] Exchange of trusted identities in se… Paul Kyzivat
- Re: [rtcweb] Exchange of trusted identities in se… Alan Johnston
- Re: [rtcweb] Exchange of trusted identities in se… Randell Jesup