Re: [rtcweb] SDP Security Descriptions (RFC 4568) and RTCWeb

[Matthew Kaufman <matthew@matthew.at>]

On 4/25/2013 11:08 PM, Eric Rescorla wrote:
>
>
> On Thu, Apr 25, 2013 at 9:21 PM, Matthew Kaufman <matthew@matthew.at 
> <mailto:matthew@matthew.at>> wrote:
>
>     On 4/25/2013 4:19 PM, Eric Rescorla wrote:
>
>
>         It's certainly true that the site has access to the media with
>         DTLS if you
>         don't use identity assertions/isolated streams. However, what
>         it doesn't
>         have is *invisible* access. I.e., it must do something that is
>         user visible,
>         which allows for the detection of cheating by the site. By
>         contrast, if SDES is used
>         then the site can simply passively monitor all your traffic,
>         or at least
>         any that goes through its network and you can't detect it.
>
>
>     That really depends on what you mean by "user visible" doesn't it?
>     If you mean "the user is watching to see that all their packets go
>     to what they know is the verified IP address of their buddy" then
>     sure. But if you mean "the user is looking at their web browser
>     user interface" or even "the user was worried mid-call so checked
>     to see where the packets were going" then I think not, as all that
>     needs to happen is for the call to be set up with a middlebox in
>     the path that the site claims is necessary for the call to work
>     (meets the UI test), keys set with EKT, and then a little ICE
>     renegotiation and the middlebox goes away from the path (meets
>     even the second test).
>
>
> What I mean is that you can use fingerprint checks (admittedly 
> inconvenient) to
> detect active attacks. Obviously, current browser UIs don't support 
> that, but
> I expect them to eventually.
>

Unless you are in a Hangouts-like scenario, where every call goes to a 
mixer and so the fingerprints for all calls look the same, whether 
you're being intercepted or not.

Matthew Kaufman