Re: [rtcweb] Use case change request: Identity in multiuser calls
Igor Faynberg <igor.faynberg@alcatel-lucent.com> Thu, 11 August 2011 19:38 UTC
Return-Path: <igor.faynberg@alcatel-lucent.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 655EC11E8086 for <rtcweb@ietfa.amsl.com>; Thu, 11 Aug 2011 12:38:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.798
X-Spam-Level:
X-Spam-Status: No, score=-6.798 tagged_above=-999 required=5 tests=[AWL=-0.200, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DoeTlOoKKlNq for <rtcweb@ietfa.amsl.com>; Thu, 11 Aug 2011 12:38:33 -0700 (PDT)
Received: from ihemail2.lucent.com (ihemail2.lucent.com [135.245.0.35]) by ietfa.amsl.com (Postfix) with ESMTP id EAB4A21F8B4A for <rtcweb@ietf.org>; Thu, 11 Aug 2011 12:38:32 -0700 (PDT)
Received: from usnavsmail1.ndc.alcatel-lucent.com (usnavsmail1.ndc.alcatel-lucent.com [135.3.39.9]) by ihemail2.lucent.com (8.13.8/IER-o) with ESMTP id p7BJd68D014830 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 11 Aug 2011 14:39:06 -0500 (CDT)
Received: from umail.lucent.com (umail-ce2.ndc.lucent.com [135.3.40.63]) by usnavsmail1.ndc.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id p7BJd6lA003726 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 11 Aug 2011 14:39:06 -0500
Received: from [135.244.38.171] (faynberg.lra.lucent.com [135.244.38.171]) by umail.lucent.com (8.13.8/TPES) with ESMTP id p7BJd5oX023226; Thu, 11 Aug 2011 14:39:05 -0500 (CDT)
Message-ID: <4E442FD8.6060008@alcatel-lucent.com>
Date: Thu, 11 Aug 2011 15:39:04 -0400
From: Igor Faynberg <igor.faynberg@alcatel-lucent.com>
Organization: Alcatel-Lucent
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: Henry Sinnreich <henry.sinnreich@gmail.com>
References: <CA69938B.1CB98%henry.sinnreich@gmail.com>
In-Reply-To: <CA69938B.1CB98%henry.sinnreich@gmail.com>
Content-Type: multipart/alternative; boundary="------------050104070805050803080101"
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.35
X-Scanned-By: MIMEDefang 2.64 on 135.3.39.9
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Use case change request: Identity in multiuser calls
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: igor.faynberg@alcatel-lucent.com
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2011 19:38:34 -0000
Well... (I thought that the lawful intercept issue that came up several times is pertinent here.) But note that this was a parenthetical remark! A non-parenthetical one is based on the quote from the cited draft: "In the development of ZRTP, it was realized that there are scenarios in which the media can not be encrypted end-to-end. For example, when a client has a trusted server or PBX which provides media services in the path. For these cases, ZRTP developed mechanisms for handling a "trusted MiTM" which can terminate than reoriginate the SRTP encryption." So, if we end up with a "trusted MITM," why not have a trusted central server in the first place? Igor P.S.: I have nothing against ZRTP, which has done a thorough and honest job. I question its applicability to the agreed use cases. Personally I think we need an all-encompassing solution. On 8/11/2011 3:11 PM, Henry Sinnreich wrote: >> Henry - what sort of mechanism did you have in mind for these anonymous >> participants to identify themselves to one another? Are you talking >> about the exchange of credentials using the server as an intermediary in >> the exchange? Or did you have in mind an exchange outside the server. >> (E.g. Bob establishes a secure connection to Alice and over it tells her >> "I'm anon2 in conference foo right now"? > The most credible e2e identification that comes to my mind is Phil > Zimmermann's Zfone technology: > > http://www.ietf.org/id/draft-johnston-rtcweb-media-privacy-00.txt > http://zfoneproject.com/ > > Definitely not relying on any "trusted" server :-) > > Thanks, Henry > > On 8/11/11 11:50 AM, "Paul Kyzivat"<pkyzivat@alum.mit.edu> wrote: > >> On 8/11/11 12:07 PM, Henry Sinnreich wrote: >>>> The participants are identified to >>>> each other by the central server >>> There may be no contradiction, but just to make sure the scenario, such as a >>> confidential business meeting is included (not necessarily a social network >>> scenario). >>> >>> A confidential conference MUST assure that all participants can also be >>> safely identified first to each other, not necessarily by the server, end to >>> end, to the full satisfaction of all the participants, who would otherwise >>> refuse to continue to speak up or continue to attend at all. >>> Who provides for the e2e identification? A 3rd party? Inside the app? >>> >>> Did I understand correctly there is no contradiction? >>> Any problem in clarifying this? >> This is an example of the sort of thing I was speaking of in my earlier >> reply - that there are differing levels of identity that may be desired. >> >> In some cases, participants may want to be fully anonymous. But even >> then, it will typically be important that one participant be able to >> identify *which* of the other (anonymous) participants it is receiving >> media from. (E.g. by noting which participant in the roster is the >> current speaker - anon1, anon2, ...) >> >> In other cases the participants *true* identities are hidden, but >> handles/nicknames may be used to identify them in the roster and in >> chats. ("snoopy" and "red barron" rather than anon1 and anon2.) >> >> But in that case there are issues of how the handles are associated with >> participants. It could be that handles are permanently assigned to real >> users by the server. Then you can be confident that when talking to >> "snoopy" it is always someone well defined - same as the last time - >> without awareness of who that person *actually* is. >> >> Alternatively, the server might allow handles to be used on a fcfs basis >> per conference. Or it might allow handles to be non-unique, so that you >> could have two "snoopy"s at the same time, bound to unrelated users. >> >> Henry - what sort of mechanism did you have in mind for these anonymous >> participants to identify themselves to one another? Are you talking >> about the exchange of credentials using the server as an intermediary in >> the exchange? Or did you have in mind an exchange outside the server. >> (E.g. Bob establishes a secure connection to Alice and over it tells her >> "I'm anon2 in conference foo right now"? >> >> Thanks, >> Paul >> >>> Thanks, Henry >>> >>> >>> On 8/10/11 9:16 AM, "Harald Alvestrand"<harald@alvestrand.no> wrote: >>> >>>> In draft-ietf-rtcweb-use-cases-and-requirements, I would like to extend >>>> one part of the scenario "4.3.3 Video conferencing system with central >>>> server". >>>> >>>> I would like to add one more paragraph: >>>> >>>> "All participant are authenticated by the central server, and authorized >>>> to connect to the central server. The participants are identified to >>>> each other by the central server, and the participants do not have >>>> access to each others' credentials such as e-mail addresses or login IDs". >>>> >>>> This is necessary in order to drive use cases that resemble Google >>>> Hangout, where it is a requirement that people are able to participate >>>> without disclosing their Google login IDs to each other. >>>> (in the particular case of Hangout, the display name on their profile >>>> *is* disclosed ... but that's a different matter) >>>> >>>> The reason I think this is important is that it feeds directly into the >>>> discussion of what WebRTC needs to authorize: The final source or >>>> destination of media, or the identity of the handler at the first hop. >>>> In at least the case of Hangouts, the requirement is to *not* authorize >>>> the final source or destination. >>>> >>>> Not sure yet how to formulate that as a requirement, and not sure yet if >>>> it applies to the cases without a central server, such as 4.2.6. We may >>>> have to decide. >>>> >>>> Harald >>>> >>>> >>>> _______________________________________________ >>>> rtcweb mailing list >>>> rtcweb@ietf.org >>>> https://www.ietf.org/mailman/listinfo/rtcweb >>> >>> _______________________________________________ >>> rtcweb mailing list >>> rtcweb@ietf.org >>> https://www.ietf.org/mailman/listinfo/rtcweb >>> >> _______________________________________________ >> rtcweb mailing list >> rtcweb@ietf.org >> https://www.ietf.org/mailman/listinfo/rtcweb > > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb
- [rtcweb] Use case change request: Identity in mul… Harald Alvestrand
- Re: [rtcweb] Use case change request: Identity in… Paul Kyzivat
- Re: [rtcweb] Use case change request: Identity in… Randell Jesup
- Re: [rtcweb] Use case change request: Identity in… Stefan Håkansson LK
- Re: [rtcweb] Use case change request: Identity in… Harald Alvestrand
- Re: [rtcweb] Use case change request: Identity in… Stefan Håkansson LK
- Re: [rtcweb] Use case change request: Identity in… Harald Alvestrand
- Re: [rtcweb] Use case change request: Identity in… Harald Alvestrand
- Re: [rtcweb] Use case change request: Identity in… Henry Sinnreich
- Re: [rtcweb] Use case change request: Identity in… Paul Kyzivat
- Re: [rtcweb] Use case change request: Identity in… Igor Faynberg
- Re: [rtcweb] Use case change request: Identity in… Henry Sinnreich
- Re: [rtcweb] Use case change request: Identity in… Igor Faynberg
- Re: [rtcweb] Use case change request: Identity in… Henry Sinnreich
- Re: [rtcweb] Use case change request: Identity in… Randell Jesup
- Re: [rtcweb] Use case change request: Identity in… Igor Faynberg
- Re: [rtcweb] Use case change request: Identity in… Paul Kyzivat
- [rtcweb] Exchange of trusted identities in server… Harald Alvestrand
- Re: [rtcweb] Exchange of trusted identities in se… Igor Faynberg
- Re: [rtcweb] Exchange of trusted identities in se… Paul Kyzivat
- Re: [rtcweb] Exchange of trusted identities in se… Alan Johnston
- Re: [rtcweb] Exchange of trusted identities in se… Randell Jesup