Re: [rtcweb] Preserving stream isolation when traversing the network

Martin Thomson <martin.thomson@gmail.com> Fri, 07 March 2014 09:59 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF4901A027C for <rtcweb@ietfa.amsl.com>; Fri, 7 Mar 2014 01:59:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gwLooIa_wT2n for <rtcweb@ietfa.amsl.com>; Fri, 7 Mar 2014 01:59:22 -0800 (PST)
Received: from mail-wg0-x22b.google.com (mail-wg0-x22b.google.com [IPv6:2a00:1450:400c:c00::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 140B01A0164 for <rtcweb@ietf.org>; Fri, 7 Mar 2014 01:59:21 -0800 (PST)
Received: by mail-wg0-f43.google.com with SMTP id x13so4622233wgg.26 for <rtcweb@ietf.org>; Fri, 07 Mar 2014 01:59:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=DxlL/95ei5PH3s5wbhjGFTeUgcZg7+B0cmh33I4NBDA=; b=OziXvqgughZP+nqEnPNwMK3M9nwzJImsBQmod0n/dOwNHD1R77UnZLEyhuA1liFAnl UJ94kvsp7t++KFxFb9eFRQ9E5uTJojN6FMQ9BXC5VbGQetJc0RXiE84KT9j3wU9L/g8G l+f2L8fmHJzIT841YLBelYHHNu7qjp/KJN/LjH95d0JCHD/UPFofjcFxJZQZd3W2IIJ/ pWI+8ZLime5V2VrsMaLh/n2TNuf1r3Vnapyb2yyxBuY/SMzLUAY2CUIK/d4OhgQK0UKT rx751oWv3xHhg78hwXU0YgDGL5YVmJrnYvjFZgwYMJJRbpbYMaELwP37VOK01ShdOnq/ RCIg==
MIME-Version: 1.0
X-Received: by 10.194.170.167 with SMTP id an7mr17615895wjc.39.1394186357379; Fri, 07 Mar 2014 01:59:17 -0800 (PST)
Received: by 10.227.10.196 with HTTP; Fri, 7 Mar 2014 01:59:17 -0800 (PST)
In-Reply-To: <CABkgnnVZpOJU=2ip88jF=sa2a7K=jBhZA0zkovPo_vvTBwA-GQ@mail.gmail.com>
References: <CABkgnnVZpOJU=2ip88jF=sa2a7K=jBhZA0zkovPo_vvTBwA-GQ@mail.gmail.com>
Date: Fri, 7 Mar 2014 09:59:17 +0000
Message-ID: <CABkgnnX3vnGRacpDcnhhb8MhTWRgJTZSLT7E9duG-yV7oSbtEw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: "rtcweb@ietf.org" <rtcweb@ietf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/4-kvDfaorOI7a-wjmSO4roFsZpg
Subject: Re: [rtcweb] Preserving stream isolation when traversing the network
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Mar 2014 09:59:24 -0000

On 6 March 2014 14:21, Martin Thomson <martin.thomson@gmail.com> wrote:
> There is another option I really just thought of, and that is to add
> an authenticated parameter to RTP for this purpose.  Probably as an
> RTP header extension.  This has different properties, mostly which
> apply to the scope question.

Having thought about this, I think that we can discount it.  A
security property of this sort needs to be reliably attached to the
stream.  That means an extension in every SRTP packet if we do it that
way.  In the (D)TLS handshake, it costs much less.

If we wanted isolation on a much more granular level, then this would
be OK, but I don't think that we should be making it that granular.