Re: [rtcweb] AVPF [was: Encryption mandate (and offer/answer)]

"Dan Wing" <dwing@cisco.com> Tue, 13 September 2011 23:30 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41C8A21F8BC3 for <rtcweb@ietfa.amsl.com>; Tue, 13 Sep 2011 16:30:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.242
X-Spam-Level:
X-Spam-Status: No, score=-103.242 tagged_above=-999 required=5 tests=[AWL=-0.643, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n5YrdYpxCiAX for <rtcweb@ietfa.amsl.com>; Tue, 13 Sep 2011 16:30:20 -0700 (PDT)
Received: from mtv-iport-3.cisco.com (mtv-iport-3.cisco.com [173.36.130.14]) by ietfa.amsl.com (Postfix) with ESMTP id 9F1AF21F8BBF for <rtcweb@ietf.org>; Tue, 13 Sep 2011 16:30:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=dwing@cisco.com; l=2062; q=dns/txt; s=iport; t=1315956748; x=1317166348; h=from:to:cc:references:in-reply-to:subject:date: message-id:mime-version:content-transfer-encoding; bh=6oDIkBE73YW33NLeFWwJkhRfTych5EmC3dPR+IvGZyU=; b=GWyxzknX2WOorZUiljuG8tLi/pmTwULWVkdsmtjscKOMry6mqTyk3d2B 7r6TeZ3vEr5JlWYuv8vNNKKvV+ssq7fL5zHKhEXAYvg2fXA453cODMVFz eZ6GQkPyUaYCx60RCN5ubzz8573CU77SGp4R29rDzb72PYwFqOv4hm0/W U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AuIAABznb06rRDoH/2dsb2JhbABBmGqBbI0ieIFTAQEEAQEBAQUKARcQNAsMAQMCCQ8CBAEBAScHGQ4VCgkIAQEEARILF4dVBJk6AZ4Rhm4Eh22dEg
X-IronPort-AV: E=Sophos;i="4.68,376,1312156800"; d="scan'208";a="1929796"
Received: from mtv-core-2.cisco.com ([171.68.58.7]) by mtv-iport-3.cisco.com with ESMTP; 13 Sep 2011 23:32:28 +0000
Received: from dwingWS ([10.32.240.194]) by mtv-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id p8DNWRRb005348; Tue, 13 Sep 2011 23:32:27 GMT
From: "Dan Wing" <dwing@cisco.com>
To: "'Matthew Kaufman'" <matthew.kaufman@skype.net>, "'Timothy B. Terriberry'" <tterriberry@mozilla.com>
References: <A444A0F8084434499206E78C106220CA0B00FDB08B@MCHP058A.global-ad.net> <E4EC1B17-0CC4-4F79-96DD-84E589FCC4F0@edvina.net> <4E67C3F7.7020304@jesup.org> <BE60FA11-8FFF-48E5-9F83-4D84A7FBE2BE@vidyo.com> <4E67F003.6000108@jesup.org> <7F2072F1E0DE894DA4B517B93C6A05852233E8554C@ESESSCMS0356.eemea.ericsson.se> <C3759687E4991243A1A0BD44EAC8230339CA68F054@BE235.mail.lan> <CAOJ7v-2u0UuNXh7bzmZFwiSucbsh=Ps=C3ZM5M3cJrXRmZgODA@mail.gmail.com> <CAKhHsXHXCkNdjtpxCSCk+ABbtxY15GEgouE6X6-sn-LqhnidQw@mail.gmail.com> <4E6A56D4.2030602@skype.net> <CABcZeBOdP6cAqBoiSV-Vdv1_EK3DfgnMamT3t3ccjDOMfELfBw@mail.gmail.com> <CAKhHsXFdU1ZaKQF8hbsOxwTS-_RfmFqQhgzGe=K4mRp+wz+_nQ@mail.gmail.com> <4E6A81EC.3080002@jesup.org>, <4E6AE22A.2070106@alum.mit.edu> <7F2072F1E0DE894DA4B517B93C6A05852233C3B7C5@ESESSCMS0356.eemea.ericsson.se>, <4E6C16FF.1000706@jesup.org> <BBF498F2D030E84AB1179E24D1AC41D61C1BCA829D@ESESSCMS0362.eemea.ericsson.se> <4E6CB9F7.2060208@mozilla.com> <4E6DB7F4.3090404@skype.net>
In-Reply-To: <4E6DB7F4.3090404@skype.net>
Date: Tue, 13 Sep 2011 16:32:27 -0700
Message-ID: <09b501cc726d$66655360$332ffa20$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcxxH5S5H9TNTFRGQZaqzWV37CkBAQBTYrdw
Content-Language: en-us
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] AVPF [was: Encryption mandate (and offer/answer)]
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Sep 2011 23:30:21 -0000

> -----Original Message-----
> From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On
> Behalf Of Matthew Kaufman
> Sent: Monday, September 12, 2011 12:43 AM
> To: Timothy B. Terriberry
> Cc: rtcweb@ietf.org
> Subject: Re: [rtcweb] AVPF [was: Encryption mandate (and offer/answer)]
> 
> On 9/11/11 3:39 PM, Timothy B. Terriberry wrote:
> >> * The level of media protection to use (NONE, SDES-SRTP or DTLS-
> SRTP)
> >> should be set by the web app
> >
> > Why wouldn't this devolve to, "Don't communicate anything. Instead,
> > try to create a PeerConnection with DTLS-SRTP, and when that fails,
> > try to create a second one with NONE," in the actual webapp.
> 
> Yes.
> 
> >
> > Or, more likely, since NONE will have a better chance of working with
> > legacy devices, "Try to create a PeerConnection with NONE, and when
> > that fails, try to create a second one with DTLS-SRTP." Assuming
> > anyone bothers with the second step.
> 
> Yes, I believe this is why ekr suggested in his email that
> DTLS-SRTP-only is more likely to result in encrypted connections than
> having both choices available is.
> 
> > Having the choice of SDES-SRTP or DTLS-SRTP will also make it more
> > likely people won't bother with either, as they won't know which one
> > to use.
> 
> Agree. This is the best reason for not supporting SDES for keying.

SDES is also not as secure as DTLS-SRTP, reference RFC5479.

-d

> > We can try to create incentives with browser chrome, but there's only
> > so much that can do.
> Agree.
> 
> The best way to evaluate this is "if I was the one sitting in a cafe
> using this, what would I want my browser to do"... and the answer to
> *that* question is "I always want DTLS-SRTP between my browser and the
> other end, or worst case, the gateway". (Even if there seem to be good
> reasons to support plain RTP.)
> 
> Matthew Kaufman
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb