Re: [rtcweb] SDP Security Descriptions (RFC 4568) and RTCWeb
Iñaki Baz Castillo <ibc@aliax.net> Fri, 26 April 2013 11:37 UTC
Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F4A521F87C5 for <rtcweb@ietfa.amsl.com>; Fri, 26 Apr 2013 04:37:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.177
X-Spam-Level:
X-Spam-Status: No, score=-2.177 tagged_above=-999 required=5 tests=[AWL=0.500, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SAgEQlMFodGM for <rtcweb@ietfa.amsl.com>; Fri, 26 Apr 2013 04:37:44 -0700 (PDT)
Received: from mail-qe0-f43.google.com (mail-qe0-f43.google.com [209.85.128.43]) by ietfa.amsl.com (Postfix) with ESMTP id 1876721F98B0 for <rtcweb@ietf.org>; Fri, 26 Apr 2013 04:37:44 -0700 (PDT)
Received: by mail-qe0-f43.google.com with SMTP id f6so2699497qej.30 for <rtcweb@ietf.org>; Fri, 26 Apr 2013 04:37:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:x-gm-message-state; bh=ZLDJYoeQ6o27SZr2UnuhoofbMpdohWjBvGejPKzSDqM=; b=iX1Jx9Z0Z5XqzuddMUTGbh16sRTUuRtDaUR6o5mc5YvqwmYDjTGzNaPsJWT+D4K+4/ Ls2pbtMMXfXq22SAvrS7V1BBjnVGt5gBHRY2TquuQNwvBMx4n0Sbl18apPesUBV7dhjA xiAeF1+LjO1uvlUBoi0jsAmder2GPiUUKekZlr+NnhDIYZRJHNhuQ4RANCjny0cIQ+So iATgx9Ru0tfCplAjjktQJ0l7Oj4Ht8OzB8Icz+QsVFrp1I67EcvXSIGNv+s9gCZW3EFe 67el5BrOYOdSKx3kt3kvMNnL//7YBzNyj5Ay1xmZt1RGz/aXFDXROlAgWq+hXL/Sx8ki XpRA==
MIME-Version: 1.0
X-Received: by 10.224.32.137 with SMTP id c9mr40032789qad.66.1366976263441; Fri, 26 Apr 2013 04:37:43 -0700 (PDT)
Received: by 10.49.81.175 with HTTP; Fri, 26 Apr 2013 04:37:43 -0700 (PDT)
Received: by 10.49.81.175 with HTTP; Fri, 26 Apr 2013 04:37:43 -0700 (PDT)
In-Reply-To: <91B4F744-2201-4361-A8D8-7D36F47B865C@cisco.com>
References: <3FA2E46D-C98E-4FC0-9F1D-AD595A861CE1@iii.ca> <74300615-2293-4DCE-82A7-475F1A5A8256@gmail.com> <91B4F744-2201-4361-A8D8-7D36F47B865C@cisco.com>
Date: Fri, 26 Apr 2013 13:37:43 +0200
Message-ID: <CALiegfnqW26gEMYNpjJyzu=Nd6z9wCjvZbuY1N2tYvbfQiHyPA@mail.gmail.com>
From: Iñaki Baz Castillo <ibc@aliax.net>
To: Dan Wing <dwing@cisco.com>
Content-Type: multipart/alternative; boundary="047d7b5d57da99c93604db41f6f3"
X-Gm-Message-State: ALoCoQnu2l513kilWC5u0KOooKgzkoRCwIHfloGUnzdJ33nvHmRWHBrw9vkbv0syF8URnkVQWtNm
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] SDP Security Descriptions (RFC 4568) and RTCWeb
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Apr 2013 11:37:45 -0000
Such a solution requires a very expensive gateway. Good for vendors but bad for all the rest. -- Iñaki Baz Castillo <ibc@aliax.net> El 26/04/2013 00:14, "Dan Wing" <dwing@cisco.com> escribió: > > On Apr 25, 2013, at 9:39 AM, Alan Johnston <alan.b.johnston@gmail.com> > wrote: > > > I'm not a fan of SDES. However, I've come to believe that we need it for > two reasons. > > > > 1. There is a backwards compatibility reason. There are deployed systems > of SRTP that use SDES or a key agreement that easily maps to it. Just as we > allowed G.711 for these systems, it seems reasonable to allow SDES as well. > When combined with ICE Lite in a media gateway, this is a scalable interop > approach. > > Interworking at scale can be accomplished without SDES on WEBRTC, as I > explained at IETF83 in slides 27-35 of > http://www.ietf.org/proceedings/83/slides/slides-83-rtcweb-3.pdf. > > > 2. We need it or something like it for API reasons. There are cases > where the JavaScript needs to tell the browser what SRTP key to use. > > DTLS-SRTP with EKT can also perform that function, and does it without > disclosing the SRTP key to all the SIP proxies and all the web servers on > the signaling path. > > > Since JSEP uses SDP for this API surface, SDES works for this. Obviously > it is a bad idea to send this key over unsecured channels, but this is > separate from this API issue. > > > > And just to be clear, browser to browser should use DTLS-SRTP, and only > thus mode should be considered "secure" using whatever user interface a > browser chooses. > > But is there a secure mechanism to differentiate browser-to-browser calls > from browser-to-non-browser calls, so we don't have to worry over SDES > downgrade attacks? And for the use-cases where JavaScript has to set the > key, those will often be browser-to-browser calls, meaning that we will > have to support browser-to-browser SDES, contrary to your desire that > browser-to-browser use DTLS-SRTP? DTLS-SRTP with EKT permits the > application to set the SRTP key, and more securely than SDES. > > -d > > > > > > - Alan - > > > > > > > > On Apr 25, 2013, at 11:57 AM, Cullen Jennings <fluffy@iii.ca> wrote: > > > >> > >> The working groups committed some time ago to have a further discussion > on whether SDP Security Descriptions (RFC 4568 aka SDES) would be usable as > a keying method for WebRTC. As we prepare for that discussion, we'd like > to have expressions of interest or support for that approach which indicate > the general outlines of support proposed. If you wish to make such an > expression of support, please send it to the chairs or the list. > >> > >> Cullen, Magnus, & Ted <The Chairs> > >> > >> > >> _______________________________________________ > >> rtcweb mailing list > >> rtcweb@ietf.org > >> https://www.ietf.org/mailman/listinfo/rtcweb > > _______________________________________________ > > rtcweb mailing list > > rtcweb@ietf.org > > https://www.ietf.org/mailman/listinfo/rtcweb > > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb >
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman (SKYPE)
- [rtcweb] SDP Security Descriptions (RFC 4568) and… Cullen Jennings
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Alan Johnston
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Bernard Aboba
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Bogineni, Kalyani
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Ejzak, Richard P (Richard)
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Igor Faynberg
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Martin Thomson
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Mandeep Singh
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Adam Roach
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Martin Thomson
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Eric Rescorla
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Ejzak, Richard P (Richard)
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Martin Thomson
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Eric Rescorla
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Randell Jesup
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Martin Thomson
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Randell Jesup
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Martin Thomson
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Eric Rescorla
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Harald Alvestrand
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Harald Alvestrand
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Randell Jesup
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Ted Hardie
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Hutton, Andrew
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Xavier Marjou
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Harald Alvestrand
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Eric Rescorla
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Oscar Ohlsson
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Cullen Jennings
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Suhas Nandakumar
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Alan Johnston
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Roman Shpount
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… DRUTA, DAN
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Roman Shpount
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Cullen Jennings (fluffy)
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Cullen Jennings
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Cullen Jennings
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Roman Shpount
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Martin Thomson
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Eric Rescorla
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Salvatore Loreto
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Christer Holmberg
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Bernard Aboba
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Markus.Isomaki
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Binod
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Harald Alvestrand
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Emil Ivov
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Christer Holmberg
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Ejzak, Richard P (Richard)
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Ted Hardie
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Salvatore Loreto
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Ejzak, Richard P (Richard)
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Martin Thomson
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Eric Rescorla
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Ejzak, Richard P (Richard)
- [rtcweb] Network times … was SDP Security Descrip… Cullen Jennings (fluffy)
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Tim Panton
- Re: [rtcweb] Network times . was SDP Security Des… Roy, Radhika R CIV USARMY (US)
- Re: [rtcweb] Network times . was SDP Security Des… Cullen Jennings (fluffy)
- Re: [rtcweb] Network times . was SDP Security Des… Justin Uberti
- Re: [rtcweb] Network times . was SDP Security Des… Michael Tuexen
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] Network times . was SDP Security Des… Randell Jesup
- Re: [rtcweb] Network times . was SDP Security Des… Randell Jesup
- Re: [rtcweb] Network times . was SDP Security Des… Roy, Radhika R CIV USARMY (US)
- Re: [rtcweb] Network times . was SDP Security Des… Justin Uberti
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Bo Burman
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Olle E. Johansson
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Daniel-Constantin Mierla
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Harald Alvestrand
- Re: [rtcweb] Network times . was SDP Security Des… Eric Rescorla
- Re: [rtcweb] Network times . was SDP Security Des… Daniel-Constantin Mierla
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Dan Wing
- Re: [rtcweb] Network times . was SDP Security Des… Cullen Jennings
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Harald Alvestrand
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Bernard Aboba
- Re: [rtcweb] Network times . was SDP Security Des… Justin Uberti
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Henry Lum
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Henry Lum
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Henry Lum
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Martin Thomson
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Cullen Jennings
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing