IETF Logo Mail Archive

Re: [rtcweb] SDES vs DTLS-SRTP revisited

Igor Faynberg <igor.faynberg@alcatel-lucent.com> Mon, 19 March 2012 16:21 UTC

Return-Path: <igor.faynberg@alcatel-lucent.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F4C521F878E for <rtcweb@ietfa.amsl.com>; Mon, 19 Mar 2012 09:21:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.459
X-Spam-Level:
X-Spam-Status: No, score=-9.459 tagged_above=-999 required=5 tests=[AWL=1.140, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f5HF2XSnxhvu for <rtcweb@ietfa.amsl.com>; Mon, 19 Mar 2012 09:21:37 -0700 (PDT)
Received: from ihemail1.lucent.com (ihemail1.lucent.com [135.245.0.33]) by ietfa.amsl.com (Postfix) with ESMTP id 546F221F8792 for <rtcweb@ietf.org>; Mon, 19 Mar 2012 09:21:37 -0700 (PDT)
Received: from usnavsmail2.ndc.alcatel-lucent.com (usnavsmail2.ndc.alcatel-lucent.com [135.3.39.10]) by ihemail1.lucent.com (8.13.8/IER-o) with ESMTP id q2JGLYe7001840 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 19 Mar 2012 11:21:34 -0500 (CDT)
Received: from umail.lucent.com (umail-ce2.ndc.lucent.com [135.3.40.63]) by usnavsmail2.ndc.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id q2JGLYrm014345 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 19 Mar 2012 11:21:34 -0500
Received: from [135.222.232.245] (USMUYN0L055118.mh.lucent.com [135.222.232.245]) by umail.lucent.com (8.13.8/TPES) with ESMTP id q2JGLXWq023385; Mon, 19 Mar 2012 11:21:33 -0500 (CDT)
Message-ID: <4F675D1A.3000307@alcatel-lucent.com>
Date: Mon, 19 Mar 2012 12:21:46 -0400
From: Igor Faynberg <igor.faynberg@alcatel-lucent.com>
Organization: Alcatel-Lucent
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: Oscar Ohlsson <oscar.ohlsson@ericsson.com>
References: <A1B638D2082DEA4092A268AA8BEF294D194494CE64@ESESSCMS0360.eemea.ericsson.se> <4F637685.4090704@alcatel-lucent.com> <A1B638D2082DEA4092A268AA8BEF294D194494D133@ESESSCMS0360.eemea.ericsson.se>
In-Reply-To: <A1B638D2082DEA4092A268AA8BEF294D194494D133@ESESSCMS0360.eemea.ericsson.se>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.33
X-Scanned-By: MIMEDefang 2.64 on 135.3.39.10
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] SDES vs DTLS-SRTP revisited
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: igor.faynberg@alcatel-lucent.com
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2012 16:21:38 -0000

In complete agreement.

Igor

On 3/19/2012 3:52 AM, Oscar Ohlsson wrote:
>
>
>> -----Original Message-----
>> From: rtcweb-bounces@ietf.org
>> [mailto:rtcweb-bounces@ietf.org] On Behalf Of Igor Faynberg
>> Sent: den 16 mars 2012 18:21
>> To: rtcweb@ietf.org
>> Subject: Re: [rtcweb] SDES vs DTLS-SRTP revisited
>>
>> Oscar,
>>
>> I am afraid I missed the point here.
>>
>> How can one determine that the call is being listened to?
>> How can the
>> browser know whom the RTP stream is passing through?
>>
>> If you know the SRTP key and filter the flow directed at me,
>> you will be on the conversation, right?
>>
>> Igor
> Hi Igor,
>
> No you can't know for sure that the call is being listened to, but the behaviour is very suscpicious. If both parties support DTLS-SRTP then why did the web application switch from default DTLS-SRTP to SDES? There are not that many reasonable answers:
>
> - interception/recording
> - transcoding
> - something else?
>
> That's why I was wondering whether DTLS-SRTP fingerprint mismatch really is a stronger indication of interception. To me it's not an obvious question.
>
> Regards,
>
> Oscar
>
>
>
>> On 3/16/2012 11:04 AM, Oscar Ohlsson wrote:
>>> ... Say that you're on a call and want to determine if the
>> service provider is listening in:
>>> Case 1: Both endpoints support DTLS-SRTP (can be determined
>> by asking
>>> the other party)
>>>
>>> If SDES is used you directly conclude that something fishy
>> is going on and hang up. If DTLS-SRTP is used you compare
>> fingerprints and hang up if they don't match. (I've assumed
>> that a user can view detailed security information in the browser).
>>> Case 2: The other endpoint does not support DTLS-SRTP
>> ...
>> _______________________________________________
>> rtcweb mailing list
>> rtcweb@ietf.org
>> https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email