Re: [rtcweb] End-to-end encryption vs end-to-end authentication (DTLS-SRTP / SDES-SRTP)

Iñaki Baz Castillo <ibc@aliax.net> Thu, 05 April 2012 18:20 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D175621F86A3 for <rtcweb@ietfa.amsl.com>; Thu, 5 Apr 2012 11:20:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.603
X-Spam-Level:
X-Spam-Status: No, score=-2.603 tagged_above=-999 required=5 tests=[AWL=0.074, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dvgfnE7FKXgH for <rtcweb@ietfa.amsl.com>; Thu, 5 Apr 2012 11:20:00 -0700 (PDT)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 4DD4621F8692 for <rtcweb@ietf.org>; Thu, 5 Apr 2012 11:20:00 -0700 (PDT)
Received: by ggmi1 with SMTP id i1so1006490ggm.31 for <rtcweb@ietf.org>; Thu, 05 Apr 2012 11:20:00 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=DkDIczqEwj5+ut8Kz70qAbk/tO6L8yCRDfPTu4762I4=; b=B0oer1meaxOuPXEW28HknzpvnNwffYW3RX4vbkyFbuJoutwJmCw0VYxsYlaUQcZV3U Kpjo68Zytrzg6bHR/cgrc5B0Du8BBIgdMzpJUNrZkk+oPZZDQLnxmLtzk6aBfWQQrpky 5/sxPi/vfsGQ3deRuP2J/FTt0UbOHX++Hwrs6CbZb6f8JWa8ALQG/v5B8uq4yir5gswi UmfY6EM5FyUZE+UhnfNGLNG3+BMTHC8Zp0TuuzgQpWylfDeuOhYghipLOc94gM/LMHPf peQQhwnpd0bz7S0i6Sm0AqGE7UpoZSrS70DA66bJa8vw3VFqJ67sd5+kzGdpeQQIj6VN 7o4Q==
Received: by 10.101.180.17 with SMTP id h17mr1040268anp.51.1333649999903; Thu, 05 Apr 2012 11:19:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.170.165 with HTTP; Thu, 5 Apr 2012 11:19:39 -0700 (PDT)
In-Reply-To: <CAD5OKxtDXX1A1hewxZeFZMcs4f4o6BqCy8UYpi5LMngj2GudfQ@mail.gmail.com>
References: <4F7D7103.6040102@infosecurity.ch> <4F7DBEFC.6040302@alcatel-lucent.com> <4F7DD13F.2010006@infosecurity.ch> <CAD5OKxv_e9Ncw7xt3eh9jNM9HWX1snDN1wVynkFT2GPoA+y1_w@mail.gmail.com> <4F7DE01C.4040800@infosecurity.ch> <CAD5OKxtDXX1A1hewxZeFZMcs4f4o6BqCy8UYpi5LMngj2GudfQ@mail.gmail.com>
From: =?UTF-8?Q?I=C3=B1aki_Baz_Castillo?= <ibc@aliax.net>
Date: Thu, 5 Apr 2012 20:19:39 +0200
Message-ID: <CALiegf=Bf5Q7ODUZccJiEOn-ibWk7aDx9-MGNmGLCusGGjfvxg@mail.gmail.com>
To: Roman Shpount <roman@telurix.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQloFMr/lEqiQF4PVziONIC4L8DX3VHdUOcgc16B1Dr46l8VNNTiJHB70h6Dvi4C4B/nuMWk
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] End-to-end encryption vs end-to-end authentication (DTLS-SRTP / SDES-SRTP)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2012 18:20:00 -0000

2012/4/5 Roman Shpount <roman@telurix.com>:
>> The fingerprint is always delivered from the signaling services, so by
>> the HTTPS website providing the JS calling application.
>>
> If fingerprint is exposed to the user and be compared through some
> alternative communications channel, the it can provide an independent
> security validation similar to the one used in ZRTP.

Define such an "alternative communications channel" and explain me how
the signaling server cannot alter that channel.



-- 
Iñaki Baz Castillo
<ibc@aliax.net>