Re: [rtcweb] Consensus call regarding media security

"Fabio Pietrosanti (naif)" <lists@infosecurity.ch> Thu, 29 March 2012 17:56 UTC

Return-Path: <lists@infosecurity.ch>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4394021E8125 for <rtcweb@ietfa.amsl.com>; Thu, 29 Mar 2012 10:56:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.197
X-Spam-Level:
X-Spam-Status: No, score=-3.197 tagged_above=-999 required=5 tests=[AWL=-0.198, BAYES_00=-2.599, J_CHICKENPOX_83=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1vhRjwVcnByz for <rtcweb@ietfa.amsl.com>; Thu, 29 Mar 2012 10:56:51 -0700 (PDT)
Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) by ietfa.amsl.com (Postfix) with ESMTP id 6696C21E8117 for <rtcweb@ietf.org>; Thu, 29 Mar 2012 10:56:51 -0700 (PDT)
Received: by wibhq7 with SMTP id hq7so259023wib.13 for <rtcweb@ietf.org>; Thu, 29 Mar 2012 10:56:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:x-gm-message-state :content-type:content-transfer-encoding; bh=u5SGLP1fRrxkQGjxiqngfDWZmGkAQ53PJRIojIVTQn0=; b=SagXzZa/1mkvGqyYcydmHsFkoF/+ckbCzcBmRfYIyisTDnIXryRi8Vj2otQVcVYsw5 lEdLRGoljzW6wJ3RGCXURGIivqzHCtttiZ1MwvAimLVawBvcXHdgE6m91AU5OltXie6Z I5Twzw5ncY93B+fUtvXSJsypsS/4qaxLt/XhMighGeekD8plo8ks/ndUJ/l9iAS7CMjB OPBEs7PhuvGygHCUaxQ+nofJ+nKrVPPS4Hw9/AZdeTTcFFdQg/BcDvqBnj9lQBN0H9F1 1zETQlWqxD4wWl8RXkBGotCUrKZPV65MSrw9wuoAH/cJiDfWgivCaBu7TDjJCSFsPbcC TbtQ==
Received: by 10.180.105.69 with SMTP id gk5mr9290713wib.3.1333043810391; Thu, 29 Mar 2012 10:56:50 -0700 (PDT)
Received: from sonyvaiop13.local (93-57-41-37.ip162.fastwebnet.it. [93.57.41.37]) by mx.google.com with ESMTPS id b3sm68760917wib.4.2012.03.29.10.56.48 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 29 Mar 2012 10:56:49 -0700 (PDT)
Sender: Fabio Pietrosanti <naif@infosecurity.ch>
Message-ID: <4F74A25F.1050901@infosecurity.ch>
Date: Thu, 29 Mar 2012 19:56:47 +0200
From: "Fabio Pietrosanti (naif)" <lists@infosecurity.ch>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <4F732531.2030208@ericsson.com> <BLU169-W80FA8377288974CAF4716F93480@phx.gbl> <4F745719.5090709@ericsson.com>
In-Reply-To: <4F745719.5090709@ericsson.com>
X-Enigmail-Version: 1.4
X-Gm-Message-State: ALoCoQkn2bFnt/MOr6/d2r7ac+NRnlx1T7AGI68B6yzheQ3znraVgTPHfhP0Lnik8nPNf8DE6Hka
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [rtcweb] Consensus call regarding media security
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2012 17:56:52 -0000

On 3/29/12 2:35 PM, Magnus Westerlund wrote:
> On 2012-03-29 08:02, Bernard Aboba wrote:
>> I agree with proposition #1 (SRTP) unconditionally.
>>
>> With respect to proposition #2 (DTLS-SRTP), perhaps the words "with
>> details to be worked out" should have been added. 
>>
>> I believe that the consensus achieved was only on a general direction,
>> not an endorsement of particular proposals.
>>
>> Personally, I would like to have more specifics about the required
>> features of DTLS-SRTP in the RTCWEB context.
> 
> I hope someone that knows the details can elaborate on this. I thought
> DTLS-SRTP has a core that you will need to implement. Then there is
> clearly a question of crypto algorithms to be supported. But that also
> applies to SRTP where we also need to select which crypto suites that
> are to be implemented if any in addtion to the MITM. The WG will need to
> select these details as part of the next steps.

Hi Magnus,

imho the selection of a crypto algorithms is not the first priority (it
will probably goes with some well known AES-stuff), as the first
priority is to define which will be the Key Management system to be used
for DTLS-SRTP.

Given the SRTP standard,the security and trust model radically change
depending on the key exchange system details.

With DTLS-SRTP the key exchange and security/trust model seems quite
opaque and there's not a specific guideline to implement it and/or to
satisfy a specific security requirement.

While the SDES-SRTP method satisfy  all the 4.1.1.* Calling method
requirement of
http://tools.ietf.org/html/draft-ietf-rtcweb-security-02#section-4.1.1 ,
because it would just rely on existing TLS/HTTPS method.

So it would not even enter into the context/discussion of trust with the
server, that has been already managed by the existing TLS/HTTPS.

I did not really understand how DTLS-SRTP would like to manage the
so-many-complicated trust scenario that TLS/HTTPS already manage.

Imho everything should be simplified with two context:
- Do you need end-to-site (TLS equivalent) security?
  SDES-SRTP + TLS/HTTPS

- Do you need end-to-end (ZRTP/PGP equivalent) security?
  DTLS-SRTP with user-driven verification schema (such as Short
Authentication String / Fingerprint / Key pinning)

-- 
Fabio Pietrosanti
Founder, CTO

Tel: +39 02 85961748 (direct)
Mobile: +39 340 1801049
E-mail: fabio.pietrosanti@privatewave.com
Skype: fpietrosanti
Linkedin: http://linkedin.com/in/secret

PrivateWave Italia S.p.A.
Via Gaetano Giardino 1 - 20123 Milano - Italy
www.privatewave.com