Re: [rtcweb] SRTP requirement - wiretapping (Re: Let's define the purpose of WebRTC)

Eric Rescorla <ekr@rtfm.com> Thu, 10 November 2011 05:24 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3F7F21F8488 for <rtcweb@ietfa.amsl.com>; Wed, 9 Nov 2011 21:24:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.945
X-Spam-Level:
X-Spam-Status: No, score=-102.945 tagged_above=-999 required=5 tests=[AWL=0.032, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w9GPbJsfbgWS for <rtcweb@ietfa.amsl.com>; Wed, 9 Nov 2011 21:24:47 -0800 (PST)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 8CE5921F848B for <rtcweb@ietf.org>; Wed, 9 Nov 2011 21:24:45 -0800 (PST)
Received: by vcbfk1 with SMTP id fk1so2363434vcb.31 for <rtcweb@ietf.org>; Wed, 09 Nov 2011 21:24:45 -0800 (PST)
Received: by 10.52.29.9 with SMTP id f9mr10185889vdh.30.1320902685103; Wed, 09 Nov 2011 21:24:45 -0800 (PST)
MIME-Version: 1.0
Received: by 10.220.118.132 with HTTP; Wed, 9 Nov 2011 21:24:04 -0800 (PST)
X-Originating-IP: [74.95.2.173]
In-Reply-To: <387F9047F55E8C42850AD6B3A7A03C6C0134A6B5@inba-mail01.sonusnet.com>
References: <CALiegfkVNVAs_MyU_-4koA4zRwSn1-FwLjY9g_oZVkhi9rSK5Q@mail.gmail.com> <8A61D801-D14D-408B-9875-63C37D0CC166@acmepacket.com> <CABw3bnPE=OY_h5bM7GA6wgrXiOBL8P4J0kw1jLv-GSpHAbg=Cg@mail.gmail.com> <CABcZeBNqdkh8u=gwOvKfDCQA7rXdAyQkfaM1r2Sx10787btP6A@mail.gmail.com> <B10FEFF6-0ADC-4DB1-83BB-50A11C65EC35@acmepacket.com> <CABcZeBNSXtim_VqzqAd8Z-u4zWSjaYmsVZPN=7sDYkJsgtRAHA@mail.gmail.com> <4EB7E6A5.70209@alvestrand.no> <F8003BA9-BCD8-4F02-B514-8B883FF90F91@acmepacket.com> <387F9047F55E8C42850AD6B3A7A03C6C01349D81@inba-mail01.sonusnet.com> <4EB9ACF5.80805@alvestrand.no> <387F9047F55E8C42850AD6B3A7A03C6C01349F60@inba-mail01.sonusnet.com> <CAD6AjGTn2WPaVQh01y-PVYZtpVYKopocqzQBSEMQadozjEd-Tw@mail.gmail.com> <387F9047F55E8C42850AD6B3A7A03C6C01349FE6@inba-mail01.sonusnet.com> <CABcZeBNvGVWgNiLcP9=n+hnfvV1P4_uF1+Q2oC6dwgya80BwGQ@mail.gmail.com> <387F9047F55E8C42850AD6B3A7A03C6C0134A6B5@inba-mail01.sonusnet.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 9 Nov 2011 21:24:04 -0800
Message-ID: <CABcZeBMoCOQVPYWmoLYkU1zvjMKu1Pr2MwYJ6GH1oocR+zmpvQ@mail.gmail.com>
To: "Ravindran, Parthasarathi" <pravindran@sonusnet.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: "&lt,rtcweb@ietf.org&gt," <rtcweb@ietf.org>
Subject: Re: [rtcweb] SRTP requirement - wiretapping (Re: Let's define the purpose of WebRTC)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Nov 2011 05:24:47 -0000

On Wed, Nov 9, 2011 at 9:19 PM, Ravindran, Parthasarathi
<pravindran@sonusnet.com> wrote:
> Eric,
>
> I agree with you about performance in case of desktop as I'm able to execute Skype video call and other application simultaneously without any performance impact. AFAIK in case of telepresence or equivalent endpoint, it requires the special hardware to encrypt/decrypt the whole bunch of media from it. WebRTC browser could be executed on any of these kind of endpoint as well.

I'd be interested in any measurements you have to offer here.
My Macbook Air does on the order of 100 MB/s of AES-128
on a single core. What's the bandwidth of a telepresence
system?

-Ekr

> As you mentioned, I often heard that Enterprise is not secure which requires different level of security but this argument is not well accepted in the deployment so far :-(
>
> Thanks
> Partha
>
>>-----Original Message-----
>>From: Eric Rescorla [mailto:ekr@rtfm.com]
>>Sent: Wednesday, November 09, 2011 7:40 PM
>>To: Ravindran, Parthasarathi
>>Cc: Cameron Byrne; &lt,rtcweb@ietf.org&gtg&gt,
>>Subject: Re: [rtcweb] SRTP requirement - wiretapping (Re: Let's define
>>the purpose of WebRTC)
>>
>>On Tue, Nov 8, 2011 at 6:50 PM, Ravindran Parthasarathi
>><pravindran@sonusnet.com> wrote:
>>> Cameron,
>>>
>>>
>>>
>>> I guess that we are in the same w.r.t IETF privacy policy and it is
>>main
>>> reason, I take back my comment #2. But, Please look into comment #1
>>for
>>> Enterprise WebRTC application wherein SRTP is not required to be
>>mandated.
>>>
>>
>>Partha,
>>
>>I don't understand what resource you are conserving here by avoiding
>>multiple encryption.
>>
>>Even if we stipulate that the enterprise network is secure (which as
>>Cameron has suggested, is often not the case even when people believe it
>>is),
>>the actual cost to encrypt the data on the endpoints is quite low,
>>especially when compared to the added complexity cost of trying to make
>>the
>>(extremely difficult) determination of whether whatever network
>>encryption
>>is in place is sufficient to protect your call. Better to just encrypt
>>all
>>the time.
>>
>>-Ekr
>