Re: [rtcweb] Use Case draft - Eavesdropping.

Eric Rescorla <ekr@rtfm.com> Tue, 01 May 2012 14:05 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91F0321E8384 for <rtcweb@ietfa.amsl.com>; Tue, 1 May 2012 07:05:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MRhCJ6ifbbfv for <rtcweb@ietfa.amsl.com>; Tue, 1 May 2012 07:05:41 -0700 (PDT)
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id EDEE621E835A for <rtcweb@ietf.org>; Tue, 1 May 2012 07:05:40 -0700 (PDT)
Received: by vbbez10 with SMTP id ez10so3236660vbb.31 for <rtcweb@ietf.org>; Tue, 01 May 2012 07:05:40 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding :x-gm-message-state; bh=Pb8OYFF5S0Feqe1blQ9N/piZFHBiwuVR6CPDGmvrFz4=; b=fyIJmO4r08t6AKN9e7JSxlqJg32pcm14UiuESssov9xRHONvJj2ZDYA80PugwOAU3X Bigyw9uetBI+artZBwXHsaWNOPmfwO4P5iKGJ/nXP4ks1GDUN1DrZXb39Iv4xaEEEanx ThDGMxIxa6nD4n/Ype51DWHUxSf5sML7+TftYV9Y4N5rGMv+3ulzm6222PJ7HXj9mwOx GcxisPiygYUpTpbP9QY1R8vgxvRcFp1Ua5ZslUrbt3yYUjTaGGdUCmcwZuYZaT915WWR 739w7845ZzDDYvaKBXN7PEXZG7AD7fsbwuHp03SM8mIAq90R20NR9iCs98B/UIV613d4 lpjQ==
Received: by 10.220.150.12 with SMTP id w12mr24952001vcv.39.1335881140479; Tue, 01 May 2012 07:05:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.19.233 with HTTP; Tue, 1 May 2012 07:05:00 -0700 (PDT)
X-Originating-IP: [128.107.46.83]
In-Reply-To: <101C6067BEC68246B0C3F6843BCCC1E312992828BD@MCHP058A.global-ad.net>
References: <CA+9kkMCYArLPRP3c00UdOja64WRT6ghN0PSy7XvM_wbxBBB+vA@mail.gmail.com> <101C6067BEC68246B0C3F6843BCCC1E312992828BD@MCHP058A.global-ad.net>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 01 May 2012 07:05:00 -0700
Message-ID: <CABcZeBPhv+=dPfy2rNOMoBFwp5e9Fzba+d8KAiJY5QsPcB-Auw@mail.gmail.com>
To: "Hutton, Andrew" <andrew.hutton@siemens-enterprise.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQmPlIdkFiUpXk8upCXiidt4p6GjpOFD7zbA2pSbodiPUus9EN7jbCrVsoJZQ/Ybko6cDf5O
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Use Case draft - Eavesdropping.
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2012 14:05:41 -0000

On Tue, May 1, 2012 at 6:14 AM, Hutton, Andrew
<andrew.hutton@siemens-enterprise.com> wrote:
> Hi,
>
> A number of use cases within Draft-ietf-rtcweb-use-cases-and-requirements-07 contain the statement "It is essential that the communication cannot be eavesdropped" however there is no definition of what is actually meant by "eavesdropped" although I think we all have an idea of what it means.
>
> Maybe it would be better to replace these statements with something that refers to wiretapping and RFC 2804 (RAVEN) which actually has a definition of wiretapping.

This seems like it's creeping into the security requirements question.
Rather than try to make the use cases document more precise, I'd
prefer to have those statements be in draft-ietf-rtcweb-security,
which actually has (or at least is intended to) have fairly precise
descriptions of what the relevant security properties are.

-Ekr