Re: [rtcweb] Encryption mandate

"Olle E. Johansson" <oej@edvina.net> Thu, 08 September 2011 05:41 UTC

Return-Path: <oej@edvina.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0005121F8AD3 for <rtcweb@ietfa.amsl.com>; Wed, 7 Sep 2011 22:41:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5J8DwibQLZS9 for <rtcweb@ietfa.amsl.com>; Wed, 7 Sep 2011 22:41:25 -0700 (PDT)
Received: from smtp7.webway.se (smtp7.webway.se [212.3.14.205]) by ietfa.amsl.com (Postfix) with ESMTP id DDD7C21F88B7 for <rtcweb@ietf.org>; Wed, 7 Sep 2011 22:41:24 -0700 (PDT)
Received: from [IPv6:2001:470:1f15:d79:d02b:3c00:edc1:4846] (unknown [IPv6:2001:470:1f15:d79:d02b:3c00:edc1:4846]) by smtp7.webway.se (Postfix) with ESMTPA id 46384754BCE4; Thu, 8 Sep 2011 05:43:12 +0000 (UTC)
Mime-Version: 1.0 (Apple Message framework v1244.3)
Content-Type: text/plain; charset=iso-8859-1
From: "Olle E. Johansson" <oej@edvina.net>
In-Reply-To: <4E67F296.3020007@jesup.org>
Date: Thu, 8 Sep 2011 07:43:14 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <E2918193-C792-4701-9838-0739D7CA0FD3@edvina.net>
References: <A444A0F8084434499206E78C106220CA0B00FDB08B@MCHP058A.global-ad.net> <89177AB2-F721-47E4-8471-2180EDA10615@voxeo.com> <A444A0F8084434499206E78C106220CA0B00FDB34D@MCHP058A.global-ad.net> <496EE152-41F2-49AB-A136-05735FE5A9F9@voxeo.com><101C6067BEC68246B0C3F6843BCCC1E31018BF6BE2@MCHP058A.global-ad.net> <4E540FE2.7020605@alcatel-lucent.com> <2E239D6FCD033C4BAF15F386A979BF5106423F@sonusinmail02.sonusnet.com> <4E6595E7.7060503@skype.net> <4E661C83.5000103@alcatel-lucent.com> <2E239D6FCD033C4BAF15F386A979BF510F086B@sonusinmail02.sonusnet.com> <4E666926.8050705@skype.net> <43A0D702-1D1F-4B4E-B8E6-C9F1A06E3F8A@edvina.net> <033458F56EC2A64E8D2D7B759FA3E7E7020E64DC@sonusmail04.sonusnet.com> <E4EC1B17-0CC4-4F79-96DD-84E589FCC4F0@edvina.net> <4E67C3F7.7020304@jesup.org> <8233FBBB-26CE-4822-81A4-65F86A4E8666@edvina.net> <4E67F296.3020007@jesup.org>
To: Randell Jesup <randell-ietf@jesup.org>
X-Mailer: Apple Mail (2.1244.3)
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Encryption mandate
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2011 05:41:26 -0000

8 sep 2011 kl. 00:39 skrev Randell Jesup:

> On 9/7/2011 3:59 PM, Olle E. Johansson wrote:
>> 7 sep 2011 kl. 21:20 skrev Randell Jesup:
>> 
>>> Signalling is secure, so it could even use a direct optional downgrade from SAVP* to AVP* (i.e. similar to the best-effort-strp draft)
>> How can you assert that signalling is secure? When, how?
> 
> I'm assuming the signalling is occurring as SIP over an HTTPS connection to the server, or SIP-over-TLS - haven't really given it a lot of thought other than this connection is securable is we start with an HTTPS connection to the server.

That only guarantees confidentiality the first hop of signalling, provided that the TLS certificates was properly verified. That's a long way from assuming that signalling is secure.

/O