Re: [rtcweb] Encryption mandate

Matthew Kaufman <> Wed, 07 September 2011 22:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5F8EB21F8E23 for <>; Wed, 7 Sep 2011 15:30:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.636
X-Spam-Status: No, score=-5.636 tagged_above=-999 required=5 tests=[AWL=0.963, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XjRIAdX2-vyv for <>; Wed, 7 Sep 2011 15:30:57 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 8B58521F8744 for <>; Wed, 7 Sep 2011 15:30:57 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 331C9CF; Thu, 8 Sep 2011 00:32:47 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=mx; bh=hrSIWoFKAkSeyg rHsuIUnBS6uSw=; b=cEk/KKki5P+LTAlxH4pLdIbIn45j7I3tMzv93RomOYMWu5 lAchk4IQJpWTCUCkvJF8NASUguGfuz2h3++SzqGvEWRyFYi6Te+78L6A1BwADkET PKbJ7UEWD21r1lQe5fVTTmZ1jc7m+BZO6Z3vzzwx51Q6hCRI7SVToscWM2D0A=
DomainKey-Signature: a=rsa-sha1; c=nofws;; h=message-id:date:from :mime-version:to:cc:subject:references:in-reply-to:content-type: content-transfer-encoding; q=dns; s=mx; b=WYDv3+gHhXMWBFoHolY9W5 OvtPr3AKZXOrPv5peDiuUQ+ve7oE1zamRckR8XlhPbwtjufsjWwuGM9ZR3eY4m3a tvSqwfQFzqxcpuFajG7JKSkyjWS4wcG0Wdi18bpCAi/izKzcGJRFb+mOdIFX9RjL 0wEhvIpz1+dlJNkdJ6ZV4=
Received: from ( []) by (Postfix) with ESMTP id 2806F7FD; Thu, 8 Sep 2011 00:32:47 +0200 (CEST)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0EAA13507A38; Thu, 8 Sep 2011 00:32:47 +0200 (CEST)
X-Virus-Scanned: amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id BRnC+rO9MGpo; Thu, 8 Sep 2011 00:32:46 +0200 (CEST)
Received: from Matthew-Kaufman-Air.local ( []) by (Postfix) with ESMTPSA id 66BD635081E9; Thu, 8 Sep 2011 00:32:45 +0200 (CEST)
Message-ID: <>
Date: Wed, 07 Sep 2011 15:32:43 -0700
From: Matthew Kaufman <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
MIME-Version: 1.0
To: "Olle E. Johansson" <>
References: <> <> <> <><> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [rtcweb] Encryption mandate
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 07 Sep 2011 22:30:58 -0000

On 9/7/11 12:59 PM, Olle E. Johansson wrote:
> 7 sep 2011 kl. 21:20 skrev Randell Jesup:
>> Splitting the two topics....
>> On 9/7/2011 3:07 AM, Olle E. Johansson wrote:
>>> To fearlessly  jump into another can of worms, I still think we should have confidentiality - SRTP - by default. We know that these applications will run on a myriad of devices on a myriad of networks and it will not work to let users have to decided whether or not they want confidentiality. If Skype did not have confidentiality by default, there would be articles every summer and xmas in the evening taboloids about how easy it is to listen in to your neighbours calls and that would have hurted Skype badly.
>> There is a strong argument for this.  The strongest argument for the other side is  you don't need a media gateway to talk to non-WebRTC endpoints, just a signalling gateway.  This means less delay potentially (especially if the application provider has gateways only in one geographic location) and less expense for the server provider for a pretty common usecase (gateway to PSTN).  The delay could be a significant issue.
>> It was also brought up that some usecases for internal PBX/business use would not need/prefer forced encryption.  As mentioned at the meeting, encrypting to the media gateway only gets you a modicum of privacy (though it might protect you from the "neighbor's wifi capture" case).
>> You could make forced-encryption the default, and allow the application control over whether to allow it is turned off for specific cases, like a PSTN call, or under the server's control.
> If that's the case, we have to force a UI directive that all browsers adapt - like the green bar for EV certs - so the user is aware that confidentiality is missing. ...

I started to address this issue in my security inspector draft. Feel 
free to comment on this so we can improve upon those requirements.

Also, I think we want to have confidentiality with a specific set of 
requirements, namely those that you get if you use DTLS-SRTP with DH and 
AES, not just "SRTP".

Matthew Kaufman