IETF Logo Mail Archive

Re: [rtcweb] Security Architecture: IdP for RTP and RTCP

Emil Ivov <emcho@jitsi.org> Wed, 09 July 2014 11:02 UTC

Return-Path: <emcho@sip-communicator.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0B151A03F2 for <rtcweb@ietfa.amsl.com>; Wed, 9 Jul 2014 04:02:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 40Up9DpSj1gs for <rtcweb@ietfa.amsl.com>; Wed, 9 Jul 2014 04:02:52 -0700 (PDT)
Received: from mail-ve0-f172.google.com (mail-ve0-f172.google.com [209.85.128.172]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F044C1A03F1 for <rtcweb@ietf.org>; Wed, 9 Jul 2014 04:02:51 -0700 (PDT)
Received: by mail-ve0-f172.google.com with SMTP id db12so2332437veb.31 for <rtcweb@ietf.org>; Wed, 09 Jul 2014 04:02:51 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=eT01ZPAJwyK0Y2h9g/dAX2hfsujrcQRPXKp6kBLMOMQ=; b=ZvOFKTxTpS1SlxtwTdw9m7p3GpiGqHvQl93kNegcrfw0b5slNgzch1Z87ZY+5JMWI8 C/qsttICBu6VhVcZEol5sImo7dGyQ5lG/nbdBHgu9gViN75tLWnWwgGAVXZWXx+bD3l0 QeiVLJuLeiYaGfAVHCnnPjM/qSRxgOKjnzECP/1zGTYAePaxtyioTBLX5P4kRFxRunDd Fz+vO/xXlvlc9YN7o87DYdeNw0UvddUHefIjoESzC6Z28ZdynhLMS41RPGX2o7lvzqAK PXVbr6U20lN0ZKQyzQue0X//ZIOjpIHNO5y00HO97elibefnNs65MvxmVgAX0yMFYeVl WYUw==
X-Gm-Message-State: ALoCoQm1RusimYdYfz9UhrzPr//9cngkv9rmuZxUxarjBFOcqsJMxZt5y8qRerA6Maufuj/Tz5XS
X-Received: by 10.220.166.9 with SMTP id k9mr38767802vcy.20.1404903771035; Wed, 09 Jul 2014 04:02:51 -0700 (PDT)
Received: from mail-ve0-f180.google.com (mail-ve0-f180.google.com [209.85.128.180]) by mx.google.com with ESMTPSA id m10sm41237963vdj.28.2014.07.09.04.02.50 for <rtcweb@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 09 Jul 2014 04:02:50 -0700 (PDT)
Received: by mail-ve0-f180.google.com with SMTP id jw12so6923001veb.39 for <rtcweb@ietf.org>; Wed, 09 Jul 2014 04:02:50 -0700 (PDT)
X-Received: by 10.221.40.193 with SMTP id tr1mr1587970vcb.31.1404903770525; Wed, 09 Jul 2014 04:02:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.238.75 with HTTP; Wed, 9 Jul 2014 04:02:29 -0700 (PDT)
In-Reply-To: <CABkgnnUEXCuOcG_p5BpZf8Wz2Y-Pq92XGpmEb5304-uTz9JNuA@mail.gmail.com>
References: <CAOW+2dsVZj56aVL5+79d6RSTZFLwjfWdm=rs7FPnvdWQZHAdfA@mail.gmail.com> <CABkgnnUEXCuOcG_p5BpZf8Wz2Y-Pq92XGpmEb5304-uTz9JNuA@mail.gmail.com>
From: Emil Ivov <emcho@jitsi.org>
Date: Wed, 09 Jul 2014 13:02:29 +0200
Message-ID: <CAPvvaaLKnSfVwY7cKCFJV4ekCaAvi_3bEVPNOQsdT=YNnbTCDQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/AUWO-OrsAU_kZCG1PSFcYtgbnu0
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Security Architecture: IdP for RTP and RTCP
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jul 2014 11:02:54 -0000

On Tue, Jul 8, 2014 at 8:09 PM, Martin Thomson <martin.thomson@gmail.com> wrote:
> I think that the way that we manage identity in a multi-party
> situation probably needs something different to that.  I don't see any
> particular value in terminating RTCP when you aren't also terminating
> RTP, the two are far too tightly coupled.  They shouldn't really have
> been given different names in the first place.

Adding to what others have said: this is only true today because of
the current state of things. In the SFU we are working on, we would
*love* not to terminate RTP encryption (it would mean slashing CPU
requirements by an order of magnitude at least) but we'd still need to
terminate RTCP. Not possible today but that's fixable as long as we
make sure we don't dig ourselves deeper into that hole.

Emil
-- 
https://jitsi.org

v2.23.0 | Report a Bug | By Email