Re: [rtcweb] Consensus call regarding media security

"Ravindran, Parthasarathi" <> Thu, 29 March 2012 17:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C6D3721E80B2 for <>; Thu, 29 Mar 2012 10:01:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.221
X-Spam-Status: No, score=-5.221 tagged_above=-999 required=5 tests=[AWL=1.378, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id MLFssQ2n2OPA for <>; Thu, 29 Mar 2012 10:01:54 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id A2B8121E8053 for <>; Thu, 29 Mar 2012 10:01:53 -0700 (PDT)
Received: from ([]) (using TLSv1) by ([]) with SMTP ID; Thu, 29 Mar 2012 10:01:53 PDT
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Thu, 29 Mar 2012 13:02:13 -0400
Received: from ([fe80::8d0f:e4f9:a74f:3daf]) by ([fe80::5cbc:2823:f6cc:9ce7%11]) with mapi id 14.01.0355.002; Thu, 29 Mar 2012 22:31:47 +0530
From: "Ravindran, Parthasarathi" <>
To: Magnus Westerlund <>, "" <>
Thread-Topic: [rtcweb] Consensus call regarding media security
Thread-Index: AQHNDPJEz8d54ZuGqkmrgP2aJufnWZaBgBgw
Date: Thu, 29 Mar 2012 17:02:08 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [rtcweb] Consensus call regarding media security
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 29 Mar 2012 17:01:54 -0000

WebRTC trust model has to be considered as one of the main factor for deciding the key mechanism. AFAIK, SDES does not fit into WebRTC as Dr.Evil HTTPS RTCWeb server must be trusted in case of SDES. There is no means to track or analyze whether Dr.Evil involves in monitoring or recording or terminate the media traffic.  It will be good in case whoever advocate for SDES explain how SDES fits within WebRTC trust model.


>-----Original Message-----
>From: [] On Behalf
>Of Magnus Westerlund
>Sent: Wednesday, March 28, 2012 8:20 PM
>Subject: [rtcweb] Consensus call regarding media security
>In todays RTCWEB WG meeting there was discussion around media security
>mechanism. In this meeting there was some clear consensus in the meeting
>which we would like to confirm on the list.
>The first was that there was overwhelming consensus that all RTP packets
>SHALL be protected by SRTP.
>Secondly that no one objected against making DTLS-SRTP a mandatory to
>implement and the default keying mechanism. Additional mechanisms are
>not precluded.
>WG participants may state their position regarding these consensus calls
>until 12th of April when the chairs will declare the final consensus. If
>you where present in the meeting room and comment on this, please
>indicate that.
>Best Regards
>Magnus Westerlund
>For the WG chairs
>rtcweb mailing list