Re: [rtcweb] No Interim on SDES at this juncture

Roman Shpount <roman@telurix.com> Thu, 20 June 2013 23:31 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43F0421F9A70 for <rtcweb@ietfa.amsl.com>; Thu, 20 Jun 2013 16:31:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.84
X-Spam-Level:
X-Spam-Status: No, score=-1.84 tagged_above=-999 required=5 tests=[AWL=0.137, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ljPaoOVHL+Yu for <rtcweb@ietfa.amsl.com>; Thu, 20 Jun 2013 16:31:53 -0700 (PDT)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) by ietfa.amsl.com (Postfix) with ESMTP id 5649C21F9A64 for <rtcweb@ietf.org>; Thu, 20 Jun 2013 16:31:53 -0700 (PDT)
Received: by mail-wi0-f181.google.com with SMTP id hq4so87195wib.2 for <rtcweb@ietf.org>; Thu, 20 Jun 2013 16:31:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=NgM/0NgVNRybA4Sx/lSVTIJi/Rax0cr1FaYqTUr+df4=; b=Z+lXSNHD8jZyWTl6CWn1RQjTCroJgMqK3cnfTUoNj8AIDIj2aTmeDXRSX2Y5sabU7R 1ECVEscZsGZ27x9HDY8sE5t8Uh67ejzPCyxBdMbu00GlXwrOrJ23wlBE/X1pofzRk3+9 P3Q37fHd78vZ1wqd4TszPOwlzuFQWEOdLe9z1WERccmPwxFUHkG8jMgnVBGRYa7NetCZ +Yo2UCxD8t/exqhR6qb+wKMaCzPvJlglUftxcnyEk8XAzPBbPyWT1FU16UVEfYJrs7Sa t+aRMshnvZu1b27MhUX2ICo8hDzKW8nKtwIgEFsQyZk94qceylnHqf0bd2zG7rrAL1qE JKbg==
X-Received: by 10.194.108.73 with SMTP id hi9mr2256075wjb.85.1371771112516; Thu, 20 Jun 2013 16:31:52 -0700 (PDT)
Received: from mail-we0-x233.google.com (mail-we0-x233.google.com [2a00:1450:400c:c03::233]) by mx.google.com with ESMTPSA id w4sm2407815wia.9.2013.06.20.16.31.51 for <rtcweb@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 20 Jun 2013 16:31:51 -0700 (PDT)
Received: by mail-we0-f179.google.com with SMTP id w59so5888479wes.38 for <rtcweb@ietf.org>; Thu, 20 Jun 2013 16:31:50 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.194.173.71 with SMTP id bi7mr7349852wjc.2.1371771110626; Thu, 20 Jun 2013 16:31:50 -0700 (PDT)
Received: by 10.216.221.202 with HTTP; Thu, 20 Jun 2013 16:31:50 -0700 (PDT)
In-Reply-To: <CAL02cgSG+AntWvyyyGFoQ3zXkZtpd6pVCHfpiCZjSV_3rdj=6Q@mail.gmail.com>
References: <CA+9kkMDnjCNXGV0GU7x6gbbZMf4WiEuVvCRY8_Fix5tmdOB-Kg@mail.gmail.com> <AD220324-EEE7-4800-8512-FD7BADA9EC34@oracle.com> <CA+9kkMDY2Z_5_1uYJ1K_ZmrJB2a1-RE7V3aPqNHQg82DyagjCg@mail.gmail.com> <2975A93F-44DA-4020-B4DE-42E7ED98C08F@oracle.com> <51BAC9BC.6070708@ericsson.com> <94846970-4694-4EC8-AEFA-AEECEE0135AA@oracle.com> <51C02EE8.5070809@ericsson.com> <AE1A6B5FD507DC4FB3C5166F3A05A4841A2C78AD@TK5EX14MBXC273.redmond.corp.microsoft.com> <CAL02cgTFSbYSX7v3q37tsjzaPMshyyBroGWr=qmy-HGm82GJFg@mail.gmail.com> <AE1A6B5FD507DC4FB3C5166F3A05A4841A2C7EF8@TK5EX14MBXC273.redmond.corp.microsoft.com> <CAL02cgQMkHu-NqEeScT2ObfknJ+3OjXi7Y=7rUJtqeu3CbewMQ@mail.gmail.com> <8E9D2A9F-3D8B-4480-A85D-320CF30FEAA6@oracle.com> <9F33F40F6F2CD847824537F3C4E37DDF115D2D76@MCHP04MSX.global-ad.net> <CAD5OKxvMGD=e3rHta9aLRAOAM022V0hzcp6nJbmG+GAxBohS6g@mail.gmail.com> <9F33F40F6F2CD847824537F3C4E37DDF115D2E8D@MCHP04MSX.global-ad.net> <CAD5OKxs6kbMRhK5S8XYywAbfcEKyBnmBw=7nAgKeLed8iGx-uw@mail.gmail.com> <CAL02cgSG+AntWvyyyGFoQ3zXkZtpd6pVCHfpiCZjSV_3rdj=6Q@mail.gmail.com>
Date: Thu, 20 Jun 2013 19:31:50 -0400
Message-ID: <CAD5OKxve5HmcnZqwUhj2ts0GQhxgWdJm-4cK3NuA27E0yKvRVw@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Richard Barnes <rlb@ipv.sx>
Content-Type: multipart/alternative; boundary=089e0112cf9ac31c4004df9e59bf
X-Gm-Message-State: ALoCoQk3kx4yr3Drydmb5uXYTdDqeVzoHwRw5yBVuDnVEFdUYo/c0Uz7VewdDqF3knHNHZr/y63G
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] No Interim on SDES at this juncture
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jun 2013 23:31:54 -0000

On Thu, Jun 20, 2013 at 7:09 PM, Richard Barnes <rlb@ipv.sx>; wrote:

> The path from end to end media path is not the same as the path from end
> to middle (signaling path).  SRTP in general (without assumptions on key
> management) protects against a passive attacker that is on the media path
> but not on the signaling path.
>

My point is that if I can intercept all the traffic from the end point and
the end point uses HTTP to send the keys I can decode everything sent over
SRTP. This means we have one very insecure point. The whole system is as
secure as the least secure portion of it. Thus SRTP with plain HTTP is
exactly as secure as plain RTP (ie not at all).


> If, in addition, the browser does not expose media keys to JS (as is
> required for SDES), then even an active attacker who hijacks the HTTP
> connection to inject scripts cannot access the media keys


DTLS is only slightly more secure with plain HTTP and no identity, since I
would need to hijack the HTTP session and decode/encode media. A bit more
work but marginally so.

Following this logic, should not this group outlaw WebRTC sessions from not
HTTPS sources?
_____________
Roman Shpount