Re: [rtcweb] Security Architecture: SDES support is a MUST
Igor Faynberg <igor.faynberg@alcatel-lucent.com> Thu, 19 July 2012 17:41 UTC
Return-Path: <igor.faynberg@alcatel-lucent.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0714721F8803 for <rtcweb@ietfa.amsl.com>; Thu, 19 Jul 2012 10:41:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.599
X-Spam-Level:
X-Spam-Status: No, score=-9.599 tagged_above=-999 required=5 tests=[AWL=1.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lfZCOhde7TWh for <rtcweb@ietfa.amsl.com>; Thu, 19 Jul 2012 10:41:55 -0700 (PDT)
Received: from ihemail1.lucent.com (ihemail1.lucent.com [135.245.0.33]) by ietfa.amsl.com (Postfix) with ESMTP id 3CD0E21F87E0 for <rtcweb@ietf.org>; Thu, 19 Jul 2012 10:41:55 -0700 (PDT)
Received: from usnavsmail2.ndc.alcatel-lucent.com (usnavsmail2.ndc.alcatel-lucent.com [135.3.39.10]) by ihemail1.lucent.com (8.13.8/IER-o) with ESMTP id q6JHgmA5000350 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <rtcweb@ietf.org>; Thu, 19 Jul 2012 12:42:48 -0500 (CDT)
Received: from umail.lucent.com (umail-ce2.ndc.lucent.com [135.3.40.63]) by usnavsmail2.ndc.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id q6JHgmsm014934 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <rtcweb@ietf.org>; Thu, 19 Jul 2012 12:42:48 -0500
Received: from [135.222.232.88] (USMUYN0L055118.mh.lucent.com [135.222.232.88]) by umail.lucent.com (8.13.8/TPES) with ESMTP id q6JHgl8H015618; Thu, 19 Jul 2012 12:42:47 -0500 (CDT)
Message-ID: <50084717.7060301@alcatel-lucent.com>
Date: Thu, 19 Jul 2012 13:42:47 -0400
From: Igor Faynberg <igor.faynberg@alcatel-lucent.com>
Organization: Alcatel-Lucent
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <201207190742.q6J7glf6008744@vivaldi29.register.it> <500834FE.5040809@alcatel-lucent.com> <500835E1.2070502@infosecurity.ch>
In-Reply-To: <500835E1.2070502@infosecurity.ch>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.33
X-Scanned-By: MIMEDefang 2.64 on 135.3.39.10
Subject: Re: [rtcweb] Security Architecture: SDES support is a MUST
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: igor.faynberg@alcatel-lucent.com
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jul 2012 17:41:56 -0000
If both parties have certificates, DTLS will provide end-to-end security. (I have not yet heard a convincing argument why the certificates--I mean not self-signed ones--cannot be used.) And if the parties share a key, DTLS will work, too. Igor On 7/19/2012 12:29 PM, Fabio Pietrosanti (naif) wrote: > On 7/19/12 6:25 PM, Igor Faynberg wrote: >> On 7/19/2012 3:42 AM, Domenico Colella wrote: >>> ... >>> Why a company should buy ( ? expensive ?) DTLS-SRTP gateways (? and >>> compatible with their legacy devices ?) or translators in order to >>> support RTCWeb instead of a SRTMP server/gateway (i.e. open-source >>> free products as Red5) and use FLASH ?.. >> Why is a "DTLS-SRTP gateway" needed--expensive or cheap? DTLS-SRTP is >> end-to-end. > DTLS-SRTP does not provide end-to-end security in the WebRTC model, as > already discussed in this mailing list. > > DTLS-SRTP does provide end-to-end encryption WITHOUT end-to-end security. > > Fabio > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb
- [rtcweb] Security Architecture: SDES support is a… Domenico Colella
- Re: [rtcweb] Security Architecture: SDES support … Igor Faynberg
- Re: [rtcweb] Security Architecture: SDES support … Fabio Pietrosanti (naif)
- Re: [rtcweb] Security Architecture: SDES support … Igor Faynberg
- Re: [rtcweb] Security Architecture: SDES support … Dan Wing
- Re: [rtcweb] Security Architecture: SDES support … Roman Shpount
- Re: [rtcweb] Security Architecture: SDES support … Bernard Aboba
- Re: [rtcweb] Security Architecture: SDES support … Dan Wing
- Re: [rtcweb] Security Architecture: SDES support … Fabio Pietrosanti (naif)
- Re: [rtcweb] Security Architecture: SDES support … Harald Alvestrand
- Re: [rtcweb] Security Architecture: SDES support … Fabio Pietrosanti (naif)
- Re: [rtcweb] Security Architecture: SDES support … Harald Alvestrand
- Re: [rtcweb] Security Architecture: SDES support … Eric Rescorla
- Re: [rtcweb] Security Architecture: SDES support … Dan Wing
- Re: [rtcweb] Security Architecture: SDES support … Alan Johnston
- Re: [rtcweb] Security Architecture: SDES support … domenico.colella