[rtcweb] SDES-SRTP as a platform for multiple key management

"Fabio Pietrosanti (naif)" <lists@infosecurity.ch> Thu, 29 March 2012 19:53 UTC

Return-Path: <lists@infosecurity.ch>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B827C21E801A for <rtcweb@ietfa.amsl.com>; Thu, 29 Mar 2012 12:53:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.535
X-Spam-Level:
X-Spam-Status: No, score=-3.535 tagged_above=-999 required=5 tests=[AWL=0.064, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zv9kMZDCrQCB for <rtcweb@ietfa.amsl.com>; Thu, 29 Mar 2012 12:53:37 -0700 (PDT)
Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) by ietfa.amsl.com (Postfix) with ESMTP id 5BB1621E801F for <rtcweb@ietf.org>; Thu, 29 Mar 2012 12:53:34 -0700 (PDT)
Received: by wibhj6 with SMTP id hj6so328049wib.13 for <rtcweb@ietf.org>; Thu, 29 Mar 2012 12:53:34 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:subject :x-enigmail-version:x-gm-message-state:content-type :content-transfer-encoding; bh=TOMxUUTnHFbbSGQR75YfDAN7Ci8q5Utu9rx1lI7rV4A=; b=A/IhC2tQfLLBVlGdpjSvlzi1gldAj1D08nNLOCvupHQNIrTUABVOvwgWaS7PuYlkxU Bg8/ferE7nNd1vLrQ2jxUbaIUx/Zp3458BuIY/h/SE4iLTUVQUSJheVKULaaeJCtqITF TTNiJE1HYne79b5C/jC263HGd53wboR+8y+l0lS+VGMdJSCgmprpvFCTik1bq6abl61L 7Gp9WicNl616mOqvkbNNHMmtN8us5vFM8nPPs/0dgyOLL+6o6+rx3UQWdyMWh4qye7wT yC8GbVB/1Qv/gF/VoTbFwCr4jozXt82IDi19o6mbBTyyQpBOrANYLBb9b1+/Xtmq+8b3 WrlA==
Received: by 10.180.101.230 with SMTP id fj6mr8764421wib.13.1333050814056; Thu, 29 Mar 2012 12:53:34 -0700 (PDT)
Received: from sonyvaiop13.local (93-32-147-150.ip34.fastwebnet.it. [93.32.147.150]) by mx.google.com with ESMTPS id ff2sm32688146wib.9.2012.03.29.12.53.31 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 29 Mar 2012 12:53:32 -0700 (PDT)
Sender: Fabio Pietrosanti <naif@infosecurity.ch>
Message-ID: <4F74BDBA.4020701@infosecurity.ch>
Date: Thu, 29 Mar 2012 21:53:30 +0200
From: "Fabio Pietrosanti (naif)" <lists@infosecurity.ch>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: "<rtcweb@ietf.org>" <rtcweb@ietf.org>
X-Enigmail-Version: 1.4
X-Gm-Message-State: ALoCoQlFFHWu8bpXzREMfIrL4MJegTItn8WYHaD2kkvCsmi5QiUdSD9/jbC+HVDYho7EaxOq5yNA
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [rtcweb] SDES-SRTP as a platform for multiple key management
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2012 19:53:40 -0000

Hi all,

i've been thinking that one of the very interesting elements about the
support of SDES-SRTP, is that, other than providing compatibility with
existing telephony ecosystem, it may allow the implementation of custom
key managegement systems.

Basically if WebRTC would introduce support for SDES-SRTP and w3c would
define API to handle SDES SDP call keys, it would become possible to
further implement in Javascript additional key management systems.

For example someone may implement a javascript application to be
provided from an https source or browser extension additional to
implement OpenPGPJS based identity verification (http://openpgpjs.org/)
or integration with DH based key exchange
(https://github.com/kaepora/cryptocat/).

So basically a side-effect of introducing SDES-SRTP, could be to let
HTML5 application developers, to effectively be able to implement custom
security mechanisms for voice applications.

-- 
Fabio Pietrosanti
Founder, CTO

Tel: +39 02 85961748 (direct)
Mobile: +39 340 1801049
E-mail: fabio.pietrosanti@privatewave.com
Skype: fpietrosanti
Linkedin: http://linkedin.com/in/secret

PrivateWave Italia S.p.A.
Via Gaetano Giardino 1 - 20123 Milano - Italy
www.privatewave.com