Re: [rtcweb] New use-case proposed
Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 14 May 2012 08:35 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E13D921F85BD for <rtcweb@ietfa.amsl.com>; Mon, 14 May 2012 01:35:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.146
X-Spam-Level:
X-Spam-Status: No, score=-106.146 tagged_above=-999 required=5 tests=[AWL=0.103, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P6dkyyDyWu9B for <rtcweb@ietfa.amsl.com>; Mon, 14 May 2012 01:35:52 -0700 (PDT)
Received: from mailgw1.ericsson.se (mailgw1.ericsson.se [193.180.251.45]) by ietfa.amsl.com (Postfix) with ESMTP id 0F73021F85A0 for <rtcweb@ietf.org>; Mon, 14 May 2012 01:35:51 -0700 (PDT)
X-AuditID: c1b4fb2d-b7bc5ae00000796a-75-4fb0b91f41e4
Received: from esessmw0237.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw1.ericsson.se (Symantec Mail Security) with SMTP id 52.11.31082.F19B0BF4; Mon, 14 May 2012 09:49:51 +0200 (CEST)
Received: from [127.0.0.1] (153.88.115.8) by esessmw0237.eemea.ericsson.se (153.88.115.91) with Microsoft SMTP Server id 8.3.213.0; Mon, 14 May 2012 09:49:50 +0200
Message-ID: <4FB0B91E.30507@ericsson.com>
Date: Mon, 14 May 2012 09:49:50 +0200
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Harald Alvestrand <harald@alvestrand.no>
References: <4FAD0D8C.7020701@ericsson.com> <4FAD3C87.8080908@alvestrand.no>
In-Reply-To: <4FAD3C87.8080908@alvestrand.no>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: AAAAAA==
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] New use-case proposed
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 May 2012 08:35:53 -0000
On 2012-05-11 18:21, Harald Alvestrand wrote: > I propose to reject this use case because it requires yet another > security redesign. > The clue is here: > >> >> - The keying solution must allow each participants to encrypt to >> multiple receivers without any decryption+encryption in the middle node >> > > This means that each participant must use the same encryption keys to > all other participants; this in turn means that when someone leaves the > group, all participants must change their encryption keys; it also means > that as long as shared keys are used for authentication, all > participants can impersonate all other participants. Actually EKT solves this in a very reasonable way. Each participant announces his key using EKT. When a participant leaves all the other participants uses EKT to provide a new key for the media they send. Thus no need for synchronized key roll over anything. When it comes to the security aspect this I would say it is part of the model. SRTP uses symmetric keys, thus anyone can spoof anyone that are inside the session and having access to the crypt context. In centralized conferencing it is the central node that enforces the relation between each other. That can be done both using independent crypto contexts and having shared one. And the arguments around the complexity is not that it on a per stream individual basis is horrible expensive. It is the argument about needing to have the functionality doing decryption and N-1 encryptions for each packet being forwarded to all the others in a N number of participants conference. The argument is to have no need for any media flow encryption and decryption only be part of the key-management. > > In fact, this solution has most of the issues (except for the network > layer deployment issue) that leads me to strongly advocate leaving > multicast out of scope for this effort. > I am not arguing for including IP multicast support. The issue this use case brings up is that one of RTP support for multi-party sessions. This use case makes it clear that a particular level of RTP functionality support is needed. I think almost the same is needed for centralized RTP mixer topologies where the middle node uses its own SSRCs to forward other participants media streams and transfer RTCP feedback messages when not possible to handle in the mixer. Another aspect that we need to bring up here is if there is going to be any support for a WebRTC browser to receive a media stream from A and be capable of forwarding it to B. Without the same features as needed for this use case we must mandate that a browser doing this supports media transcoding. Otherwise congestion control and media control aspects will not be supported enabling media to be delivered. Transcoding obviously gives a significant hit on quality unless the media bit-rate is significantly higher than without transcoding. Cheers Magnus Westerlund ---------------------------------------------------------------------- Multimedia Technologies, Ericsson Research EAB/TVM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- Re: [rtcweb] New use-case proposed Magnus Westerlund
- Re: [rtcweb] New use-case proposed Roman Shpount
- Re: [rtcweb] New use-case proposed Göran Eriksson AP
- [rtcweb] New use-case proposed Stefan Hakansson LK
- Re: [rtcweb] New use-case proposed Justin Uberti
- Re: [rtcweb] New use-case proposed Göran Eriksson AP
- Re: [rtcweb] New use-case proposed Harald Alvestrand
- Re: [rtcweb] New use-case proposed Henry Lum
- Re: [rtcweb] New use-case proposed Harald Alvestrand
- Re: [rtcweb] New use-case proposed Göran Eriksson AP
- Re: [rtcweb] New use-case proposed Dan Wing
- Re: [rtcweb] New use-case proposed Marshall Eubanks
- Re: [rtcweb] New use-case proposed Dan Wing
- Re: [rtcweb] New use-case proposed Michael Welzl
- Re: [rtcweb] New use-case proposed Magnus Westerlund
- Re: [rtcweb] New use-case proposed Oscar Ohlsson