IETF Logo Mail Archive

Re: [rtcweb] Resolving RTP/SDES question in Paris

"Jim Barnett" <Jim.Barnett@genesyslab.com> Mon, 19 March 2012 22:50 UTC

Return-Path: <Jim.Barnett@genesyslab.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63DB621F87C7 for <rtcweb@ietfa.amsl.com>; Mon, 19 Mar 2012 15:50:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.506
X-Spam-Level:
X-Spam-Status: No, score=-2.506 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U+emY9S43MyF for <rtcweb@ietfa.amsl.com>; Mon, 19 Mar 2012 15:50:23 -0700 (PDT)
Received: from relay-out1.dc.genesyslab.com (relay-out1.dc.genesyslab.com [198.49.180.220]) by ietfa.amsl.com (Postfix) with ESMTP id 52B7321F87C0 for <rtcweb@ietf.org>; Mon, 19 Mar 2012 15:50:23 -0700 (PDT)
Received: from g2.genesyslab.com (g2.genesyslab.com [192.168.20.138]) by relay-out1.dc.genesyslab.com (8.13.8+Sun/8.13.8) with ESMTP id q2JMoG5S028237; Mon, 19 Mar 2012 15:50:17 -0700 (PDT)
Received: from NAHALD.us.int.genesyslab.com ([192.168.20.92]) by g2.genesyslab.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 19 Mar 2012 15:50:17 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 19 Mar 2012 15:49:28 -0700
Message-ID: <E17CAD772E76C742B645BD4DC602CD8105EBE8CF@NAHALD.us.int.genesyslab.com>
In-Reply-To: <D75A384B-0F38-4E30-8C03-12E903A69B64@acmepacket.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [rtcweb] Resolving RTP/SDES question in Paris
Thread-Index: AQHNBh74aMnjJsNUq0eXz+PkH27a4pZyN+Gg
References: <4F4759DC.7060303@ericsson.com><387F9047F55E8C42850AD6B3A7A03C6C0E1FEB69@inba-mail01.sonusnet.com><CALiegfnkYVEpmPV-zSL_4wOY-HiFZN-qJCQCiioaS=5NaqhLZw@mail.gmail.com><CAD5OKxvtOAxMBx6xDnyfTnEq76oDEm6uj1xL6wGjjrtKUAHy3g@mail.gmail.com><CABcZeBNZiotPmCfT53uEo+O0xw4xv6tXW1M_G-3A5BHuncsduA@mail.gmail.com><CAD5OKxvYOY5JZ2mYNGiH1poUBQkyOOycePFijH5H+SxtcdqujQ@mail.gmail.com><CABkgnnVe-b6Sv=R67bMJk_NQqQwdrRUn6rBm7Gu_CMcfPQwtEg@mail.gmail.com><CAD5OKxvZbEJ7sV4WPAYoQapzMR_QwAftj-oKg=ioMKHNT792wQ@mail.gmail.com><6F428EFD2B8C2F49A2FB1317291A76C113563C5A92@USNAVSXCHMBSA1.ndc.alcatel-lucent.com><CALiegf=jtkDCS_D0ZFe9UpbiadQ0vsJ+4MppQSbLr-wbaXNrfQ@mail.gmail.com><BLU169-W29E5B86F9E2C6F3126961C93420@phx.gbl><CALiegfk2aT+6Psr4nT-hG1G7eYRBfFCcT+25On2O4HfUXJ6-ng@mail.gmail.com><CAD6AjGSmi9j+sdGWPts20-iwGvGij05ek0OKYEPULC6B=aFpQg@mail.gmail.com><6F428EFD2B8C2F49A2FB1317291A76C113564482A7@USNAVSXCHMBSA1.ndc.alcatel-lucent.com><ADBB75F3-E20C-4EC4-B9C3-EF2E4BFF409C@phonefromhere.com><C! AD5OKxvuE V8Vbq3h7=Zgc KmREjmguvz5n-SpXr2n-EY7a_ddxg@mail.gmail.com><CALiegfk1ozOKPcDjbd3H_z2Edzh4RcZpYyJSWdw_1DJ04muQXA@mail.gmail.com><CAD5OKxu8-+0O0=eE7mD1hi=nPUpEXczGj=bRNQCQL1BW8c-c-Q@mail.gmail.com> <D75A384B-0F38-4E30-8C03-12E903A69B64@acmepacket.com>
From: Jim Barnett <Jim.Barnett@genesyslab.com>
To: Hadriel Kaplan <HKaplan@acmepacket.com>, Roman Shpount <roman@telurix.com>
X-OriginalArrivalTime: 19 Mar 2012 22:50:17.0428 (UTC) FILETIME=[A79BE940:01CD0622]
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2012 22:50:24 -0000

On the matter of the call center/travel site recording your call:  can't
the far-end user agent always record your call, no matter what security
you use?  So in the case of SDES, the call center can record at their
SBC/switch/media server (their in-house MITM), which is easier for them,
but even with DTLS/SRTP couldn't they always record it at the agent
desktop, if they wanted to?

- Jim

-----Original Message-----
From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf
Of Hadriel Kaplan
Sent: Monday, March 19, 2012 6:24 PM
To: Roman Shpount
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris


While I sympathize with the concern that requiring SRTP (regardless of
how the key is learned) is a burden for those use-cases that literally
don't care about SRTP and for which it does not matter, such as a
weather announcement service or an IETF meeting broadcast, I really
think you're 'throwing out the baby with the bath-water' to propose we
either get everything or nothing.  People won't have the identity-stuff
for some time, and it won't be painless to make it work and deployed.
So what you're basically saying is "you only get RTP because you can't
prove end-to-end security".  But such "proof" rarely exists even today.

Today, when you do Email or IM over HTTPS or SMTPS, that email or IM
only goes secure to the server you're doing SMTPS or HTTPS with.  You
have no assurance whatsoever that it stays secure from that point on,
nor that the server doesn't log the email/IM in its entirety.  But that
doesn't mean there's no value in using HTTPS/SMTPS to reach that first
server.  Quite the contrary, there's significant value in it.  Just like
there's value in using HTTPS to reach a web store-front when purchasing
using a credit-card, even though you have no idea what the security is
between the web-store and your actual credit-card company.

In the WebRTC context, for example, I would expect a quite-popular
use-case for WebRTC to be Business websites, such as web-storefronts, or
customer-support sites, or airline/hotel ticket/reservations/upgrades
sites, etc.  When connecting to the web-page of those sites, I would
expect them to be HTTPS once I got to some point of the click-flow
process, if not from the beginning.  If I click a "talk to us for help"
button, I would expect that to be secure as well, as much as the HTTPS
portion was anyway.  In this context, only allowing them to use RTP is
silly.  SDES is reasonably secure in this context, because there is no
other domain the call is going to.  Yes, they have my SRTP key - doesn't
matter; yes they can log my call - doesn't matter.  But at least my
media is secure from my laptop to their server's domain - and that does
matter, and it's all I ever got from using HTTPS.

-hadriel


On Mar 19, 2012, at 2:15 PM, Roman Shpount wrote:

> I guess my question is, when are we going to tell the user that
connection is "secure"? What I really do not want is making the
distinction between secured and unsecured connection so muddy, that a
normal user will never be able to understand the difference and will
agree to anything. Because of this, I would like to see that if
connection is over DTLS-SRTP with a remove party verified by an identity
provider, user would be asked if they would like to communicate with
remote party XYZ. If this is anything else, (DTLS-SRTP with no identity,
SDES-SRTP, or even plain RTP), user should be asked either to allow
unsecure communication with an unknown party, or, completely prohibited
to do so. 
> 
> I do not see the difference, as far as security is concerned, between
SDES-SRTP and plain RTP. If we allow SDES-SRTP for compatibility
reasons, we might as well allow plain RTP. It would be compatible with
more devices and as insecure as SDES-SRTP. There is no requirement that
WebRTC application must use HTTPS for signaling. If the application is
using HTTP, all the "sitting in the airport" examples are as unsecured
with SDES-SRTP as they are with plain RTP.
> 
> I do not think we would be able to force WebRTC application developers
to create a secure application unless they would decide to create care
and effort to develop it as such. Our goal should be to provide
application developers with tools that would allow them to create secure
applications and with mechanisms that would allow users to identify when
their communications are actually secure. Everything else is just adding
random requirements to the standard.
> _____________
> Roman Shpount
> 
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb

_______________________________________________
rtcweb mailing list
rtcweb@ietf.org
https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email