Re: [rtcweb] A compromise for SDES

Matt Fredrickson <creslin@digium.com> Wed, 17 July 2013 21:50 UTC

Return-Path: <creslin@digium.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A33921F9D75 for <rtcweb@ietfa.amsl.com>; Wed, 17 Jul 2013 14:50:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MV4bn1pmt7zG for <rtcweb@ietfa.amsl.com>; Wed, 17 Jul 2013 14:50:17 -0700 (PDT)
Received: from mail-lb0-f178.google.com (mail-lb0-f178.google.com [209.85.217.178]) by ietfa.amsl.com (Postfix) with ESMTP id 28DAA21F9D2A for <rtcweb@ietf.org>; Wed, 17 Jul 2013 14:50:16 -0700 (PDT)
Received: by mail-lb0-f178.google.com with SMTP id y6so1921840lbh.23 for <rtcweb@ietf.org>; Wed, 17 Jul 2013 14:50:16 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=pjySF9oCt6W2qYcA7EpkCTQElOzoo0IXDf95m3TMsks=; b=fK/fzzevUSBW1V7sGfmldBO89S0oc/1mVQs+Q8xEkvEeZW/82ct00eNKgNIT5842CB i6HzA62dp4gyot0POy41tP8Aq7khX6iUORYjZ7kREpPDb5dQzfNLZdBwz5SdMN0ysNlJ gGRkA6LGc/3DhsQ7som7eVgPLhHhyz0cyUNmO3tl/OsOIWCOh8QF97sOMlNz0EDwsiJl kHVb5Zx/wcyUHacp+uAehM7buI4lqJYltOflN0TX/16MOqDWl6DZEdp8aWCZaBOvFx8g aEYHkKb9+MdwJ1N0jb2qkudcCwt9odDWYRSoF861dY6j6HdlXlWZvJmHzrCBgg0m9uoL jWLA==
MIME-Version: 1.0
X-Received: by 10.112.198.230 with SMTP id jf6mr4127188lbc.11.1374097408868; Wed, 17 Jul 2013 14:43:28 -0700 (PDT)
Received: by 10.112.141.161 with HTTP; Wed, 17 Jul 2013 14:43:28 -0700 (PDT)
In-Reply-To: <AE1A6B5FD507DC4FB3C5166F3A05A484213E3C35@TK5EX14MBXC265.redmond.corp.microsoft.com>
References: <CA+9kkMBuCTdFsUMtmuBz6BnrSJMpHywEZU+x+m8ARnGprvzDzA@mail.gmail.com> <CABkgnnXOa44ZkZj-g6r7Qdk8dwm6m81yT4U=Q23-hE1Q7Hn22w@mail.gmail.com> <F9556428-B6B8-407D-9D62-9A1CC04D4253@oracle.com> <B2DF729D-B313-4D3E-9C06-DA00AF7A14FF@oracle.com> <AE1A6B5FD507DC4FB3C5166F3A05A484213E3C35@TK5EX14MBXC265.redmond.corp.microsoft.com>
Date: Wed, 17 Jul 2013 16:43:28 -0500
Message-ID: <CAHZ_z=yqWc=8vdPGh7GFGib-GsDuby8XBCAm_YfvbxYkK0jb4g@mail.gmail.com>
From: Matt Fredrickson <creslin@digium.com>
To: "Matthew Kaufman (SKYPE)" <matthew.kaufman@skype.net>
Content-Type: multipart/alternative; boundary=001a11c27cacf1530004e1bbfb05
X-Gm-Message-State: ALoCoQlKktQR5RQE/zN5X/tzTEKMu8HS0tslZGHIcr/kACdoH90mIlaWa9ATg84WxjXn2kvp9wGC
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] A compromise for SDES
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jul 2013 21:50:27 -0000

On Wed, Jul 17, 2013 at 3:48 PM, Matthew Kaufman (SKYPE) <
matthew.kaufman@skype.net> wrote:

> Hadriel Kaplan:
> >
> > Howdy,
> > Someone's asked me to explain the compromise I plan on presenting in
> > Berlin now, so we have more time to argue over it or chew on it.  The
> reason
> > I was going to wait is because I wanted to explain how I got to the
> point of
> > thinking such a compromise would make sense.  So I'll try to do that in
> this
> > email, which will make this email long.  Nothin' much I can do about
> that.
> >
> > Obviously this is all my personal opinion, not that of my employer, and
> not a
> > statement claiming to be objective fact, etc.
>
> Likewise, in this reply where, though I like you, I don't like your
> proposal.
>
> >
> > Background:
> > I think many people would agree that SDES has some benefits compared to
> > DTLS for those of us wishing to interface to the SIP world.  Some of
> those
> > benefits are commercial/cost factors, some are more tangible like
> reducing
> > early media clipping.  Whether you agree with such benefits or not, so
> long as
> > WebRTC could support SDES in a sufficiently-secure manner, there'd be
> less
> > concern over having it.  Most of the arguments against SDES have been
> > directed at whether it could in fact be "sufficiently secure".
>  Personally I find
> > most of the arguments against it being secure enough to be essentially
> FUD,
> > and/or also apply to DTLS-SRTP.
>
> I believe that once the entire system is considered, any system that
> allows EKT shares the same security properties as one that allows SDES, and
> one that does not allow EKT requires a decrypt/re-encrypt phase at the
> gateway that is costly.
>
> >
> > On the flip-side, I think the commercial/cost factor for SDES is not a
> strong
> > cause, because I believe the market will bear whatever the extra cost may
> > be. (I wasn't sure of this 2 years ago when this all started, but I'm
> fairly
> > confident of it now)  And I think having only DTLS-SRTP as MTI would
> have a
> > marketing benefit for WebRTC as a technology, which I value highly.
>
> The market might bear the extra cost, but it doesn't mean that it isn't
> extra cost (and extra environmental damage through the extra energy
> consumed).
>
> >
> > Given those personal feelings, I didn't much care either way, so long as
> a
> > decision was made - although I still preferred having SDES to avoid the
> early
> > media clipping problem.  So when I was going to present on this topic
> back in
> > the Vancouver meeting, my last slide basically said: "If we support SDES
> and it
> > turns out later we were wrong, we can always rescind it".  This was
> based on
> > the notion that browsers get updated all the time, especially for
> security
> > issues.
> >
> > But later it occurred to me that's actually the Achilles' heel of
> supporting SDES
> > in WebRTC, for those of us wanting to gateway this stuff to SIP.
>  Imagine if it
> > turns out we were wrong, and some expected-or-unexpected vulnerability is
> > exploited against some large WebRTC service provider, and makes the
> > news/slashdot.  Browser vendors would instantly have new code removing
> > SDES support, and browsers in devices would be updated virtually
> overnight -
> > some users may take a long time to upgrade their specific browsers on
> their
> > specific devices - but many of them would do so within days.  That would
> be
> > untenable for a WebRTC service provider.
>
> I can't imagine such a scenario that couldn't also happen with DTLS-SRTP,
> especially DTLS-SRTP + EKT.
>
> Plus there's lots of counterexamples where major sites have been
> compromised in ways that could have been fixed browser-side, and yet
> browsers didn't bother to update.
>
> And finally, what makes you think that the browser vendors would do
> something like that if the service really was popular? I guess if Google
> and Mozilla wanted everyone using Skype to switch to Internet Explorer they
> could pull such a stunt, but why? (In a hypothetical future where IE has
> webrtc support and Skype supports webrtc-equipped browsers as a platform
> for calling, of course)
>
> > Even the smaller Enterprises take
> > a long time to upgrade code on their servers, so even for them changing
> their
> > gateways to suddenly support DTLS-SRTP would be unrealistic.  Imagine
> what
> > it would be for larger providers, who might even have to deploy more
> > servers to handle the sudden additional overhead of DTLS-SRTP.  Meanwhile
> > a growing perc  entage of their users can no longer use the service.
>  That's
> > bad mojo.
>
> I argue that it'd never happen.
>
> >
> > The things that a WebRTC-to-SIP service provider can control, and
> arguably
> > the much larger use-case for this stuff to begin with, are not really
> true
> > "browsers" anyway - they're web-based-framework device Apps, provided
> > by the service provider to begin with.  I.e., the apps they build using
> web
> > application framework things like PhoneGap/Cordova, Appcelerator
> > Titanium, etc.  I mean using a real Browser is nice for ad-hoc stuff,
> like being
> > able to click on a "talk to a rep" button on a website, or a
> webex/meetecho
> > type thing; but for real communication "service", whether it be as a
> > subscriber of a traditional carrier, or Skype, or an employee of an
> Enterprise,
> > or a call-center attendant, or whatever - for those most people would
> never
> > want to have to open a browser just to receive/make calls.  They'd give
> you
> > an app to use instead.
> >
> > So it's the app use-case that would benefit the most from SDES,
> especially for
> > issues like media clipping.  And the app use-case doesn't have the
> security
> > concerns nor concerns for unforeseen overnight updates.
>
>
> And will probably support SDES.
>
> >
> > The Compromise:
> > So given that background, I was planning to propose that the security doc
> > keep DTLS-SRTP as the only MTI mechanism for browsers, BUT to add a
> > statement that web-based application frameworks SHOULD also support
> > SDES. (with text about why and how, etc.)
>
> Disagree. That leads immediately to half (approximately) of the browser
> ecosystem not supporting SDES. That increases my cost for no true security
> benefit to anyone.
>
> >
> > I don't think this is too controversial, because web-based frameworks are
> > never beholden to following browser behavior anyway - they're used to
> > build a native application, and native applications have a very different
> > security/threat model in practice.  They're written for a specific
> purpose, and
> > installed by users from known sources for that known purpose.
>  Technically,
> > afaik, nothing we do in RTCWEB WG or W3C's WEBRTC group have any
> > requirements/mandates for native applications anyway - an app maker
> > would just ignore something they don't think applies to them - but I
> think
> > web-based frameworks do generally try to follow W3C models for Javascript
> > APIs, and will likely read the IETF RFCs for the media-layer stuff too.
>  So I
> > think having this SHOULD statement would be beneficial.
> >
> > Or if the WG prefers, we could even write a separate doc on what a web-
> > based framework maker should consider supporting/not-supporting. (I can
> > imagine a few other things they might want to offer that a browser can't)
>
>
> They might be able to turn ICE off, even!
>

Amen.  I think ICE will be the first barrier to initiating communications
with legacy equipment anyways... Anybody that can get past the ICE step
will then be allowed to deal with the problems of the mandatorily included
encryption mechanisms as a next step.

I don't know if there is very much "legacy" equipment that will be able to
interop with WebRTC media sessions without some sort of translation.


Matthew Fredrickson