Re: [rtcweb] Security Architecture -07 review

Martin Thomson <martin.thomson@gmail.com> Thu, 25 July 2013 23:12 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EF3621F8F07 for <rtcweb@ietfa.amsl.com>; Thu, 25 Jul 2013 16:12:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BYpDO0QsthyQ for <rtcweb@ietfa.amsl.com>; Thu, 25 Jul 2013 16:12:13 -0700 (PDT)
Received: from mail-wg0-x229.google.com (mail-wg0-x229.google.com [IPv6:2a00:1450:400c:c00::229]) by ietfa.amsl.com (Postfix) with ESMTP id 5D52B21F8EB3 for <rtcweb@ietf.org>; Thu, 25 Jul 2013 16:12:13 -0700 (PDT)
Received: by mail-wg0-f41.google.com with SMTP id n11so196635wgh.2 for <rtcweb@ietf.org>; Thu, 25 Jul 2013 16:12:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=OA7qyIWaxqbgOVD2MkD5T3Infg4pD4TU4JC4GzyUI3g=; b=Z5qj22ZgdIlPSEeiubcPC1s0Y6/UnRXaZsEqApRtHSJJBn0AbTQ9jVJKCfpSvarIJ4 4bQEH8ECc/R4c49AEHvL6RpXkgW7ppSrl1cdW498UduAp/y3Xy/ee5AH6sTMMPhfOhtw b9oOX8GkN78xu1rJjQJ47h5z/xKmZHKd1B8q/itw6mGKQcDqZc/C3a5ts0LlcBJhCDDV miEmQaBQ+02wsETN2CQKtpx5u4o3eBChV6ww6FS0LvM887RUerjZyaSEJ2qyaLenzKTU 4kjN2imOsBdAvZ4gyY8/hnZdIGKG8iweJLVECFh9zKJNSLJP51dRt4i+CakmTjYAjLu0 YQAQ==
MIME-Version: 1.0
X-Received: by 10.180.83.163 with SMTP id r3mr3752346wiy.10.1374793930923; Thu, 25 Jul 2013 16:12:10 -0700 (PDT)
Received: by 10.194.60.46 with HTTP; Thu, 25 Jul 2013 16:12:10 -0700 (PDT)
In-Reply-To: <D96D0971-E3A7-4E96-B3F4-83C2044252B7@cisco.com>
References: <CABkgnnWUZXBRneGnRsA9Xo-rrdw7nAsBR+5SL6SRyjbR+Egfgw@mail.gmail.com> <D96D0971-E3A7-4E96-B3F4-83C2044252B7@cisco.com>
Date: Thu, 25 Jul 2013 16:12:10 -0700
Message-ID: <CABkgnnW71aGwgaX3oBYofQaHP7pFyyh9mGifXdFL=NYiJ+qfYw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Dan Wing <dwing@cisco.com>
Content-Type: text/plain; charset=UTF-8
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Security Architecture -07 review
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jul 2013 23:12:14 -0000

On 25 July 2013 14:54, Dan Wing <dwing@cisco.com> wrote:
>> However, the cookie issue is still a problem.  Removing the
>> certificate and key pair when cookies are cleared is necessary.
>
> Wrapping the DTLS handshake inside a DH exchange would achieve both goals (preventing a super-cookie from being passively observed, as well as giving key continuity).

For passive observers, yes, but I'm not that concerned about them.
After all, they are seeing the flow, so can make all sorts of
inferences based on the flow addressing.

The concern is the first party, who gets the certificate.  Using DH
isn't going to fix that.