Re: [rtcweb] Asking TLS for help with media isolation

Watson Ladd <watsonbladd@gmail.com> Fri, 04 April 2014 02:49 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F22641A0077 for <rtcweb@ietfa.amsl.com>; Thu, 3 Apr 2014 19:49:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r9d1-q4B3DKM for <rtcweb@ietfa.amsl.com>; Thu, 3 Apr 2014 19:49:39 -0700 (PDT)
Received: from mail-yh0-x231.google.com (mail-yh0-x231.google.com [IPv6:2607:f8b0:4002:c01::231]) by ietfa.amsl.com (Postfix) with ESMTP id 90B1B1A008A for <rtcweb@ietf.org>; Thu, 3 Apr 2014 19:49:39 -0700 (PDT)
Received: by mail-yh0-f49.google.com with SMTP id z6so2581608yhz.8 for <rtcweb@ietf.org>; Thu, 03 Apr 2014 19:49:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=3H67km2LfIOoHh98o/vigyTwKOpKBh2xpPZdavCyPoU=; b=nA8CFRED2cXfItXl8djTE5dwqAgdREiTL7gX3kyYmp1PkFT/S7OAVUO3oC8VGMHsuo H4IcpJ/846M7mmEwVmHrhbS9JMYAp09FuB/FJmiHvvCz+HFA8+76f9KUTQAk9ZVM+qn8 GlDv4ltb9HElLVwGF7JfghuuKl72FKpLi9B1yaI7viPrXcaKJV0I1BW5v/zbzSslTVYf 5EJP9yZLGqqsVZ5leNHEsCYzsVRnbshSlGBZZqp2zki/FpGMC4sfA0GeN6oQw3/4i6Om UAmFNLK7rz94IbcMH9CDUrbIoTEEY2xjnvSVXulUoxgmE8JNgfGIok7PeVPkjMWIm+pS 1zyg==
MIME-Version: 1.0
X-Received: by 10.236.230.41 with SMTP id i39mr13416492yhq.14.1396579774017; Thu, 03 Apr 2014 19:49:34 -0700 (PDT)
Received: by 10.170.63.197 with HTTP; Thu, 3 Apr 2014 19:49:33 -0700 (PDT)
In-Reply-To: <CAOW+2dtKq4S68rNJAKbKbwMEnuD8rMbW4K_LfcjPBg5ps22BGw@mail.gmail.com>
References: <CABkgnnWWuU63Vd=gw+wrh2ADgVYtQzhoRzRE1sv5azJE=MhWDg@mail.gmail.com> <CACsn0cmX55Eewak8GBxBbSFF3v7tRTVqRt0eLwkR2-Tk_V7gHA@mail.gmail.com> <CAOW+2dtKq4S68rNJAKbKbwMEnuD8rMbW4K_LfcjPBg5ps22BGw@mail.gmail.com>
Date: Thu, 03 Apr 2014 19:49:33 -0700
Message-ID: <CACsn0cnJcwjcn8GV1bv4z3=b6RTXKQ1X02Sj6ec-jNmrO9G=bg@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Bernard Aboba <bernard.aboba@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/F256057P1fMo_epLjHbfyNbfZ6Q
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Asking TLS for help with media isolation
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Apr 2014 02:49:45 -0000

On Thu, Apr 3, 2014 at 7:29 PM, Bernard Aboba <bernard.aboba@gmail.com> wrote:
> Martin said:
>
> "I have pointed to draft-thomson-tls-acp as a potential solution here,
> but others have noted that ALPN tokens could be used."
>
> Watson said:
>
> "Putting on my TLS hat, TLS already lets you send data across the
> network securely. Why does this bit need to be treated differently
> from all others?
>
> [BA] As Martin indicates, the desire for isolation needs to be communicated
> to ensure that remote media is not misused.  With either of the TLS
> approaches that Martin has suggested,  the desire for isolation is
> communicated directly between the peers.   Having this occur E2E via media,
> not hop-by-hop via signaling avoids the risk of a MITM preventing isolation
> from being negotiated.

The MITM can kill any TLS connection containing the extension. My
understanding is that signalling data is immutable, hence the need to
ask the browser to generate it.

>
> However once the desire for isolation is communicated E2E (either via ACP or
> ALPN tokens), there is nothing in the SRTP traffic (keyed by DTLS/SRTP) that
> indicates that the traffic is to be isolated.

I don't see why the isolation status cannot be included as an
extension to SRTP. You aren't asking TLS to make extensions for video
resolution and codec after all.

Sincerely,
Watson Ladd

-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin