Re: [rtcweb] SRTP not mandatory-to-use
Roman Shpount <roman@telurix.com> Thu, 05 January 2012 11:56 UTC
Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F02F821F87B0 for <rtcweb@ietfa.amsl.com>; Thu, 5 Jan 2012 03:56:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sDA+WQ76Mv2Z for <rtcweb@ietfa.amsl.com>; Thu, 5 Jan 2012 03:56:51 -0800 (PST)
Received: from mail-tul01m020-f172.google.com (mail-tul01m020-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 0DD9B21F87A2 for <rtcweb@ietf.org>; Thu, 5 Jan 2012 03:56:50 -0800 (PST)
Received: by obcuz6 with SMTP id uz6so579491obc.31 for <rtcweb@ietf.org>; Thu, 05 Jan 2012 03:56:50 -0800 (PST)
Received: by 10.50.168.2 with SMTP id zs2mr2174957igb.21.1325764610492; Thu, 05 Jan 2012 03:56:50 -0800 (PST)
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) by mx.google.com with ESMTPS id i2sm91909735igq.6.2012.01.05.03.56.47 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 05 Jan 2012 03:56:48 -0800 (PST)
Received: by pbdd12 with SMTP id d12so360822pbd.31 for <rtcweb@ietf.org>; Thu, 05 Jan 2012 03:56:47 -0800 (PST)
MIME-Version: 1.0
Received: by 10.68.72.164 with SMTP id e4mr4529778pbv.95.1325764607071; Thu, 05 Jan 2012 03:56:47 -0800 (PST)
Received: by 10.68.44.197 with HTTP; Thu, 5 Jan 2012 03:56:46 -0800 (PST)
In-Reply-To: <4F052B03.8090101@jesup.org>
References: <CAErhfrwu322=HTS0JZhum9EGfb73KmYS6CU_KMESyzEWhtvg2w@mail.gmail.com> <CABcZeBOeg-O+6===5tk0haxC8nLxUQyEUFRES2FAoFEf00fKng@mail.gmail.com> <CAErhfrxTKdo7Z+61x5ZcDt5ZM7C7ob5LNxMzwng_kk3Uqrp2_Q@mail.gmail.com> <4F01A790.4060704@alvestrand.no> <4F02A061.60905@jesup.org> <E44893DD4E290745BB608EB23FDDB762141EF8@008-AM1MPN1-042.mgdnok.nokia.com> <4F035DD5.3050305@jesup.org> <CAOJ7v-1dziaA_ePCuMxjn6uhBgOH=ZVybUmLBwQi5qiuyOzDMA@mail.gmail.com> <BLU152-W469B2EB104C104547FC42393960@phx.gbl> <CAD5OKxuE0VhSsjKggj1mLOseLeDXarujvAG44yHkuZttagJggw@mail.gmail.com> <CAKhHsXHnT2p7yncha5-BQ=-Lzk3-N+tuijM-UqwfP1mPUi173A@mail.gmail.com> <CAD5OKxuH4v2Cs4Wx2SermhqX0SdH_rXUYgMms1UV3xo1_EsN-Q@mail.gmail.com> <CA+9kkMCXACEo0QOLR-pw0AHuRJzKuKEiL7E5Oh8va9wWuFmbow@mail.gmail.com> <BLU152-W587F56E976F80F9BA6308493940@phx.gbl> <CAD5OKxtkKxUC2RNibk-9+R8LqVdsaY_19DCgB=rFDjpxQVGCnQ@mail.gmail.com> <4F052B03.8090101@jesup.org>
Date: Thu, 05 Jan 2012 06:56:46 -0500
Message-ID: <CAD5OKxv+nsk7082URKz5hDbWhgGFAGx6st0TrWTsph+7NKPPiw@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Randell Jesup <randell-ietf@jesup.org>
Content-Type: multipart/alternative; boundary="f46d040f9ba675d44904b5c6a00d"
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] SRTP not mandatory-to-use
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2012 11:56:52 -0000
On Wed, Jan 4, 2012 at 11:45 PM, Randell Jesup <randell-ietf@jesup.org>wrote: > As Eric R. would probably tell you, you not only have to worry about > bid-down attacks (and they're important), but also the "threat model" for > rtcweb is that we don't trust: > a) the JS application > b) the service provider/website > to maintain security and privacy for our conversation. The JS application > may be malicious or may have been subverted without knowledge of the > provider, or the provider may have been compromised (by an attacker or by > legal force) even if they're not actively evil. > > I agree that there are a lot of other threat models, but none of this is addressed with a standard SRTP. If we design a different protocol (or key management schema) and create an appropriate UI to give access to this we can solve these problems. But, as most of us already know with HTTPS, users will not care/know enough to use this new UI to actually verify anything, so we will be dealing with the same set of security problems. So, from this point of view I am not sure these problems can (and should be solved). Also, keep in min that while adding identity to communication we should still allow for anonymous calls. If you mandate SRTP (and use DTLS-SRTP), then the application and the > website never have access to the keys, and you have end-to-end security > (modulo gateways). If you combine that with the identity mechanisms from > ekr's draft/presentation at Taipei, and you have verified, no MITM, > end-to-end encryption. (Without identity info, we have no way to detect a > MITM attack, especially if brokered by the service provider.) > Side note: SDES generally has the same problem; the JS app and service > provider/website have access to the keys. (With some pain we might be able > to encrypt the SDES keys themselves, but I'm not sure that's practical.) > > The "interop with legacy needs no SRTP or optional SRTP" argument fails if > we have to go through a gateway to get to legacy equipment anyways. And > though I've tried hard to find a practical way around it, the 'consent' > requirements handled by using ICE/etc end up requiring us to use a gateway. > If you're using a gateway to talk to legacy devices and/or PSTN gateways, > you can include SRTP in the gateway for the webrtc side. > > We are actually talking here about things that do not yet exist (like end-to-end identity in SRTP) or never saw any real deployment (like DTLS-SRTP). At this point we might as well design a new protocol. Let's replace ICE while we are at it, and have a protocol that does key exchange, media consent (including bandwidth and media type consent which is not part of anything now) in one transaction. I know it is tempting to use layered approach, but each layer we add slows down the connection time and compromises interop and security. At least this way a WebRTC implementer would not need to support 10 random parts of 50 different RFCs. I agree with your point on legacy gateways. My main concern is a barrier to entry in implementation of anything that communicates with WebRTC. The more things needs to be implemented, working, and tested at the same time, the harder it is to implement. With current approach, SRTP, ICE, RTP, and codec support need to start working together. If we have an ability to turn off SRTP, the other components are much easier to debug. If we provide no access to key exchange, it would be almost impossible to identify bad payload due to bad codec or media processing failure generated by a third party component. I have to do interop with new implementations which support encryption on the regular basis. Most of the communications from third parties start with "can we turn the encryption off for debugging?" or "can we turn the encryption off during development?". _____________ Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Xavier Marjou
- [rtcweb] SRTP not mandatory-to-use Xavier Marjou
- Re: [rtcweb] SRTP not mandatory-to-use Eric Rescorla
- Re: [rtcweb] SRTP not mandatory-to-use Iñaki Baz Castillo
- Re: [rtcweb] SRTP not mandatory-to-use Markus.Isomaki
- Re: [rtcweb] SRTP not mandatory-to-use Xavier Marjou
- Re: [rtcweb] SRTP not mandatory-to-use Igor Faynberg
- Re: [rtcweb] SRTP not mandatory-to-use Roy, Radhika R USA CIV (US)
- Re: [rtcweb] SRTP not mandatory-to-use Eric Rescorla
- Re: [rtcweb] SRTP not mandatory-to-use Harald Alvestrand
- Re: [rtcweb] SRTP not mandatory-to-use Randell Jesup
- Re: [rtcweb] SRTP not mandatory-to-use Markus.Isomaki
- Re: [rtcweb] SRTP not mandatory-to-use Randell Jesup
- Re: [rtcweb] SRTP not mandatory-to-use Justin Uberti
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Ted Hardie
- Re: [rtcweb] SRTP not mandatory-to-use Eric Rescorla
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Eric Rescorla
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Randell Jesup
- Re: [rtcweb] SRTP not mandatory-to-use Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Alan Johnston
- Re: [rtcweb] SRTP not mandatory-to-use Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Ted Hardie
- Re: [rtcweb] SRTP not mandatory-to-use Ted Hardie
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Justin Uberti
- Re: [rtcweb] SRTP not mandatory-to-use Olle E. Johansson
- Re: [rtcweb] SRTP not mandatory-to-use Randell Jesup
- Re: [rtcweb] SRTP not mandatory-to-use Stefan Hakansson LK
- Re: [rtcweb] SRTP not mandatory-to-use Ravindran, Parthasarathi
- Re: [rtcweb] SRTP not mandatory-to-use Harald Alvestrand
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Cullen Jennings
- Re: [rtcweb] SRTP not mandatory-to-use Kevin P. Fleming
- Re: [rtcweb] SRTP not mandatory-to-use Alan Johnston
- Re: [rtcweb] SRTP not mandatory-to-use Ted Hardie
- Re: [rtcweb] SRTP not mandatory-to-use Randell Jesup
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Ravindran, Parthasarathi
- Re: [rtcweb] SRTP not mandatory-to-use Spencer Dawkins
- Re: [rtcweb] SRTP not mandatory-to-use Ravindran, Parthasarathi
- Re: [rtcweb] SRTP not mandatory-to-use Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] SRTP not mandatory-to-use Eric Rescorla
- Re: [rtcweb] SRTP not mandatory-to-use Ravindran, Parthasarathi
- Re: [rtcweb] SRTP not mandatory-to-use Iñaki Baz Castillo
- Re: [rtcweb] SRTP not mandatory-to-use Ravindran, Parthasarathi
- Re: [rtcweb] SRTP not mandatory-to-use Iñaki Baz Castillo
- Re: [rtcweb] SRTP not mandatory-to-use Ravindran, Parthasarathi
- Re: [rtcweb] SRTP not mandatory-to-use Justin Uberti
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Randell Jesup
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Eric Rescorla
- Re: [rtcweb] SRTP not mandatory-to-use Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Randell Jesup
- Re: [rtcweb] SRTP not mandatory-to-use Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Justin Uberti
- Re: [rtcweb] SRTP not mandatory-to-use Justin Uberti
- Re: [rtcweb] SRTP not mandatory-to-use Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Eric Rescorla
- Re: [rtcweb] SRTP not mandatory-to-use Ravindran, Parthasarathi
- [rtcweb] JSEP draft query [was RE: SRTP not manda… Ravindran, Parthasarathi
- Re: [rtcweb] SRTP not mandatory-to-use Cullen Jennings
- [rtcweb] state of libsrtp maintenance? (Re: SRTP … Harald Alvestrand
- Re: [rtcweb] JSEP draft query [was RE: SRTP not m… Harald Alvestrand
- Re: [rtcweb] SRTP DTLS - SIPit Olle E. Johansson
- Re: [rtcweb] JSEP draft query [was RE: SRTP not m… Ravindran, Parthasarathi
- Re: [rtcweb] SRTP not mandatory-to-use Ravindran, Parthasarathi
- Re: [rtcweb] state of libsrtp maintenance? (Re: S… Roman Shpount
- Re: [rtcweb] state of libsrtp maintenance? (Re: S… Eric Rescorla
- Re: [rtcweb] SRTP DTLS - SIPit Eric Rescorla
- Re: [rtcweb] SRTP DTLS - SIPit Hannes Tschofenig
- Re: [rtcweb] state of libsrtp maintenance? (Re: S… Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Oscar Ohlsson
- Re: [rtcweb] state of libsrtp maintenance? (Re: S… Randell Jesup
- Re: [rtcweb] SRTP not mandatory-to-use Ted Hardie
- Re: [rtcweb] SRTP not mandatory-to-use Eric Rescorla
- Re: [rtcweb] SRTP not mandatory-to-use Harald Alvestrand
- Re: [rtcweb] SRTP not mandatory-to-use Oscar Ohlsson
- Re: [rtcweb] Security analysis of RTCWEB Bernard Aboba
- Re: [rtcweb] Security analysis of RTCWEB Eric Rescorla
- Re: [rtcweb] Security analysis of RTCWEB Igor Faynberg
- Re: [rtcweb] Security analysis of RTCWEB Bernard Aboba
- Re: [rtcweb] state of libsrtp maintenance? (Re: S… Cullen Jennings