IETF Logo Mail Archive

Re: [rtcweb] Consent freshness - revisiting the RTCP option

Eric Rescorla <ekr@rtfm.com> Tue, 08 May 2012 22:00 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F0339E8006 for <rtcweb@ietfa.amsl.com>; Tue, 8 May 2012 15:00:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qxTnXvRMXFVs for <rtcweb@ietfa.amsl.com>; Tue, 8 May 2012 15:00:28 -0700 (PDT)
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id BC57E9E8001 for <rtcweb@ietf.org>; Tue, 8 May 2012 15:00:28 -0700 (PDT)
Received: by vbbez10 with SMTP id ez10so2099968vbb.31 for <rtcweb@ietf.org>; Tue, 08 May 2012 15:00:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:x-gm-message-state; bh=hguICqtfIx5DlrwzrLebS+2DXZtFF14wh3lgKSkEc6k=; b=AhgPvn1BB+WbGA6trp503acgmzQqmFKq40zC/kT6NyhZYuYNKrYlCmnSxWVoLCMP0E d60B56JhyJAkpxz7nwoevcquCtoncoHinW54EDEZiENUpsuwPVcILosItqD25RQoSHga 5xApBEVP9bFmXA2IBXUhmBCWGn1ig7QRRvllHp4ZxGyS0yVl2X0gWq4v1kuDYedXnzGq ATiaKaL1itOaZ3FQdch+2HQ000gNbio2d2TiI+wtCQSP2QeHjTYYhCTQYI0OOcY1SuMZ pQF4TJE7hX/fWwQ5Dp8At2Hts8N3uidmBCDYj1LdgJn4g169MpTtdCyslAv3lsa3yNHg u3NA==
Received: by 10.220.141.79 with SMTP id l15mr13173994vcu.48.1336514425032; Tue, 08 May 2012 15:00:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.19.233 with HTTP; Tue, 8 May 2012 14:59:44 -0700 (PDT)
X-Originating-IP: [63.245.220.224]
In-Reply-To: <4FA99618.9050700@alvestrand.no>
References: <4FA99618.9050700@alvestrand.no>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 08 May 2012 14:59:44 -0700
Message-ID: <CABcZeBMqGdKEFsxncK0fuVJnpyR2_hDbdfmcH4wTz_x-Q1iPUA@mail.gmail.com>
To: Harald Alvestrand <harald@alvestrand.no>
Content-Type: text/plain; charset="ISO-8859-1"
X-Gm-Message-State: ALoCoQnpqMssvPnzZ5zUYg62K+cbHcOHbpVKN3VYS74hh+VKGOEfiPPOG4Dgg5iy6hFc5AUcVJx/
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Consent freshness - revisiting the RTCP option
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2012 22:00:29 -0000

On Tue, May 8, 2012 at 2:54 PM, Harald Alvestrand <harald@alvestrand.no> wrote:
> Just because I realized I didnt understand something, I ask.....
>
> We rejected RTCP RR as a consent freshness mechanism because RR is trivial
> to fake.
> But - now we have SRTP as mandatory-to-use, which means that all RTCP RRs
> are integrity protected, origin authenticated and replay protected (do I
> have that right?).
>
> What is the reason why this is not sufficient protection to use RTCP RR as a
> consent freshness mechanism?

This isn't a complete analysis, but if you are using SDES for key management,
then the site knows the SRTCP keys, so I don't *think* SRTCP is buying you
much. I haven't thought through this completely though, so maybe there is
still some additional value.

-Ekr

v2.23.0 | Report a Bug | By Email