IETF Logo Mail Archive

Re: [rtcweb] Resolving RTP/SDES question in Paris

Hadriel Kaplan <HKaplan@acmepacket.com> Tue, 20 March 2012 03:20 UTC

Return-Path: <HKaplan@acmepacket.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8AE821F8829 for <rtcweb@ietfa.amsl.com>; Mon, 19 Mar 2012 20:20:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.538
X-Spam-Level:
X-Spam-Status: No, score=-2.538 tagged_above=-999 required=5 tests=[AWL=0.061, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ueus+xJd6eGP for <rtcweb@ietfa.amsl.com>; Mon, 19 Mar 2012 20:20:50 -0700 (PDT)
Received: from etmail.acmepacket.com (etmail.acmepacket.com [216.41.24.6]) by ietfa.amsl.com (Postfix) with ESMTP id 2124021F8826 for <rtcweb@ietf.org>; Mon, 19 Mar 2012 20:20:49 -0700 (PDT)
Received: from MAIL1.acmepacket.com (10.0.0.21) by etmail.acmepacket.com (216.41.24.6) with Microsoft SMTP Server (TLS) id 8.2.254.0; Mon, 19 Mar 2012 23:20:48 -0400
Received: from MAIL2.acmepacket.com ([169.254.2.166]) by Mail1.acmepacket.com ([169.254.1.170]) with mapi id 14.02.0283.003; Mon, 19 Mar 2012 23:20:47 -0400
From: Hadriel Kaplan <HKaplan@acmepacket.com>
To: "Ravindran, Parthasarathi" <pravindran@sonusnet.com>
Thread-Topic: [rtcweb] Resolving RTP/SDES question in Paris
Thread-Index: AQHNBkhwRk3x+jQ7ZUSzaNmeu+7o6g==
Date: Tue, 20 Mar 2012 03:20:46 +0000
Message-ID: <2E10EB15-7E2E-47B9-80D1-5244DDE5FDF7@acmepacket.com>
References: <4F4759DC.7060303@ericsson.com><387F9047F55E8C42850AD6B3A7A03C6C0E1FEB69@inba-mail01.sonusnet.com><CALiegfnkYVEpmPV-zSL_4wOY-HiFZN-qJCQCiioaS=5NaqhLZw@mail.gmail.com><CAD5OKxvtOAxMBx6xDnyfTnEq76oDEm6uj1xL6wGjjrtKUAHy3g@mail.gmail.com><CABcZeBNZiotPmCfT53uEo+O0xw4xv6tXW1M_G-3A5BHuncsduA@mail.gmail.com><CAD5OKxvYOY5JZ2mYNGiH1poUBQkyOOycePFijH5H+SxtcdqujQ@mail.gmail.com><CABkgnnVe-b6Sv=R67bMJk_NQqQwdrRUn6rBm7Gu_CMcfPQwtEg@mail.gmail.com><CAD5OKxvZbEJ7sV4WPAYoQapzMR_QwAftj-oKg=ioMKHNT792wQ@mail.gmail.com><6F428EFD2B8C2F49A2FB1317291A76C113563C5A92@USNAVSXCHMBSA1.ndc.alcatel-lucent.com><CALiegf=jtkDCS_D0ZFe9UpbiadQ0vsJ+4MppQSbLr-wbaXNrfQ@mail.gmail.com><BLU169-W29E5B86F9E2C6F3126961C93420@phx.gbl><CALiegfk2aT+6Psr4nT-hG1G7eYRBfFCcT+25On2O4HfUXJ6-ng@mail.gmail.com><CAD6AjGSmi9j+sdGWPts20-iwGvGij05ek0OKYEPULC6B=aFpQg@mail.gmail.com><6F428EFD2B8C2F49A2FB1317291A76C113564482A7@USNAVSXCHMBSA1.ndc.alcatel-lucent.com><ADBB75F3-E20C-4EC4-B9C3-EF2E4BFF409C@phonefromhere.com><C! AD5OKxvuE V8Vbq3h7=Zgc KmREjmguvz5n-SpXr2n-EY7a_ddxg@mail.gmail.com><CALiegfk1ozOKPcDjbd3H_z2Edzh4RcZpYyJSWdw_1DJ04muQXA@mail.gmail.com><CAD5OKxu8-+0O0=eE7mD1hi=nPUpEXczGj=bRNQCQL1BW8c-c-Q@mail.gmail.com> <D75A384B-0F38-4E30-8C03-12E903A69B64@acmepacket.com> <E17CAD772E76C742B645BD4DC602CD8105EBE8CF@NAHALD.us.int.genesyslab.com> <387F9047F55E8C42850AD6B3A7A03C6C0E1FFE23@inba-mail01.sonusnet.com>
In-Reply-To: <387F9047F55E8C42850AD6B3A7A03C6C0E1FFE23@inba-mail01.sonusnet.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [216.41.24.34]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <FE91BA3E550F1E42BC0CD077B112962F@acmepacket.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAQAAAWE=
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2012 03:20:51 -0000

And, it should be noted, they *want* it that way.  They don't generally want you to know which agent picked up the call, or that the call got transferred from an IVR to a specific agent, or got put in a queue with elevator-music announcement server, or any of that.  You "called" Travel Co., and they answered.  What goes on behind that SBC is equivalent to the back-end database stuff that goes on between the web server and back-end systems, while all you see is the web-server your browser happens to be connected to.  

The "identity" you'll get is www.travel.co, which you already had when your browser did HTTPS cert verification of their web-server.  HTTPS became the key-exchange transport for the SRTP key.  Since they already proved they own the cert for www.travel.co, having them claim to be www.travel.co shouldn't require yet more verification.

-hadriel


On Mar 19, 2012, at 9:15 PM, Ravindran, Parthasarathi wrote:

> Jim,
> 
> As a customer, you won't really know whether the identity (DTLS-SRTP) of call center/travel site is agent or SBC. SBC can perform MITM attack easily as extending SDES-SRTP to DTLS-SRTP for call center site is feasible.
> 
> Thanks
> Partha

v2.23.0 | Report a Bug | By Email