Re: [rtcweb] No Interim on SDES at this juncture

Hadriel Kaplan <hadriel.kaplan@oracle.com> Fri, 21 June 2013 01:11 UTC

Return-Path: <hadriel.kaplan@oracle.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1196D21E80F8 for <rtcweb@ietfa.amsl.com>; Thu, 20 Jun 2013 18:11:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.553
X-Spam-Level:
X-Spam-Status: No, score=-6.553 tagged_above=-999 required=5 tests=[AWL=0.045, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5wyFjKBJMzzu for <rtcweb@ietfa.amsl.com>; Thu, 20 Jun 2013 18:11:33 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id 4CD6321E80E6 for <rtcweb@ietf.org>; Thu, 20 Jun 2013 18:11:32 -0700 (PDT)
Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by aserp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r5L1BSc3009461 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 21 Jun 2013 01:11:29 GMT
Received: from aserz7021.oracle.com (aserz7021.oracle.com [141.146.126.230]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r5L1BRPw023590 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 21 Jun 2013 01:11:27 GMT
Received: from abhmt107.oracle.com (abhmt107.oracle.com [141.146.116.59]) by aserz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r5L1BRFf004736; Fri, 21 Jun 2013 01:11:27 GMT
Received: from dhcp-amer-vpn-adc-anyconnect-10-154-166-188.vpn.oracle.com (/10.154.166.188) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 20 Jun 2013 18:11:26 -0700
Content-Type: text/plain; charset=iso-8859-1
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Hadriel Kaplan <hadriel.kaplan@oracle.com>
In-Reply-To: <CAL02cgT3KEb0VB9kz=QCe7Mt3oj5tZvZouFe5-Uy90Cmm0H0dQ@mail.gmail.com>
Date: Thu, 20 Jun 2013 21:11:27 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <30761469-F5CC-4858-8D40-4632A7D5A682@oracle.com>
References: <CA+9kkMDnjCNXGV0GU7x6gbbZMf4WiEuVvCRY8_Fix5tmdOB-Kg@mail.gmail.com> <AD220324-EEE7-4800-8512-FD7BADA9EC34@oracle.com> <CA+9kkMDY2Z_5_1uYJ1K_ZmrJB2a1-RE7V3aPqNHQg82DyagjCg@mail.gmail.com> <2975A93F-44DA-4020-B4DE-42E7ED98C08F@oracle.com> <51BAC9BC.6070708@ericsson.com> <94846970-4694-4EC8-AEFA-AEECEE0135AA@oracle.com> <51C02EE8.5070809@ericsson.com> <AE1A6B5FD507DC4FB3C5166F3A05A4841A2C78AD@TK5EX14MBXC273.redmond.corp.microsoft.com> <CAL02cgTFSbYSX7v3q37tsjzaPMshyyBroGWr=qmy-HGm82GJFg@mail.gmail.com> <AE1A6B5FD507DC4FB3C5166F3A05A4841A2C7EF8@TK5EX14MBXC273.redmond.corp.microsoft.com> <CAL02cgQMkHu-NqEeScT2ObfknJ+3OjXi7Y=7rUJtqeu3CbewMQ@mail.gmail.com> <8E9D2A9F-3D8B-4480-A85D-320CF30FEAA6@oracle.com> <CAL02cgT3KEb0VB9kz=QCe7Mt3oj5tZvZouFe5-Uy90Cmm0H0dQ@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
X-Mailer: Apple Mail (2.1508)
X-Source-IP: acsinet22.oracle.com [141.146.126.238]
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] No Interim on SDES at this juncture
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jun 2013 01:11:52 -0000

On Jun 20, 2013, at 6:24 PM, Richard Barnes <rlb@ipv.sx> wrote:

> It's more secure in the sense that it makes a malicious web server do more work: It forces the web server to act as the PBX and terminate DTLS, instead of just pulling the key out of the SDP and decrypting media.  So the browser user is (incrementally) better protected against the malicious web server.

Uh huh.  So, like, the only people who could afford to do that and would want to do that would be criminals, drug dealers, mobsters, casinos, news organizations, political parties, and governments then?  Phew!  And here I was being worried.

But wait a minute... I was under the distinct impression from people in this group that doing DTLS-SRTP termination on the gateways was no big deal for "modern" servers... that it was so cheap and trivial that your cell phone could do it for umpteen streams... that we shouldn't be worried about the overhead of it whatsoever.  Surely you can't be telling me that it's at all difficult for someone running a malicious web site to do it?!?
;)


> It's more secure in the sense that JS can't access the key, so an injected script can't grab the key and exfiltrate it.  So the browser user is better protected against XSS risks.

This part I'd like to understand better.  Can you explain it?  
If a Browser cannot determine what server the JS being executed for WebRTC API calls/callbacks came from, or cannot tell if it came from one over HTTPS in particular, then using SDES might be a real problem.  I was under the impression browsers did know those things (or at least that they're theoretically supposed to, ignoring that  there are "bugs" here and there).


> It's more secure in the sense that SDES has no end-to-end authentication [1], so implementing SDES creates bid-down attacks.  If an attacker can't get a valid identity, he just claims not to support DTLS-SRTP.  So the browser user is better protected against bid-down attacks by remote users (e.g., the malicious web server's PBX).

This is just another symptom of talking to a malicious web server, and basically a repeat of the argument that DTLS-EKT is "more secure" because a malicious web server has to do a little more work to steal everything.  It's like being stuck in a big cage with a man-eating lion and deciding to run around in circles in the hopes the lion isn't going to chase you.  If he's hungry at all, you're dead; chasing you down is not sufficiently more difficult for him to stay hungry.

-hadriel