Re: [rtcweb] Consensus call regarding media security

Iñaki Baz Castillo <ibc@aliax.net> Thu, 29 March 2012 15:43 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B9C921F882E for <rtcweb@ietfa.amsl.com>; Thu, 29 Mar 2012 08:43:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.624
X-Spam-Level:
X-Spam-Status: No, score=-2.624 tagged_above=-999 required=5 tests=[AWL=0.053, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gITk5r9xr0-p for <rtcweb@ietfa.amsl.com>; Thu, 29 Mar 2012 08:43:27 -0700 (PDT)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 5BBC921F875C for <rtcweb@ietf.org>; Thu, 29 Mar 2012 08:43:11 -0700 (PDT)
Received: by vcbfk13 with SMTP id fk13so1853591vcb.31 for <rtcweb@ietf.org>; Thu, 29 Mar 2012 08:43:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=UTUNl2UMTpjlJOuxf4wPZJs6+ebtWt4Mhg0yXRly9iI=; b=fgpWtlar3O71aMfHVCyF+qa7UPTsu0VYyZiHbdQO87heHMJfTOHcM5m0HxDFyeUtvk MkEwJ64te///a9+CesPA785ZbuP+kPaIM5NU9VdYRJKgJ6zTazAd4Yl3eakfcCQ1ZpSi hVPXCSzY4PDUOfJFjQLAczeT75Zxh65GnY+nuaqseqIZlDd50ZfxM/kdINKGXH/F8cCR UPpRpjtI142i26ghfOw2ALMYBZ++gFsnZj3Hg1tKdXbzQ4hahwP10nxlBRVE78I4U3d4 b+Nrb4QUvQjRbckvGUNQ/aGS3Dy1hbWSVISGHAcX0Enusz/v1XND99v196vZdBozoJXN HvHg==
Received: by 10.220.157.7 with SMTP id z7mr6018606vcw.2.1333035790724; Thu, 29 Mar 2012 08:43:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.170.165 with HTTP; Thu, 29 Mar 2012 08:42:49 -0700 (PDT)
In-Reply-To: <CAD5OKxuK7GLtCaHTk_gQokPAHsRrLqGYjv8pJR_r8eaFXtspMg@mail.gmail.com>
References: <4F732531.2030208@ericsson.com> <CAD5OKxs6NHha2egNSTumEaHYJ0bB6qu_nfshmBM6dntx2n49HQ@mail.gmail.com> <CALiegfn4MZYb-qCnM62T7w4EgWqrC5baN+pAYBZF84kEA7Ko6A@mail.gmail.com> <CAD5OKxtDED1vSFrw4V9TKkUzdSSXNg+S_WBrxmnFo21hjJvqMA@mail.gmail.com> <CALiegfkmckSar175LDYouvPkp0Vm1QCKhmTuiGNnD62QTDhamg@mail.gmail.com> <CAD5OKxur4FKAw8PprjfxLQVekmOWGuQegqN02mHsP+Hr-k_UNg@mail.gmail.com> <CALiegf=gZs_h4SqvQgwrb1Nec7TZZ6rpHRHgyKGVYtvED78jpw@mail.gmail.com> <CAD5OKxs+ijUt6pXz7OEAtQEyAwZ54rHmJFwnMg5BmL9zYCiOEQ@mail.gmail.com> <CALiegfmFb2=AxbPpOhM5_-75O8NPmGTK275gbs9gGXgTE94NFQ@mail.gmail.com> <CAD5OKxuK7GLtCaHTk_gQokPAHsRrLqGYjv8pJR_r8eaFXtspMg@mail.gmail.com>
From: =?UTF-8?Q?I=C3=B1aki_Baz_Castillo?= <ibc@aliax.net>
Date: Thu, 29 Mar 2012 17:42:49 +0200
Message-ID: <CALiegfnWmkutvPODm6Ea91-EijaKnB=5taeRWfTAFHs9SqoRBg@mail.gmail.com>
To: Roman Shpount <roman@telurix.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQkEBk6Wc2vre1X1XcI9bGBtiAMHXDiCmentveWz+ouNQx0SJJv02E6yM0Jnm/o4XjOui5Bt
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Consensus call regarding media security
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2012 15:43:28 -0000

2012/3/29 Roman Shpount <roman@telurix.com>:
> First of  all, HTTP WebSocket connection are normally not allowed from HTTPS
> initiated sessions (or generate a warning).

Ok, I didn't check that.


> Second, my point was that SDES-SRTP is no more secure then plain RTP when
> signaling is transmitted over clear channel. You are saying the same thing.

Right:)


> If SDES-SRTP is allowed, there is no harm in allowing plain RTP from HTTP,
> since, as far as security is concerned, there is no difference.

The only I meant is that the signaling must be secured. Otherwise,
using SDES-SRTP adds no security at all. But the signaling could be a
different connection (i.e. WebSocket) different from the HTTP(s)
connection used to retrieve the web.

Let's assume this example:

- The browser access the web via plain HTTP.

- The JS opens two websocket connections:
  1) First one for the WebRTC signaling, a secure WS connection.
  2) Second one for other realtime stuff, a NON secure WS connection.


If the SDES key is carried over the first WS connection (wss) then
it's ok, it provides confidenciality. But if the SDES key is carried
over the second WS connection (ws, so unsecure) then it's
interceptable and therefore also the SRTP.

Question: can the WebRTC stack figure which WS connection is being
used for WebRTC signaling?
Autoanswer: NO, since the signaling protocol is up to the app developer.

So Houston we have a problem if we try to make requirements in which
SDES-SRTP can be used. I'm in favour of mandating SDES-SRTP in WebRTC,
but we need to solve this issue, and it is not easy (AFAIK).


Regards.

-- 
Iñaki Baz Castillo
<ibc@aliax.net>