Re: [rtcweb] No Interim on SDES at this juncture

Hadriel Kaplan <hadriel.kaplan@oracle.com> Fri, 21 June 2013 00:33 UTC

Return-Path: <hadriel.kaplan@oracle.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23D0521E80DC for <rtcweb@ietfa.amsl.com>; Thu, 20 Jun 2013 17:33:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.552
X-Spam-Level:
X-Spam-Status: No, score=-6.552 tagged_above=-999 required=5 tests=[AWL=0.046, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TSJj4KjELlaf for <rtcweb@ietfa.amsl.com>; Thu, 20 Jun 2013 17:33:21 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id 8FE2B11E8133 for <rtcweb@ietf.org>; Thu, 20 Jun 2013 17:33:21 -0700 (PDT)
Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by aserp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r5L0XJi0017967 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 21 Jun 2013 00:33:20 GMT
Received: from userz7022.oracle.com (userz7022.oracle.com [156.151.31.86]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r5L0XIML004129 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 21 Jun 2013 00:33:19 GMT
Received: from abhmt110.oracle.com (abhmt110.oracle.com [141.146.116.62]) by userz7022.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r5L0XHco014384; Fri, 21 Jun 2013 00:33:18 GMT
Received: from dhcp-amer-vpn-adc-anyconnect-10-154-166-188.vpn.oracle.com (/10.154.166.188) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 20 Jun 2013 17:33:17 -0700
Content-Type: text/plain; charset=iso-8859-1
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Hadriel Kaplan <hadriel.kaplan@oracle.com>
In-Reply-To: <CAD5OKxvMGD=e3rHta9aLRAOAM022V0hzcp6nJbmG+GAxBohS6g@mail.gmail.com>
Date: Thu, 20 Jun 2013 20:33:18 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <34FBF882-8820-4C95-9B26-E6C60CFD993D@oracle.com>
References: <CA+9kkMDnjCNXGV0GU7x6gbbZMf4WiEuVvCRY8_Fix5tmdOB-Kg@mail.gmail.com> <AD220324-EEE7-4800-8512-FD7BADA9EC34@oracle.com> <CA+9kkMDY2Z_5_1uYJ1K_ZmrJB2a1-RE7V3aPqNHQg82DyagjCg@mail.gmail.com> <2975A93F-44DA-4020-B4DE-42E7ED98C08F@oracle.com> <51BAC9BC.6070708@ericsson.com> <94846970-4694-4EC8-AEFA-AEECEE0135AA@oracle.com> <51C02EE8.5070809@ericsson.com> <AE1A6B5FD507DC4FB3C5166F3A05A4841A2C78AD@TK5EX14MBXC273.redmond.corp.microsoft.com> <CAL02cgTFSbYSX7v3q37tsjzaPMshyyBroGWr=qmy-HGm82GJFg@mail.gmail.com> <AE1A6B5FD507DC4FB3C5166F3A05A4841A2C7EF8@TK5EX14MBXC273.redmond.corp.microsoft.com> <CAL02cgQMkHu-NqEeScT2ObfknJ+3OjXi7Y=7rUJtqeu3CbewMQ@mail.gmail.com> <8E9D2A9F-3D8B-4480-A85D-320CF30FEAA6@oracle.com> <9F33F40F6F2CD847824537F3C4E37DDF115D2D76@MCHP04MSX.global-ad.net> <CAD5OKxvMGD=e3rHta9aLRAOAM022V0hzcp6nJbmG+GAxBohS6g@mail.gmail.com>
To: Roman Shpount <roman@telurix.com>
X-Mailer: Apple Mail (2.1508)
X-Source-IP: acsinet22.oracle.com [141.146.126.238]
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] No Interim on SDES at this juncture
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jun 2013 00:33:28 -0000

On Jun 20, 2013, at 4:58 PM, Roman Shpount <roman@telurix.com> wrote:

> Not to play devil's advocate, but how is it any different then arguments to support plain RTP? All the same things apply to RTP. On top of this SRTP is no more secure then plain RTP when communicating with a server over plain HTTP or communicating with untrusted server over HTTPS. If we decided that RTP is unacceptable from security point of view, then how is SRTP acceptable?

I'm operating under the assumption we would only allow the Browser to use SDES if and only if it is also using HTTPS to the web server.  And I'm operating under the assumption that all browsers still MUST offer DTLS-SRTP, and choose it instead SDES if they receive such an offer.  

In such a model, any two browsers do DTLS-SRTP to each other unless the web-server/JS is malicious.  Ergo, unless the web-server/JS is malicious, only calls to/from a gateway use an SDES key.  The SDES key isn't sniffable on the browser-server HTTPS portion.  Obviously it's sniffable beyond the web server, if it gets sent in the clear somewhere else.  But we know that will also happen even with DTLS-SRTP, because the gateway will terminate DTLS-SRTP and use SDES or plain RTP on the other side.  So we're not losing anything.

So... in theory the danger is relegated to the malicious web-server case.  But a malicious web server can get your media anyway, even with DTLS-SRTP, because it can simply direct you to its own "gateway" to terminate DTLS-SRTP and record the media.  There is no practical way to prevent a malicious web-server from getting your media, no matter what we do, for common every-day users.

Frankly with a malicious web server you're screwed in so many other ways anyway, that making it just slightly harder for it to get your media is like putting on a scuba drysuit when jumping into a pool of molten lava.  Yes, you'll live for some fraction of a millisecond longer.  And then what?

-hadriel