IETF Logo Mail Archive

Re: [rtcweb] SDES vs DTLS-SRTP revisited

Hadriel Kaplan <HKaplan@acmepacket.com> Fri, 23 March 2012 04:45 UTC

Return-Path: <HKaplan@acmepacket.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32E5921F847C for <rtcweb@ietfa.amsl.com>; Thu, 22 Mar 2012 21:45:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.536
X-Spam-Level:
X-Spam-Status: No, score=-2.536 tagged_above=-999 required=5 tests=[AWL=0.063, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x2va3ZeMmhwn for <rtcweb@ietfa.amsl.com>; Thu, 22 Mar 2012 21:45:24 -0700 (PDT)
Received: from etmail.acmepacket.com (etmail.acmepacket.com [216.41.24.6]) by ietfa.amsl.com (Postfix) with ESMTP id D96BE21E8045 for <rtcweb@ietf.org>; Thu, 22 Mar 2012 21:45:22 -0700 (PDT)
Received: from MAIL2.acmepacket.com (10.0.0.22) by etmail.acmepacket.com (216.41.24.6) with Microsoft SMTP Server (TLS) id 8.2.254.0; Fri, 23 Mar 2012 00:45:15 -0400
Received: from MAIL1.acmepacket.com ([169.254.1.170]) by Mail2.acmepacket.com ([169.254.2.166]) with mapi id 14.02.0283.003; Fri, 23 Mar 2012 00:45:15 -0400
From: Hadriel Kaplan <HKaplan@acmepacket.com>
To: Harald Alvestrand <harald@alvestrand.no>
Thread-Topic: [rtcweb] SDES vs DTLS-SRTP revisited
Thread-Index: AQHNCK+9SrtHmQaTeUW0LPb8el1DRw==
Date: Fri, 23 Mar 2012 04:45:15 +0000
Message-ID: <D972F20F-07E4-4275-AE32-0D96E72259AC@acmepacket.com>
References: <A1B638D2082DEA4092A268AA8BEF294D194494CE64@ESESSCMS0360.eemea.ericsson.se> <CABcZeBO5xouNwMqBa-y6AqbXs-+9nU37kGEETm0DpqSWZ9tjwg@mail.gmail.com> <ABC8591A-0432-4D5A-82AB-BBE9A22360D9@acmepacket.com> <4F685C45.5080106@alvestrand.no> <E0F19DAB-4A30-42E8-AD3B-81858EBA9BC4@acmepacket.com> <4F68A9B6.2050101@alvestrand.no>
In-Reply-To: <4F68A9B6.2050101@alvestrand.no>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [216.41.24.34]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <96F7CB57484A9E42995C736A4FF3BBD7@acmepacket.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAQAAAWE=
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] SDES vs DTLS-SRTP revisited
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Mar 2012 04:45:28 -0000

On Mar 20, 2012, at 12:00 PM, Harald Alvestrand wrote:

> On 03/20/2012 04:44 PM, Hadriel Kaplan wrote:
>> On Mar 20, 2012, at 6:30 AM, Harald Alvestrand wrote:
>> 
>>> I don't get this scenario. If Alice calls Bob using two different gateways, won't she go through a credentials and fingerprint exchange with the gateways?
>>> In that case, wouldn't the fingerprint belong to the gateway?
>> Yes, but the statement being made was in the context of Alice calling Bob, them seeing their browsers claim DTLS-SRTP "secured" or whatever, and them being super-geeks and checking the detailed info of what the actual DTLS fingerprints were, and finding they don't both see the same fingerprints... and that they would thus believe there was either a software bug or a malicious middleman.
> So we've uncovered a requirement here: When a fingerprint is shown, it should clearly identify what it is the fingerprint of - in this case, the gateway that relays the call to Bob, not Bob.

Yup.  So long as no gateways are named "Bob", of course, or no humans are named "Gateway". ;)

-hadriel

v2.23.0 | Report a Bug | By Email