IETF Logo Mail Archive

Re: [rtcweb] interworking with non-WEBRTC endpoints SDES-SRTP + DTLS-SRTP [was RE: Use Case draft]

"Fabio Pietrosanti (naif)" <lists@infosecurity.ch> Thu, 03 May 2012 07:19 UTC

Return-Path: <lists@infosecurity.ch>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCEF521F861A for <rtcweb@ietfa.amsl.com>; Thu, 3 May 2012 00:19:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level:
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_24=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IK0dAwKjEytm for <rtcweb@ietfa.amsl.com>; Thu, 3 May 2012 00:19:21 -0700 (PDT)
Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id 0767321F860F for <rtcweb@ietf.org>; Thu, 3 May 2012 00:19:20 -0700 (PDT)
Received: by wgbdr13 with SMTP id dr13so969662wgb.13 for <rtcweb@ietf.org>; Thu, 03 May 2012 00:19:19 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding:x-gm-message-state; bh=uV/srZM7I7WL30ri4LjxSRcCZH/ePNQFt7/dHl1VJUE=; b=JWdht65qIAZnAXKPacStcOdX0lKU1LV69005HsFZSe9+oE+XKKnwL2IlhCvfQAXIaI McS9QI5mFwqZI5K1awWJ8J82M7/IvZzWBXTzmZE0dt16xAz1/SuupEGrSYuA+Z16bdZ9 Z/EOoLgXnCGz2T+U4OkJ6q3Apvx3EPPMEfPrmkGfQwNcu3I+490zzNYK1BSpSaTdVHF4 7wt142MTWEEp61hdrTCkB+ntqfUS4ZhHXn5UWAd2bgdlBZxCkU+rohY/HdNCTaQvIrry lzC5AtUnQkVX2ytxecoZEdHK8FuClpToGD8lfif3ofAtUJu8Je8Qfjjt7FnfAuz9Wl31 ItyA==
Received: by 10.180.78.9 with SMTP id x9mr397630wiw.18.1336029559520; Thu, 03 May 2012 00:19:19 -0700 (PDT)
Received: from sonyvaiop13.local (93-32-174-182.ip34.fastwebnet.it. [93.32.174.182]) by mx.google.com with ESMTPS id gg2sm712004wib.7.2012.05.03.00.19.17 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 03 May 2012 00:19:18 -0700 (PDT)
Sender: Fabio Pietrosanti <naif@infosecurity.ch>
Message-ID: <4FA23174.7030608@infosecurity.ch>
Date: Thu, 03 May 2012 09:19:16 +0200
From: "Fabio Pietrosanti (naif)" <lists@infosecurity.ch>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: "Ravindran, Parthasarathi" <pravindran@sonusnet.com>
References: <CA+9kkMCYArLPRP3c00UdOja64WRT6ghN0PSy7XvM_wbxBBB+vA@mail.gmail.com><E17CAD772E76C742B645BD4DC602CD810616F066@NAHALD.us.int.genesyslab.com><BLU169-W7C59E1EDB4CB06B648577932B0@phx.gbl><387F9047F55E8C42850AD6B3A7A03C6C0E23AFFF@inba-mail01.sonusnet.com><2E496AC9-63A0-464A-A628-7407ED8DD9C4@phonefromhere.com><387F9047F55E8C42850AD6B3A7A03C6C0E23B16B@inba-mail01.sonusnet.com><E2714FBC-D06B-4A12-9E07-C49EBF55084C@phonefromhere.com><4F9EC0B2.10903@alcatel-lucent.com><101C6067BEC68246B0C3F6843BCCC1E31299282765@MCHP058A.global-ad.net><CAJNg7VKENERKAFA-n5KeoeBNmGgHrnzDOU0BzC9+fSdsuGwdEw@mail.gmail.com><E17CAD772E76C742B645BD4DC602CD810616F24F@NAHALD.us.int.genesyslab.com> <4FA0F43E.4020308@ericsson.com> <E17CAD772E76C742B645BD4DC602CD810616F336@NAHALD.us.int.genesyslab.com> <013101cd288c$09328250$1b9786f0$@com> <4FA19ECD.8030400@infosecurity.ch> <387F9047F55E8C42850AD6B3A7A03C6C1489473F@inba-mail02.sonusnet.com>
In-Reply-To: <387F9047F55E8C42850AD6B3A7A03C6C1489473F@inba-mail02.sonusnet.com>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Gm-Message-State: ALoCoQlx4z5+RC+IGpTf5SHTwpsurtvbzZeysOtXhRAD5ZEtjBQq6Ym1B+QP+Os4h1t6ni+LibSG
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] interworking with non-WEBRTC endpoints SDES-SRTP + DTLS-SRTP [was RE: Use Case draft]
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2012 07:19:21 -0000

Well,

maybe it's just the "signaling provider" that will tell to the browser
what to use:

- simpler interoperable SDES/SRTP (saying to the user "send SRTP here
IP:Port with that Key)
- stronger non-interoperable DTLS-SRTP (saying to the user "go
peer-to-peer")

For example if the signaling provider know that it's providing:
a) A call to a center call
b) Call trough PSTN gateway (web call to PSTN)
c) Voicemail access
d) Financial call (stock brokerage)
e) Enterprise call (that would just need to proxy all calls)

then the signaling provider will notice to the user's WebRTC stack
SDES/SRTP in a *very simple* way without ICE/DTLS-SRTP and all that
protocol complexity.

Instead if that specific VoIP uses does not require a VoIP server to
provide value added services (transcoding, conferencing, bridging to
other telephony networks, recording, whatever) it would just goes as
DTLS-SRTP.

Some previous link on the topic:

* On DTLS-SRTP trust model (and consideration for SDES-SRTP)
http://www.ietf.org/mail-archive/web/rtcweb/current/msg04007.html

* End-to-end encryption vs end-to-end authentication (DTLS-SRTP / SDES-SRTP)
http://www.ietf.org/mail-archive/web/rtcweb/current/msg04032.html

*  DTLS-SRTP with end-to-end security: Short Authentication String
http://www.ietf.org/mail-archive/web/rtcweb/current/msg04123.html

Fabio

On 5/3/12 7:23 AM, Ravindran, Parthasarathi wrote:
> Fabio,
> 
> Could you please explain how to differentiate through protocol means that the peer is site (gateway) or endpoint (webbrowser).
> 
> Thanks
> Partha

v2.23.0 | Report a Bug | By Email