IETF Logo Mail Archive

Re: [rtcweb] Consent freshness in the light of no-SDES (Re: Adopting draft-muthu-behave-consent-freshness?)

Christer Holmberg <christer.holmberg@ericsson.com> Mon, 09 September 2013 12:46 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0963111E81D2 for <rtcweb@ietfa.amsl.com>; Mon, 9 Sep 2013 05:46:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.717
X-Spam-Level:
X-Spam-Status: No, score=-5.717 tagged_above=-999 required=5 tests=[AWL=0.532, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g6T+Oe3j5m-a for <rtcweb@ietfa.amsl.com>; Mon, 9 Sep 2013 05:46:42 -0700 (PDT)
Received: from mailgw2.ericsson.se (mailgw2.ericsson.se [193.180.251.37]) by ietfa.amsl.com (Postfix) with ESMTP id 89DA611E81DC for <rtcweb@ietf.org>; Mon, 9 Sep 2013 05:44:24 -0700 (PDT)
X-AuditID: c1b4fb25-b7eff8e000000eda-10-522dc2a76d60
Received: from ESESSHC018.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw2.ericsson.se (Symantec Mail Security) with SMTP id 36.5E.03802.7A2CD225; Mon, 9 Sep 2013 14:44:24 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.146]) by ESESSHC018.ericsson.se ([153.88.183.72]) with mapi id 14.02.0328.009; Mon, 9 Sep 2013 14:44:23 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Harald Alvestrand <harald@alvestrand.no>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Thread-Topic: [rtcweb] Consent freshness in the light of no-SDES (Re: Adopting draft-muthu-behave-consent-freshness?)
Thread-Index: AQHOrVhKxrqBvv9r0EWDNy7/gfNt45m9WOTg
Date: Mon, 09 Sep 2013 12:44:22 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1C49B5F7@ESESSMB209.ericsson.se>
References: <522D88A8.3010209@ericsson.com> <7594FB04B1934943A5C02806D1A2204B1C49B5A1@ESESSMB209.ericsson.se> <522DBEB8.5090207@alvestrand.no>
In-Reply-To: <522DBEB8.5090207@alvestrand.no>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.19]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrALMWRmVeSWpSXmKPExsUyM+Jvje6KQ7pBBn1H2C2O9XWxWaz9187u wORxZcIVVo8lS34yBTBFcdmkpOZklqUW6dslcGVs/dXGWjCHt+LpJpcGxrNcXYycHBICJhK3 Lz1jhrDFJC7cW8/WxcjFISRwmFGiddouRghnMaPEzx17gBwODjYBC4nuf9ogDSICwRK9z98z gtjCAmUSyy/sYoGIl0ss2P6MEcI2klh35Ss7iM0ioCLRv+YIE4jNK+ArsfXSNahlkxglJi58 wgqS4BTQlVg54zwbiM0IdNH3U2vAGpgFxCVuPZnPBHGpgMSSPeehrhaVePn4HyuErSjR/rSB EaJeR2LB7k9sELa2xLKFr5khFgtKnJz5hGUCo+gsJGNnIWmZhaRlFpKWBYwsqxjZcxMzc9LL jTYxAmPh4JbfqjsY75wTOcQozcGiJM67We9MoJBAemJJanZqakFqUXxRaU5q8SFGJg5OqQbG 7fob2qetucjP+3+rr3r3+b07j39Tuv//tvZfzwt2n/lKY5yXua8TT+ObH3z69X8zxd/19Xwh gtIdTSJPnYyyLFa9+v7d7d7vy79E36cbi81cPVuXP1T5RmlJ9KHFT0/fcbX47HJZ/eqL4rwV T3c8qr0u1F5zzOZHzq/cmBfTl7/atEvMX5e5TYmlOCPRUIu5qDgRAMPfSZ9TAgAA
Subject: Re: [rtcweb] Consent freshness in the light of no-SDES (Re: Adopting draft-muthu-behave-consent-freshness?)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 12:46:55 -0000

Hi,

And, from a security perspective (the backward compatibility is a separate issue) the requirement to integrity protect the STUN binding requests are not affected by the SDES decision?

Regards,

Christer

-----Original Message-----
From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf Of Harald Alvestrand
Sent: 9. syyskuuta 2013 15:28
To: rtcweb@ietf.org
Subject: [rtcweb] Consent freshness in the light of no-SDES (Re: Adopting draft-muthu-behave-consent-freshness?)

Changing the subject line to make life simpler for those who count the respondents :-)

On 09/09/2013 02:20 PM, Christer Holmberg wrote:
> Hi,
>
> I don't object adoption, but a question for clarification.
>
> The draft says:
>
>     "While a WebRTC browser could verify whether the peer continues to
>     send SRTCP reports before sending traffic to the peer, the usage of
>     SRTCP together with Security Descriptions [RFC4568] requires exposing
>     the media keys to the JavaScript and renders SRTCP unsuitable for
>     consent freshness."
>
> Now, as we have decided to not use SDES, I guess that can be removed.
>
> But, based on that, I'd just like to verify whether there is still a 
> need for the draft :)
>

Personal opinion: I think SRTCP is still unsuitable for consent freshness. One reason (apart from any aspect that deals with security, on which I don't want to comment) is that if one sets up a connection with only a data channel, there will be no SSRCs to send SRTCP on.



_______________________________________________
rtcweb mailing list
rtcweb@ietf.org
https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email