Re: [rtcweb] Retransmit: Summary of Alternatives for media keying
Randell Jesup <randell-ietf@jesup.org> Fri, 29 July 2011 15:08 UTC
Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F178C21F8C80 for <rtcweb@ietfa.amsl.com>; Fri, 29 Jul 2011 08:08:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.35
X-Spam-Level:
X-Spam-Status: No, score=-2.35 tagged_above=-999 required=5 tests=[AWL=0.249, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q8sSmPgveb9N for <rtcweb@ietfa.amsl.com>; Fri, 29 Jul 2011 08:08:09 -0700 (PDT)
Received: from arthur.webserversystems.com (arthur.webserversystems.com [174.132.191.98]) by ietfa.amsl.com (Postfix) with ESMTP id 6896321F8C7B for <rtcweb@ietf.org>; Fri, 29 Jul 2011 08:08:09 -0700 (PDT)
Received: from pool-98-111-140-38.phlapa.fios.verizon.net ([98.111.140.38] helo=[192.168.1.12]) by arthur.webserversystems.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <randell-ietf@jesup.org>) id 1QmofW-00064E-33 for rtcweb@ietf.org; Fri, 29 Jul 2011 10:08:06 -0500
Message-ID: <4E32CC80.3030504@jesup.org>
Date: Fri, 29 Jul 2011 11:06:40 -0400
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <12BF9E55-662F-4762-9E47-2BBD3FA5FD93@acmepacket.com> <A444A0F8084434499206E78C106220CA08F1D75CF0@MCHP058A.global-ad.net> <2E6CBDE0-DA10-4792-8059-A01F554DB370@skype.net> <E1963869-9E21-4F1F-AB4A-E5D070CCA581@acmepacket.com> <55C78CA7-292C-4E0E-901B-83B7614C2F32@skype.net> <4E31DAAB.5030606@jesup.org> <2BE95AAB-722C-472C-B624-CF91AE7D75EF@skype.net> <4E32AEC3.8080804@jesup.org> <32007816-40BF-49AA-9275-0A9A4B51B52D@acmepacket.com> <7CC0E354-685D-47BB-9426-AE5B4CC9DD4F@skype.net>
In-Reply-To: <7CC0E354-685D-47BB-9426-AE5B4CC9DD4F@skype.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - arthur.webserversystems.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jesup.org
X-Source:
X-Source-Args:
X-Source-Dir:
Subject: Re: [rtcweb] Retransmit: Summary of Alternatives for media keying
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2011 15:08:10 -0000
On 7/29/2011 10:30 AM, Matthew Kaufman wrote: > What I said to start this whole thing was: the two alternatives should not be described as choosing between secure and insecure. BOTH alternatives require the user to verify something for the call to be secure. BOTH alternatives have the potential to be very secure. That is all. > I suppose that depends on what you mean by "the potential to be very secure"... certainly plain RTP *might* be secure, if it never leaves your desktop. > > DTLS-SRTP + a security inspection UI gives the user a way to verify something *independently of the service provider* to see if the call is secure. SDES does not. The only way to be sure the service provider isn't colluding with someone to tap your call when you use SDES is to agree with the other party to mangle the key you receive from the service provider. (The "pessimist" approach to trust in this environment.) This is where there's an opening for browser extensions, potentially (mangling the agreed-to-by-protocol keys, such as by using a pre-shared secret) - though that would require some level of external interaction with the keying from JS/etc code. That may be worth exposing to the W3/JS layer, perhaps. (Should the JS layer have access to the keys? Be able to modify them (per above)? Security implications? What if it wants to implement an "answering-machine" function via recording packets for later replay? Or will it have access to decoded packets, or will it only have access to decoded media and have to re-encode it for "answering-machine" use?) If the user and the person they're talking to has the option of using an extension (or the app) to modify the keys at both ends, that allows for perfect(*) security via pre-shared secrets of whatever form. * Nothing is perfect >> BTW, I am assuming of course that even if we choose the alternative of DTLS+SDES+RTP, that DTLS would always be preferred, and if the peer cannot do it then SDES, and if the peer can't do that then RTP. (assuming the human has set whatever browser knobs are necessary to enable/disable this stuff) > Agree. Though the human needs to be able to see a lot more about what is going on if we allow all three. Mostly that the user be allowed to see it, and that if one does put up any sort of Lock icon it would only be for the "most" secure. (Though this is a security-UI issue, not a technical one.) You could even not put up anything about the security level unless the protocol detected an attack or unless the user's 3rd-party verification tool agreed it was secure by some independent channel. >> So between two RTCWEB browsers it would always be DTLS-SRTP. > Agree. Ditto -- Randell Jesup randell-ietf@jesup.org
- [rtcweb] Retransmit: Summary of Alternatives for … Eric Rescorla
- Re: [rtcweb] Recordings from last interim meeting Bernard Aboba
- Re: [rtcweb] Recordings from last interim meeting Ted Hardie
- Re: [rtcweb] Retransmit: Summary of Alternatives … Daryl Malas
- Re: [rtcweb] Retransmit: Summary of Alternatives … Hadriel Kaplan
- Re: [rtcweb] Retransmit: Summary of Alternatives … Bernard Aboba
- Re: [rtcweb] Retransmit: Summary of Alternatives … Matthew Kaufman
- Re: [rtcweb] Retransmit: Summary of Alternatives … Elwell, John
- Re: [rtcweb] Retransmit: Summary of Alternatives … Matthew Kaufman
- Re: [rtcweb] Retransmit: Summary of Alternatives … Hadriel Kaplan
- Re: [rtcweb] Retransmit: Summary of Alternatives … Matthew Kaufman
- Re: [rtcweb] Retransmit: Summary of Alternatives … Harald Alvestrand
- Re: [rtcweb] Retransmit: Summary of Alternatives … Eric Rescorla
- Re: [rtcweb] Retransmit: Summary of Alternatives … Matthew Kaufman
- Re: [rtcweb] Retransmit: Summary of Alternatives … Randell Jesup
- Re: [rtcweb] Retransmit: Summary of Alternatives … Randell Jesup
- Re: [rtcweb] Retransmit: Summary of Alternatives … Hadriel Kaplan
- Re: [rtcweb] Retransmit: Summary of Alternatives … Hadriel Kaplan
- Re: [rtcweb] Retransmit: Summary of Alternatives … Matthew Kaufman
- Re: [rtcweb] Retransmit: Summary of Alternatives … Matthew Kaufman
- Re: [rtcweb] Retransmit: Summary of Alternatives … Matthew Kaufman
- Re: [rtcweb] Retransmit: Summary of Alternatives … Randell Jesup
- Re: [rtcweb] Retransmit: Summary of Alternatives … Hadriel Kaplan
- Re: [rtcweb] Retransmit: Summary of Alternatives … Matthew Kaufman
- Re: [rtcweb] Retransmit: Summary of Alternatives … Hadriel Kaplan
- Re: [rtcweb] Retransmit: Summary of Alternatives … Randell Jesup