Re: [rtcweb] Resolving RTP/SDES question in Paris

"Jim Barnett" <Jim.Barnett@genesyslab.com> Wed, 21 March 2012 13:47 UTC

Return-Path: <Jim.Barnett@genesyslab.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0F4121F8603 for <rtcweb@ietfa.amsl.com>; Wed, 21 Mar 2012 06:47:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.513
X-Spam-Level:
X-Spam-Status: No, score=-2.513 tagged_above=-999 required=5 tests=[AWL=0.086, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N9FCh+UEleAH for <rtcweb@ietfa.amsl.com>; Wed, 21 Mar 2012 06:47:46 -0700 (PDT)
Received: from relay-out1.dc.genesyslab.com (relay-out1.dc.genesyslab.com [198.49.180.220]) by ietfa.amsl.com (Postfix) with ESMTP id D258F21F84D3 for <rtcweb@ietf.org>; Wed, 21 Mar 2012 06:47:46 -0700 (PDT)
Received: from g2.genesyslab.com (g2.genesyslab.com [192.168.20.138]) by relay-out1.dc.genesyslab.com (8.13.8+Sun/8.13.8) with ESMTP id q2LDliwj020417; Wed, 21 Mar 2012 06:47:44 -0700 (PDT)
Received: from NAHALD.us.int.genesyslab.com ([192.168.20.92]) by g2.genesyslab.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 21 Mar 2012 06:47:44 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 21 Mar 2012 06:47:37 -0700
Message-ID: <E17CAD772E76C742B645BD4DC602CD8105EBEB17@NAHALD.us.int.genesyslab.com>
In-Reply-To: <101C6067BEC68246B0C3F6843BCCC1E31296AE222A@MCHP058A.global-ad.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [rtcweb] Resolving RTP/SDES question in Paris
Thread-Index: AQHNBkhwRk3x+jQ7ZUSzaNmeu+7o6pZy7hYggAHUYoA=
References: <4F4759DC.7060303@ericsson.com><387F9047F55E8C42850AD6B3A7A03C6C0E1FEB69@inba-mail01.sonusnet.com><CALiegfnkYVEpmPV-zSL_4wOY-HiFZN-qJCQCiioaS=5NaqhLZw@mail.gmail.com><CAD5OKxvtOAxMBx6xDnyfTnEq76oDEm6uj1xL6wGjjrtKUAHy3g@mail.gmail.com><CABcZeBNZiotPmCfT53uEo+O0xw4xv6tXW1M_G-3A5BHuncsduA@mail.gmail.com><CAD5OKxvYOY5JZ2mYNGiH1poUBQkyOOycePFijH5H+SxtcdqujQ@mail.gmail.com><CABkgnnVe-b6Sv=R67bMJk_NQqQwdrRUn6rBm7Gu_CMcfPQwtEg@mail.gmail.com><CAD5OKxvZbEJ7sV4WPAYoQapzMR_QwAftj-oKg=ioMKHNT792wQ@mail.gmail.com><6F428EFD2B8C2F49A2FB1317291A76C113563C5A92@USNAVSXCHMBSA1.ndc.alcatel-lucent.com><CALiegf=jtkDCS_D0ZFe9UpbiadQ0vsJ+4MppQSbLr-wbaXNrfQ@mail.gmail.com><BLU169-W29E5B86F9E2C6F3126961C93420@phx.gbl><CALiegfk2aT+6Psr4nT-hG1G7eYRBfFCcT+25On2O4HfUXJ6-ng@mail.gmail.com><CAD6AjGSmi9j+sdGWPts20-iwGvGij05ek0OKYEPULC6B=aFpQg@mail.gmail.com><6F428EFD2B8C2F49A2FB1317291A76C113564482A7@USNAVSXCHMBSA1.ndc.alcatel-lucent.com><ADBB75F3-E20C-4EC4-B9C3-EF2E4BFF409C@phonefromhere.com><C! !AD5OKxvu E V8Vbq3h7=Z gcKmREjmguvz5n-SpXr2n-EY7a_ddxg@mail.gmail.com><CALiegfk1ozOKPcDjbd3H_z2Edzh4RcZpYyJSWdw_1DJ04muQXA@mail.gmail.com><CAD5OKxu8-+0O0=eE7mD1hi=nPUpEXczGj=bRNQCQL1BW8c-c-Q@mail.gmail.com><D75A384B-0F38-4E30-8C03-12E903A69B64@acmepacket.com><E17CAD772E76C742B645BD4DC602CD8105EBE8CF@NAHALD.us.int.genesyslab.com><387F9047F55E8C42850AD6B3A7A03C6C0E1FFE23@inba-mail01.sonusnet.com><2E10EB15-7E2E-47B9-80D1-5244DDE5FDF7@acmepacket.com> <101C6067BEC68246B0C3F6843BCCC1E31296AE222A@MCHP058A.global-ad.net>
From: Jim Barnett <Jim.Barnett@genesyslab.com>
To: "Hutton, Andrew" <andrew.hutton@siemens-enterprise.com>, Hadriel Kaplan <HKaplan@acmepacket.com>, "Ravindran, Parthasarathi" <pravindran@sonusnet.com>
X-OriginalArrivalTime: 21 Mar 2012 13:47:44.0380 (UTC) FILETIME=[314E7BC0:01CD0769]
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Mar 2012 13:47:47 -0000

One way to look at this case would be to say that it's the server at the
boundary of www.travel.co that is the RTCWeb endpoint,  _not_ the agent
desktop. The boundary server is acting as an RTCWeb-to-corporate network
gateway, and systems inside the corporate network are not affected.
Callers see themselves as connected to www.travel.co, rather than having
a direct RTCWeb-all-the-way connection to the agent.  I'm pretty sure
that call centers would like to do things this way since it doesn't
require any changes to their corporate infrastructure. (They can
add/upgrade the gateway without changing their recording systems or
agent desktops, etc.)

I don't see anything like this in the use case document.  Is this a use
case we want to support?  

- Jim

-----Original Message-----
From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf
Of Hutton, Andrew
Sent: Tuesday, March 20, 2012 6:07 AM
To: Hadriel Kaplan; Ravindran, Parthasarathi
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris

Hi,

Completely agree with Hadriel's statement below.

In addition to wanting to know that you are connected to "www.travel.co"
or "www.mybank.co" you as a consumer and the company really want/need
the media to be recorded by the companies system for your own
protection. This is going to involve some kind of MITM or as we call it
in SIPREC a Session Recording Client (SRC) to be able to intercept the
media and route it to a Session Recording Server (SRS). 

The agent's desktop device could act as the SRC but more likely it will
be some kind of B2BUA that does this.  

In these scenario's you as a consumer using this service really want the
media to be secure at least as far as reaching the bank but after that
like any existing web based system you have to trust the bank with your
data this is no different whether that data is speech or text that you
entered on a web page.

The recording system should be able to work with DTLS-SRTP but it will
most likely act as a MITM so will change the DTLS fingerprint. I don't
see that as a problem.

Regards
Andy



> -----Original Message-----
> From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On 
> Behalf Of Hadriel Kaplan
> Sent: 20 March 2012 03:21
> To: Ravindran, Parthasarathi
> Cc: rtcweb@ietf.org
> Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
> 
> 
> And, it should be noted, they *want* it that way.  They don't 
> generally want you to know which agent picked up the call, or that the

> call got transferred from an IVR to a specific agent, or got put in a 
> queue with elevator-music announcement server, or any of that.  You
"called"
> Travel Co., and they answered.  What goes on behind that SBC is 
> equivalent to the back-end database stuff that goes on between the web

> server and back-end systems, while all you see is the web-server your 
> browser happens to be connected to.
> 
> The "identity" you'll get is www.travel.co, which you already had when

> your browser did HTTPS cert verification of their web-server.  HTTPS 
> became the key-exchange transport for the SRTP key.  Since they 
> already proved they own the cert for www.travel.co, having them claim 
> to be www.travel.co shouldn't require yet more verification.
> 
> -hadriel
> 
> 
> On Mar 19, 2012, at 9:15 PM, Ravindran, Parthasarathi wrote:
> 
> > Jim,
> >
> > As a customer, you won't really know whether the identity 
> > (DTLS-SRTP)
> of call center/travel site is agent or SBC. SBC can perform MITM 
> attack easily as extending SDES-SRTP to DTLS-SRTP for call center site

> is feasible.
> >
> > Thanks
> > Partha
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
_______________________________________________
rtcweb mailing list
rtcweb@ietf.org
https://www.ietf.org/mailman/listinfo/rtcweb