IETF Logo Mail Archive

Re: [rtcweb] Resolving RTP/SDES question in Paris

Hadriel Kaplan <HKaplan@acmepacket.com> Mon, 19 March 2012 22:23 UTC

Return-Path: <HKaplan@acmepacket.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6F3621F8628 for <rtcweb@ietfa.amsl.com>; Mon, 19 Mar 2012 15:23:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.535
X-Spam-Level:
X-Spam-Status: No, score=-2.535 tagged_above=-999 required=5 tests=[AWL=0.064, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k7geFB+2BCnR for <rtcweb@ietfa.amsl.com>; Mon, 19 Mar 2012 15:23:58 -0700 (PDT)
Received: from etmail.acmepacket.com (etmail.acmepacket.com [216.41.24.6]) by ietfa.amsl.com (Postfix) with ESMTP id 04C2C21F860E for <rtcweb@ietf.org>; Mon, 19 Mar 2012 15:23:57 -0700 (PDT)
Received: from MAIL1.acmepacket.com (10.0.0.21) by etmail.acmepacket.com (216.41.24.6) with Microsoft SMTP Server (TLS) id 8.2.254.0; Mon, 19 Mar 2012 18:23:56 -0400
Received: from MAIL2.acmepacket.com ([169.254.2.166]) by Mail1.acmepacket.com ([169.254.1.170]) with mapi id 14.02.0283.003; Mon, 19 Mar 2012 18:23:56 -0400
From: Hadriel Kaplan <HKaplan@acmepacket.com>
To: Roman Shpount <roman@telurix.com>
Thread-Topic: [rtcweb] Resolving RTP/SDES question in Paris
Thread-Index: AQHNBh74aMnjJsNUq0eXz+PkH27a4g==
Date: Mon, 19 Mar 2012 22:23:55 +0000
Message-ID: <D75A384B-0F38-4E30-8C03-12E903A69B64@acmepacket.com>
References: <4F4759DC.7060303@ericsson.com> <387F9047F55E8C42850AD6B3A7A03C6C0E1FEB69@inba-mail01.sonusnet.com> <CALiegfnkYVEpmPV-zSL_4wOY-HiFZN-qJCQCiioaS=5NaqhLZw@mail.gmail.com> <CAD5OKxvtOAxMBx6xDnyfTnEq76oDEm6uj1xL6wGjjrtKUAHy3g@mail.gmail.com> <CABcZeBNZiotPmCfT53uEo+O0xw4xv6tXW1M_G-3A5BHuncsduA@mail.gmail.com> <CAD5OKxvYOY5JZ2mYNGiH1poUBQkyOOycePFijH5H+SxtcdqujQ@mail.gmail.com> <CABkgnnVe-b6Sv=R67bMJk_NQqQwdrRUn6rBm7Gu_CMcfPQwtEg@mail.gmail.com> <CAD5OKxvZbEJ7sV4WPAYoQapzMR_QwAftj-oKg=ioMKHNT792wQ@mail.gmail.com> <6F428EFD2B8C2F49A2FB1317291A76C113563C5A92@USNAVSXCHMBSA1.ndc.alcatel-lucent.com> <CALiegf=jtkDCS_D0ZFe9UpbiadQ0vsJ+4MppQSbLr-wbaXNrfQ@mail.gmail.com> <BLU169-W29E5B86F9E2C6F3126961C93420@phx.gbl> <CALiegfk2aT+6Psr4nT-hG1G7eYRBfFCcT+25On2O4HfUXJ6-ng@mail.gmail.com> <CAD6AjGSmi9j+sdGWPts20-iwGvGij05ek0OKYEPULC6B=aFpQg@mail.gmail.com> <6F428EFD2B8C2F49A2FB1317291A76C113564482A7@USNAVSXCHMBSA1.ndc.alcatel-lucent.com> <ADBB75F3-E20C-4EC4-B9C3-EF2E4BFF409C@phonefromhere.com> <CAD5OKxvuEV8Vbq3h7=ZgcKmREjmguvz5n-SpXr2n-EY7a_ddxg@mail.gmail.com> <CALiegfk1ozOKPcDjbd3H_z2Edzh4RcZpYyJSWdw_1DJ04muQXA@mail.gmail.com> <CAD5OKxu8-+0O0=eE7mD1hi=nPUpEXczGj=bRNQCQL1BW8c-c-Q@mail.gmail.com>
In-Reply-To: <CAD5OKxu8-+0O0=eE7mD1hi=nPUpEXczGj=bRNQCQL1BW8c-c-Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.0.0.30]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <FDB1177B37C0B94C8A1B478880D71EE2@acmepacket.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAQAAAWE=
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2012 22:23:59 -0000

While I sympathize with the concern that requiring SRTP (regardless of how the key is learned) is a burden for those use-cases that literally don't care about SRTP and for which it does not matter, such as a weather announcement service or an IETF meeting broadcast, I really think you're 'throwing out the baby with the bath-water' to propose we either get everything or nothing.  People won't have the identity-stuff for some time, and it won't be painless to make it work and deployed.  So what you're basically saying is "you only get RTP because you can't prove end-to-end security".  But such "proof" rarely exists even today.

Today, when you do Email or IM over HTTPS or SMTPS, that email or IM only goes secure to the server you're doing SMTPS or HTTPS with.  You have no assurance whatsoever that it stays secure from that point on, nor that the server doesn't log the email/IM in its entirety.  But that doesn't mean there's no value in using HTTPS/SMTPS to reach that first server.  Quite the contrary, there's significant value in it.  Just like there's value in using HTTPS to reach a web store-front when purchasing using a credit-card, even though you have no idea what the security is between the web-store and your actual credit-card company.

In the WebRTC context, for example, I would expect a quite-popular use-case for WebRTC to be Business websites, such as web-storefronts, or customer-support sites, or airline/hotel ticket/reservations/upgrades sites, etc.  When connecting to the web-page of those sites, I would expect them to be HTTPS once I got to some point of the click-flow process, if not from the beginning.  If I click a "talk to us for help" button, I would expect that to be secure as well, as much as the HTTPS portion was anyway.  In this context, only allowing them to use RTP is silly.  SDES is reasonably secure in this context, because there is no other domain the call is going to.  Yes, they have my SRTP key - doesn't matter; yes they can log my call - doesn't matter.  But at least my media is secure from my laptop to their server's domain - and that does matter, and it's all I ever got from using HTTPS.

-hadriel


On Mar 19, 2012, at 2:15 PM, Roman Shpount wrote:

> I guess my question is, when are we going to tell the user that connection is "secure"? What I really do not want is making the distinction between secured and unsecured connection so muddy, that a normal user will never be able to understand the difference and will agree to anything. Because of this, I would like to see that if connection is over DTLS-SRTP with a remove party verified by an identity provider, user would be asked if they would like to communicate with remote party XYZ. If this is anything else, (DTLS-SRTP with no identity, SDES-SRTP, or even plain RTP), user should be asked either to allow unsecure communication with an unknown party, or, completely prohibited to do so. 
> 
> I do not see the difference, as far as security is concerned, between SDES-SRTP and plain RTP. If we allow SDES-SRTP for compatibility reasons, we might as well allow plain RTP. It would be compatible with more devices and as insecure as SDES-SRTP. There is no requirement that WebRTC application must use HTTPS for signaling. If the application is using HTTP, all the "sitting in the airport" examples are as unsecured with SDES-SRTP as they are with plain RTP.
> 
> I do not think we would be able to force WebRTC application developers to create a secure application unless they would decide to create care and effort to develop it as such. Our goal should be to provide application developers with tools that would allow them to create secure applications and with mechanisms that would allow users to identify when their communications are actually secure. Everything else is just adding random requirements to the standard.
> _____________
> Roman Shpount
> 
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email