Re: [rtcweb] New use-case proposed
"Henry Lum" <Henry.Lum@genesyslab.com> Fri, 11 May 2012 17:26 UTC
Return-Path: <Henry.Lum@genesyslab.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EE0C21F86BD for <rtcweb@ietfa.amsl.com>; Fri, 11 May 2012 10:26:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.165
X-Spam-Level:
X-Spam-Status: No, score=-2.165 tagged_above=-999 required=5 tests=[AWL=0.433, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dHvlsuLcIBTo for <rtcweb@ietfa.amsl.com>; Fri, 11 May 2012 10:26:57 -0700 (PDT)
Received: from relay-out1.dc.genesyslab.com (relay-out1.dc.genesyslab.com [198.49.180.220]) by ietfa.amsl.com (Postfix) with ESMTP id 786C321F86A0 for <rtcweb@ietf.org>; Fri, 11 May 2012 10:26:57 -0700 (PDT)
Received: from g2.genesyslab.com (g2.genesyslab.com [192.168.20.138]) by relay-out1.dc.genesyslab.com (8.13.8+Sun/8.13.8) with ESMTP id q4BHQpj6009895; Fri, 11 May 2012 10:26:51 -0700 (PDT)
Received: from NAHALD.us.int.genesyslab.com ([192.168.20.92]) by g2.genesyslab.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 11 May 2012 10:26:51 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CD2F9B.409B1582"
Date: Fri, 11 May 2012 10:26:30 -0700
Message-ID: <059AF07365DC474393A19A3AF187DF74087F7090@NAHALD.us.int.genesyslab.com>
In-Reply-To: <CAD5OKxtWq+Gh1wRTo2ZkCH6AdNXfsu7ipzDO+J=wBzNMJ4h3Nw@mail.gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [rtcweb] New use-case proposed
Thread-Index: Ac0vktJlEshr9v/oTQmFzvYLBTcEywAB5w9A
References: <4FAD0D8C.7020701@ericsson.com><4FAD3C87.8080908@alvestrand.no> <CAD5OKxtWq+Gh1wRTo2ZkCH6AdNXfsu7ipzDO+J=wBzNMJ4h3Nw@mail.gmail.com>
From: Henry Lum <Henry.Lum@genesyslab.com>
To: Roman Shpount <roman@telurix.com>, Harald Alvestrand <harald@alvestrand.no>
X-OriginalArrivalTime: 11 May 2012 17:26:51.0813 (UTC) FILETIME=[40DACD50:01CD2F9B]
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] New use-case proposed
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2012 17:26:58 -0000
I agree as well since based on our testing for a simple media bridge that SRTP re-encryption adds a similar amount of CPU load (around 10%). Henry From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf Of Roman Shpount Sent: May-11-12 12:26 PM To: Harald Alvestrand Cc: rtcweb@ietf.org Subject: Re: [rtcweb] New use-case proposed +1 I have provided the CPU requirements for doing SRTP re-encryption before. Bottom line, on the real conferencing service encryption adds about 10% extra CPU load. There is no benefit in compromising security to avoid re-encrypting. _____________ Roman Shpount On Fri, May 11, 2012 at 12:21 PM, Harald Alvestrand <harald@alvestrand.no> wrote: I propose to reject this use case because it requires yet another security redesign. The clue is here: - The keying solution must allow each participants to encrypt to multiple receivers without any decryption+encryption in the middle node This means that each participant must use the same encryption keys to all other participants; this in turn means that when someone leaves the group, all participants must change their encryption keys; it also means that as long as shared keys are used for authentication, all participants can impersonate all other participants. In fact, this solution has most of the issues (except for the network layer deployment issue) that leads me to strongly advocate leaving multicast out of scope for this effort. Harald _______________________________________________ rtcweb mailing list rtcweb@ietf.org https://www.ietf.org/mailman/listinfo/rtcweb
- Re: [rtcweb] New use-case proposed Magnus Westerlund
- Re: [rtcweb] New use-case proposed Roman Shpount
- Re: [rtcweb] New use-case proposed Göran Eriksson AP
- [rtcweb] New use-case proposed Stefan Hakansson LK
- Re: [rtcweb] New use-case proposed Justin Uberti
- Re: [rtcweb] New use-case proposed Göran Eriksson AP
- Re: [rtcweb] New use-case proposed Harald Alvestrand
- Re: [rtcweb] New use-case proposed Henry Lum
- Re: [rtcweb] New use-case proposed Harald Alvestrand
- Re: [rtcweb] New use-case proposed Göran Eriksson AP
- Re: [rtcweb] New use-case proposed Dan Wing
- Re: [rtcweb] New use-case proposed Marshall Eubanks
- Re: [rtcweb] New use-case proposed Dan Wing
- Re: [rtcweb] New use-case proposed Michael Welzl
- Re: [rtcweb] New use-case proposed Magnus Westerlund
- Re: [rtcweb] New use-case proposed Oscar Ohlsson