IETF Logo Mail Archive

Re: [rtcweb] Retransmit: Summary of Alternatives for media keying

Hadriel Kaplan <HKaplan@acmepacket.com> Fri, 29 July 2011 14:53 UTC

Return-Path: <HKaplan@acmepacket.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB8ED21F8C50 for <rtcweb@ietfa.amsl.com>; Fri, 29 Jul 2011 07:53:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.496
X-Spam-Level:
X-Spam-Status: No, score=-2.496 tagged_above=-999 required=5 tests=[AWL=0.103, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sRdfD3CUpVgq for <rtcweb@ietfa.amsl.com>; Fri, 29 Jul 2011 07:53:00 -0700 (PDT)
Received: from ETMail2.acmepacket.com (etmail2.acmepacket.com [216.41.24.9]) by ietfa.amsl.com (Postfix) with ESMTP id 4B8E721F8C46 for <rtcweb@ietf.org>; Fri, 29 Jul 2011 07:52:59 -0700 (PDT)
Received: from mail.acmepacket.com (216.41.24.7) by ETMail2.acmepacket.com (216.41.24.9) with Microsoft SMTP Server (TLS) id 8.1.240.5; Fri, 29 Jul 2011 10:52:56 -0400
Received: from mailbox1.acmepacket.com ([216.41.24.12]) by mail ([127.0.0.1]) with mapi; Fri, 29 Jul 2011 10:52:55 -0400
From: Hadriel Kaplan <HKaplan@acmepacket.com>
To: Matthew Kaufman <matthew.kaufman@skype.net>
Date: Fri, 29 Jul 2011 10:52:53 -0400
Thread-Topic: [rtcweb] Retransmit: Summary of Alternatives for media keying
Thread-Index: AcxN/zL2Q3Y98d4WQHOGIN8Jq2qF9Q==
Message-ID: <35B25C39-9813-4A1A-8990-74D536D3DBC1@acmepacket.com>
References: <12BF9E55-662F-4762-9E47-2BBD3FA5FD93@acmepacket.com> <A444A0F8084434499206E78C106220CA08F1D75CF0@MCHP058A.global-ad.net> <2E6CBDE0-DA10-4792-8059-A01F554DB370@skype.net> <E1963869-9E21-4F1F-AB4A-E5D070CCA581@acmepacket.com> <55C78CA7-292C-4E0E-901B-83B7614C2F32@skype.net> <4E31DAAB.5030606@jesup.org> <2BE95AAB-722C-472C-B624-CF91AE7D75EF@skype.net> <4E32AEC3.8080804@jesup.org> <32007816-40BF-49AA-9275-0A9A4B51B52D@acmepacket.com> <7CC0E354-685D-47BB-9426-AE5B4CC9DD4F@skype.net>
In-Reply-To: <7CC0E354-685D-47BB-9426-AE5B4CC9DD4F@skype.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAQAAAUA=
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>, Randell Jesup <randell1@jesup.org>
Subject: Re: [rtcweb] Retransmit: Summary of Alternatives for media keying
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2011 14:53:01 -0000

On Jul 29, 2011, at 10:30 AM, Matthew Kaufman wrote:

>> What I said to start this whole thing was: the two alternatives should not be described as choosing between secure and insecure.  BOTH alternatives require the user to verify something for the call to be secure.  BOTH alternatives have the potential to be very secure.  That is all.
> 
> I suppose that depends on what you mean by "the potential to be very secure"... certainly plain RTP *might* be secure, if it never leaves your desktop.

Yeah I should have clarified.  I meant since the alternative of DTLS+SDES+RTP includes DTLS-SRTP, and the human can verify it, and I assume DTLS-SRTP would always be preferred... then it has the potential to be very secure. (namely if DTLS-SRTP is used and the human verifies it)

In other words, both Alternative A and B have the ability to use DTLS-SRTP in the same way.  The only difference is Alternative A (DTLS only) would fail if trying to talk to someone who can't do DTLS-SRTP.  Alternative B would still succeed in letting people talk.

-hadriel

v2.23.0 | Report a Bug | By Email