IETF Logo Mail Archive

Re: [rtcweb] Retransmit: Summary of Alternatives for media keying

Hadriel Kaplan <HKaplan@acmepacket.com> Fri, 29 July 2011 14:18 UTC

Return-Path: <HKaplan@acmepacket.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33F9C21F8639 for <rtcweb@ietfa.amsl.com>; Fri, 29 Jul 2011 07:18:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.493
X-Spam-Level:
X-Spam-Status: No, score=-2.493 tagged_above=-999 required=5 tests=[AWL=0.106, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FmPPZFZPuJj4 for <rtcweb@ietfa.amsl.com>; Fri, 29 Jul 2011 07:17:59 -0700 (PDT)
Received: from ETMail2.acmepacket.com (etmail2.acmepacket.com [216.41.24.9]) by ietfa.amsl.com (Postfix) with ESMTP id 95A5E21F861E for <rtcweb@ietf.org>; Fri, 29 Jul 2011 07:17:59 -0700 (PDT)
Received: from mail.acmepacket.com (216.41.24.7) by ETMail2.acmepacket.com (216.41.24.9) with Microsoft SMTP Server (TLS) id 8.1.240.5; Fri, 29 Jul 2011 10:17:58 -0400
Received: from mailbox1.acmepacket.com ([216.41.24.12]) by mail ([127.0.0.1]) with mapi; Fri, 29 Jul 2011 10:17:58 -0400
From: Hadriel Kaplan <HKaplan@acmepacket.com>
To: Randell Jesup <randell1@jesup.org>
Date: Fri, 29 Jul 2011 10:17:57 -0400
Thread-Topic: [rtcweb] Retransmit: Summary of Alternatives for media keying
Thread-Index: AcxN+lDkxDcFJyDmQVGHT1fTiucesw==
Message-ID: <32007816-40BF-49AA-9275-0A9A4B51B52D@acmepacket.com>
References: <12BF9E55-662F-4762-9E47-2BBD3FA5FD93@acmepacket.com> <A444A0F8084434499206E78C106220CA08F1D75CF0@MCHP058A.global-ad.net> <2E6CBDE0-DA10-4792-8059-A01F554DB370@skype.net> <E1963869-9E21-4F1F-AB4A-E5D070CCA581@acmepacket.com> <55C78CA7-292C-4E0E-901B-83B7614C2F32@skype.net> <4E31DAAB.5030606@jesup.org> <2BE95AAB-722C-472C-B624-CF91AE7D75EF@skype.net> <4E32AEC3.8080804@jesup.org>
In-Reply-To: <4E32AEC3.8080804@jesup.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAQAAAUA=
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Retransmit: Summary of Alternatives for media keying
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2011 14:18:00 -0000

On Jul 29, 2011, at 8:59 AM, Randell Jesup wrote:

> No disagreement at all.   I'm discussing that DTLS-SRTP is vulnerable 
> (to a degree) to MITM
> attacks, which is well-known, if you don't have a known-secure signaling 
> channel.  I'm not making the
> argument that Hadriel is.
> 

But that *is* the argument I was making. (or at least trying to :)  
I certainly wasn't claiming SDES nor RTP are as secure as DTLS-SRTP could be.

What I said to start this whole thing was: the two alternatives should not be described as choosing between secure and insecure.  BOTH alternatives require the user to verify something for the call to be secure.  BOTH alternatives have the potential to be very secure.  That is all.

BTW, I am assuming of course that even if we choose the alternative of DTLS+SDES+RTP, that DTLS would always be preferred, and if the peer cannot do it then SDES, and if the peer can't do that then RTP. (assuming the human has set whatever browser knobs are necessary to enable/disable this stuff)
So between two RTCWEB browsers it would always be DTLS-SRTP.

-hadriel

v2.23.0 | Report a Bug | By Email