IETF Logo Mail Archive

Re: [rtcweb] SRTP not mandatory-to-use

Bernard Aboba <bernard_aboba@hotmail.com> Thu, 05 January 2012 18:01 UTC

Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 367BB21F87FF for <rtcweb@ietfa.amsl.com>; Thu, 5 Jan 2012 10:01:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.888
X-Spam-Level:
X-Spam-Status: No, score=-100.888 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, SARE_MILLIONSOF=0.315, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K4jH7NMGwNDI for <rtcweb@ietfa.amsl.com>; Thu, 5 Jan 2012 10:01:09 -0800 (PST)
Received: from blu0-omc1-s3.blu0.hotmail.com (blu0-omc1-s3.blu0.hotmail.com [65.55.116.14]) by ietfa.amsl.com (Postfix) with ESMTP id 635E821F87F6 for <rtcweb@ietf.org>; Thu, 5 Jan 2012 10:01:06 -0800 (PST)
Received: from BLU0-P2-EAS129 ([65.55.116.7]) by blu0-omc1-s3.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 5 Jan 2012 10:01:06 -0800
X-Originating-IP: [74.92.226.89]
X-Originating-Email: [bernard_aboba@hotmail.com]
Message-ID: <BLU0-P2-EAS1294593E93A5691FDEF389293940@phx.gbl>
References: <CAErhfrwu322=HTS0JZhum9EGfb73KmYS6CU_KMESyzEWhtvg2w@mail.gmail.com> <CABcZeBOeg-O+6===5tk0haxC8nLxUQyEUFRES2FAoFEf00fKng@mail.gmail.com> <CAErhfrxTKdo7Z+61x5ZcDt5ZM7C7ob5LNxMzwng_kk3Uqrp2_Q@mail.gmail.com> <4F01A790.4060704@alvestrand.no> <4F02A061.60905@jesup.org> <E44893DD4E290745BB608EB23FDDB762141EF8@008-AM1MPN1-042.mgdnok.nokia.com> <4F035DD5.3050305@jesup.org> <CAOJ7v-1dziaA_ePCuMxjn6uhBgOH=ZVybUmLBwQi5qiuyOzDMA@mail.gmail.com> <BLU152-W469B2EB104C104547FC42393960@phx.gbl> <CAD5OKxuE0VhSsjKggj1mLOseLeDXarujvAG44yHkuZttagJggw@mail.gmail.com> <CAKhHsXHnT2p7yncha5-BQ=-Lzk3-N+tuijM-UqwfP1mPUi173A@mail.gmail.com> <BLU152-W1140980759D89AC3C1D0CA93940@phx.gbl> <CA+9kkMBdX7YT1tPj5M3VrzAPKa6tXNGZVvvhjW9V4oOEC7g_kA@mail.gmail.com> <CAOJ7v-1_qMoHBb3K7rV=hG9EadqL=xn4KEdG0zdWnKZU9_TipQ@mail.gmail.com> <BLU152-W45A42F89F1A8A3B826DD1A93940@phx.gbl> <CA+9kkMBG3yFoOoUecxr_QYjX-V1sQ+U8XFhFuMj3joKPgVLUuw@mail.gmail.com>
Content-Transfer-Encoding: quoted-printable
From: Bernard Aboba <bernard_aboba@hotmail.com>
Content-Type: text/plain; charset="us-ascii"
In-Reply-To: <CA+9kkMBG3yFoOoUecxr_QYjX-V1sQ+U8XFhFuMj3joKPgVLUuw@mail.gmail.com>
Date: Thu, 05 Jan 2012 10:02:05 -0800
To: Ted Hardie <ted.ietf@gmail.com>
MIME-Version: 1.0 (1.0)
X-OriginalArrivalTime: 05 Jan 2012 18:01:06.0471 (UTC) FILETIME=[FF107B70:01CCCBD3]
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] SRTP not mandatory-to-use
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2012 18:01:10 -0000

Comments below.



On Jan 5, 2012, at 9:12, "Ted Hardie" <ted.ietf@gmail.com> wrote:

> Hi Bernard,
> 
> The threading must have gotten mixed up here, because the responses
> below are to me, not Justin.   Some further discussion in-line.
> 
> On Thu, Jan 5, 2012 at 12:03 AM, Bernard Aboba
> <bernard_aboba@hotmail.com> wrote:
>> 
>> Justin said:
>> 
>> 
>> Are they easier or harder to deploy than SRTP?
>> 
>> [BA] Having been involved in deployment of millions of SRTP endpoints, I
>> wouldn't say SRTP is hard to deploy.  Virtually *all* the pain comes from
>> key management.
>> 
>> The same thing is true of IKE/IPsec by the way.  When people complain about
>> IPsec, they almost always are talking about an IKE issue.
>> 
>> 
> 
> Thanks for the clarification.  But if we accept the current threat
> model (untrusted JS, where we wish to avoid revealing the SRTP keys to
> the application), I'm not sure that there is any way to avoid this.
> 
> I agree that increasing the number of variants will be a pain for
> gateway operators.   If there is something currently is deployed and
> meets the threat model, I am sure that there would be interest.  But
> shifting to something that reveals the keys to an untrusted part of
> the system seems to be the wrong approach for solving the problem, at
> least to me.

[BA] It might help to articulate the trust model in more detail. I understand the JS and web server arguments but with things like SBCs the notion can get muddled, particularly if media termination is envisaged.  


>> 
>> [BA] No objection to mandating implementation here.  SRTP is implemented in
>> sub-$100 devices, so it's no big deal.
> 
> Well, we've agreed to offer/answer as the basic model, but I think
> we're still discussing whether that means that includes negotiation of
> SRTP vs. RTP.
> 
> Nope, I'm saying that supporting that *plus* a negotiation that allows
> for vanilla RTP means we have to add other protections against bid
> down attacks.  Those protections men more code.
> 
> Hope that clarifies things,
> 
> Ted

[BA] Yes, it does.  Maybe it would help to separate parts of this discussion (SRTP vs. RTP, key mgmt, etc.).

v2.23.0 | Report a Bug | By Email