Re: [rtcweb] Traffic should be encrypted. (Re: Let's define the purpose of WebRTC)

[Harald Alvestrand <harald@alvestrand.no>]

On 11/10/2011 11:07 PM, Roman Shpount wrote:
>
> These arguments are not very strong and would not prevent WebRTC from 
> being used (except the illegal part). My main problem is that 
> mandatory encryption is not serving any useful purpose. I strongly 
> oppose the illusion of security when communications are not secure. If 
> an application is delivered over HTTP, the fact that media is 
> encrypted is irrelevant and provides no useful security. There is a 
> duality about web based applications with HTTP and HTTPS. I think 
> WebRTC should reflect this. 
I still don't get this. The same logic would say that there's no reason 
to use WPA for your home wireless network as long as you're only sending 
HTTP. Firesheep to the rescue.

Encryption of the media path protects you against *some* of the 
attackers *some* of the time.
Only a solidly designed end-to-end-protected mechanism, including safe 
storage of keying materials in locations where zero-day exploits can't 
get at them, will protect you against *all* the attackers *all* of the 
time (as long as the attackers didn't make your hardware, OS or 
application).

> There is a working model present for HTTP applications already (secure 
> document -- secure communications, insecure document -- insecure 
> communications), so I do not see the reason to break it.
I don't see that one working, either. Witness the number of HTTP sites 
that use HTTPS form submission (the document's vulnerable to attacker, 
yet sent over a trusted path), or the number of times my Chrome warns me 
about mixed content from well-renowned sites.

The current ecosystem is an out-and-out muddle, not a clean model. And 
the exploits are rife.