Re: [rtcweb] Security Architecture: SDES support is a MUST

Harald Alvestrand <harald@alvestrand.no> Fri, 20 July 2012 13:27 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D11D221F85A4 for <rtcweb@ietfa.amsl.com>; Fri, 20 Jul 2012 06:27:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rDVuEWkqPNus for <rtcweb@ietfa.amsl.com>; Fri, 20 Jul 2012 06:27:02 -0700 (PDT)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id 39C6F21F8596 for <rtcweb@ietf.org>; Fri, 20 Jul 2012 06:27:02 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 5C84939E179 for <rtcweb@ietf.org>; Fri, 20 Jul 2012 15:27:57 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XO2b2KoBy-5m for <rtcweb@ietf.org>; Fri, 20 Jul 2012 15:27:56 +0200 (CEST)
Received: from [192.168.1.16] (unknown [188.113.88.47]) by eikenes.alvestrand.no (Postfix) with ESMTPSA id 3AC0939E091 for <rtcweb@ietf.org>; Fri, 20 Jul 2012 15:27:56 +0200 (CEST)
Message-ID: <50095CE7.6030202@alvestrand.no>
Date: Fri, 20 Jul 2012 15:28:07 +0200
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20120714 Thunderbird/14.0
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <201207190742.q6J7glf6008744@vivaldi29.register.it> <500834FE.5040809@alcatel-lucent.com> <500835E1.2070502@infosecurity.ch> <50084717.7060301@alcatel-lucent.com> <BLU169-DS1488EF1F32A1EB2027582093D90@phx.gbl> <5008F7B9.7020804@infosecurity.ch> <500957ED.90807@alvestrand.no> <50095AAC.7030104@infosecurity.ch>
In-Reply-To: <50095AAC.7030104@infosecurity.ch>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [rtcweb] Security Architecture: SDES support is a MUST
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jul 2012 13:27:02 -0000

On 07/20/2012 03:18 PM, Fabio Pietrosanti (naif) wrote:
> On 7/20/12 3:06 PM, Harald Alvestrand wrote:
>>> Current security definition of WebRTC does not support end-to-end
>>> security.
>> The current security definition of WebRTC (with DTLS) provides
>> fingerprints.
>> If the application is able to verify those fingerprints, security is end
>> to end; if it isn't - it isn't.
> The security specification already does specify how the fingerprint must
> be checked, against a third party system that must be trusted (unless
> there is some recent update i didn't still checked).
>
> The way the specification describe fingerprint must be checked, does not
> enforce end-to-end security but always rely on trusted third party,
> being IdP (identity providers).
>
> The only way to achieve end-to-end security is not to have any kind of
> trusted third party, as has been already discussed on
> http://www.ietf.org/mail-archive/web/rtcweb/current/msg04043.html .
That link is your request to have SAS considered mandatory.

I believe you got some support for that proposal, or at least some kind 
of availability of digest information that can be verified 
independently, but I do not believe that you got any support for having 
SAS be the one and only definition of "end to end security".

Thus, you may get support for your real request, but not for the 
language you use to describe it.
>
> Until WebRTC security architecture specification does not clearly define
> a peer-to-peer fingerprint verification system that does not rely on
> trusted third party it cannot be considered to provide end-to-end security.
>
> Fabio
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb