Re: [rtcweb] Fwd: New Version Notification for draft-kaufman-rtcweb-security-ui-00.txt
Alan Johnston <alan.b.johnston@gmail.com> Thu, 07 July 2011 13:44 UTC
Return-Path: <alan.b.johnston@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABC9321F867A for <rtcweb@ietfa.amsl.com>; Thu, 7 Jul 2011 06:44:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 89275Veyu4dw for <rtcweb@ietfa.amsl.com>; Thu, 7 Jul 2011 06:44:07 -0700 (PDT)
Received: from mail-gw0-f44.google.com (mail-gw0-f44.google.com [74.125.83.44]) by ietfa.amsl.com (Postfix) with ESMTP id D566221F863B for <rtcweb@ietf.org>; Thu, 7 Jul 2011 06:44:06 -0700 (PDT)
Received: by gwb20 with SMTP id 20so451459gwb.31 for <rtcweb@ietf.org>; Thu, 07 Jul 2011 06:44:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=AzSbgXlyQQWYd89TECErfcJ8acH1N1YBa9hSWtXSDE4=; b=b23nQbAIz/y9M3d2lDNDYEu8aebGxCPQB6UBBAYO1yzNZoeQUjnvnskl3n2SiwLzeI m6oANvbWX02QyZSu4ucylxn/RV5R5jb84fFFnWMOkZcoEQmojr61vnJsmMXCPKpTLHZ5 BGiiheI41gcOWJ0Php13zY1H3s/xeB3+YNIR4=
MIME-Version: 1.0
Received: by 10.150.170.12 with SMTP id s12mr987255ybe.191.1310046239990; Thu, 07 Jul 2011 06:43:59 -0700 (PDT)
Received: by 10.151.114.1 with HTTP; Thu, 7 Jul 2011 06:43:59 -0700 (PDT)
In-Reply-To: <9D227A73-B310-4226-90C8-AFD9963C5022@skype.net>
References: <20110629233542.25579.52406.idtracker@ietfa.amsl.com> <9D227A73-B310-4226-90C8-AFD9963C5022@skype.net>
Date: Thu, 07 Jul 2011 08:43:59 -0500
Message-ID: <CAKhHsXGUSEZzjY09-ybo_OUs0fgYXfDhPVntoZhkA5bav5e8GA@mail.gmail.com>
From: Alan Johnston <alan.b.johnston@gmail.com>
To: rtcweb@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: prz@mit.edu
Subject: Re: [rtcweb] Fwd: New Version Notification for draft-kaufman-rtcweb-security-ui-00.txt
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2011 13:44:07 -0000
This is a reasonable start to expressing in requirement form some of the ideas described in draft-johnston-rtcweb-media-privacy and that I presented on the interim call. Some additional comments: At the start, it should be made clear that the UI described is the browser UI and not anything rendered by the web page. This is described in the last requirement of Section 2, but it needs to be clearly stated up front. Most of the UI descriptions seem to be described in terms of an inspector - with additional clicks a user can determine additional information about the media session, which is reasonable. However, if we do allow non-encrypted media sessions (which I really hope we do not - this goes against the current direction of web security in moving from http to https), then the encrypted/non encrypted state needs to be visible as much as possible, in the same way that a user does not need to click anything to see if http or https is in use. Of course, full screen modes and other considerations can limit this. " If the transmission is encrypted, the "security characteristics" MUST include an indication as to the source of the keying material, particularly whether the keying material was delivered out-of-band (from a server) or was generated as a result of a pairwise negotiation." I think I understand and agree with this requirement. However, I think we can do better in our description of the keying material. I think the distinction we are after is whether the keying material was derived directly between the browsers, or between the browser and the server. " If possible for the cryptosystem in use, the "security characteristics" MUST include information regarding the authenticity of the far station identity. (For example, in the case of a self- signed certificate with RSA key the contents of the certificate and the key fingerprint.)" I'm not sure about this one. Unless a PKI is in use, I don't think there is any useful identity information that can be derived. I've been told in the past that "self signed certificates" are actually just containers for a public key, and as such none of the information is useful. Also, I don't understand the value in providing a key fingerprint to a user. This might be useful for debugging, but it isn't of use to users. Ekr has provided a reference in the past why this is so. " If possible for the cryptosystem in use, the "security characteristics" SHOULD include a Short Authentication String which may be used by the user to authenticate the far station identity and keying integrity (specifically, the presence or lack of a man-in-the- middle that may be in collusion with the service provider to attempt to bypass authentication tests) by communicating this string out-of- band with the far party." I think providing a SAS is very important, so I believe this requirement to be a MUST. Also, this wording about "if possible" might be interpreted to mean "if ZRTP is used". I think having an SAS is valuable for any keying method that is browser to browser - I don't think it has any value for broswer to server keying. Since the SAS is just an algorithm based on the secret key used, it should be be possible to derive one for other keying approaches. However, we will need help from crypto experts to make sure the SAS is of sufficient length and derived correctly to make it useful. I recall with ZRTP that we were able to utilize such a short SAS due to the hash commitment design - other keying methods will need a similar analysis. Looking forward to the discussion of these issues in Quebec City. - Alan - On Wed, Jun 29, 2011 at 6:38 PM, Matthew Kaufman <matthew.kaufman@skype.net> wrote: > I wrote up a first pass at browser requirements for a media security > inspector in browsers. > Matthew Kaufman > > Begin forwarded message: > > From: internet-drafts@ietf.org > Date: June 29, 2011 4:35:42 PM PDT > To: matthew.kaufman@skype.net > Cc: matthew.kaufman@skype.net > Subject: New Version Notification for > draft-kaufman-rtcweb-security-ui-00.txt > > A new version of I-D, draft-kaufman-rtcweb-security-ui-00.txt has been > successfully submitted by Matthew Kaufman and posted to the IETF repository. > > Filename: draft-kaufman-rtcweb-security-ui > Revision: 00 > Title: Client Security User Interface Requirements for RTCWEB > Creation date: 2011-06-30 > WG ID: Individual Submission > Number of pages: 4 > > Abstract: > This document calls for a requirement to be imposed on RTCWEB client > user interfaces whereby the user may inspect the current media > security status. > > > > > The IETF Secretariat > > > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb > >
- [rtcweb] Fwd: New Version Notification for draft-… Matthew Kaufman
- Re: [rtcweb] Fwd: New Version Notification for dr… Alan Johnston