Re: [rtcweb] Fwd: New Version Notification for draft-kaufman-rtcweb-security-ui-00.txt

Alan Johnston <> Thu, 07 July 2011 13:44 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id ABC9321F867A for <>; Thu, 7 Jul 2011 06:44:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 89275Veyu4dw for <>; Thu, 7 Jul 2011 06:44:07 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id D566221F863B for <>; Thu, 7 Jul 2011 06:44:06 -0700 (PDT)
Received: by gwb20 with SMTP id 20so451459gwb.31 for <>; Thu, 07 Jul 2011 06:44:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=AzSbgXlyQQWYd89TECErfcJ8acH1N1YBa9hSWtXSDE4=; b=b23nQbAIz/y9M3d2lDNDYEu8aebGxCPQB6UBBAYO1yzNZoeQUjnvnskl3n2SiwLzeI m6oANvbWX02QyZSu4ucylxn/RV5R5jb84fFFnWMOkZcoEQmojr61vnJsmMXCPKpTLHZ5 BGiiheI41gcOWJ0Php13zY1H3s/xeB3+YNIR4=
MIME-Version: 1.0
Received: by with SMTP id s12mr987255ybe.191.1310046239990; Thu, 07 Jul 2011 06:43:59 -0700 (PDT)
Received: by with HTTP; Thu, 7 Jul 2011 06:43:59 -0700 (PDT)
In-Reply-To: <>
References: <> <>
Date: Thu, 07 Jul 2011 08:43:59 -0500
Message-ID: <>
From: Alan Johnston <>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [rtcweb] Fwd: New Version Notification for draft-kaufman-rtcweb-security-ui-00.txt
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 07 Jul 2011 13:44:07 -0000

This is a reasonable start to expressing in requirement form some of
the ideas described in draft-johnston-rtcweb-media-privacy and that I
presented on the interim call.  Some additional comments:

At the start, it should be made clear that the UI described is the
browser UI and not anything rendered by the web page.  This is
described in the last requirement of Section 2, but it needs to be
clearly stated up front.

Most of the UI descriptions seem to be described in terms of an
inspector - with additional clicks a user can determine additional
information about the media session, which is reasonable.  However, if
we do allow non-encrypted media sessions (which I really hope we do
not - this goes against the current direction of web security in
moving from http to https), then the encrypted/non encrypted state
needs to be visible as much as possible, in the same way that a user
does not need to click anything to see if http or https is in use.  Of
course, full screen modes and other considerations can limit this.

"  If the transmission is encrypted, the "security characteristics" MUST
   include an indication as to the source of the keying material,
   particularly whether the keying material was delivered out-of-band
   (from a server) or was generated as a result of a pairwise

I think I understand and agree with this requirement.  However, I
think we can do better in our description of the keying material.  I
think the distinction we are after is whether the keying material was
derived directly between the browsers, or between the browser and the

"   If possible for the cryptosystem in use, the "security
   characteristics" MUST include information regarding the authenticity
   of the far station identity.  (For example, in the case of a self-
   signed certificate with RSA key the contents of the certificate and
   the key fingerprint.)"

I'm not sure about this one.  Unless a PKI is in use, I don't think
there is any useful identity information that can be derived.  I've
been told in the past that "self signed certificates" are actually
just containers for a public key, and as such none of the information
is useful.  Also, I don't understand the value in providing a key
fingerprint to a user.  This might be useful for debugging, but it
isn't of use to users.  Ekr has provided a reference in the past why
this is so.

" If possible for the cryptosystem in use, the "security
   characteristics" SHOULD include a Short Authentication String which
   may be used by the user to authenticate the far station identity and
   keying integrity (specifically, the presence or lack of a man-in-the-
   middle that may be in collusion with the service provider to attempt
   to bypass authentication tests) by communicating this string out-of-
   band with the far party."

I think providing a SAS is very important, so I believe this
requirement to be a MUST.  Also, this wording about "if possible"
might be interpreted to mean "if ZRTP is used".  I think having an SAS
is valuable for any keying method that is browser to browser - I don't
think it has any value for broswer to server keying.  Since the SAS is
just an algorithm based on the secret key used, it should be be
possible to derive one for other keying approaches.  However, we will
need help from crypto experts to make sure the SAS is of sufficient
length and derived correctly to make it useful.   I recall with ZRTP
that we were able to utilize such a short SAS due to the hash
commitment design - other keying methods will need a similar analysis.

Looking forward to the discussion of these issues in Quebec City.

- Alan -

On Wed, Jun 29, 2011 at 6:38 PM, Matthew Kaufman
<> wrote:
> I wrote up a first pass at browser requirements for a media security
> inspector in browsers.
> Matthew Kaufman
> Begin forwarded message:
> From:
> Date: June 29, 2011 4:35:42 PM PDT
> To:
> Cc:
> Subject: New Version Notification for
> draft-kaufman-rtcweb-security-ui-00.txt
> A new version of I-D, draft-kaufman-rtcweb-security-ui-00.txt has been
> successfully submitted by Matthew Kaufman and posted to the IETF repository.
> Filename: draft-kaufman-rtcweb-security-ui
> Revision: 00
> Title: Client Security User Interface Requirements for RTCWEB
> Creation date: 2011-06-30
> WG ID: Individual Submission
> Number of pages: 4
> Abstract:
>   This document calls for a requirement to be imposed on RTCWEB client
>   user interfaces whereby the user may inspect the current media
>   security status.
> The IETF Secretariat
> _______________________________________________
> rtcweb mailing list