IETF Logo Mail Archive

Re: [rtcweb] Resolving RTP/SDES question in Paris

Roman Shpount <roman@telurix.com> Fri, 23 March 2012 17:29 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE17821F85E0 for <rtcweb@ietfa.amsl.com>; Fri, 23 Mar 2012 10:29:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.808
X-Spam-Level:
X-Spam-Status: No, score=-2.808 tagged_above=-999 required=5 tests=[AWL=0.168, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oMQ70EArhMt2 for <rtcweb@ietfa.amsl.com>; Fri, 23 Mar 2012 10:29:56 -0700 (PDT)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 149FA21F85DB for <rtcweb@ietf.org>; Fri, 23 Mar 2012 10:29:55 -0700 (PDT)
Received: by ggmi1 with SMTP id i1so3291398ggm.31 for <rtcweb@ietf.org>; Fri, 23 Mar 2012 10:29:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=3y16O56Y4yHUeK3LN/+vAaWY1ofFJtQWtep55Q+k5kA=; b=IWFaUjABUaN0ExTkN9xrW1+sXJjRuvlvd+jiHXfxmFIW1P1fc1YbOl2Bg6sGzaY1mS /WEUbT8TUgdoSlZzXxinoxhg7WCEYXxVQNQfi4lpPFbqwI2j/JC2gGIMkLf+sTYZjdEm YGoq/8v0wC5SHLDkindtcPYuktxV0abko5n+BtkOHyb3dgtq5/YIStT/JP5P1Xa66ooy OAxUVcLGFgbR5FUxDOBIAJSZYg/ODpmkoKKnFK3lvfkTFGCMnPO8YWnQe0Lsq+Hva2Af f2erRknsUB/XVSOeMHfbCKxDw5pjCD2KxwIXfVlhRWajR2R9RKuE+D6sGaeVAvtdU8Sj 5rAA==
Received: by 10.68.216.6 with SMTP id om6mr31221661pbc.117.1332523794679; Fri, 23 Mar 2012 10:29:54 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by mx.google.com with ESMTPS id k3sm6233964pbd.17.2012.03.23.10.29.53 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 23 Mar 2012 10:29:54 -0700 (PDT)
Received: by pbbrq13 with SMTP id rq13so2902882pbb.31 for <rtcweb@ietf.org>; Fri, 23 Mar 2012 10:29:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.201.98 with SMTP id jz2mr30748601pbc.97.1332523792813; Fri, 23 Mar 2012 10:29:52 -0700 (PDT)
Received: by 10.68.6.67 with HTTP; Fri, 23 Mar 2012 10:29:52 -0700 (PDT)
In-Reply-To: <062901cd0905$e48bb520$ada31f60$@com>
References: <4F4759DC.7060303@ericsson.com> <387F9047F55E8C42850AD6B3A7A03C6C0E1FEB69@inba-mail01.sonusnet.com> <CALiegfnkYVEpmPV-zSL_4wOY-HiFZN-qJCQCiioaS=5NaqhLZw@mail.gmail.com> <CAD5OKxvtOAxMBx6xDnyfTnEq76oDEm6uj1xL6wGjjrtKUAHy3g@mail.gmail.com> <CABcZeBNZiotPmCfT53uEo+O0xw4xv6tXW1M_G-3A5BHuncsduA@mail.gmail.com> <CAD5OKxvYOY5JZ2mYNGiH1poUBQkyOOycePFijH5H+SxtcdqujQ@mail.gmail.com> <CABkgnnVe-b6Sv=R67bMJk_NQqQwdrRUn6rBm7Gu_CMcfPQwtEg@mail.gmail.com> <4F64FE98.3070605@alcatel-lucent.com> <4F685ED9.2050109@alvestrand.no> <CAD5OKxsVp7px9bHAgxgdqPMxRgppcVUDKt8JHBhyq9qqW3pAMg@mail.gmail.com> <4F68A4CC.9090306@alvestrand.no> <CAD5OKxuiApLKRASc2YuBfkM_8h8wGDPPQ3TdOYGum2yauidA5A@mail.gmail.com> <4F6AECC6.8020004@alvestrand.no> <CAD5OKxsSUeMFYXZMZVqQFWdeEB=30HJuJ=mP9GaYkksBmp1mOA@mail.gmail.com> <03fa01cd087d$57899120$069cb360$@com> <387F9047F55E8C42850AD6B3A7A03C6C0E21E8F5@inba-mail01.sonusnet.com> <062901cd0905$e48bb520$ada31f60$@com>
Date: Fri, 23 Mar 2012 13:29:52 -0400
Message-ID: <CAD5OKxtPE7zxe9F9bpsY9hoHeRPM8RKXS9KGcrfpFQw7=UcNWg@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Dan Wing <dwing@cisco.com>
Content-Type: multipart/alternative; boundary="047d7b15aee9534f2304bbec5f21"
X-Gm-Message-State: ALoCoQnJ5A6ju2L7tKNrPvI79hzk5QhpQ5ppqQY6NmnRI9bIMfzXjlyN1c6+glPsQWQ6XYIU5SwI
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Mar 2012 17:29:56 -0000

On Fri, Mar 23, 2012 at 11:01 AM, Dan Wing <dwing@cisco.com> wrote:

>
> 'Double encryption' is done because it's the only way to achieve
> security at various layers.
>
>
Probably a side note, but double encryption is often done since each
encryption layer serves completely different purposes.

In case of organizations that care about security of their communications
(such as NSA), it is not only the content of the communication, but the
fact that communication took place between certain parties is a secret. For
example, the fact that president is calling Israeli prime minister in the
middle of the night usually means that something significant is about to
happen and normally is a national secret, even if the content of such
conversation is unknown. To prevent eavesdropping on the communication
parties, some sort of VPN protocol such IPsec is used.

On the other hand, parties that are involved in the secure communication
need to confirm each others identities and ensure that only identified
parties will receive contents of the communication. This is insured by
HTTPS with SRTP in case of WebRTC, or by SIPS with SRTP in case of NSA
deployment.

Bottom line, in most cases double encryption is a required feature and not
a bug.
_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email