IETF Logo Mail Archive

Re: [rtcweb] SRTP not mandatory-to-use

Bernard Aboba <bernard_aboba@hotmail.com> Tue, 03 January 2012 23:08 UTC

Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9CE511E80AF for <rtcweb@ietfa.amsl.com>; Tue, 3 Jan 2012 15:08:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.79
X-Spam-Level:
X-Spam-Status: No, score=-101.79 tagged_above=-999 required=5 tests=[AWL=0.808, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qWZumCEe0nri for <rtcweb@ietfa.amsl.com>; Tue, 3 Jan 2012 15:08:53 -0800 (PST)
Received: from blu0-omc1-s17.blu0.hotmail.com (blu0-omc1-s17.blu0.hotmail.com [65.55.116.28]) by ietfa.amsl.com (Postfix) with ESMTP id 1267C21F8440 for <rtcweb@ietf.org>; Tue, 3 Jan 2012 15:08:52 -0800 (PST)
Received: from BLU152-W46 ([65.55.116.9]) by blu0-omc1-s17.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Tue, 3 Jan 2012 15:08:52 -0800
Message-ID: <BLU152-W469B2EB104C104547FC42393960@phx.gbl>
Content-Type: multipart/alternative; boundary="_bac056ba-285d-450d-b187-387d1e5d4802_"
X-Originating-IP: [24.17.217.162]
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: juberti@google.com, randell-ietf@jesup.org
Date: Tue, 03 Jan 2012 15:08:52 -0800
Importance: Normal
In-Reply-To: <CAOJ7v-1dziaA_ePCuMxjn6uhBgOH=ZVybUmLBwQi5qiuyOzDMA@mail.gmail.com>
References: <CAErhfrwu322=HTS0JZhum9EGfb73KmYS6CU_KMESyzEWhtvg2w@mail.gmail.com>, <CABcZeBOeg-O+6===5tk0haxC8nLxUQyEUFRES2FAoFEf00fKng@mail.gmail.com>, <CAErhfrxTKdo7Z+61x5ZcDt5ZM7C7ob5LNxMzwng_kk3Uqrp2_Q@mail.gmail.com>, <4F01A790.4060704@alvestrand.no> <4F02A061.60905@jesup.org>, <E44893DD4E290745BB608EB23FDDB762141EF8@008-AM1MPN1-042.mgdnok.nokia.com>, <4F035DD5.3050305@jesup.org>, <CAOJ7v-1dziaA_ePCuMxjn6uhBgOH=ZVybUmLBwQi5qiuyOzDMA@mail.gmail.com>
MIME-Version: 1.0
X-OriginalArrivalTime: 03 Jan 2012 23:08:52.0753 (UTC) FILETIME=[A9000010:01CCCA6C]
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] SRTP not mandatory-to-use
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2012 23:08:53 -0000

Justin Uberti said:

"If we make SRTP mandatory to use, people will figure out a way to make SRTP work in their scenarios. If we don't, people will continue to use the same old objections as to why they can't deploy SRTP.


SRTP isn't a panacea, but I think we have a chance to take a big step forward here."

[BA] In practice, the details of precisely how this is implemented make a difference. 

For example, it is quite different to require SRTP in all circumstances, versus say, recommending that SRTP be preferred by default but allowing RTP to be negotiated (via RFC 5939 or simple fallback).  

Requiring SRTP in all circumstances (e.g. offering RTP/SAVP(F) and not falling back or allowing negotiation of RTP/AVP(F)) would not preclude gateways from translating to RTP/AVP(F), without user knowledge.  

This would result in an illusion of security, compared with an actual negotiation which would apprise the user as to whether security is actually in place.

v2.23.0 | Report a Bug | By Email