IETF Logo Mail Archive

[rtcweb] SDES vs DTLS-SRTP revisited

Oscar Ohlsson <oscar.ohlsson@ericsson.com> Fri, 16 March 2012 15:05 UTC

Return-Path: <oscar.ohlsson@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08DB921F8620 for <rtcweb@ietfa.amsl.com>; Fri, 16 Mar 2012 08:05:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.499
X-Spam-Level:
X-Spam-Status: No, score=-9.499 tagged_above=-999 required=5 tests=[AWL=1.100, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DHaGVDt17tXB for <rtcweb@ietfa.amsl.com>; Fri, 16 Mar 2012 08:05:00 -0700 (PDT)
Received: from mailgw9.se.ericsson.net (mailgw9.se.ericsson.net [193.180.251.57]) by ietfa.amsl.com (Postfix) with ESMTP id BC4CB21F8690 for <rtcweb@ietf.org>; Fri, 16 Mar 2012 08:04:56 -0700 (PDT)
X-AuditID: c1b4fb39-b7bf2ae0000069a1-b0-4f6356972fef
Received: from esessmw0184.eemea.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw9.se.ericsson.net (Symantec Mail Security) with SMTP id B3.71.27041.796536F4; Fri, 16 Mar 2012 16:04:55 +0100 (CET)
Received: from ESESSCMS0360.eemea.ericsson.se ([169.254.1.52]) by esessmw0184.eemea.ericsson.se ([10.2.3.53]) with mapi; Fri, 16 Mar 2012 16:04:55 +0100
From: Oscar Ohlsson <oscar.ohlsson@ericsson.com>
To: "rtcweb@ietf.org" <rtcweb@ietf.org>
Date: Fri, 16 Mar 2012 16:04:54 +0100
Thread-Topic: SDES vs DTLS-SRTP revisited
Thread-Index: Ac0DhiTZFdGaLfl3RVuAK/k9UNVsBQ==
Message-ID: <A1B638D2082DEA4092A268AA8BEF294D194494CE64@ESESSCMS0360.eemea.ericsson.se>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: sv-SE, en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAA==
Subject: [rtcweb] SDES vs DTLS-SRTP revisited
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Mar 2012 15:05:01 -0000

Hi,

There were a couple of things that I didn't explain properly in my SDES vs DTLS-SRTP presentation at the interim meeting. Since time will be short at the next meeting as well, I thought I would try to explain myself in an email.

I noticed that the discussion quickly turned into a direct comparison of the two protocols. When this happens DTLS-SRTP definitely comes out as the winner and trying to defend SDES just seems foolish. But this is not the right focus of the discussion IMO. We should be looking at the system as a whole and determine more exactly the scenarios where SDES poses a security risk.

The first major argument against SDES is that it doesn't offer forward secrecy. Obviously, if the remote endpoint does not support DTLS-SRTP you have to switch to SDES or plain RTP at some point. And from that point and onwards you will never have forward secrecy. The only difference is that the conversion point is moved slightly to the left (one step?) when SDES is supported. However, if web developers starts using SDES without reason (i.e. when the remote endpoint is a browser) then I agree that the lack of forward secrecy is a problem. Do people on this list believe this will be the case? Can it be prevented somehow?

The second major argument is that SDES makes it possible for the service provider to intercept calls undetectable. I've been thinking about this for some time but still haven't understood the problem completely. Say that you're on a call and want to determine if the service provider is listening in:

Case 1: Both endpoints support DTLS-SRTP (can be determined by asking the other party)

If SDES is used you directly conclude that something fishy is going on and hang up. If DTLS-SRTP is used you compare fingerprints and hang up if they don't match. (I've assumed that a user can view detailed security information in the browser).

Case 2: The other endpoint does not support DTLS-SRTP

Regardless of whether SDES is allowed or not you will never be able to tell if the call is being intercepted. The best thing to do in this case is probably to simply hang up.

Does the fingerprint mismatch in case 1 somehow serve as a stronger indication that the call is being intercepted? What action would a suspicious user take besides hanging up? I would be happy if someone could explain this to me.

Regards,

Oscar Ohlsson

v2.23.0 | Report a Bug | By Email