IETF Logo Mail Archive

Re: [rtcweb] SRTP and "marketing"

"Jim Barnett" <Jim.Barnett@genesyslab.com> Wed, 28 March 2012 22:31 UTC

Return-Path: <Jim.Barnett@genesyslab.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACABE21E80B3 for <rtcweb@ietfa.amsl.com>; Wed, 28 Mar 2012 15:31:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.519
X-Spam-Level:
X-Spam-Status: No, score=-2.519 tagged_above=-999 required=5 tests=[AWL=0.080, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vpnIbc1PP85m for <rtcweb@ietfa.amsl.com>; Wed, 28 Mar 2012 15:31:37 -0700 (PDT)
Received: from relay-out1.wc.genesyslab.com (relay-out1.wc.genesyslab.com [198.49.180.223]) by ietfa.amsl.com (Postfix) with ESMTP id EFE6A21E8134 for <rtcweb@ietf.org>; Wed, 28 Mar 2012 15:31:36 -0700 (PDT)
Received: from g2.genesyslab.com (g2.genesyslab.com [192.168.20.138]) by relay-out1.wc.genesyslab.com (8.13.8+Sun/8.13.8) with ESMTP id q2SMVUkS000404; Wed, 28 Mar 2012 15:31:30 -0700 (PDT)
Received: from NAHALD.us.int.genesyslab.com ([192.168.20.92]) by g2.genesyslab.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 28 Mar 2012 15:31:29 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 28 Mar 2012 15:31:10 -0700
Message-ID: <E17CAD772E76C742B645BD4DC602CD8105FBA6A4@NAHALD.us.int.genesyslab.com>
In-Reply-To: <5D67671F-417C-4C78-A560-0B16AC65E4E2@acmepacket.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [rtcweb] SRTP and "marketing"
Thread-Index: AQHNDS3wTtwICWEdGUmv8/XIx55mBJaASgFw
References: <4F72D6B3.40803@bbn.com> <5D67671F-417C-4C78-A560-0B16AC65E4E2@acmepacket.com>
From: Jim Barnett <Jim.Barnett@genesyslab.com>
To: Hadriel Kaplan <HKaplan@acmepacket.com>, "Richard L. Barnes" <rbarnes@bbn.com>
X-OriginalArrivalTime: 28 Mar 2012 22:31:29.0728 (UTC) FILETIME=[852A4C00:01CD0D32]
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] SRTP and "marketing"
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2012 22:31:37 -0000

Another point is that username/password authentication schemes aren't
really that secure - it's pretty easy to steal a username and password,
after all.  So there's not  really a binary
authenticated/unauthenticated switch.  It's more a matter of degree.  

- Jim

-----Original Message-----
From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf
Of Hadriel Kaplan
Sent: Wednesday, March 28, 2012 5:59 PM
To: Richard L. Barnes
Cc: <rtcweb@ietf.org>
Subject: Re: [rtcweb] SRTP and "marketing"


On Mar 28, 2012, at 11:15 AM, Richard L. Barnes wrote:

> Hadriel noted that the competitors to this technology are Skype and
Flash, and it's worth considering the security situation with these
technologies, because they kind of bracket RTCWEB.  With Skype (assuming
they've designed it properly), there is actually a universal
authentication, under a single authority.  So you really do know that
you're talking to whatever Skype ID you intend to, and nobody else. With
Flash, well, does anyone expect it to be secure anyway?

As far as I know, you don't actually "know" that with Skype.  You assume
it, because you trust Skype.  They could forge whatever identity they
wanted to, and they can insert a recording middlebox if they wanted to,
afaict.  No one is concerned about that.  They also have
skype-in/skype-out to/from the PSTN, and clearly in those cases they can
assert whatever identity they want, and record it all.  Again no one is
concerned.  Have you ever wondered why no one freaks out?


> What I'm concerned about in the RTCWEB context is that without a
universal authentication/identity infrastructure, we will end up
*promising* a secure call, but not *delivering* it.  I haven't done the
analysis, but it does not seem implausible to me that FireSheep-like
vulnerabilities are lurking here.
> So ISTM the "marketing" argument carries with it some serious risks as
well as some small possible benefit.


It was my understanding firesheep only works when the connection is
HTTP, because it sniffs the packets.  That's a real issue for RTP, not
for SRTP (in either SDES or DTLS cases).

Of course neither I nor anyone else can really foretell what the trade
press will say - but I remember what they said about SIP back when a
couple ARP-spoofing "attack" tools demonstrated how to intercept RTP and
play it, since I was in marketing at the time.  At the time, the
articles were only advocating people should use "SRTP" instead.  They
didn't care at all what the key-exchange protocol was.

-hadriel

_______________________________________________
rtcweb mailing list
rtcweb@ietf.org
https://www.ietf.org/mailman/listinfo/rtcweb

v2.30.2 | Report a Bug | By Email | System Status