Re: [rtcweb] SRTP and "marketing"
Randell Jesup <randell-ietf@jesup.org> Thu, 29 March 2012 00:57 UTC
Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 310C021F857A for <rtcweb@ietfa.amsl.com>; Wed, 28 Mar 2012 17:57:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.233
X-Spam-Level:
X-Spam-Status: No, score=-2.233 tagged_above=-999 required=5 tests=[AWL=0.366, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3B4YKe+5YllN for <rtcweb@ietfa.amsl.com>; Wed, 28 Mar 2012 17:57:23 -0700 (PDT)
Received: from r2-chicago.webserversystems.com (r2-chicago.webserversystems.com [173.236.101.58]) by ietfa.amsl.com (Postfix) with ESMTP id 5EB5D21F8552 for <rtcweb@ietf.org>; Wed, 28 Mar 2012 17:57:23 -0700 (PDT)
Received: from pool-108-16-41-249.phlapa.fios.verizon.net ([108.16.41.249] helo=[192.168.1.12]) by r2-chicago.webserversystems.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <randell-ietf@jesup.org>) id 1SD3g2-0007pm-IM for rtcweb@ietf.org; Wed, 28 Mar 2012 19:57:22 -0500
Message-ID: <4F73B2B6.9080008@jesup.org>
Date: Wed, 28 Mar 2012 20:54:14 -0400
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20120312 Thunderbird/11.0
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <4F72D6B3.40803@bbn.com> <5D67671F-417C-4C78-A560-0B16AC65E4E2@acmepacket.com>
In-Reply-To: <5D67671F-417C-4C78-A560-0B16AC65E4E2@acmepacket.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r2-chicago.webserversystems.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jesup.org
X-Source:
X-Source-Args:
X-Source-Dir:
Subject: Re: [rtcweb] SRTP and "marketing"
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2012 00:57:24 -0000
On 3/28/2012 5:58 PM, Hadriel Kaplan wrote: > On Mar 28, 2012, at 11:15 AM, Richard L. Barnes wrote: > >> Hadriel noted that the competitors to this technology are Skype and Flash, and it's worth considering the security situation with these technologies, because they kind of bracket RTCWEB. With Skype (assuming they've designed it properly), there is actually a universal authentication, under a single authority. So you really do know that you're talking to whatever Skype ID you intend to, and nobody else. With Flash, well, does anyone expect it to be secure anyway? > As far as I know, you don't actually "know" that with Skype. You assume it, because you trust Skype. They could forge whatever identity they wanted to, and they can insert a recording middlebox if they wanted to, afaict. And they do. Very, very quietly I assume. (I.e. they're certainly subject to CALEA in the US for on-net calls, and I assume have a deal with the FCC/etc to cover it.) There have been a few public hints about this and similar deals with other countries. > No one is concerned about that. Define "no one" :-) > They also have skype-in/skype-out to/from the PSTN, and clearly in those cases they can assert whatever identity they want, and record it all. Again no one is concerned. Have you ever wondered why no one freaks out? People don't freak out because a) few realize it, b) most who do realize it's government mandated on them, and fighting it would likely be a huge losing proposition for them ($$$$). If I were a democracy activist in Iran or China other similar countries I would not assume Skype was safe (though in many of those countries it probably is, but probably not China). Those are just my assumptions; small on-net companies and services can fly under the radar or avoid touching things that force them to comply (I did that at Worldgate; no PSTN access == no CALEA). That doesn't mean I don't want to implement a truly secure communications ability. Note that by "secure" here I mean "I can detect if the service MITMd me" -- without reading cert phrases and preferably without having to install client certs and somehow build a working PKI. One idea we've had is a non-centralized WebRTC service built on distributed hash tables and a partial-mesh set of connections used to pass signaling on WebRTC (or other) data channels to set up calls, with some type of Id system to validate who you get connected to (since you can't really trust any of the nodes fully). If an intermediary node can downgrade you to SDES and sniff the keys, there is no security. An alternative would be to allow a hybrid: SDES at the start of a call and rekey over to DTLS-SRTP after the call is connected. If something blocks the DTLS connection it would be treated as a gateway-to-legacy/PSTN call (i.e. show no security, though it's secure against non-in-path attackers); if the DTLS connection is allowed, we can use it to rekey to DTLS-SRTP and to verify identity. This minimizes the risk of bid-down - the primary additional risk is that without initial SDES, to tap the signal you'd need to use a WebRTC-enabled B2BUA to accept the DTLS-SRTP connection and siphon it off. Also, a "good" gateway in a pure DTLS-SRTP world might have a identity established ("gateway@L3.com"); with SDES it wouldn't by default (but it could if it wanted to by rekeying via DTLS also). You also have a start-of-call risk where someone could see & hear until rekeying, and perhaps for a short while by blocking actual rekeying by dropping/corrupting DTLS packets, until the client either gives up or warns of no security. I'm still strongly in favor of pure DTLS-SRTP - as Harald and others say, less moving parts and less things that need to be secured. But this might be a useful compromise if we *need* to support SDES in some cases. -- Randell Jesup randell-ietf@jesup.org
- [rtcweb] SRTP and "marketing" Richard L. Barnes
- Re: [rtcweb] SRTP and "marketing" Harald Alvestrand
- Re: [rtcweb] SRTP and "marketing" Richard L. Barnes
- Re: [rtcweb] SRTP and "marketing" Mahalingam Mani
- [rtcweb] Identity and authorities (Re: SRTP and "… Harald Alvestrand
- Re: [rtcweb] SRTP and "marketing" Basil Mohamed Gohar
- Re: [rtcweb] SRTP and "marketing" Dan Wing
- Re: [rtcweb] SRTP and "marketing" Hadriel Kaplan
- Re: [rtcweb] SRTP and "marketing" Hadriel Kaplan
- Re: [rtcweb] SRTP and "marketing" Jim Barnett
- Re: [rtcweb] SRTP and "marketing" Randell Jesup
- Re: [rtcweb] SRTP and "marketing" Timothy B. Terriberry
- Re: [rtcweb] SRTP and "marketing" Roman Shpount
- Re: [rtcweb] SRTP and "marketing" Fabio Pietrosanti (naif)
- Re: [rtcweb] SRTP and "marketing" Fabio Pietrosanti (naif)
- Re: [rtcweb] SRTP and "marketing" Fabio Pietrosanti (naif)
- Re: [rtcweb] SRTP and "marketing" Roman Shpount
- Re: [rtcweb] SRTP and "marketing" Hadriel Kaplan
- Re: [rtcweb] SRTP and "marketing" Dan Wing
- Re: [rtcweb] SRTP and "marketing" Randell Jesup
- Re: [rtcweb] SRTP and "marketing" Timothy B. Terriberry
- Re: [rtcweb] SRTP and "marketing" Hadriel Kaplan
- Re: [rtcweb] SRTP and "marketing" Gregory Maxwell
- Re: [rtcweb] SRTP and "marketing" Oscar Ohlsson