Re: [rtcweb] Let's define the purpose of WebRTC

[Roman Shpount <roman@telurix.com>]

On Wed, Nov 9, 2011 at 8:44 AM, Iñaki Baz Castillo <ibc@aliax.net> wrote:

> And what is the advantage? you still say exactly the same: a WebRTC
> client "MUST" allow plain RTP if the peer is not a WebRTC client. Why
> is that an argument in favour of non mandating SRTP?
>
>
What I have not seen on this list is why SRTP must be used for all the
calls. The things I've seen so far:
1. SRTP must be used everywhere since security is good
2. We are innovative so we must use SRTP everywhere
3. We do not trust the user or the application so we must use SRTP
everywhere
4. We must have SRTP in order to have consensus.

I think except the fact that security is generally a good thing, non of
these arguments are relevant.

What I was trying to say that there are number of situations where:

1. SRTP is useless: If we do not trust the application (application is
delivered over HTTP), there is no point to encrypt the media. Application
can send this media to some box in the middle and record it, without user
ever knowing. Requiring SRTP in this case is almost like trying to lock the
window when your door is open.

2. SRTP is not required: If we are dealing with a greeting card application
or game chat, no one expects security. If security can be provided this
will probably not hurt anybody, but in the end it will serve no purpose
there.

3. SRTP is undesirable: As I've mentioned before there are places and
situations where encryption is either makes things more difficult (like
interop with legacy devices, debugging, or building new software). In these
cases, having SRTP as a must just introduces a higher barrier to entry the
needs to be overcome in order to communicate with WebRTC. This is not
something critical, but it will make things more difficult and will work
against innovation.

4. SRTP is illegal: I am not talking about wiretapping. I do not propose to
create any types of back doors in WebRTC in order to intercept the
communications. All I am saying that application developer should have an
option not to encrypt its traffic to comply with local laws or regulations.
I do not think there is a single user faced communication protocol that
does not provide a non secure alternative (HTTP vs HTTPS, SMTP and IMAP
over TCP vs TLS, etc). I do not see why WebRTC must be the first protocol
not to have an unencrypted option.

What I would propose is to allow RTP communications from sessions initiated
by HTTP and require SRTP (or a user consent) for sessions started from
HTTPS. This should be similar to current HTTPS vs HTTP model for
javascript, and will require security where it will do some good vs places
where it is going to be useless.
_____________
Roman Shpount