Re: [rtcweb] SRTP and "marketing"

Harald Alvestrand <harald@alvestrand.no> Wed, 28 March 2012 10:13 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C3F421F89AC for <rtcweb@ietfa.amsl.com>; Wed, 28 Mar 2012 03:13:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U4SK6eVRIFe0 for <rtcweb@ietfa.amsl.com>; Wed, 28 Mar 2012 03:13:40 -0700 (PDT)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id 70D9921F89A8 for <rtcweb@ietf.org>; Wed, 28 Mar 2012 03:13:40 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 55C3339E178; Wed, 28 Mar 2012 12:13:39 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yD4-KDKUdyuw; Wed, 28 Mar 2012 12:13:38 +0200 (CEST)
Received: from [130.129.85.52] (dhcp-5534.meeting.ietf.org [130.129.85.52]) by eikenes.alvestrand.no (Postfix) with ESMTPSA id 7DFC339E088; Wed, 28 Mar 2012 12:13:38 +0200 (CEST)
Message-ID: <4F72E453.7070204@alvestrand.no>
Date: Wed, 28 Mar 2012 12:13:39 +0200
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.28) Gecko/20120313 Thunderbird/3.1.20
MIME-Version: 1.0
To: "Richard L. Barnes" <rbarnes@bbn.com>
References: <4F72D6B3.40803@bbn.com>
In-Reply-To: <4F72D6B3.40803@bbn.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] SRTP and "marketing"
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2012 10:13:41 -0000

On 03/28/2012 11:15 AM, Richard L. Barnes wrote:
> I didn't make it to the mic at the meeting today, but I wanted to 
> express one concern about the possibility of making RTCWEB SRTP-only.
>
> Hadriel mentioned the "marketing value" of having always-on 
> encryption, this idea that only supporting SRTP will make RTCWEB look 
> like something secure and trustworthy.  I'm concerned that this might 
> not be the case, and in fact that being SRTP-only might effectively be 
> an over-promise, in light of the fact the absence of universal 
> authentication.
>
> Hadriel noted that the competitors to this technology are Skype and 
> Flash, and it's worth considering the security situation with these 
> technologies, because they kind of bracket RTCWEB.  With Skype 
> (assuming they've designed it properly), there is actually a universal 
> authentication, under a single authority.  So you really do know that 
> you're talking to whatever Skype ID you intend to, and nobody else. 
> With Flash, well, does anyone expect it to be secure anyway?
>
> What I'm concerned about in the RTCWEB context is that without a 
> universal authentication/identity infrastructure, we will end up 
> *promising* a secure call, but not *delivering* it.  I haven't done 
> the analysis, but it does not seem implausible to me that 
> FireSheep-like vulnerabilities are lurking here.
If there are, we need to close them before we ship the specs.
Given reasonable practices (such as using only HTTPS for loading the 
pages and JS libraries), if we can't deliver security (against known 
attacks), we shouldn't ship the spec.
>
> So ISTM the "marketing" argument carries with it some serious risks as 
> well as some small possible benefit.
Only if we don't deliver.
>
> --Richard
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>