Re: [rtcweb] No Interim on SDES at this juncture

Hadriel Kaplan <> Thu, 20 June 2013 07:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 212C721F9EB6 for <>; Thu, 20 Jun 2013 00:11:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.557
X-Spam-Status: No, score=-6.557 tagged_above=-999 required=5 tests=[AWL=0.041, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id AJ1c4g52T3AA for <>; Thu, 20 Jun 2013 00:11:16 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 76A8F21F9C58 for <>; Thu, 20 Jun 2013 00:11:16 -0700 (PDT)
Received: from ( []) by (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r5K7BCYQ028381 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 20 Jun 2013 07:11:13 GMT
Received: from ( []) by (8.14.4+Sun/8.14.4) with ESMTP id r5K7BBm1021879 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 20 Jun 2013 07:11:12 GMT
Received: from ( []) by (8.14.4+Sun/8.14.4) with ESMTP id r5K7BBNt011616; Thu, 20 Jun 2013 07:11:11 GMT
Received: from (/ by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 20 Jun 2013 00:11:11 -0700
Content-Type: text/plain; charset=iso-8859-1
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Hadriel Kaplan <>
In-Reply-To: <>
Date: Thu, 20 Jun 2013 03:11:09 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <> <> <> <> <> <>
To: Richard Barnes <>
X-Mailer: Apple Mail (2.1508)
X-Source-IP: []
Cc: "" <>
Subject: Re: [rtcweb] No Interim on SDES at this juncture
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 20 Jun 2013 07:11:22 -0000

On Jun 19, 2013, at 8:58 PM, Richard Barnes <> wrote:

> I think we still disagree on the scenario.  I've tried to sketch out the full sequence of operations to be clear.  (WebSequenceDiagrams source below.)
> <>
> ISTM that there are two major differences:
> -- In the SDES case, the JS and the Web Server both have access to the media keys.  In the EKT case, the browser handles the keying update directly.
> -- In the EKT case, the PBX/gateway has to be in the media path to do EKT.  After EKT, it just switches packets (it's basically a TURN server).
> So it seems like a security benefit for EKT and a performance benefit for SDES.  Your quantitative valuation of these benefits / costs may vary.

I'm confused.  EKT has "a security benefit" for whom, exactly?
It's not more secure for the browser user, since a malicious web server can simply *be* the PBX, terminate DTLS-EKT and get the key and the browser user would never know it.
It's not more secure for the SIP user, since the SIP user is only doing SDES and has no idea what's happening on the far-end.

Who are you saying is being better protected from what?

I suppose we could claim the owner of the PBX feels more secure, if they're not the same as the owner of the web-server and don't trust the web-server.  But again, if the web-server owner is malicious it will just terminate the media pretending to be the PBX on one side, and pretending to be the browser to the real PBX on the other side.  And why would a PBX owner accept calls from a web-server it doesn't trust to begin with?

Afaict, the main security benefit of DTLS-EKT is the same as that of DTLS-SRTP: the keys aren't sent in the JSON/SDP/whatever, so they can't be sniffed even if cleartext HTTP is used.  So in a weird way, the security benefit of it is it let's us use an insecure HTTP transport for the JSON/SDP/HTML/whatever.  Luckily the ability to see and modify what goes on there is no big deal... like for example be able to insert a malicious DTLS-SRTP B2BUA that records everything.  Oh, wait...