Re: [rtcweb] Consensus call regarding media security

"Fabio Pietrosanti (naif)" <lists@infosecurity.ch> Thu, 29 March 2012 17:31 UTC

Return-Path: <lists@infosecurity.ch>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 014C721E80F0 for <rtcweb@ietfa.amsl.com>; Thu, 29 Mar 2012 10:31:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.445
X-Spam-Level:
X-Spam-Status: No, score=-3.445 tagged_above=-999 required=5 tests=[AWL=0.154, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yYZ3Ae+8D0+C for <rtcweb@ietfa.amsl.com>; Thu, 29 Mar 2012 10:31:50 -0700 (PDT)
Received: from mail-we0-f172.google.com (mail-we0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id F1E8E21E8162 for <rtcweb@ietf.org>; Thu, 29 Mar 2012 10:31:49 -0700 (PDT)
Received: by werb10 with SMTP id b10so1382097wer.31 for <rtcweb@ietf.org>; Thu, 29 Mar 2012 10:31:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding:x-gm-message-state; bh=3hAwc4V+MOF4FaipHTWtZ4d9yk+LFHHk/5K+STeBz/I=; b=SZFOIanzj2f6uks52WgIq6hE2JNsiU3yTHi5TMOXvomDCDLtjKV5TWp4a72Hy0/2lL 2V+U9aDxbi1A60U9urAfSqfslwF9Ne5o6rkPMArhMtXHmlzyUpBfHbRoYtYZABX3mQlx 5OZfeOXagnqAsXLJHi9V5BAK5MW9vUXCL34GFf7TZCKGEG/DcGPNKOBPhcAoQSuBlmuh CNUjmSiJVNCJmrJEPKGtBTcb4Bvd7SVtT2uQUPB9+y4bH18UGGvmf1EVfi7FidE86Nno nOtDQrGotozDckE6Lr+lElIlXHllQUh+NU0X6G3vsMoGR7iDQn1ylc/XsTy9AD8ZUAK4 g5kA==
Received: by 10.180.88.199 with SMTP id bi7mr7651249wib.12.1333042308929; Thu, 29 Mar 2012 10:31:48 -0700 (PDT)
Received: from sonyvaiop13.local (93-57-41-37.ip162.fastwebnet.it. [93.57.41.37]) by mx.google.com with ESMTPS id fn2sm31263894wib.0.2012.03.29.10.31.47 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 29 Mar 2012 10:31:47 -0700 (PDT)
Sender: Fabio Pietrosanti <naif@infosecurity.ch>
Message-ID: <4F749C82.4070305@infosecurity.ch>
Date: Thu, 29 Mar 2012 19:31:46 +0200
From: "Fabio Pietrosanti (naif)" <lists@infosecurity.ch>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: "Ravindran, Parthasarathi" <pravindran@sonusnet.com>
References: <4F732531.2030208@ericsson.com> <387F9047F55E8C42850AD6B3A7A03C6C0E221877@inba-mail01.sonusnet.com>
In-Reply-To: <387F9047F55E8C42850AD6B3A7A03C6C0E221877@inba-mail01.sonusnet.com>
X-Enigmail-Version: 1.4
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Gm-Message-State: ALoCoQkssiDMkFLZRJU/a6gc8tfW/wCFpqH6DCnCLIRg58sEXW9eVSdvJDaFNefbcN/JNj/EWlOg
Cc: "<rtcweb@ietf.org>" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Consensus call regarding media security
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2012 17:31:51 -0000

On 3/29/12 7:02 PM, Ravindran, Parthasarathi wrote:
> WebRTC trust model has to be considered as one of the main factor for deciding the key mechanism. AFAIK, SDES does not fit into WebRTC as Dr.Evil HTTPS RTCWeb server must be trusted in case of SDES. There is no means to track or analyze whether Dr.Evil involves in monitoring or recording or terminate the media traffic.  It will be good in case whoever advocate for SDES explain how SDES fits within WebRTC trust model.

Sure!

From:
http://datatracker.ietf.org/doc/draft-ietf-rtcweb-security-arch/?include_text=1

"   The basic assumption of this architecture is that network resources
   exist in a hierarchy of trust, rooted in the browser, which serves as
   the user's TRUSTED COMPUTING BASE (TCB).  Any security property which
   the user wishes to have enforced must be ultimately guaranteed by the
   browser (or transitively by some property the browser verifies)."

So, it means that if the browser already have a hierarchy of trust to
use TLS for HTTPS, then SDES-SRTP will inherit the trust-properties of
the HTTPS website from which it's loaded.

It seems to me quite easy to fit SDES-SRTP into the browser model, as it
allow you to assure that the communication path between the client and
the server is secure.

Do you expect WebRTC to be only peer-to-peer/client-to-client?

I sincerly expect *a lot* of communications to goes trough SIP/RTP media
proxy for security purpose, for billing purposes, for value added
service purpose.

SDES-SRTP provide a very reliable and simple way to let a WebRTC peer to
establish security with the server, assuming that it already have
established security trough HTTPS/TLS that's a consolidate trust method.


-- 
Fabio Pietrosanti
Founder, CTO

Tel: +39 02 85961748 (direct)
Mobile: +39 340 1801049
E-mail: fabio.pietrosanti@privatewave.com
Skype: fpietrosanti
Linkedin: http://linkedin.com/in/secret

PrivateWave Italia S.p.A.
Via Gaetano Giardino 1 - 20123 Milano - Italy
www.privatewave.com