IETF Logo Mail Archive

Re: [rtcweb] SRTP not mandatory-to-use

Justin Uberti <juberti@google.com> Wed, 11 January 2012 23:14 UTC

Return-Path: <juberti@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B7A921F8707 for <rtcweb@ietfa.amsl.com>; Wed, 11 Jan 2012 15:14:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.698
X-Spam-Level:
X-Spam-Status: No, score=-102.698 tagged_above=-999 required=5 tests=[AWL=0.278, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FSzNWMjfpGcZ for <rtcweb@ietfa.amsl.com>; Wed, 11 Jan 2012 15:14:28 -0800 (PST)
Received: from mail-tul01m020-f172.google.com (mail-tul01m020-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 9000021F858F for <rtcweb@ietf.org>; Wed, 11 Jan 2012 15:14:28 -0800 (PST)
Received: by obcuz6 with SMTP id uz6so1843028obc.31 for <rtcweb@ietf.org>; Wed, 11 Jan 2012 15:14:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:x-system-of-record:content-type; bh=nylYbd/4cNzgNz24cen/3n6CkjD2oYoVALhOPzCgaHQ=; b=IlrkbaP2nUra7ZClXSgB7FfU/4htLTXb5hgLybb2Xrxbe2pFpzL7qVYzQHE/tIqkFH B5ctNCCfi0kj076ERv3vNXCNgekcwW80uHNzbgpZAaqJTvmzDpj/mXTg6rFTjqqRTuQi dI4KHNXriuv7CEGEnsYAGLf4LPZzZmuTc+UTM=
Received: by 10.50.104.163 with SMTP id gf3mr4869064igb.26.1326323668063; Wed, 11 Jan 2012 15:14:28 -0800 (PST)
Received: by 10.50.104.163 with SMTP id gf3mr4868990igb.26.1326323666279; Wed, 11 Jan 2012 15:14:26 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.196.93 with HTTP; Wed, 11 Jan 2012 15:14:04 -0800 (PST)
In-Reply-To: <BLU152-W526C0352986D38A33C020E939E0@phx.gbl>
References: <CAErhfrwu322=HTS0JZhum9EGfb73KmYS6CU_KMESyzEWhtvg2w@mail.gmail.com> <CAKhHsXHnT2p7yncha5-BQ=-Lzk3-N+tuijM-UqwfP1mPUi173A@mail.gmail.com> <BLU152-W1140980759D89AC3C1D0CA93940@phx.gbl> <CA+9kkMBdX7YT1tPj5M3VrzAPKa6tXNGZVvvhjW9V4oOEC7g_kA@mail.gmail.com> <CAOJ7v-1_qMoHBb3K7rV=hG9EadqL=xn4KEdG0zdWnKZU9_TipQ@mail.gmail.com> <4AEFFC17-EF17-40F2-B83B-0B0CC44AD2C3@cisco.com> <CAKhHsXEes+Lf+uKdTrjXoy+3PMy2uNumNL-W-0s4_xRXW6FiZg@mail.gmail.com> <4F0CAC8C.8010203@wonderhamster.org> <1D062974A4845E4D8A343C6538049202074ABD3A@XMB-BGL-414.cisco.com> <387F9047F55E8C42850AD6B3A7A03C6C01DCF907@inba-mail02.sonusnet.com> <CALiegfkejnU2rTe-FibUVxTrRS9SivkhGXB5eK+FhD8Vu6iTMA@mail.gmail.com> <387F9047F55E8C42850AD6B3A7A03C6C01DCF9FC@inba-mail02.sonusnet.com> <CALiegfn07bS58B+4ZyzRTnO4LCpw1e96dnqpSM+TT1y3QG2Zwg@mail.gmail.com> <387F9047F55E8C42850AD6B3A7A03C6C01DCFBC1@inba-mail02.sonusnet.com> <CAOJ7v-20+yL7r+_ODx_czHTiujXZZWESaZRB7MQjhvScg3RFtw@mail.gmail.com> <4F0DFD0B.2000009@jesup.org> <BLU152-W526C0352986D38A33C020E939E0@phx.gbl>
From: Justin Uberti <juberti@google.com>
Date: Wed, 11 Jan 2012 18:14:04 -0500
Message-ID: <CAOJ7v-1ebrK6V4y3s1mp4mVc_erwa5WHuvKrvutFb3CvV9SCtA@mail.gmail.com>
To: Bernard Aboba <bernard_aboba@hotmail.com>
X-System-Of-Record: true
Content-Type: multipart/alternative; boundary="e89a8f2343dffc5b9e04b648ca63"
Cc: randell-ietf@jesup.org, rtcweb@ietf.org
Subject: Re: [rtcweb] SRTP not mandatory-to-use
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2012 23:14:29 -0000

On Wed, Jan 11, 2012 at 4:46 PM, Bernard Aboba <bernard_aboba@hotmail.com>wrote:

>  Randall said:
>
> > The reason (as I've mentioned at times) is that SDES means we expose the
> > media to the JS app and to the website, neither of which we've agreed to
> > trust. All the discussion of blocking access to decrypted media from
> > the JS app is moot if it has the keys.
> >
> > If we use SDES, we're effectively trusting the JS app (and website) to a
> > very large extent. (Not to turn on the camera/mic, but with the
> > contents of all conversations.) It also means bid-down to SDES is
> > trivial. I'm not sure what this would mean to identity validation via
> > BrowserID or others (ekr?); that might survive this, but it means media
> > could be decrypted in realtime or later if anyone has copies of the
> > packets and can get the key from the app/website.
>
> [BA] While I agree with your assessment of the security implications of not
> supporting end-to-end key management, I'm concerned about the practicality
> of mandating use of an RTCWEB DTLS/SRTP variant in RTCWEB v1.0.
> The SIPIt reports note progress on SDES implementation, but DTLS/SRTP
> not so much, and integrating DTLS/SRTP within RTCWEB would require more
> work beyond what is available in SIP DTLS/SRTP implementations today.
> As a result, I am more inclined toward Justin's proposal for RTCWEB v1.0
> (assuming that the questions are answered).
>
> My view is that Justin's approach will maximize the potential for initial
> RTCWEB implementations to interoperate, whereas a mandate for DTLS/SRTP
> with no SDES support is very likely to result in initial interoperability
> problems
> which could fester for a long time.  IMHO, an interoperable RTCWEB v1.0
> should be our highest priority, even if it doesn't have all the features we
> would want for v2.0 and beyond.  This also goes for some of the more
> advanced features described in the RTP draft, by the way.  Perfect is
> the enemy of the good.
>

This is exactly my thinking. We are working very hard at getting DTLS/SRTP
up and running, but I am all too familiar with betting the farm on
something that is all-new.


>
> From the description in the Security draft, it is not clear to me whether
> the
> RTCWEB DTLS/SRTP proposal will necessarily interoperate with SIP
> implementations of DTLS/SRTP.   While the proposals have elements
> in common (e.g. DTLS/SRTP itself, fingerprinting, etc.) SIP DTLS/SRTP
> implementations cannot be expected to implement BrowserId, and
> RTCWEB DTLS/SRTP implementations may not support RFC 4474.
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>
>

v2.23.0 | Report a Bug | By Email