Re: [rtcweb] New use-case proposed

Roman Shpount <roman@telurix.com> Fri, 11 May 2012 16:26 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D254F21F86BA for <rtcweb@ietfa.amsl.com>; Fri, 11 May 2012 09:26:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.067
X-Spam-Level:
X-Spam-Status: No, score=-2.067 tagged_above=-999 required=5 tests=[AWL=-0.757, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SARE_HTML_USL_OBFU=1.666]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1l4UaLYc8W7Z for <rtcweb@ietfa.amsl.com>; Fri, 11 May 2012 09:26:26 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id 55FE921F86B8 for <rtcweb@ietf.org>; Fri, 11 May 2012 09:26:26 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so3656124pbc.31 for <rtcweb@ietf.org>; Fri, 11 May 2012 09:26:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=Vxz0QkiwQf+TpRNOSIG35qknbUK2L2o13wyiwyOgNK4=; b=RyO/73y6o3Cz7Hbn/l+bY3eeSSrtg9/cDih61LjMYKEu1DVXWK4fX+R9TioFH4054o uYmUhAyI90CXmBk2uekK+q8bJcnMGPvayLJVGzaFLkP2BcGPdCc8mKan3YQkp1XgwZpP VX7azwaf81CEjlRjwRnYItmBweYDUD01oXLdV9zQnqEkYcBFN3ZRZ2ucE0kxGZEj0ghC RFMmrrVeAMpgVrTADWR5xMV24iOa1CRzdwapJNTMaeRCaf4JmDTHT8oHQM8hzWUI0dc9 CkZ3EgJhBBDPNcMa/E4nDScU9v2OZ5ihJ9hKS8e7cEdp6TQGAPQrawWbxnNeInlWuYmJ RnAg==
Received: by 10.68.132.103 with SMTP id ot7mr12422933pbb.59.1336753585985; Fri, 11 May 2012 09:26:25 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by mx.google.com with ESMTPS id u5sm13211108pbu.76.2012.05.11.09.26.24 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 11 May 2012 09:26:25 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so3656082pbc.31 for <rtcweb@ietf.org>; Fri, 11 May 2012 09:26:24 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.226.99 with SMTP id rr3mr33012137pbc.48.1336753584460; Fri, 11 May 2012 09:26:24 -0700 (PDT)
Received: by 10.68.129.161 with HTTP; Fri, 11 May 2012 09:26:24 -0700 (PDT)
In-Reply-To: <4FAD3C87.8080908@alvestrand.no>
References: <4FAD0D8C.7020701@ericsson.com> <4FAD3C87.8080908@alvestrand.no>
Date: Fri, 11 May 2012 12:26:24 -0400
Message-ID: <CAD5OKxtWq+Gh1wRTo2ZkCH6AdNXfsu7ipzDO+J=wBzNMJ4h3Nw@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Harald Alvestrand <harald@alvestrand.no>
Content-Type: multipart/alternative; boundary=e89a8ff2445b8dd38104bfc5329b
X-Gm-Message-State: ALoCoQm/fL79n0WCGHvycR8hAr5AoPX7pFSCtnJbXzN33IulIahj4fKSBoCr4rCewUvXVOIrPiD5
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] New use-case proposed
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2012 16:26:26 -0000

+1

I have provided the CPU requirements for doing SRTP re-encryption before.
Bottom line, on the real conferencing service encryption adds about 10%
extra CPU load. There is no benefit in compromising security to avoid
re-encrypting.
_____________
Roman Shpount


On Fri, May 11, 2012 at 12:21 PM, Harald Alvestrand <harald@alvestrand.no>wrote;wrote:

> I propose to reject this use case because it requires yet another security
> redesign.
> The clue is here:
>
>
>> - The keying solution must allow each participants to encrypt to
>> multiple receivers without any decryption+encryption in the middle node
>>
>>
> This means that each participant must use the same encryption keys to all
> other participants; this in turn means that when someone leaves the group,
> all participants must change their encryption keys; it also means that as
> long as shared keys are used for authentication, all participants can
> impersonate all other participants.
>
> In fact, this solution has most of the issues (except for the network
> layer deployment issue) that leads me to strongly advocate leaving
> multicast out of scope for this effort.
>
>               Harald
>
>
> ______________________________**_________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/**listinfo/rtcweb<https://www.ietf.org/mailman/listinfo/rtcweb>
>