Re: [rtcweb] New use-case proposed
Roman Shpount <roman@telurix.com> Fri, 11 May 2012 16:26 UTC
Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D254F21F86BA for <rtcweb@ietfa.amsl.com>; Fri, 11 May 2012 09:26:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.067
X-Spam-Level:
X-Spam-Status: No, score=-2.067 tagged_above=-999 required=5 tests=[AWL=-0.757, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SARE_HTML_USL_OBFU=1.666]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1l4UaLYc8W7Z for <rtcweb@ietfa.amsl.com>; Fri, 11 May 2012 09:26:26 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id 55FE921F86B8 for <rtcweb@ietf.org>; Fri, 11 May 2012 09:26:26 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so3656124pbc.31 for <rtcweb@ietf.org>; Fri, 11 May 2012 09:26:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=Vxz0QkiwQf+TpRNOSIG35qknbUK2L2o13wyiwyOgNK4=; b=RyO/73y6o3Cz7Hbn/l+bY3eeSSrtg9/cDih61LjMYKEu1DVXWK4fX+R9TioFH4054o uYmUhAyI90CXmBk2uekK+q8bJcnMGPvayLJVGzaFLkP2BcGPdCc8mKan3YQkp1XgwZpP VX7azwaf81CEjlRjwRnYItmBweYDUD01oXLdV9zQnqEkYcBFN3ZRZ2ucE0kxGZEj0ghC RFMmrrVeAMpgVrTADWR5xMV24iOa1CRzdwapJNTMaeRCaf4JmDTHT8oHQM8hzWUI0dc9 CkZ3EgJhBBDPNcMa/E4nDScU9v2OZ5ihJ9hKS8e7cEdp6TQGAPQrawWbxnNeInlWuYmJ RnAg==
Received: by 10.68.132.103 with SMTP id ot7mr12422933pbb.59.1336753585985; Fri, 11 May 2012 09:26:25 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by mx.google.com with ESMTPS id u5sm13211108pbu.76.2012.05.11.09.26.24 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 11 May 2012 09:26:25 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so3656082pbc.31 for <rtcweb@ietf.org>; Fri, 11 May 2012 09:26:24 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.226.99 with SMTP id rr3mr33012137pbc.48.1336753584460; Fri, 11 May 2012 09:26:24 -0700 (PDT)
Received: by 10.68.129.161 with HTTP; Fri, 11 May 2012 09:26:24 -0700 (PDT)
In-Reply-To: <4FAD3C87.8080908@alvestrand.no>
References: <4FAD0D8C.7020701@ericsson.com> <4FAD3C87.8080908@alvestrand.no>
Date: Fri, 11 May 2012 12:26:24 -0400
Message-ID: <CAD5OKxtWq+Gh1wRTo2ZkCH6AdNXfsu7ipzDO+J=wBzNMJ4h3Nw@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Harald Alvestrand <harald@alvestrand.no>
Content-Type: multipart/alternative; boundary="e89a8ff2445b8dd38104bfc5329b"
X-Gm-Message-State: ALoCoQm/fL79n0WCGHvycR8hAr5AoPX7pFSCtnJbXzN33IulIahj4fKSBoCr4rCewUvXVOIrPiD5
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] New use-case proposed
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2012 16:26:26 -0000
+1 I have provided the CPU requirements for doing SRTP re-encryption before. Bottom line, on the real conferencing service encryption adds about 10% extra CPU load. There is no benefit in compromising security to avoid re-encrypting. _____________ Roman Shpount On Fri, May 11, 2012 at 12:21 PM, Harald Alvestrand <harald@alvestrand.no>wrote: > I propose to reject this use case because it requires yet another security > redesign. > The clue is here: > > >> - The keying solution must allow each participants to encrypt to >> multiple receivers without any decryption+encryption in the middle node >> >> > This means that each participant must use the same encryption keys to all > other participants; this in turn means that when someone leaves the group, > all participants must change their encryption keys; it also means that as > long as shared keys are used for authentication, all participants can > impersonate all other participants. > > In fact, this solution has most of the issues (except for the network > layer deployment issue) that leads me to strongly advocate leaving > multicast out of scope for this effort. > > Harald > > > ______________________________**_________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/**listinfo/rtcweb<https://www.ietf.org/mailman/listinfo/rtcweb> >
- Re: [rtcweb] New use-case proposed Magnus Westerlund
- Re: [rtcweb] New use-case proposed Roman Shpount
- Re: [rtcweb] New use-case proposed Göran Eriksson AP
- [rtcweb] New use-case proposed Stefan Hakansson LK
- Re: [rtcweb] New use-case proposed Justin Uberti
- Re: [rtcweb] New use-case proposed Göran Eriksson AP
- Re: [rtcweb] New use-case proposed Harald Alvestrand
- Re: [rtcweb] New use-case proposed Henry Lum
- Re: [rtcweb] New use-case proposed Harald Alvestrand
- Re: [rtcweb] New use-case proposed Göran Eriksson AP
- Re: [rtcweb] New use-case proposed Dan Wing
- Re: [rtcweb] New use-case proposed Marshall Eubanks
- Re: [rtcweb] New use-case proposed Dan Wing
- Re: [rtcweb] New use-case proposed Michael Welzl
- Re: [rtcweb] New use-case proposed Magnus Westerlund
- Re: [rtcweb] New use-case proposed Oscar Ohlsson