Re: [rtcweb] Let's define the purpose of WebRTC

[Hadriel Kaplan <HKaplan@acmepacket.com>]

On Nov 10, 2011, at 12:20 AM, Eric Rescorla wrote:

> I can envision situations on which security would be desirable in both of
> these applications. In the case of a "greeting card application" (whatever
> that is) my greeting card might contain sensitive personal or medical
> information (congratulations on your pregnancy, sorry to hear you have
> cancer etc.) Surely I do in fact want that information secured. Similarly,
> it might not be important to have my Farmville chats secure, but if the
> purpose of an in-game chat is for me and my co-player to cooperate
> in a game where money is on the line (e.g., a tournament), then suddenlu
> security becomesmuch more important. Not to mention that the players
> may simply be using in-game chat to discuss personal stuff.

I think that's a red herring.  Just because you as a user could post your social security number on a forum website, for example, does not mean all forum websites should use HTTPS "just in case".  Because even if they used HTTPS it's not going to secure your social security number from being read by anyone else, nor does the forum website claim to provide any such form of confidentiality to begin with. 

The greeting card case, for example, is going to record your media on some server somewhere - just because they use SRTP from you to do so doesn't mean they're going to prevent everyone on the planet from being able to access the greeting card; or even if they only allow authorized users to listen to the greeting card, it doesn't mean that they won't simply use an HTTP'ed wav file to deliver it to them.  Obviously if a greeting card app *wants* to provide that sort of confidentiality/privacy, then it can and should use SRTP as well as encrypt everything else, control authorization, etc.  That's their choice, based on what type of application they want to provide.  We don't need to create a nanny state.

> 
> The point is that it's very hard to anticipate which communications media
> will be used for sensitive information. To say "we don't need security
> in this application because nobody will ever use it to discuss sensitive
> stuff" is short-sighted. Better simply to be secure all the time.


And one could argue this the exact opposite - if the browser shows some lock-icon thing for SRTP, then it's better for them to use RTP instead for such apps, so as not to make you think the service as a whole is secure if it really isn't. The only one who knows the type of application service security model being offered is the Web server admin/developer, not the IETF. 

-hadriel