Re: [rtcweb] No Interim on SDES at this juncture
Martin Thomson <martin.thomson@gmail.com> Fri, 14 June 2013 04:50 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5432F21F9AF8 for <rtcweb@ietfa.amsl.com>; Thu, 13 Jun 2013 21:50:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.487
X-Spam-Level:
X-Spam-Status: No, score=-2.487 tagged_above=-999 required=5 tests=[AWL=0.113, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id niTFfvNl2Bda for <rtcweb@ietfa.amsl.com>; Thu, 13 Jun 2013 21:50:53 -0700 (PDT)
Received: from mail-we0-x229.google.com (mail-we0-x229.google.com [IPv6:2a00:1450:400c:c03::229]) by ietfa.amsl.com (Postfix) with ESMTP id 860AD21F9AE5 for <rtcweb@ietf.org>; Thu, 13 Jun 2013 21:50:53 -0700 (PDT)
Received: by mail-we0-f169.google.com with SMTP id n57so89589wev.0 for <rtcweb@ietf.org>; Thu, 13 Jun 2013 21:50:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=xHpH7QJgjY0m5BjuUEhfi9gud7SVSlR9aG+d5fFDLmo=; b=XN5Q9yr3xToYj69pXCb1P1b0/v5Dhi4oVkpoOpQvF/jZrydazV4yAfYyPXs2i/VzwX tl6AbkCXw4dLGe2bOBU5CsEmFeOIPe9kEsvchDx7Z1CJJb6RxJi+oSGQBwtCam1HTgKC PJONI+cqXlZGfDYGYSNnWO96Q5wj4QAZ3b6wiqPfakZW/xsFF86fVNc3nfhWCR1xjBj8 i1dIXwGMpaNZ27hjTJqgBRcBrVA37qbGKfOyYro/DUMuOGI9s9uKg4bMeInGFpjnUV2i 2B8nUHp7oW0YDJ8tgulOI9VqTnlZLIMrY+/VnGLln1XAblLMJBiVm3ShNoFiOGXl0Qh9 6A2Q==
MIME-Version: 1.0
X-Received: by 10.194.158.194 with SMTP id ww2mr342069wjb.3.1371185452652; Thu, 13 Jun 2013 21:50:52 -0700 (PDT)
Received: by 10.194.60.46 with HTTP; Thu, 13 Jun 2013 21:50:52 -0700 (PDT)
In-Reply-To: <18A33FE7-21D5-4944-BB09-16FB645D8C16@oracle.com>
References: <CA+9kkMDnjCNXGV0GU7x6gbbZMf4WiEuVvCRY8_Fix5tmdOB-Kg@mail.gmail.com> <AD220324-EEE7-4800-8512-FD7BADA9EC34@oracle.com> <CA+9kkMDY2Z_5_1uYJ1K_ZmrJB2a1-RE7V3aPqNHQg82DyagjCg@mail.gmail.com> <2975A93F-44DA-4020-B4DE-42E7ED98C08F@oracle.com> <CABkgnnXr+zUW5mUn1nGwz9nxtY29JT5Cz=_84DB_ZxbZGa-kBA@mail.gmail.com> <9F33F40F6F2CD847824537F3C4E37DDF115C8A0F@MCHP04MSX.global-ad.net> <B7D2D5A3-586A-4846-904D-D2D3E6882500@phonefromhere.com> <51B9C244.9050705@alvestrand.no> <18A33FE7-21D5-4944-BB09-16FB645D8C16@oracle.com>
Date: Thu, 13 Jun 2013 21:50:52 -0700
Message-ID: <CABkgnnXPDM8qNoJobR_1NQ57ogX8xG-POweC8pn01HwqEu12Ww@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Hadriel Kaplan <hadriel.kaplan@oracle.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] No Interim on SDES at this juncture
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2013 04:50:54 -0000
On 13 June 2013 20:39, Hadriel Kaplan <hadriel.kaplan@oracle.com> wrote: >> My impression from Paris was that if the WebRTC world supports EKT, then gatewaying into an SDES realm requires some fancy key-shuffling, nothing more. > > My impression from the discussion there was: "we have this new shiny toy no one's ever deployed so why don't we use you as the guinea pig". In fact if I recall correctly it was you who said something along those lines in Paris. :) Likewise. I also wonder what the API surface for this feature needs to look like. Clearly, someone needs to decide to push new keys into the session, but can that be the application: is this something that would have an API in the browser? (That's a serious question, BTW. Comment 22 provided that interface, because we wanted to support SDES and the same interface conveniently applies to EKT, but that leads to some interesting issues with respect to media security.) As I see this issue, it's a not a matter of "do we need SDES in addition to DTLS-SRTP", it's more a matter of "how do we solve the my-MCU-is-on-fire problem", for which there are two proposals on the table: SDES and EKT. The latter has some issues with respect to deployment, even if it has some merits from a security perspective. There are other reasons that SDES is preferable to us, though those might not be compelling to others, but I can't get over this central issue.
- [rtcweb] No Interim on SDES at this juncture Ted Hardie
- Re: [rtcweb] No Interim on SDES at this juncture Hadriel Kaplan
- Re: [rtcweb] No Interim on SDES at this juncture Bernard Aboba
- Re: [rtcweb] No Interim on SDES at this juncture Cullen Jennings
- Re: [rtcweb] No Interim on SDES at this juncture Hadriel Kaplan
- Re: [rtcweb] No Interim on SDES at this juncture Ted Hardie
- Re: [rtcweb] No Interim on SDES at this juncture Vijaya Mandava (vimandav)
- Re: [rtcweb] No Interim on SDES at this juncture Hadriel Kaplan
- Re: [rtcweb] No Interim on SDES at this juncture Martin Thomson
- Re: [rtcweb] No Interim on SDES at this juncture Hutton, Andrew
- Re: [rtcweb] No Interim on SDES at this juncture Tim Panton
- Re: [rtcweb] No Interim on SDES at this juncture Harald Alvestrand
- Re: [rtcweb] No Interim on SDES at this juncture Tim Panton
- Re: [rtcweb] No Interim on SDES at this juncture Dan Wing
- Re: [rtcweb] No Interim on SDES at this juncture Dan Wing
- Re: [rtcweb] No Interim on SDES at this juncture Bernard Aboba
- Re: [rtcweb] No Interim on SDES at this juncture Hadriel Kaplan
- Re: [rtcweb] No Interim on SDES at this juncture Martin Thomson
- Re: [rtcweb] No Interim on SDES at this juncture Magnus Westerlund
- Re: [rtcweb] No Interim on SDES at this juncture Christer Holmberg
- Re: [rtcweb] No Interim on SDES at this juncture Tim Panton
- Re: [rtcweb] No Interim on SDES at this juncture Hadriel Kaplan
- Re: [rtcweb] No Interim on SDES at this juncture Hadriel Kaplan
- Re: [rtcweb] No Interim on SDES at this juncture Iñaki Baz Castillo
- Re: [rtcweb] No Interim on SDES at this juncture Martin Thomson
- Re: [rtcweb] No Interim on SDES at this juncture Christer Holmberg
- Re: [rtcweb] No Interim on SDES at this juncture Parthasarathi R
- Re: [rtcweb] No Interim on SDES at this juncture Harald Alvestrand
- Re: [rtcweb] No Interim on SDES at this juncture Magnus Westerlund
- Re: [rtcweb] No Interim on SDES at this juncture Martin Thomson
- Re: [rtcweb] No Interim on SDES at this juncture Matthew Kaufman (SKYPE)
- Re: [rtcweb] No Interim on SDES at this juncture Richard Barnes
- Re: [rtcweb] No Interim on SDES at this juncture Matthew Kaufman (SKYPE)
- Re: [rtcweb] No Interim on SDES at this juncture Matthew Kaufman (SKYPE)
- Re: [rtcweb] No Interim on SDES at this juncture Bernard Aboba
- Re: [rtcweb] No Interim on SDES at this juncture Michael Procter
- Re: [rtcweb] No Interim on SDES at this juncture Bernard Aboba
- Re: [rtcweb] No Interim on SDES at this juncture Michael Procter
- Re: [rtcweb] No Interim on SDES at this juncture Hadriel Kaplan
- [rtcweb] Agenda time request for IETF 87 Berlin Hadriel Kaplan
- Re: [rtcweb] Agenda time request for IETF 87 Berl… Ted Hardie
- Re: [rtcweb] No Interim on SDES at this juncture Richard Barnes
- Re: [rtcweb] No Interim on SDES at this juncture Matthew Kaufman (SKYPE)
- Re: [rtcweb] No Interim on SDES at this juncture Dan Wing
- Re: [rtcweb] No Interim on SDES at this juncture Dan Wing
- Re: [rtcweb] No Interim on SDES at this juncture Hadriel Kaplan
- Re: [rtcweb] No Interim on SDES at this juncture Magnus Westerlund
- Re: [rtcweb] No Interim on SDES at this juncture Harald Alvestrand
- Re: [rtcweb] No Interim on SDES at this juncture Hutton, Andrew
- Re: [rtcweb] No Interim on SDES at this juncture Roman Shpount
- Re: [rtcweb] No Interim on SDES at this juncture Hutton, Andrew
- Re: [rtcweb] No Interim on SDES at this juncture Richard Barnes
- Re: [rtcweb] No Interim on SDES at this juncture Richard Barnes
- Re: [rtcweb] No Interim on SDES at this juncture Roman Shpount
- Re: [rtcweb] No Interim on SDES at this juncture Richard Barnes
- Re: [rtcweb] No Interim on SDES at this juncture Hadriel Kaplan
- Re: [rtcweb] No Interim on SDES at this juncture Roman Shpount
- Re: [rtcweb] No Interim on SDES at this juncture Martin Thomson
- Re: [rtcweb] No Interim on SDES at this juncture Martin Thomson
- Re: [rtcweb] No Interim on SDES at this juncture Hadriel Kaplan
- Re: [rtcweb] No Interim on SDES at this juncture Richard Barnes
- Re: [rtcweb] No Interim on SDES at this juncture Richard Barnes
- Re: [rtcweb] No Interim on SDES at this juncture Hadriel Kaplan
- Re: [rtcweb] No Interim on SDES at this juncture Martin Thomson
- Re: [rtcweb] No Interim on SDES at this juncture Dan Wing
- Re: [rtcweb] No Interim on SDES at this juncture Martin Thomson
- Re: [rtcweb] No Interim on SDES at this juncture Dan Wing
- Re: [rtcweb] No Interim on SDES at this juncture Hadriel Kaplan
- Re: [rtcweb] No Interim on SDES at this juncture Hadriel Kaplan
- Re: [rtcweb] No Interim on SDES at this juncture Martin Thomson
- Re: [rtcweb] No Interim on SDES at this juncture Max Jonas Werner
- Re: [rtcweb] No Interim on SDES at this juncture Parthasarathi R
- Re: [rtcweb] No Interim on SDES at this juncture Max Jonas Werner
- Re: [rtcweb] No Interim on SDES at this juncture Timothy B. Terriberry