IETF Logo Mail Archive

Re: [rtcweb] use cases, F20 and encryption, SCTP - comments on draft-ietf-rtcweb-use-cases-and-requirements-07

Martin Thomson <martin.thomson@gmail.com> Sat, 28 April 2012 03:51 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DA5A11E80A2 for <rtcweb@ietfa.amsl.com>; Fri, 27 Apr 2012 20:51:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.805
X-Spam-Level:
X-Spam-Status: No, score=-3.805 tagged_above=-999 required=5 tests=[AWL=-0.206, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fuFN81vtnF8y for <rtcweb@ietfa.amsl.com>; Fri, 27 Apr 2012 20:51:07 -0700 (PDT)
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id C910A11E808E for <rtcweb@ietf.org>; Fri, 27 Apr 2012 20:51:06 -0700 (PDT)
Received: by bkuw5 with SMTP id w5so1084463bku.31 for <rtcweb@ietf.org>; Fri, 27 Apr 2012 20:51:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=r1kGteKZ5uxM0QSDXJLDoG6iob2Pkl2E7jxowPIYvSo=; b=fSuk9wtFNuOx+6j+olFYMewv8et3bKtqY3kQuxmcEh9eesHCo4fHTGRwAmF2gASHdv l8zp6tT8lI1i5YWXhbu1MTexd5AScis0MfxWrqIMh5AK9AsWgJAK7kljkhzf08Exqs9f TTlSwfFvrJKPnmGG+lyNKwgQyxfETrXBm+anV7dF9DLSeAZJ2+C8Bfqj/U521qUrBZdg C5gRChAK+ZUfL1mvcSvo3pLb6tJZvJM7Qpw3DOCLwkz7aJFvPitFQNe8W2HzJhGcrxVB l9Dews25Jteg+7RwX0Ne7VOq8MjXDVx36Wu/YjPYaPHRmQ0FpYe3HKcNk2sEAXmbMhwK ageg==
MIME-Version: 1.0
Received: by 10.204.149.216 with SMTP id u24mr4614857bkv.62.1335585065874; Fri, 27 Apr 2012 20:51:05 -0700 (PDT)
Received: by 10.204.185.205 with HTTP; Fri, 27 Apr 2012 20:51:05 -0700 (PDT)
In-Reply-To: <0fc001cd2495$a3985950$eac90bf0$@com>
References: <0fc001cd2495$a3985950$eac90bf0$@com>
Date: Fri, 27 Apr 2012 20:51:05 -0700
Message-ID: <CABkgnnXds5xZhXD51id7jp=3Q0dDuQNakKJjtpDokC+CrtR5XA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Dan Wing <dwing@cisco.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: rtcweb@ietf.org, draft-ietf-rtcweb-use-cases-and-requirements@tools.ietf.org
Subject: Re: [rtcweb] use cases, F20 and encryption, SCTP - comments on draft-ietf-rtcweb-use-cases-and-requirements-07
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Apr 2012 03:51:08 -0000

> 1. Requirement F20 states:
>
>   F20  It MUST be possible to protect streams from eavesdropping.
>
> Consensus in the room during my presentation to RTCWEB at IETF83 was that we
> don't need to support un-encrypted media (RTP) at all, and that all media
> would be SRTP.  Can that be captured in F20 by re-wording, or perhaps in a
> new requirement if we can't reword F20?  If there is a need or desire to
> validate that consensus on list, let's please ask the chairs to do that.

This requirement probably requires a bit more examination.  I tend to
agree that something more specific regarding SRTP would be good, but
that doesn't cover the whole story.

SRTP alone doesn't protect against the site (or sites).  If there is
mutual authentication, then it might be possible to prevent an
application from being able to eavesdrop (conditional on some degree
of trust in the identity provider).

v2.23.0 | Report a Bug | By Email