Re: [rtcweb] Security Architecture: IdP for RTP and RTCP
Dan Wing <dwing@cisco.com> Tue, 08 July 2014 23:31 UTC
Return-Path: <dwing@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8437F1A017D for <rtcweb@ietfa.amsl.com>; Tue, 8 Jul 2014 16:31:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -13.951
X-Spam-Level:
X-Spam-Status: No, score=-13.951 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, J_CHICKENPOX_111=0.6, J_CHICKENPOX_18=0.6, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E5EZDeHZ5K9G for <rtcweb@ietfa.amsl.com>; Tue, 8 Jul 2014 16:31:13 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 849341A0083 for <rtcweb@ietf.org>; Tue, 8 Jul 2014 16:31:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11031; q=dns/txt; s=iport; t=1404862275; x=1406071875; h=mime-version:subject:from:in-reply-to:date:cc:message-id: references:to; bh=Oc3wyelddI4GI9C5F5JrRA2P57Uu7hf0qt4fPaPlISw=; b=aVuuoQBcXDdobkRA48Ktpvpduv6BFDlvWce6t9eOruZ8cdqppNWGUQ34 /K2/RHjKz6yKZQADNNtkpN1tA7XER5huaiBnnNzBaSG1Giv0jtz/X0jMv hbUcxW5mdo1y1kHbK0aEaKv2YYGmjMeFpApLT/Kvs1Hl+hc2LgBsHYzIl k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ao8xANt9vFOtJV2Q/2dsb2JhbABRCYJHR1KEZRW5MIFWAQmGHk5TAYETFnWEAwEBAQMBAQEBawsFCwsSBi4hBiIOBhOILgMJCA3BAw2HDReNGIFPWweDLYEWBYpRjiWCAIFIhUeGaYYUg2MdgTMk
X-IronPort-AV: E=Sophos;i="5.01,628,1400025600"; d="scan'208,217";a="338638526"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by rcdn-iport-8.cisco.com with ESMTP; 08 Jul 2014 23:31:14 +0000
Received: from [10.21.71.254] ([10.21.71.254]) by rcdn-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id s68NVA75010144 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 8 Jul 2014 23:31:11 GMT
Content-Type: multipart/alternative; boundary="Apple-Mail=_2D748F31-8A4D-45FA-9BD9-6F8DD3CDC3B0"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Dan Wing <dwing@cisco.com>
In-Reply-To: <CAOW+2dsVnYY2xY9A5_rW5Pqdkqkntup5vTNnKFx=XwOtbo7vKw@mail.gmail.com>
Date: Tue, 08 Jul 2014 16:31:13 -0700
Message-Id: <EE4BFB79-64FE-4FD2-ABFA-F1463D8BF566@cisco.com>
References: <CAOW+2dsVZj56aVL5+79d6RSTZFLwjfWdm=rs7FPnvdWQZHAdfA@mail.gmail.com> <CABkgnnUEXCuOcG_p5BpZf8Wz2Y-Pq92XGpmEb5304-uTz9JNuA@mail.gmail.com> <CAOW+2dsVnYY2xY9A5_rW5Pqdkqkntup5vTNnKFx=XwOtbo7vKw@mail.gmail.com>
To: Bernard Aboba <bernard.aboba@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/_LYNYdKfVCB4DmMj7vCyZXlCAaM
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Security Architecture: IdP for RTP and RTCP
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jul 2014 23:31:15 -0000
On Jul 8, 2014, at 11:56 AM, Bernard Aboba <bernard.aboba@gmail.com> wrote: > Martin said: > > "I think that the way that we manage identity in a multi-party > situation probably needs something different to that. I don't see any > particular value in terminating RTCP when you aren't also terminating > RTP, the two are far too tightly coupled. They shouldn't really have > been given different names in the first place." > > [BA] You might want to take a look at the following drafts which will be discussed in AVTCORE: > http://tools.ietf.org/html/draft-mattsson-avtvore-cloud-conferencing-use-case > http://tools.ietf.org/html/draft-cheng-srtp-cloud Related, "Requirements for Secure RTP Media Switching", http://tools.ietf.org/html/draft-ismail-avtcore-media-req -d > > > > > On Tue, Jul 8, 2014 at 11:09 AM, Martin Thomson <martin.thomson@gmail.com> wrote: > On 8 July 2014 10:54, Bernard Aboba <bernard.aboba@gmail.com> wrote: > > In the situation where RTP and RTCP are not multiplexed, distinct DTLS > > transports and DTLS/SRTP key exchanges would occur for RTP and RTCP. > > > > In looking for guidance within the security architecture document, some > > questions came to mind: > > > > a. Are the certificates used for RTP and RTCP DTLS Transports necessarily > > the same on both the local and remote side? If they are supposed to be the > > same, what happens if they aren't? > > The certificates can be different. As you might recall, one of the > issues that we discussed was the possibility of having different > a=fingerprint attributes on different m-lines, as well as having > alternative a=fingerprint lines on the same m-lines. > > The current draft handles this by covering multiple fingerprints by > the identity assertion. > > > b. Can different identities be asserted for the RTP and RTCP DTLS > > Transports? Does this make sense in some circumstances? If so, when? > > a=identity is a session-level attribute and they should (MUST?) only > be one. So no. And I can think of any case where this makes sense in > much the same way that having unmultiplexed RTP/RTCP doesn't make > sense any more (if it ever did). > > > The WebRTC 1.0 API Section 8.3 seems to indicate that this should always be > > the case: > > > > "It is possible that different values for the "a=identity" attribute is > > provided at a media level in SDP. A browser may either choose to treat this > > as an error or ignore the attribute. If multiple different assertions are > > validated, then they must produce identical identity values." > > This is out of date. I've sent the editors a pull request to have that fixed. > > > However, I am wondering whether there can be legitimate cases where a > > browser communicating with a gateway or SFU might encounter distinct > > identities or certificates for RTP and RTCP. For example, could an SFU > > potentially terminate RTCP but not RTP, in which case the certificates and > > asserted identities might be different between RTP and RTCP? > > I think that the way that we manage identity in a multi-party > situation probably needs something different to that. I don't see any > particular value in terminating RTCP when you aren't also terminating > RTP, the two are far too tightly coupled. They shouldn't really have > been given different names in the first place. > > > The WebRTC 1.0 spec seems to indicate that this should be treated as a fatal > > error, but I'm wondering whether the browser shouldn't be "strict in what it > > sends but liberal in handling what it receives" by just using the identity > > and certificates for RTP, and ignoring the RTCP identities. Trying to > > inform the user about different asserted identities for RTP and RTCP seems > > way too complicated to even be worth considering. > > BTW, I wish that "liberal in what you permit" meme would go away. I > haven't found it to be particularly useful, except as a fatalistic > acknowledgement of the messy end state that is the Internet. > > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb
- [rtcweb] Security Architecture: IdP for RTP and R… Bernard Aboba
- Re: [rtcweb] Security Architecture: IdP for RTP a… Martin Thomson
- Re: [rtcweb] Security Architecture: IdP for RTP a… Bernard Aboba
- Re: [rtcweb] Security Architecture: IdP for RTP a… Iñaki Baz Castillo
- Re: [rtcweb] Security Architecture: IdP for RTP a… Bernard Aboba
- Re: [rtcweb] Security Architecture: IdP for RTP a… Martin Thomson
- Re: [rtcweb] Security Architecture: IdP for RTP a… Dan Wing
- Re: [rtcweb] Security Architecture: IdP for RTP a… Emil Ivov
- Re: [rtcweb] Security Architecture: IdP for RTP a… Justin Uberti
- Re: [rtcweb] Security Architecture: IdP for RTP a… Martin Thomson
- Re: [rtcweb] Security Architecture: IdP for RTP a… Justin Uberti
- Re: [rtcweb] Security Architecture: IdP for RTP a… Watson Ladd
- Re: [rtcweb] Security Architecture: IdP for RTP a… Martin Thomson
- Re: [rtcweb] Security Architecture: IdP for RTP a… Watson Ladd
- Re: [rtcweb] Security Architecture: IdP for RTP a… Martin Thomson