Re: [rtcweb] SDES vs DTLS-SRTP revisited
Harald Alvestrand <harald@alvestrand.no> Tue, 20 March 2012 10:30 UTC
Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C569B21F8694 for <rtcweb@ietfa.amsl.com>; Tue, 20 Mar 2012 03:30:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xps5Jt6ZSlpa for <rtcweb@ietfa.amsl.com>; Tue, 20 Mar 2012 03:30:51 -0700 (PDT)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id 2D59E21F866B for <rtcweb@ietf.org>; Tue, 20 Mar 2012 03:30:37 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 6567839E132; Tue, 20 Mar 2012 11:30:36 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BgYBOXq5NgNr; Tue, 20 Mar 2012 11:30:35 +0100 (CET)
Received: from [78.65.120.97] (host-78-65-120-97.homerun.telia.com [78.65.120.97]) by eikenes.alvestrand.no (Postfix) with ESMTPSA id 89A2F39E0E7; Tue, 20 Mar 2012 11:30:35 +0100 (CET)
Message-ID: <4F685C45.5080106@alvestrand.no>
Date: Tue, 20 Mar 2012 11:30:29 +0100
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.27) Gecko/20120216 Thunderbird/3.1.19
MIME-Version: 1.0
To: Hadriel Kaplan <HKaplan@acmepacket.com>
References: <A1B638D2082DEA4092A268AA8BEF294D194494CE64@ESESSCMS0360.eemea.ericsson.se> <CABcZeBO5xouNwMqBa-y6AqbXs-+9nU37kGEETm0DpqSWZ9tjwg@mail.gmail.com> <ABC8591A-0432-4D5A-82AB-BBE9A22360D9@acmepacket.com>
In-Reply-To: <ABC8591A-0432-4D5A-82AB-BBE9A22360D9@acmepacket.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] SDES vs DTLS-SRTP revisited
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2012 10:30:51 -0000
On 03/17/2012 04:35 AM, Hadriel Kaplan wrote: > On Mar 16, 2012, at 6:32 PM, Eric Rescorla wrote: >> Yes, I think the fingerprint mismatch in case 1 serves as a stronger indication >> that something was wrong, because there is no technical reason for the >> fingerprint not to match if both sides believe they are doing DTLS. I.e., >> it always indicates either a software defect or a man in the middle. >> And the suspicious user of course should hang up, but they should also >> post pictures to /., which, I would think, serves >> as a pretty significant deterrent to providers tampering with people's calls! >> By contrast, with SDES, the attack scenario and the legitimate scenario >> look the same. > I don't think you can jump to the conclusion that there's either a software defect or a MitM. Imagine if WebRTC user Alice calls Bob through provider-A, using Bob's telephone number. Provider-A supports DTLS-SRTP on its PSTN gateway, so it handles that and generates a call into the PSTN for Bob, who happens to use Provider-B. Bob is currently on a WebRTC client connected to Provider-B, and Provider-B happens to also support DTLS-SRTP on its PSTN gateway. So both Alice and Bob see "DTLS-SRTP", but different fingerprints. It's not a software defect. You could argue it's a MitM (the PSTN gateways doing what they do), and certainly there may *be* someone recording the call in the middle for all you know - but you really don't know either way. Alice dialed Bob, and got the best case scenario given the situation. I don't get this scenario. If Alice calls Bob using two different gateways, won't she go through a credentials and fingerprint exchange with the gateways? In that case, wouldn't the fingerprint belong to the gateway? > The good news is the media is secure from the browsers to the PSTN, which is not an insignificant accomplishment. If we're worried about WiFi - and I am, for at least marketing/perception reasons if nothing else - then we've alleviated that concern. > > So then there's slashdot. If Alice or Bob posts to slashdot, it's bad news. But we can hardly blame Provider-A or Provider-B, since they had no alternative. It wouldn't be the first time someone posted a story on slashdot that got the facts wrong... > Ironically, if WebRTC supported SDES, then Provider-A and B could do that instead, and make it clear/explicit no end-to-end guarantee can be made for the call - while *still* avoiding the main concern, which is the WiFi problem. In some sense *we*, the IETF/W3C, would be more honest if we allowed SDES (over HTTPS) for gateway cases, since that's actually the level of security being provided. Mandating DTLS-SRTP provides a false sense of security, and false sense of insecurity if it fails. > > -hadriel > > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb >
- [rtcweb] SDES vs DTLS-SRTP revisited Oscar Ohlsson
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Igor Faynberg
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Eric Rescorla
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Hadriel Kaplan
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Hadriel Kaplan
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Randell Jesup
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Hadriel Kaplan
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Randell Jesup
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Hadriel Kaplan
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Oscar Ohlsson
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Oscar Ohlsson
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Randell Jesup
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Eric Rescorla
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Igor Faynberg
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Hadriel Kaplan
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Harald Alvestrand
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Hadriel Kaplan
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Harald Alvestrand