IETF Logo Mail Archive

Re: [rtcweb] SDES vs DTLS-SRTP revisited

Harald Alvestrand <harald@alvestrand.no> Tue, 20 March 2012 10:30 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C569B21F8694 for <rtcweb@ietfa.amsl.com>; Tue, 20 Mar 2012 03:30:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xps5Jt6ZSlpa for <rtcweb@ietfa.amsl.com>; Tue, 20 Mar 2012 03:30:51 -0700 (PDT)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id 2D59E21F866B for <rtcweb@ietf.org>; Tue, 20 Mar 2012 03:30:37 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 6567839E132; Tue, 20 Mar 2012 11:30:36 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BgYBOXq5NgNr; Tue, 20 Mar 2012 11:30:35 +0100 (CET)
Received: from [78.65.120.97] (host-78-65-120-97.homerun.telia.com [78.65.120.97]) by eikenes.alvestrand.no (Postfix) with ESMTPSA id 89A2F39E0E7; Tue, 20 Mar 2012 11:30:35 +0100 (CET)
Message-ID: <4F685C45.5080106@alvestrand.no>
Date: Tue, 20 Mar 2012 11:30:29 +0100
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.27) Gecko/20120216 Thunderbird/3.1.19
MIME-Version: 1.0
To: Hadriel Kaplan <HKaplan@acmepacket.com>
References: <A1B638D2082DEA4092A268AA8BEF294D194494CE64@ESESSCMS0360.eemea.ericsson.se> <CABcZeBO5xouNwMqBa-y6AqbXs-+9nU37kGEETm0DpqSWZ9tjwg@mail.gmail.com> <ABC8591A-0432-4D5A-82AB-BBE9A22360D9@acmepacket.com>
In-Reply-To: <ABC8591A-0432-4D5A-82AB-BBE9A22360D9@acmepacket.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] SDES vs DTLS-SRTP revisited
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2012 10:30:51 -0000

On 03/17/2012 04:35 AM, Hadriel Kaplan wrote:
> On Mar 16, 2012, at 6:32 PM, Eric Rescorla wrote:
>> Yes, I think the fingerprint mismatch in case 1 serves as a stronger indication
>> that something was wrong, because there is no technical reason for the
>> fingerprint not to match if both sides believe they are doing DTLS. I.e.,
>> it always indicates either a software defect or a man in the middle.
>> And the suspicious user of course should hang up, but they should also
>> post pictures to /., which, I would think, serves
>> as a pretty significant deterrent to providers tampering with people's calls!
>> By contrast, with SDES, the attack scenario and the legitimate scenario
>> look the same.
> I don't think you can jump to the conclusion that there's either a software defect or a MitM.  Imagine if WebRTC user Alice calls Bob through provider-A, using Bob's telephone number.  Provider-A supports DTLS-SRTP on its PSTN gateway, so it handles that and generates a call into the PSTN for Bob, who happens to use Provider-B.  Bob is currently on a WebRTC client connected to Provider-B, and Provider-B happens to also support DTLS-SRTP on its PSTN gateway.  So both Alice and Bob see "DTLS-SRTP", but different fingerprints.  It's not a software defect.  You could argue it's a MitM (the PSTN gateways doing what they do), and certainly there may *be* someone recording the call in the middle for all you know - but you really don't know either way.  Alice dialed Bob, and got the best case scenario given the situation.
I don't get this scenario. If Alice calls Bob using two different 
gateways, won't she go through a credentials and fingerprint exchange 
with the gateways?
In that case, wouldn't the fingerprint belong to the gateway?
> The good news is the media is secure from the browsers to the PSTN, which is not an insignificant accomplishment.  If we're worried about WiFi - and I am, for at least marketing/perception reasons if nothing else - then we've alleviated that concern.
>
> So then there's slashdot.  If Alice or Bob posts to slashdot, it's bad news.  But we can hardly blame Provider-A or Provider-B, since they had no alternative.
It wouldn't be the first time someone posted a story on slashdot that 
got the facts wrong...
>    Ironically, if WebRTC supported SDES, then Provider-A and B could do that instead, and make it clear/explicit no end-to-end guarantee can be made for the call - while *still* avoiding the main concern, which is the WiFi problem.  In some sense *we*, the IETF/W3C, would be more honest if we allowed SDES (over HTTPS) for gateway cases, since that's actually the level of security being provided.  Mandating DTLS-SRTP provides a false sense of security, and false sense of insecurity if it fails.
>
> -hadriel
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>

v2.23.0 | Report a Bug | By Email