IETF Logo Mail Archive

[rtcweb] #30: Wiretapping

"rtcweb issue tracker" <trac+rtcweb@trac.tools.ietf.org> Fri, 13 September 2013 00:08 UTC

Return-Path: <trac+rtcweb@trac.tools.ietf.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECB8721E80F7 for <rtcweb@ietfa.amsl.com>; Thu, 12 Sep 2013 17:08:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WyT3eZDLrEBX for <rtcweb@ietfa.amsl.com>; Thu, 12 Sep 2013 17:08:07 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id 19E4821E80ED for <rtcweb@ietf.org>; Thu, 12 Sep 2013 17:08:05 -0700 (PDT)
Received: from localhost ([127.0.0.1]:58270 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+rtcweb@trac.tools.ietf.org>) id 1VKGvb-00011m-80; Fri, 13 Sep 2013 02:08:03 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: rtcweb issue tracker <trac+rtcweb@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-rtcweb-use-cases-and-requirements@tools.ietf.org, bernard_aboba@hotmail.com
X-Trac-Project: rtcweb
Date: Fri, 13 Sep 2013 00:08:03 -0000
X-URL: http://tools.ietf.org/rtcweb/
X-Trac-Ticket-URL: http://tools.ietf.org/wg/rtcweb/trac/ticket/30
Message-ID: <066.e4120f60682a48aa7753e29f3071d4d8@trac.tools.ietf.org>
X-Trac-Ticket-ID: 30
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-rtcweb-use-cases-and-requirements@tools.ietf.org, bernard_aboba@hotmail.com, rtcweb@ietf.org
X-SA-Exim-Mail-From: trac+rtcweb@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: christer.holmberg@ericsson.com, goran.ap.eriksson@ericsson.com, stefan.lk.hakansson@ericsson.com
Resent-Message-Id: <20130913000807.19E4821E80ED@ietfa.amsl.com>
Resent-Date: Thu, 12 Sep 2013 17:08:05 -0700
Resent-From: trac+rtcweb@trac.tools.ietf.org
Cc: rtcweb@ietf.org
Subject: [rtcweb] #30: Wiretapping
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2013 00:08:08 -0000

#30: Wiretapping

 In several sections of the document, the phrase "It is essential
 that the communication cannot be wiretapped [RFC2804]" is used.
 The phrase is used in Sections 3.2.1.1, 3.2.11.1, 3.2.12.1, 3.2.13.1,
 3.3.1.1 and 3.2.3.1, but not in 3.2.14.1 (which also does not
 reference F20).

 Given the recent revelations, and the discussion of SRTP/SDES at
 IETF 87, I would suggest the following:

 a. Use of more precise terminology than what is in F20.  For example,
 I think what we are asking for in many of the F20 scenarios is
 per-packet encryption and integrity protection of media,
 utilizing keys known only by the endpoints, as well as support
 for perfect forward secrecy.

 b. Inclusion of a reference to F20 in Section 3.2.14.1 (Distributed
 Music Band).  Not sure why protection against snooping wouldn't be
 relevant in this use case (there are countries where musicians
 have been severely punished).

 c. Consideration of the requirement in gateway scenarios. For gateway
 scenarios such as 3.3.1.1, the e2e key management
 requirement probably isn't realistic, so maybe we need to
 just cite F35/F36 for that case.

-- 
-------------------------------------+-------------------------------------
 Reporter:                           |      Owner:  draft-ietf-rtcweb-use-
  bernard_aboba@hotmail.com          |  cases-and-
     Type:  defect                   |  requirements@tools.ietf.org
 Priority:  critical                 |     Status:  new
Component:  rtp-usage                |  Milestone:  milestone1
 Severity:  In WG Last Call          |    Version:  1.0
                                     |   Keywords:
-------------------------------------+-------------------------------------

Ticket URL: <http://tools.ietf.org/wg/rtcweb/trac/ticket/30>
rtcweb <http://tools.ietf.org/rtcweb/>

v2.23.0 | Report a Bug | By Email