Re: [rtcweb] Support of SDES in WebRTC

Randell Jesup <randell-ietf@jesup.org> Fri, 30 March 2012 21:47 UTC

Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75D3121F84FC for <rtcweb@ietfa.amsl.com>; Fri, 30 Mar 2012 14:47:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.321
X-Spam-Level:
X-Spam-Status: No, score=-2.321 tagged_above=-999 required=5 tests=[AWL=0.278, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jtcOXq+VOiwS for <rtcweb@ietfa.amsl.com>; Fri, 30 Mar 2012 14:47:45 -0700 (PDT)
Received: from r2-chicago.webserversystems.com (r2-chicago.webserversystems.com [173.236.101.58]) by ietfa.amsl.com (Postfix) with ESMTP id 028C921F84E4 for <rtcweb@ietf.org>; Fri, 30 Mar 2012 14:47:44 -0700 (PDT)
Received: from pool-108-16-41-249.phlapa.fios.verizon.net ([108.16.41.249] helo=[192.168.1.12]) by r2-chicago.webserversystems.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <randell-ietf@jesup.org>) id 1SDjfc-0001qL-CS for rtcweb@ietf.org; Fri, 30 Mar 2012 16:47:44 -0500
Message-ID: <4F76293F.2000005@jesup.org>
Date: Fri, 30 Mar 2012 17:44:31 -0400
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20120312 Thunderbird/11.0
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <4F742344.802@infosecurity.ch> <A1B638D2082DEA4092A268AA8BEF294D194602D97D@ESESSCMS0360.eemea.ericsson.se> <CALiegf=GxJ2Ew9v5H4Xfb8q3j=4TFawNu-6uXRXuXK+Vug1e+w@mail.gmail.com>, <A1B638D2082DEA4092A268AA8BEF294D194602DB63@ESESSCMS0360.eemea.ericsson.se> <BCB3F026FAC4C145A4A3330806FEFDA94086731AF7@EMBX01-HQ.jnpr.net>
In-Reply-To: <BCB3F026FAC4C145A4A3330806FEFDA94086731AF7@EMBX01-HQ.jnpr.net>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r2-chicago.webserversystems.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jesup.org
X-Source:
X-Source-Args:
X-Source-Dir:
Subject: Re: [rtcweb] Support of SDES in WebRTC
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Mar 2012 21:47:45 -0000

On 3/29/2012 5:59 PM, Gregory Maxwell wrote:
> Oscar Ohlsson [oscar.ohlsson@ericsson.com] wrote:
>> That's why I wrote "the entire webapp" below. If it was not clear I meant that the
>> - main HTML page
>> - all external CSS files, JavaScript files, images, etc
>> - all XmlHttpRequests
>> - all WebSocket connections
>> are protected with TLS. This is obviously verifiable and it's a feature supported by all modern browsers (no mixed content).
>
> Even this is insufficient.

[long nice analysis of security in JS vs in the stack deleted]

>  Really, cryptographic
> negotiation is not properly an application feature, it belongs lower in
> the stack, and many applications that roll their own crypto have done
> a poor job of it.
>
> It's also inadequate on purely technical grounds: Javascript provides
> no mechanism for working with mlocked memory,  no mechanism to ensure
> that garbage collected data gets zeroized.  Your crypto app in JS could
> easily have its long term keying material pulled out of free ram by
> malware long after it runs, or pulled off the disk from swap.
> The breakneck pace of fancy JIT systems makes it seem unlikely to me
> that javascript will provide for that any time soon.

I rarely do this sort of reply for obvious reasons, but:

I agree!  :-)

-- 
Randell Jesup
randell-ietf@jesup.org