IETF Logo Mail Archive

Re: [rtcweb] Retransmit: Summary of Alternatives for media keying

Matthew Kaufman <matthew.kaufman@skype.net> Fri, 29 July 2011 05:17 UTC

Return-Path: <matthew.kaufman@skype.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 971F721F8B8B for <rtcweb@ietfa.amsl.com>; Thu, 28 Jul 2011 22:17:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.456
X-Spam-Level:
X-Spam-Status: No, score=-2.456 tagged_above=-999 required=5 tests=[AWL=0.143, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C7eWRyWeQRh6 for <rtcweb@ietfa.amsl.com>; Thu, 28 Jul 2011 22:17:47 -0700 (PDT)
Received: from mx.skype.net (mx.skype.net [78.141.177.88]) by ietfa.amsl.com (Postfix) with ESMTP id 8253A21F8B0D for <rtcweb@ietf.org>; Thu, 28 Jul 2011 22:17:47 -0700 (PDT)
Received: from mx.skype.net (localhost [127.0.0.1]) by mx.skype.net (Postfix) with ESMTP id C497E16E2; Fri, 29 Jul 2011 07:17:46 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=skype.net; h=subject :mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=mx; bh=Uq SfGpIyoL5GH4VCHgmc3mZv9Cs=; b=tt3qeHGDd2PRiTHaZyqAmlzo3eofPlmB1d LzYvehGiw4iCdbxzhZUI/vxobEX3AevjNYFmYbqtLSFZ2Lc8A0OzRIw2L+hQEa4a +w1QZfu9e2YPKV5kFE/vwh6Gk2/qn0xcazvspaW4yLAMB+c7zplBffEyDQ7zm1dO H66dY3hbA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=skype.net; h=subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to; q=dns; s=mx; b=vy7AcgoAHdDCakNlVktvxl JDHIC7RtOnbm3VGsFr2U5zEUgzlejt5/a533TgLeoND4FM4U9DyKJLcri/BEgziK MzaMIJPA/RV+a38SzkqGSK6D6fPMqBBVP77mTXx4RDQcENUnsXFOMbGevVfvbsr2 6BoBvadZ0Mo83MOd3QLZQ=
Received: from zimbra.skype.net (zimbra.skype.net [78.141.177.82]) by mx.skype.net (Postfix) with ESMTP id C1EE77FC; Fri, 29 Jul 2011 07:17:46 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by zimbra.skype.net (Postfix) with ESMTP id AAF2F3507389; Fri, 29 Jul 2011 07:17:46 +0200 (CEST)
X-Virus-Scanned: amavisd-new at lu2-zimbra.skype.net
Received: from zimbra.skype.net ([127.0.0.1]) by localhost (zimbra.skype.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 48ayoQKSF1SP; Fri, 29 Jul 2011 07:17:45 +0200 (CEST)
Received: from dhcp-4649.meeting.ietf.org (dhcp-4649.meeting.ietf.org [130.129.70.73]) by zimbra.skype.net (Postfix) with ESMTPSA id E7F953507183; Fri, 29 Jul 2011 07:17:44 +0200 (CEST)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset="us-ascii"
From: Matthew Kaufman <matthew.kaufman@skype.net>
In-Reply-To: <D3161A15-A686-4908-8A85-AACCE1E4FAB8@acmepacket.com>
Date: Fri, 29 Jul 2011 01:17:43 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <B3816B7F-E80D-4228-BDE8-C88EA21475AD@skype.net>
References: <12BF9E55-662F-4762-9E47-2BBD3FA5FD93@acmepacket.com> <A444A0F8084434499206E78C106220CA08F1D75CF0@MCHP058A.global-ad.net> <2E6CBDE0-DA10-4792-8059-A01F554DB370@skype.net> <E1963869-9E21-4F1F-AB4A-E5D070CCA581@acmepacket.com> <55C78CA7-292C-4E0E-901B-83B7614C2F32@skype.net> <D3161A15-A686-4908-8A85-AACCE1E4FAB8@acmepacket.com>
To: Hadriel Kaplan <HKaplan@acmepacket.com>
X-Mailer: Apple Mail (2.1082)
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Retransmit: Summary of Alternatives for media keying
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2011 05:17:48 -0000

On Jul 28, 2011, at 6:44 PM, Hadriel Kaplan wrote:

> 
> On Jul 28, 2011, at 1:18 PM, Matthew Kaufman wrote:
> 
>> 
>> On Jul 28, 2011, at 11:13 AM, Hadriel Kaplan wrote:
>> 
>>> I would be perfectly happy with using sdes-based SRTP.  But if the call would otherwise fail altogether, I'd like the option to make the call no matter what (ie, even if it ends up being cleartext).
>> 
>> Why would the call "otherwise fail altogether"?
> 
> Because I'm calling someone who has a legacy VoIP device or is on the PSTN, and they're not going to support DTLS-SRTP.

I'm confused... do you want maximum security (because DTLS-SRTP is probably the best path to that of the choices) or maximum interoperation with legacy (because plain RTP is probably the easiest way to get that)

> Of course we could require the RTCWEB service to deploy "gateways" in order to terminate DTLS-SRTP and do SDES-based SRTP or cleartext RTP to non-RTCWEB, but that's expensive and complex.

Expensive? Maybe. Complex? Not really.

>  Not to mention its mis-leading - the media is not secure end-to-end, and again the lock-icon model won't work.

The lock icon model works just as well as the lock icon works on Gmail to indicate that your interaction with Gmail is protected but the email you send might be going via plain SMTP.

It might even be better than this, if we do a good job of sending requirements to W3C.

> 
> 
>> Have you ever called into a conference call from a public place, with your microphone muted?
> 
> Nah, I talk too much.  ;)

Even so, you'd probably rather not be recorded by a 3rd party using the microphone in your headset if you can avoid it.

Matthew Kaufman

v2.23.0 | Report a Bug | By Email