Re: [rtcweb] Security Architecture -07 review

Dan Wing <> Fri, 26 July 2013 00:34 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CEC0E21F8749 for <>; Thu, 25 Jul 2013 17:34:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -110.556
X-Spam-Status: No, score=-110.556 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id T9YVctOunObA for <>; Thu, 25 Jul 2013 17:34:28 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id C2A2921F86BE for <>; Thu, 25 Jul 2013 17:34:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=1948; q=dns/txt; s=iport; t=1374798868; x=1376008468; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=yFfguRhPYuUe+b8VlHoDDkTjS8kiZEiry7vhfGj+s8c=; b=Un9D5haSuCsrp7czFE+nI8MT7AGGQtAyjXy8LXrElrN+p1YjqrVfMSBq paOF0utd7n29U8zYkl0zTqrmk3vop4EADWYn+l4MvzVhnEMIYr9lJkuPy jE9ryfBUZXUg5lay0nLCKuZNeohqnGVYVqgFKjI2lxuA2+yI3hX4fkYVt 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="4.89,746,1367971200"; d="scan'208";a="84221360"
Received: from ([]) by with ESMTP; 26 Jul 2013 00:34:28 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id r6Q0YR6K017162; Fri, 26 Jul 2013 00:34:27 GMT
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Dan Wing <>
In-Reply-To: <>
Date: Thu, 25 Jul 2013 17:34:27 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <>
To: Martin Thomson <>
X-Mailer: Apple Mail (2.1508)
Cc: "" <>
Subject: Re: [rtcweb] Security Architecture -07 review
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 26 Jul 2013 00:34:33 -0000

On Jul 25, 2013, at 5:12 PM, Martin Thomson <> wrote:

No comment on leaking information at other layers?  We just improved the RTCP CNAME to remove its leakage (draft-ietf-avtcore-6222bis), as an example of reducing -- rather than expanding -- personally-identifyable super-cookies.  The DTLS handshake is over the same media path improved by 6222bis.

> On 25 July 2013 17:00, Dan Wing <> wrote:
>>> The concern is the first party, who gets the certificate.  Using DH
>>> isn't going to fix that.
>> Then you're arguing for "endpoint MUST NOT change its certificate".
> Nope.  There are reasons to maintain a stable certificate (being able
> to audit old calls is helped by this, though a log of fingerprints
> used for calls over time might do the same, albeit a little less
> transparently; performance is another reason), just as there are
> reasons to change the certificate (privacy, mainly an ability to keep
> peers from linking calls).
> And yes, generally DH > not DH, but I'm not sure the benefits are
> huge, depending on what your threat model is.  I was just pointing out
> that it doesn't actually help for the cases that I was really
> concerned about.  The women's shelter case in particular.

Thanks for the explanation.  I concur the public/private key needs a way to be destroyed and a new one generated. 

We could envision a more sophisticated mechanism, based on lots of different criteria, where different public/private key pairs are used and where some are destroyed immediately after certain calls.  For example, I might want to use a public/private key pair for all of my work calls and leave that static (as I want that identity to stick with me) but an ephemeral, one-time-only public/private key pair when not engaging in phone calls related to my work, such as calling my psychologist.