IETF Logo Mail Archive

Re: [rtcweb] Retransmit: Summary of Alternatives for media keying

Randell Jesup <randell1@jesup.org> Fri, 29 July 2011 13:01 UTC

Return-Path: <randell1@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D622B21F86A8 for <rtcweb@ietfa.amsl.com>; Fri, 29 Jul 2011 06:01:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.556
X-Spam-Level:
X-Spam-Status: No, score=-2.556 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6GuzuttLpLL9 for <rtcweb@ietfa.amsl.com>; Fri, 29 Jul 2011 06:01:10 -0700 (PDT)
Received: from arthur.webserversystems.com (arthur.webserversystems.com [174.132.191.98]) by ietfa.amsl.com (Postfix) with ESMTP id 1DF3821F86A1 for <rtcweb@ietf.org>; Fri, 29 Jul 2011 06:01:09 -0700 (PDT)
Received: from pool-98-111-140-38.phlapa.fios.verizon.net ([98.111.140.38] helo=[192.168.1.12]) by arthur.webserversystems.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <randell1@jesup.org>) id 1Qmmgf-0000hS-4I; Fri, 29 Jul 2011 08:01:09 -0500
Message-ID: <4E32AEC3.8080804@jesup.org>
Date: Fri, 29 Jul 2011 08:59:47 -0400
From: Randell Jesup <randell1@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <12BF9E55-662F-4762-9E47-2BBD3FA5FD93@acmepacket.com> <A444A0F8084434499206E78C106220CA08F1D75CF0@MCHP058A.global-ad.net> <2E6CBDE0-DA10-4792-8059-A01F554DB370@skype.net> <E1963869-9E21-4F1F-AB4A-E5D070CCA581@acmepacket.com> <55C78CA7-292C-4E0E-901B-83B7614C2F32@skype.net> <4E31DAAB.5030606@jesup.org> <2BE95AAB-722C-472C-B624-CF91AE7D75EF@skype.net>
In-Reply-To: <2BE95AAB-722C-472C-B624-CF91AE7D75EF@skype.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - arthur.webserversystems.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jesup.org
X-Source:
X-Source-Args:
X-Source-Dir:
Subject: Re: [rtcweb] Retransmit: Summary of Alternatives for media keying
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2011 13:01:11 -0000

On 7/29/2011 1:12 AM, Matthew Kaufman wrote:

>>> (You can also add a browser extension that uses a service that you trust but that isn't your calling service, and when you're calling other people with the same extension you can check the fingerprints in an automated way using that.)
>> Definitely possible, and adds another largely-independent layer of trust.
> Yes, but independent layers of trust are a feature, not a bug.
>
> And what are you arguing here? My claim is that DTLS-SRTP is often *more* secure than SDES-style keying, and certainly no worse.

No disagreement at all.   I'm discussing that DTLS-SRTP is vulnerable 
(to a degree) to MITM
attacks, which is well-known, if you don't have a known-secure signaling 
channel.  I'm not making the
argument that Hadriel is.

>>> If you *don't* trust your "calling service", then that's just like not trusting your banking service when you type in passwords.
>> I may trust my calling service to connect me (to someone), but I may not trust them to not MITM me themselves (read CALEA or other national security services), and I may not trust them not to be compromised, since they have a far smaller monetary stake in avoiding it compared to a bank.
> Sure, but again all of these things are EASIER if they use SDES. They can MITM you themselves by letting anyone get a copy of the traffic from anywhere and sending that person the keys, even after the fact. (Both passive attacks like this and getting the key later are prevented with DTLS-SRTP and DH key agreement).

Absolutely.

> Another idea related to identity: as mentioned, the cert trust chain in a browser verifies that you're talking to mybank.com or myprovider.com.  This can be leveraged to provide authentication by cert that you're talking to someone who's part of mybank.com, even if you went through myprovider.com to get there and myprovider.com might be compromised.  It doesn't directly help verify you're talking to Joe Your Neighbor, but other services can help with that (as mentioned - extensions, etc).
> Yes, all good ideas, but built upon DTLS-SRTP, and not SDES or plain RTP.

Yes, that's the idea.

>> Effectively, for a fairly large subset of the net, we have a deployed PKI of a form.  It's not perfect (DNSSEC anyone; recent todo with bogus certs because a CA snafu) but for most uses that it covers it's pretty good.  Getting it to cover identifying the destination as a dependent of the primary cert may be an issue for many companies, however.
> I doubt it, but perhaps.

My concern was getting companies to deploy subsidiary certs to the 
browsers of call center agents, etc
(especially as these functions are often out-sourced).

>> In any case, there may be a way to leverage this existing trust chain, both to authenticate who's calling you and who you're calling, for a subset of possible destinations.
> Almost certainly.

Good!

-- 
Randell Jesup
randell-ietf@jesup.org

v2.23.0 | Report a Bug | By Email