Re: [rtcweb] End-to-end encryption vs end-to-end authentication (DTLS-SRTP / SDES-SRTP)

Iñaki Baz Castillo <ibc@aliax.net> Thu, 05 April 2012 17:44 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4970C21F8702 for <rtcweb@ietfa.amsl.com>; Thu, 5 Apr 2012 10:44:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.078, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g7NFu6wDYkMq for <rtcweb@ietfa.amsl.com>; Thu, 5 Apr 2012 10:44:13 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 33F6621F869D for <rtcweb@ietf.org>; Thu, 5 Apr 2012 10:44:13 -0700 (PDT)
Received: by yhkk25 with SMTP id k25so970613yhk.31 for <rtcweb@ietf.org>; Thu, 05 Apr 2012 10:44:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=xATHWTpzsH7m5hZaHwepwNigrgEzoh5MfwtFMzwteRQ=; b=Nu6ckIzsjWJDhHh+IWN4R1U122vI2efLmn9jGtLkEQWkmpNcRmeyu2DJa7dqnTEDsn aP/NCkBmtriI0d3Cz9GDcPBAyTCD1ablZa7A+xhM6KheJeVN14ISJeV5mX2ND9WrpBsy BOZIKcv+XLNjoRARtyq7qRWGmFJdOZh3tp9KvNrehR+6m0m7+eRkhbSRk3Y6WUT1v/Me RYaV4OJ2drLJmE2QYbFHtn7BubKFRlETUx6N69hAO/OzpwYv4rGcqTBZUmOhe+KKe8W9 ZggW/y66EqskZtD4N4p86LddbcboqKdchcw0s4VHNU4uw5Drql7OfNWGDrttZx0YDFs2 PADA==
Received: by 10.236.156.230 with SMTP id m66mr3212934yhk.52.1333647852812; Thu, 05 Apr 2012 10:44:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.170.165 with HTTP; Thu, 5 Apr 2012 10:43:52 -0700 (PDT)
In-Reply-To: <CAD5OKxv_e9Ncw7xt3eh9jNM9HWX1snDN1wVynkFT2GPoA+y1_w@mail.gmail.com>
References: <4F7D7103.6040102@infosecurity.ch> <4F7DBEFC.6040302@alcatel-lucent.com> <4F7DD13F.2010006@infosecurity.ch> <CAD5OKxv_e9Ncw7xt3eh9jNM9HWX1snDN1wVynkFT2GPoA+y1_w@mail.gmail.com>
From: =?UTF-8?Q?I=C3=B1aki_Baz_Castillo?= <ibc@aliax.net>
Date: Thu, 5 Apr 2012 19:43:52 +0200
Message-ID: <CALiegfnDRUZG5ofvTuRHHsLGzfT+tj59p0UtKhT1AdU79XgBEw@mail.gmail.com>
To: Roman Shpount <roman@telurix.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQk0X1Kb1TBHWBgBJohe4bw9hfxQj1w+2r5OL7wjpHegqyOW03cCxWseURcJiYT7iohtLzhT
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] End-to-end encryption vs end-to-end authentication (DTLS-SRTP / SDES-SRTP)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2012 17:44:14 -0000

2012/4/5 Roman Shpount <roman@telurix.com>:
> On Thu, Apr 5, 2012 at 1:07 PM, Fabio Pietrosanti (naif)
> <lists@infosecurity.ch> wrote:
>>
>> This means that DTLS-SRTP, from a trust-model point of view, does not
>> provide end-to-end security because there will always be a trusted third
>> party able to authorize Man in the Middle to do eavesdropping.
>
>
> Incorrect. If fingerprint is exposed and can be verified, DTLS-SRTP does
> provide end-to-end security. No third parties involved.

The fingerprint is included in the SDP which goes throught the Web
server, right? You know what I mean ;)

-- 
Iñaki Baz Castillo
<ibc@aliax.net>