Re: [rtcweb] SDES vs DTLS-SRTP revisited
Oscar Ohlsson <oscar.ohlsson@ericsson.com> Mon, 19 March 2012 07:52 UTC
Return-Path: <oscar.ohlsson@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5CB921F861E for <rtcweb@ietfa.amsl.com>; Mon, 19 Mar 2012 00:52:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.656
X-Spam-Level:
X-Spam-Status: No, score=-9.656 tagged_above=-999 required=5 tests=[AWL=0.943, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k83onyzkPSj9 for <rtcweb@ietfa.amsl.com>; Mon, 19 Mar 2012 00:52:43 -0700 (PDT)
Received: from mailgw10.se.ericsson.net (mailgw10.se.ericsson.net [193.180.251.61]) by ietfa.amsl.com (Postfix) with ESMTP id 89D1D21F854E for <rtcweb@ietf.org>; Mon, 19 Mar 2012 00:52:40 -0700 (PDT)
X-AuditID: c1b4fb3d-b7c6fae0000045c0-85-4f66e5c7bb4f
Received: from esessmw0256.eemea.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw10.se.ericsson.net (Symantec Mail Security) with SMTP id FE.DE.17856.7C5E66F4; Mon, 19 Mar 2012 08:52:39 +0100 (CET)
Received: from ESESSCMS0360.eemea.ericsson.se ([169.254.1.52]) by esessmw0256.eemea.ericsson.se ([153.88.115.96]) with mapi; Mon, 19 Mar 2012 08:52:39 +0100
From: Oscar Ohlsson <oscar.ohlsson@ericsson.com>
To: "igor.faynberg@alcatel-lucent.com" <igor.faynberg@alcatel-lucent.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Date: Mon, 19 Mar 2012 08:52:38 +0100
Thread-Topic: [rtcweb] SDES vs DTLS-SRTP revisited
Thread-Index: Ac0DmTIq4s4gJHtgRKWyBUthos4tLQCCVoiQ
Message-ID: <A1B638D2082DEA4092A268AA8BEF294D194494D133@ESESSCMS0360.eemea.ericsson.se>
References: <A1B638D2082DEA4092A268AA8BEF294D194494CE64@ESESSCMS0360.eemea.ericsson.se> <4F637685.4090704@alcatel-lucent.com>
In-Reply-To: <4F637685.4090704@alcatel-lucent.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: sv-SE, en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAA==
Subject: Re: [rtcweb] SDES vs DTLS-SRTP revisited
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2012 07:52:43 -0000
> -----Original Message----- > From: rtcweb-bounces@ietf.org > [mailto:rtcweb-bounces@ietf.org] On Behalf Of Igor Faynberg > Sent: den 16 mars 2012 18:21 > To: rtcweb@ietf.org > Subject: Re: [rtcweb] SDES vs DTLS-SRTP revisited > > Oscar, > > I am afraid I missed the point here. > > How can one determine that the call is being listened to? > How can the > browser know whom the RTP stream is passing through? > > If you know the SRTP key and filter the flow directed at me, > you will be on the conversation, right? > > Igor Hi Igor, No you can't know for sure that the call is being listened to, but the behaviour is very suscpicious. If both parties support DTLS-SRTP then why did the web application switch from default DTLS-SRTP to SDES? There are not that many reasonable answers: - interception/recording - transcoding - something else? That's why I was wondering whether DTLS-SRTP fingerprint mismatch really is a stronger indication of interception. To me it's not an obvious question. Regards, Oscar > > On 3/16/2012 11:04 AM, Oscar Ohlsson wrote: > > ... Say that you're on a call and want to determine if the > service provider is listening in: > > > > Case 1: Both endpoints support DTLS-SRTP (can be determined > by asking > > the other party) > > > > If SDES is used you directly conclude that something fishy > is going on and hang up. If DTLS-SRTP is used you compare > fingerprints and hang up if they don't match. (I've assumed > that a user can view detailed security information in the browser). > > > > Case 2: The other endpoint does not support DTLS-SRTP > ... > > > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb >
- [rtcweb] SDES vs DTLS-SRTP revisited Oscar Ohlsson
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Igor Faynberg
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Eric Rescorla
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Hadriel Kaplan
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Hadriel Kaplan
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Randell Jesup
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Hadriel Kaplan
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Randell Jesup
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Hadriel Kaplan
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Oscar Ohlsson
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Oscar Ohlsson
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Randell Jesup
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Eric Rescorla
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Igor Faynberg
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Hadriel Kaplan
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Harald Alvestrand
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Hadriel Kaplan
- Re: [rtcweb] SDES vs DTLS-SRTP revisited Harald Alvestrand