Re: [rtcweb] RTCWeb Forking usecase [was RE: draft-kaplan-rtcweb-sip-interworking-requirements-00]
Harald Alvestrand <harald@alvestrand.no> Sat, 29 October 2011 18:49 UTC
Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C3CD21F85B1 for <rtcweb@ietfa.amsl.com>; Sat, 29 Oct 2011 11:49:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.458
X-Spam-Level:
X-Spam-Status: No, score=-110.458 tagged_above=-999 required=5 tests=[AWL=0.141, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qg9xQLL17V5X for <rtcweb@ietfa.amsl.com>; Sat, 29 Oct 2011 11:49:19 -0700 (PDT)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id 92F7B21F8564 for <rtcweb@ietf.org>; Sat, 29 Oct 2011 11:49:19 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 9B22339E162; Sat, 29 Oct 2011 20:49:18 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ujGVKG1GTbaN; Sat, 29 Oct 2011 20:49:17 +0200 (CEST)
Received: from [172.19.29.10] (216-239-45-4.google.com [216.239.45.4]) by eikenes.alvestrand.no (Postfix) with ESMTPS id 3E21C39E088; Sat, 29 Oct 2011 20:49:17 +0200 (CEST)
Message-ID: <4EAC4AAB.1000509@alvestrand.no>
Date: Sat, 29 Oct 2011 11:49:15 -0700
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.23) Gecko/20110921 Thunderbird/3.1.15
MIME-Version: 1.0
To: Hadriel Kaplan <HKaplan@acmepacket.com>
References: <20111024224257.28459.65554.idtracker@ietfa.amsl.com> <6EB8679A-13D5-4AD7-97F2-BC35FC0966F0@acmepacket.com> <2E239D6FCD033C4BAF15F386A979BF51159C32@sonusinmail02.sonusnet.com> <CALiegfnVaZjh1K+brd180Z9Ufheau3v6OJe6Ejv8P7wzw6ROQw@mail.gmail.com> <2E239D6FCD033C4BAF15F386A979BF51159D7A@sonusinmail02.sonusnet.com> <4EAAF413.8030501@alvestrand.no> <2E239D6FCD033C4BAF15F386A979BF51159D7B@sonusinmail02.sonusnet.com> <247FFE2C-DB2C-4280-A219-BE1503662F92@acmepacket.com> <4EAB2657.7090609@jesup.org> <CAD5OKxu=3FvnUDV5m1TW8n+7D+B6ihp_g7TXKtJVaVW3gtiySQ@mail.gmail.com> <4EAC24A2.70401@alvestrand.no> <433A5637-35F1-4D50-84F8-3336A2CF57E2@acmepacket.com>
In-Reply-To: <433A5637-35F1-4D50-84F8-3336A2CF57E2@acmepacket.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "<rtcweb@ietf.org>" <rtcweb@ietf.org>
Subject: Re: [rtcweb] RTCWeb Forking usecase [was RE: draft-kaplan-rtcweb-sip-interworking-requirements-00]
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Oct 2011 18:49:20 -0000
On 10/29/2011 11:37 AM, Hadriel Kaplan wrote: > On Oct 29, 2011, at 12:06 PM, Harald Alvestrand wrote: > >> I considered it when we discussed this last, but I'm not sure it works. >> If we support SDES, the offer also contains crypto keys. Reusing crypto keys for all created connections would be a huge security vulnerability. > The SDES key is used in the sending direction, not the receive. That means everyone receiving the ROAP Offer will get the key and be able to decrypt the Offerer's transmitted media, but only the receivers of the ROAP Answer will be able to decrypt the Answerer's media. So yes obviously if the ROAP Offer is generated by a Browser and sent to multiple parties, all of those parties would be able to render the media (and possibly spoof it to the others). > > But that vulnerability exists with SDES regardless of whether we support ROAP forking or not. Even if the WebRTC browser only allows one ROAP Answer for any given Offer, if SDES is supported at all then we have to trust the JS and Web server, and trust them not to send the ROAP Offer to multiple parties, or we have to trust all those parties - assuming ROAP contains an SDES key and the Browser ends up using it. For example, even if we don't support ROAP forking, a benign JS and Web-server might still send the ROAP Offer to multiple Browsers and only send back one ROAP Answer from the first answering Browser, not realizing that doing so introduced a vulnerability. I don't think I expressed myself clearly.... Consider: we create PC A, and it creates an offer with key A1 we get answer B1, and give it to PC A. Media flows, encrypted with A1 from A. we get answer B2, create a new PC B. How does PC B know to use key A1 to encrypt media to B? Two possibilities: - All PCs created in this script use the same sending key. That seems like opening up vulnerabilities when creating PCs that connect to different places. - The creation of PC B gets some special initialization data to tell it to use key A1 My earlier note about sending the offer as an initialization parameter to the creation of PC B was one possibility for that. Using a factory class to hold the information about key A1 is another. .... > -hadriel > p.s. draft-wing-srtp-keying-eval-00 discussed this forking issue and recommended re-keying in forking scenarios, for SIP. No one does that as far as I know, though. Thanks for the pointer. >
- [rtcweb] draft-kaplan-rtcweb-sip-interworking-req… Hadriel Kaplan
- Re: [rtcweb] draft-kaplan-rtcweb-sip-interworking… Ravindran Parthasarathi
- Re: [rtcweb] draft-kaplan-rtcweb-sip-interworking… Ravindran Parthasarathi
- Re: [rtcweb] draft-kaplan-rtcweb-sip-interworking… Hadriel Kaplan
- Re: [rtcweb] draft-kaplan-rtcweb-sip-interworking… Hadriel Kaplan
- Re: [rtcweb] draft-kaplan-rtcweb-sip-interworking… Iñaki Baz Castillo
- Re: [rtcweb] draft-kaplan-rtcweb-sip-interworking… Iñaki Baz Castillo
- Re: [rtcweb] draft-kaplan-rtcweb-sip-interworking… Iñaki Baz Castillo
- Re: [rtcweb] draft-kaplan-rtcweb-sip-interworking… Hadriel Kaplan
- [rtcweb] RTCWeb Forking usecase [was RE: draft-ka… Ravindran Parthasarathi
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Harald Alvestrand
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Ravindran Parthasarathi
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Roman Shpount
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Iñaki Baz Castillo
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Ravindran Parthasarathi
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Christer Holmberg
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Ravindran Parthasarathi
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Iñaki Baz Castillo
- Re: [rtcweb] RTCWeb Forking usecase [was RE:draft… Ravindran Parthasarathi
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Hadriel Kaplan
- Re: [rtcweb] RTCWeb Forking usecase [was RE:draft… Christer Holmberg
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Randell Jesup
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Hadriel Kaplan
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Roman Shpount
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Roman Shpount
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Iñaki Baz Castillo
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Harald Alvestrand
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Iñaki Baz Castillo
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Harald Alvestrand
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Hadriel Kaplan
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Harald Alvestrand
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Christer Holmberg
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Iñaki Baz Castillo
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Christer Holmberg
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Timothy B. Terriberry
- [rtcweb] New usecase & requirement for media fork… Ravindran Parthasarathi
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Stefan Håkansson
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Roman Shpount
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Iñaki Baz Castillo
- Re: [rtcweb] New usecase & requirement for media … Harald Alvestrand
- Re: [rtcweb] RTCWeb Forking usecase [was RE: draf… Randell Jesup
- [rtcweb] SDES and forking [was RE: RTCWeb Forking… Christer Holmberg
- [rtcweb] SDES and forking [was RE: RTCWeb Forking… Christer Holmberg
- Re: [rtcweb] New usecase & requirement for media … Ravindran Parthasarathi
- Re: [rtcweb] New usecase & requirement for media … Harald Alvestrand
- Re: [rtcweb] New usecase & requirement for media … Ravindran Parthasarathi
- Re: [rtcweb] New usecase & requirement for media … Harald Alvestrand