Re: [rtcweb] Use Case draft - Eavesdropping.
Stefan Hakansson LK <stefan.lk.hakansson@ericsson.com> Wed, 02 May 2012 07:50 UTC
Return-Path: <stefan.lk.hakansson@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9079121F8A47 for <rtcweb@ietfa.amsl.com>; Wed, 2 May 2012 00:50:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.249
X-Spam-Level:
X-Spam-Status: No, score=-6.249 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZV8Pak9cEBUS for <rtcweb@ietfa.amsl.com>; Wed, 2 May 2012 00:50:31 -0700 (PDT)
Received: from mailgw2.ericsson.se (mailgw2.ericsson.se [193.180.251.37]) by ietfa.amsl.com (Postfix) with ESMTP id BE6A521F8A41 for <rtcweb@ietf.org>; Wed, 2 May 2012 00:50:30 -0700 (PDT)
X-AuditID: c1b4fb25-b7b18ae000000dce-28-4fa0e74518ae
Authentication-Results: mailgw2.ericsson.se x-tls.subject="/CN=esessmw0256"; auth=fail (cipher=AES128-SHA)
Received: from esessmw0256.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) (using TLS with cipher AES128-SHA (AES128-SHA/128 bits)) (Client CN "esessmw0256", Issuer "esessmw0256" (not verified)) by mailgw2.ericsson.se (Symantec Mail Security) with SMTP id 33.ED.03534.547E0AF4; Wed, 2 May 2012 09:50:29 +0200 (CEST)
Received: from [150.132.142.229] (153.88.115.8) by esessmw0256.eemea.ericsson.se (153.88.115.97) with Microsoft SMTP Server id 8.3.213.0; Wed, 2 May 2012 09:50:29 +0200
Message-ID: <4FA0E744.9000506@ericsson.com>
Date: Wed, 02 May 2012 09:50:28 +0200
From: Stefan Hakansson LK <stefan.lk.hakansson@ericsson.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120410 Thunderbird/11.0.1
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <CA+9kkMCYArLPRP3c00UdOja64WRT6ghN0PSy7XvM_wbxBBB+vA@mail.gmail.com> <101C6067BEC68246B0C3F6843BCCC1E312992828BD@MCHP058A.global-ad.net> <CABcZeBPhv+=dPfy2rNOMoBFwp5e9Fzba+d8KAiJY5QsPcB-Auw@mail.gmail.com>
In-Reply-To: <CABcZeBPhv+=dPfy2rNOMoBFwp5e9Fzba+d8KAiJY5QsPcB-Auw@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: AAAAAA==
Subject: Re: [rtcweb] Use Case draft - Eavesdropping.
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2012 07:50:31 -0000
On 05/01/2012 04:05 PM, Eric Rescorla wrote: > On Tue, May 1, 2012 at 6:14 AM, Hutton, Andrew > <andrew.hutton@siemens-enterprise.com> wrote: >> Hi, >> >> A number of use cases within Draft-ietf-rtcweb-use-cases-and-requirements-07 contain the statement "It is essential that the communication cannot be eavesdropped" however there is no definition of what is actually meant by "eavesdropped" although I think we all have an idea of what it means. >> >> Maybe it would be better to replace these statements with something that refers to wiretapping and RFC 2804 (RAVEN) which actually has a definition of wiretapping. > > This seems like it's creeping into the security requirements question. > Rather than try to make the use cases document more precise, I'd > prefer to have those statements be in draft-ietf-rtcweb-security, > which actually has (or at least is intended to) have fairly precise > descriptions of what the relevant security properties are. As one of the editors of the use case doc, I agree. The document was written at a time when everything was much vaguer, and we as a group had much much less insight, and this is reflected in the document. 'Eavesdropping' is one example, 'stream' is another (we now have things like MediaStream, MediaStreamTrack), and so on. I think we should keep it that way rather than doing a major update; I think there is little gain in doing that. Stefan > > -Ekr > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb
- Re: [rtcweb] Use Case draft Timothy B. Terriberry
- [rtcweb] Use Case draft Ted Hardie
- Re: [rtcweb] Use Case draft Jim Barnett
- Re: [rtcweb] Use Case draft Bernard Aboba
- Re: [rtcweb] Use Case draft Ravindran, Parthasarathi
- Re: [rtcweb] Use Case draft Tim Panton
- Re: [rtcweb] Use Case draft Ravindran, Parthasarathi
- Re: [rtcweb] Use Case draft (privacy) Fabio Pietrosanti (naif)
- Re: [rtcweb] Use Case draft (privacy) Ravindran, Parthasarathi
- Re: [rtcweb] Use Case draft (privacy) Hutton, Andrew
- Re: [rtcweb] Use Case draft Stefan Hakansson LK
- Re: [rtcweb] Use Case draft Jim Barnett
- Re: [rtcweb] Use Case draft Tim Panton
- Re: [rtcweb] Use Case draft Igor Faynberg
- Re: [rtcweb] Use Case draft Hutton, Andrew
- Re: [rtcweb] Use Case draft Randell Jesup
- Re: [rtcweb] Use Case draft Randell Jesup
- Re: [rtcweb] Use Case draft Stephan Wenger
- Re: [rtcweb] Use Case draft Randell Jesup
- Re: [rtcweb] Use Case draft Marshall Eubanks
- Re: [rtcweb] Use Case draft Stefan Hakansson LK
- Re: [rtcweb] Use Case draft Tim Panton
- Re: [rtcweb] Use Case draft Jim Barnett
- Re: [rtcweb] Use Case draft Jim Barnett
- Re: [rtcweb] Use Case draft - Eavesdropping. Stefan Hakansson LK
- Re: [rtcweb] Use Case draft Marshall Eubanks
- Re: [rtcweb] Use Case draft - Eavesdropping. Hutton, Andrew
- Re: [rtcweb] Use Case draft - Eavesdropping. Fabio Pietrosanti (naif)
- Re: [rtcweb] Use Case draft - Eavesdropping. Eric Rescorla
- Re: [rtcweb] Use Case draft - Eavesdropping. Cavigioli, Chris
- Re: [rtcweb] Use Case draft - Eavesdropping. Marshall Eubanks
- Re: [rtcweb] Use Case draft Randell Jesup
- Re: [rtcweb] Use Case draft - Eavesdropping. Randell Jesup
- Re: [rtcweb] Use Case draft Stefan Hakansson LK
- Re: [rtcweb] Use Case draft Ravindran, Parthasarathi
- Re: [rtcweb] Use Case draft - Eavesdropping. Harald Alvestrand
- Re: [rtcweb] Use Case draft Stefan Hakansson LK
- Re: [rtcweb] Use Case draft Jim Barnett
- Re: [rtcweb] Use Case draft Stefan Hakansson LK
- Re: [rtcweb] Use Case draft Igor Faynberg
- [rtcweb] interworking with non-WEBRTC endpoints [… Dan Wing
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Iñaki Baz Castillo
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Marshall Eubanks
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Lorenzo Miniero
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Mary Barnes
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Marshall Eubanks
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Fabio Pietrosanti (naif)
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Dan Wing
- Re: [rtcweb] Use Case draft Ravindran, Parthasarathi
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Ravindran, Parthasarathi
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Harald Alvestrand
- Re: [rtcweb] Use Case draft Harald Alvestrand
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Fabio Pietrosanti (naif)
- Re: [rtcweb] Use Case draft Ravindran, Parthasarathi
- Re: [rtcweb] Use Case draft Harald Alvestrand
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] Use Case draft Jim Barnett
- Re: [rtcweb] Use Case draft Stefan Hakansson LK
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Bernard Aboba
- Re: [rtcweb] Use Case draft Jim Barnett
- Re: [rtcweb] Use Case draft - legacy interop Harald Alvestrand
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Neil Stratford
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Iñaki Baz Castillo
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Christer Holmberg
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Iñaki Baz Castillo
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Richard Shockey
- Re: [rtcweb] interworking with non-WEBRTC endpoin… Xavier Marjou
- Re: [rtcweb] Use Case draft - legacy interop Bernard Aboba
- Re: [rtcweb] Use Case draft - legacy interop Iñaki Baz Castillo
- Re: [rtcweb] Use Case draft - legacy interop Dan Wing
- Re: [rtcweb] Use Case draft - legacy interop Iñaki Baz Castillo
- Re: [rtcweb] Use Case draft - legacy interop Bernard Aboba
- Re: [rtcweb] Use Case draft - legacy interop Dan Wing
- Re: [rtcweb] Use Case draft - legacy interop Harald Alvestrand
- [rtcweb] Consent freshness and message-integrity … Harald Alvestrand
- Re: [rtcweb] Consent freshness and message-integr… Dan Wing
- Re: [rtcweb] Consent freshness and message-integr… Harald Alvestrand