IETF Logo Mail Archive

Re: [rtcweb] Consensus call regarding media security

Roman Shpount <roman@telurix.com> Wed, 28 March 2012 15:49 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2ECAC21E80BD for <rtcweb@ietfa.amsl.com>; Wed, 28 Mar 2012 08:49:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.819
X-Spam-Level:
X-Spam-Status: No, score=-2.819 tagged_above=-999 required=5 tests=[AWL=0.157, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WL5Njuc7wFvl for <rtcweb@ietfa.amsl.com>; Wed, 28 Mar 2012 08:49:25 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 6932821E80B8 for <rtcweb@ietf.org>; Wed, 28 Mar 2012 08:49:25 -0700 (PDT)
Received: by yhkk25 with SMTP id k25so891384yhk.31 for <rtcweb@ietf.org>; Wed, 28 Mar 2012 08:49:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=IQFkHG9g9jVhUg6G4ZAOB2YothaTSpEsIdBBTOUkf2M=; b=Ada/DqczjwFwyVACXeKoJPmT1jzsFwMF8pf+MPsErqzxs+yXrA56SVFZnI3O4t33AF J6Xj7GGgRPCZalHAOw5oBTETjJ8GbxeQY8wBTh2OeY4dz0SZNG9wT1g+WJi3nP8R/Tfv 5J0KRlJeB9e+s+JA6O+RgUJmIx7FGLIr199Y4EtwjglEWQOz7gItfy1Qa5iVUu6bktKM PHc0X3oGLALncXdpVb64Rgnzquo0oes7Ja97+roUguIqPS0s1wlk6ZuwxKmXt29c6q0+ BnAp+985VYJPdusNV6bk6x7KLzpk7dP3P+4BboueZXDcg5J2VMANDWNrgZ5MQe4QSaQE y/0g==
Received: by 10.236.165.34 with SMTP id d22mr30160608yhl.107.1332949764976; Wed, 28 Mar 2012 08:49:24 -0700 (PDT)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by mx.google.com with ESMTPS id r9sm4346661anl.0.2012.03.28.08.49.23 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 28 Mar 2012 08:49:24 -0700 (PDT)
Received: by ggmi1 with SMTP id i1so909588ggm.31 for <rtcweb@ietf.org>; Wed, 28 Mar 2012 08:49:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.240.6 with SMTP id vw6mr15912361pbc.76.1332949762934; Wed, 28 Mar 2012 08:49:22 -0700 (PDT)
Received: by 10.68.6.67 with HTTP; Wed, 28 Mar 2012 08:49:22 -0700 (PDT)
In-Reply-To: <4F732531.2030208@ericsson.com>
References: <4F732531.2030208@ericsson.com>
Date: Wed, 28 Mar 2012 11:49:22 -0400
Message-ID: <CAD5OKxs6NHha2egNSTumEaHYJ0bB6qu_nfshmBM6dntx2n49HQ@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
Content-Type: multipart/alternative; boundary="047d7b3395a11f86ed04bc4f8d3c"
X-Gm-Message-State: ALoCoQmu9GfAud/PjdbipC7YGhT+/jMYps3hyPJgzl43L1zBPXnCKujNgDQwvF3B40L3EjAXYARR
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Consensus call regarding media security
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2012 15:49:26 -0000

As I have mentioned before on this list I am strongly against making SRTP
protection for RTP a requirement. I think this is an unnecessary
requirement that serves little real purpose except feeding into some
marketing message that most of the WebRTC users would not care about.
Unless use of identity is also a requirement, requiring SRTP will provide
security only in a very narrow sense of the word. At the same time I do
believe that extra standard requirements will stifle innovation and  will
complicate new service or application creation.

I have no objection to making DTLS-SRTP a required to implement protocol.
_____________
Roman Shpount


On Wed, Mar 28, 2012 at 10:50 AM, Magnus Westerlund <
magnus.westerlund@ericsson.com> wrote:

> WG,
>
> In todays RTCWEB WG meeting there was discussion around media security
> mechanism. In this meeting there was some clear consensus in the
> meeting which we would like to confirm on the list.
>
> The first was that there was overwhelming consensus that all RTP
> packets SHALL be protected by SRTP.
>
> Secondly that no one objected against making DTLS-SRTP a mandatory to
> implement and the default keying mechanism. Additional mechanisms are
> not precluded.
>
> WG participants may state their position regarding these consensus calls
> until 12th of April when the chairs will declare the final consensus. If
> you where present in the meeting room and comment on this, please
> indicate that.
>
> Best Regards
>
> Magnus Westerlund
> For the WG chairs
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>

v2.23.0 | Report a Bug | By Email