IETF Logo Mail Archive

Re: [rtcweb] Resolving RTP/SDES question in Paris

"Hutton, Andrew" <andrew.hutton@siemens-enterprise.com> Tue, 20 March 2012 10:06 UTC

Return-Path: <andrew.hutton@siemens-enterprise.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C191721F85D4 for <rtcweb@ietfa.amsl.com>; Tue, 20 Mar 2012 03:06:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.504
X-Spam-Level:
X-Spam-Status: No, score=-2.504 tagged_above=-999 required=5 tests=[AWL=0.095, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fxNwP46QNGCW for <rtcweb@ietfa.amsl.com>; Tue, 20 Mar 2012 03:06:54 -0700 (PDT)
Received: from senmx11-mx.siemens-enterprise.com (senmx11-mx.siemens-enterprise.com [62.134.46.9]) by ietfa.amsl.com (Postfix) with ESMTP id 63E8621F85CE for <rtcweb@ietf.org>; Tue, 20 Mar 2012 03:06:54 -0700 (PDT)
Received: from MCHP064A.global-ad.net (unknown [172.29.37.63]) by senmx11-mx.siemens-enterprise.com (Server) with ESMTP id F16AF1EB8463; Tue, 20 Mar 2012 11:06:52 +0100 (CET)
Received: from MCHP058A.global-ad.net ([172.29.37.55]) by MCHP064A.global-ad.net ([172.29.37.63]) with mapi; Tue, 20 Mar 2012 11:06:53 +0100
From: "Hutton, Andrew" <andrew.hutton@siemens-enterprise.com>
To: Hadriel Kaplan <HKaplan@acmepacket.com>, "Ravindran, Parthasarathi" <pravindran@sonusnet.com>
Date: Tue, 20 Mar 2012 11:06:51 +0100
Thread-Topic: [rtcweb] Resolving RTP/SDES question in Paris
Thread-Index: AQHNBkhwRk3x+jQ7ZUSzaNmeu+7o6pZy7hYg
Message-ID: <101C6067BEC68246B0C3F6843BCCC1E31296AE222A@MCHP058A.global-ad.net>
References: <4F4759DC.7060303@ericsson.com><387F9047F55E8C42850AD6B3A7A03C6C0E1FEB69@inba-mail01.sonusnet.com><CALiegfnkYVEpmPV-zSL_4wOY-HiFZN-qJCQCiioaS=5NaqhLZw@mail.gmail.com><CAD5OKxvtOAxMBx6xDnyfTnEq76oDEm6uj1xL6wGjjrtKUAHy3g@mail.gmail.com><CABcZeBNZiotPmCfT53uEo+O0xw4xv6tXW1M_G-3A5BHuncsduA@mail.gmail.com><CAD5OKxvYOY5JZ2mYNGiH1poUBQkyOOycePFijH5H+SxtcdqujQ@mail.gmail.com><CABkgnnVe-b6Sv=R67bMJk_NQqQwdrRUn6rBm7Gu_CMcfPQwtEg@mail.gmail.com><CAD5OKxvZbEJ7sV4WPAYoQapzMR_QwAftj-oKg=ioMKHNT792wQ@mail.gmail.com><6F428EFD2B8C2F49A2FB1317291A76C113563C5A92@USNAVSXCHMBSA1.ndc.alcatel-lucent.com><CALiegf=jtkDCS_D0ZFe9UpbiadQ0vsJ+4MppQSbLr-wbaXNrfQ@mail.gmail.com><BLU169-W29E5B86F9E2C6F3126961C93420@phx.gbl><CALiegfk2aT+6Psr4nT-hG1G7eYRBfFCcT+25On2O4HfUXJ6-ng@mail.gmail.com><CAD6AjGSmi9j+sdGWPts20-iwGvGij05ek0OKYEPULC6B=aFpQg@mail.gmail.com><6F428EFD2B8C2F49A2FB1317291A76C113564482A7@USNAVSXCHMBSA1.ndc.alcatel-lucent.com><ADBB75F3-E20C-4EC4-B9C3-EF2E4BFF409C@phonefromhere.com><C! AD5OKxvuE V8Vbq3h7=Zgc KmREjmguvz5n-SpXr2n-EY7a_ddxg@mail.gmail.com><CALiegfk1ozOKPcDjbd3H_z2Edzh4RcZpYyJSWdw_1DJ04muQXA@mail.gmail.com><CAD5OKxu8-+0O0=eE7mD1hi=nPUpEXczGj=bRNQCQL1BW8c-c-Q@mail.gmail.com> <D75A384B-0F38-4E30-8C03-12E903A69B64@acmepacket.com> <E17CAD772E76C742B645BD4DC602CD8105EBE8CF@NAHALD.us.int.genesyslab.com> <387F9047F55E8C42850AD6B3A7A03C6C0E1FFE23@inba-mail01.sonusnet.com> <2E10EB15-7E2E-47B9-80D1-5244DDE5FDF7@acmepacket.com>
In-Reply-To: <2E10EB15-7E2E-47B9-80D1-5244DDE5FDF7@acmepacket.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2012 10:06:55 -0000

Hi,

Completely agree with Hadriel's statement below.

In addition to wanting to know that you are connected to "www.travel.co" or "www.mybank.co" you as a consumer and the company really want/need the media to be recorded by the companies system for your own protection. This is going to involve some kind of MITM or as we call it in SIPREC a Session Recording Client (SRC) to be able to intercept the media and route it to a Session Recording Server (SRS). 

The agent's desktop device could act as the SRC but more likely it will be some kind of B2BUA that does this.  

In these scenario's you as a consumer using this service really want the media to be secure at least as far as reaching the bank but after that like any existing web based system you have to trust the bank with your data this is no different whether that data is speech or text that you entered on a web page.

The recording system should be able to work with DTLS-SRTP but it will most likely act as a MITM so will change the DTLS fingerprint. I don't see that as a problem.

Regards
Andy



> -----Original Message-----
> From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On
> Behalf Of Hadriel Kaplan
> Sent: 20 March 2012 03:21
> To: Ravindran, Parthasarathi
> Cc: rtcweb@ietf.org
> Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
> 
> 
> And, it should be noted, they *want* it that way.  They don't generally
> want you to know which agent picked up the call, or that the call got
> transferred from an IVR to a specific agent, or got put in a queue with
> elevator-music announcement server, or any of that.  You "called"
> Travel Co., and they answered.  What goes on behind that SBC is
> equivalent to the back-end database stuff that goes on between the web
> server and back-end systems, while all you see is the web-server your
> browser happens to be connected to.
> 
> The "identity" you'll get is www.travel.co, which you already had when
> your browser did HTTPS cert verification of their web-server.  HTTPS
> became the key-exchange transport for the SRTP key.  Since they already
> proved they own the cert for www.travel.co, having them claim to be
> www.travel.co shouldn't require yet more verification.
> 
> -hadriel
> 
> 
> On Mar 19, 2012, at 9:15 PM, Ravindran, Parthasarathi wrote:
> 
> > Jim,
> >
> > As a customer, you won't really know whether the identity (DTLS-SRTP)
> of call center/travel site is agent or SBC. SBC can perform MITM attack
> easily as extending SDES-SRTP to DTLS-SRTP for call center site is
> feasible.
> >
> > Thanks
> > Partha
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email