IETF Logo Mail Archive

Re: [rtcweb] Resolving RTP/SDES question in Paris

Igor Faynberg <igor.faynberg@alcatel-lucent.com> Wed, 21 March 2012 14:58 UTC

Return-Path: <igor.faynberg@alcatel-lucent.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C17BB21E800E for <rtcweb@ietfa.amsl.com>; Wed, 21 Mar 2012 07:58:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.441
X-Spam-Level:
X-Spam-Status: No, score=-9.441 tagged_above=-999 required=5 tests=[AWL=1.158, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aupv2iAXsROW for <rtcweb@ietfa.amsl.com>; Wed, 21 Mar 2012 07:58:17 -0700 (PDT)
Received: from ihemail2.lucent.com (ihemail2.lucent.com [135.245.0.35]) by ietfa.amsl.com (Postfix) with ESMTP id 01B6A21F871E for <rtcweb@ietf.org>; Wed, 21 Mar 2012 07:58:12 -0700 (PDT)
Received: from usnavsmail2.ndc.alcatel-lucent.com (usnavsmail2.ndc.alcatel-lucent.com [135.3.39.10]) by ihemail2.lucent.com (8.13.8/IER-o) with ESMTP id q2LEwCur026710 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <rtcweb@ietf.org>; Wed, 21 Mar 2012 09:58:12 -0500 (CDT)
Received: from umail.lucent.com (umail-ce2.ndc.lucent.com [135.3.40.63]) by usnavsmail2.ndc.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id q2LEwBqF016788 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <rtcweb@ietf.org>; Wed, 21 Mar 2012 09:58:12 -0500
Received: from [135.222.232.245] (USMUYN0L055118.mh.lucent.com [135.222.232.245]) by umail.lucent.com (8.13.8/TPES) with ESMTP id q2LEwBYj024791; Wed, 21 Mar 2012 09:58:11 -0500 (CDT)
Message-ID: <4F69EC83.8080509@alcatel-lucent.com>
Date: Wed, 21 Mar 2012 10:58:11 -0400
From: Igor Faynberg <igor.faynberg@alcatel-lucent.com>
Organization: Alcatel-Lucent
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <4F4759DC.7060303@ericsson.com><CALiegfk2aT+6Psr4nT-hG1G7eYRBfFCcT+25On2O4HfUXJ6-ng@mail.gmail.com><CAD6AjGSmi9j+sdGWPts20-iwGvGij05ek0OKYEPULC6B=aFpQg@mail.gmail.com><6F428EFD2B8C2F49A2FB1317291A76C113564482A7@USNAVSXCHMBSA1.ndc.alcatel-lucent.com><ADBB75F3-E20C-4EC4-B9C3-EF2E4BFF409C@phonefromhere.com><C! !AD5OKxvu E V8Vbq3h7=Z gcKmREjmguvz5n-SpXr2n-EY7a_ddxg@mail.gmail.com><CALiegfk1ozOKPcDjbd3H_z2Edzh4RcZpYyJSWdw_1DJ04muQXA@mail.gmail.com><CAD5OKxu8-+0O0=eE7mD1hi=nPUpEXczGj=bRNQCQL1BW8c-c-Q@mail.gmail.com><D75A384B-0F38-4E30-8C03-12E903A69B64@acmepacket.com><E17CAD772E76C742B645BD4DC602CD8105EBE8CF@NAHALD.us.int.genesyslab.com><387F9047F55E8C42850AD6B3A7A03C6C0E1FFE23@inba-mail01.sonusnet.com><2E10EB15-7E2E-47B9-80D1-5244DDE5FDF7@acmepacket.com> <101C6067BEC68246B0C3F6843BCCC1E31296AE222A@MCHP058A.global-ad.net> <E17CAD772E76C742B645BD4DC602CD8105EBEB17@NAHALD.us.int.genesyslab.com> <387F9047F55E8C42850AD6B3A7A03C6C0E201725@inba-mail01.sonusnet.com>
In-Reply-To: <387F9047F55E8C42850AD6B3A7A03C6C0E201725@inba-mail01.sonusnet.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.35
X-Scanned-By: MIMEDefang 2.64 on 135.3.39.10
Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: igor.faynberg@alcatel-lucent.com
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Mar 2012 14:58:21 -0000

+1

Indeed, this is the only way call centers could work.

Igor

On 3/21/2012 9:51 AM, Ravindran, Parthasarathi wrote:
> It will be good to add this CallCenter WebRTC usecase.
>
> Thanks
> Partha
>
>> -----Original Message-----
>> From: Jim Barnett [mailto:Jim.Barnett@genesyslab.com]
>> Sent: Wednesday, March 21, 2012 7:18 PM
>> To: Hutton, Andrew; Hadriel Kaplan; Ravindran, Parthasarathi
>> Cc: rtcweb@ietf.org
>> Subject: RE: [rtcweb] Resolving RTP/SDES question in Paris
>>
>> One way to look at this case would be to say that it's the server at the
>> boundary of www.travel.co that is the RTCWeb endpoint,  _not_ the agent
>> desktop. The boundary server is acting as an RTCWeb-to-corporate network
>> gateway, and systems inside the corporate network are not affected.
>> Callers see themselves as connected to www.travel.co, rather than having
>> a direct RTCWeb-all-the-way connection to the agent.  I'm pretty sure
>> that call centers would like to do things this way since it doesn't
>> require any changes to their corporate infrastructure. (They can
>> add/upgrade the gateway without changing their recording systems or
>> agent desktops, etc.)
>>
>> I don't see anything like this in the use case document.  Is this a use
>> case we want to support?
>>
>> - Jim
>>
>> -----Original Message-----
>> From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf
>> Of Hutton, Andrew
>> Sent: Tuesday, March 20, 2012 6:07 AM
>> To: Hadriel Kaplan; Ravindran, Parthasarathi
>> Cc: rtcweb@ietf.org
>> Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
>>
>> Hi,
>>
>> Completely agree with Hadriel's statement below.
>>
>> In addition to wanting to know that you are connected to "www.travel.co"
>> or "www.mybank.co" you as a consumer and the company really want/need
>> the media to be recorded by the companies system for your own
>> protection. This is going to involve some kind of MITM or as we call it
>> in SIPREC a Session Recording Client (SRC) to be able to intercept the
>> media and route it to a Session Recording Server (SRS).
>>
>> The agent's desktop device could act as the SRC but more likely it will
>> be some kind of B2BUA that does this.
>>
>> In these scenario's you as a consumer using this service really want the
>> media to be secure at least as far as reaching the bank but after that
>> like any existing web based system you have to trust the bank with your
>> data this is no different whether that data is speech or text that you
>> entered on a web page.
>>
>> The recording system should be able to work with DTLS-SRTP but it will
>> most likely act as a MITM so will change the DTLS fingerprint. I don't
>> see that as a problem.
>>
>> Regards
>> Andy
>>
>>
>>
>>> -----Original Message-----
>>> From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On
>>> Behalf Of Hadriel Kaplan
>>> Sent: 20 March 2012 03:21
>>> To: Ravindran, Parthasarathi
>>> Cc: rtcweb@ietf.org
>>> Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
>>>
>>>
>>> And, it should be noted, they *want* it that way.  They don't
>>> generally want you to know which agent picked up the call, or that the
>>> call got transferred from an IVR to a specific agent, or got put in a
>>> queue with elevator-music announcement server, or any of that.  You
>> "called"
>>> Travel Co., and they answered.  What goes on behind that SBC is
>>> equivalent to the back-end database stuff that goes on between the web
>>> server and back-end systems, while all you see is the web-server your
>>> browser happens to be connected to.
>>>
>>> The "identity" you'll get is www.travel.co, which you already had when
>>> your browser did HTTPS cert verification of their web-server.  HTTPS
>>> became the key-exchange transport for the SRTP key.  Since they
>>> already proved they own the cert for www.travel.co, having them claim
>>> to be www.travel.co shouldn't require yet more verification.
>>>
>>> -hadriel
>>>
>>>
>>> On Mar 19, 2012, at 9:15 PM, Ravindran, Parthasarathi wrote:
>>>
>>>> Jim,
>>>>
>>>> As a customer, you won't really know whether the identity
>>>> (DTLS-SRTP)
>>> of call center/travel site is agent or SBC. SBC can perform MITM
>>> attack easily as extending SDES-SRTP to DTLS-SRTP for call center site
>>> is feasible.
>>>> Thanks
>>>> Partha
>>> _______________________________________________
>>> rtcweb mailing list
>>> rtcweb@ietf.org
>>> https://www.ietf.org/mailman/listinfo/rtcweb
>> _______________________________________________
>> rtcweb mailing list
>> rtcweb@ietf.org
>> https://www.ietf.org/mailman/listinfo/rtcweb
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email