IETF Logo Mail Archive

Re: [rtcweb] SDP Security Descriptions (RFC 4568) and RTCWeb

Martin Thomson <martin.thomson@gmail.com> Thu, 25 April 2013 23:34 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E29521F9736 for <rtcweb@ietfa.amsl.com>; Thu, 25 Apr 2013 16:34:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SmMMBDxdvU9R for <rtcweb@ietfa.amsl.com>; Thu, 25 Apr 2013 16:34:13 -0700 (PDT)
Received: from mail-we0-x22d.google.com (mail-we0-x22d.google.com [IPv6:2a00:1450:400c:c03::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 9161721F9690 for <rtcweb@ietf.org>; Thu, 25 Apr 2013 16:34:07 -0700 (PDT)
Received: by mail-we0-f173.google.com with SMTP id o7so3076629wea.18 for <rtcweb@ietf.org>; Thu, 25 Apr 2013 16:34:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=oWPwmuaIhajwpiTtATtIAIGHyLwdgiprnLcVVFTr9V8=; b=LwGhrYM0hXUTnLinqUMoGA/QIcNfM2hJzUNLkatzsfKNsncekRxKNzxcsAMvPTKYdf gHfiRvpxB4cObMUMUYGY/F8kXSOuSGw5KNVWThGibFJyyz3peZSVN1tp9fa+FV2gXr0i 9Rskzvm1BFXuQiMmngsTkUJuOmi8QPOLeccOmik0Hs+TyCqUK8TiLi/YuxM8NbyyC7Qq D4oFTd5mRN+zcB+RRQSgxnwiTGJ+Ey3aXI+jcwMtdpnjCtO8WC63RQA026/GOmF9Xn4J 8+zCpbvS28ANVfuzcAK7AqZxQ0hGCd8l161VsWoT1iJ3A3FqdRZx0dV/KnJbcjkAFfQ1 J26Q==
MIME-Version: 1.0
X-Received: by 10.194.109.227 with SMTP id hv3mr14596196wjb.32.1366932846722; Thu, 25 Apr 2013 16:34:06 -0700 (PDT)
Received: by 10.194.33.102 with HTTP; Thu, 25 Apr 2013 16:34:06 -0700 (PDT)
In-Reply-To: <CABcZeBOkCC9wn7H7a4U0SYNAfYtNB2w6SvwZi4aL5f9wcwLp+g@mail.gmail.com>
References: <3FA2E46D-C98E-4FC0-9F1D-AD595A861CE1@iii.ca> <CABkgnnVky++ZF1uaM8p4xtzvDQH7HMCaL8N2ZV3dZDYnv-NvzQ@mail.gmail.com> <CABcZeBOkCC9wn7H7a4U0SYNAfYtNB2w6SvwZi4aL5f9wcwLp+g@mail.gmail.com>
Date: Thu, 25 Apr 2013 16:34:06 -0700
Message-ID: <CABkgnnUO657zEBz2V9zyYpFM+GCXr59j-a-PZa8Wj92Yipv21A@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] SDP Security Descriptions (RFC 4568) and RTCWeb
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Apr 2013 23:34:14 -0000

On 25 April 2013 16:19, Eric Rescorla <ekr@rtfm.com> wrote:
> I think we've discussed most of the topics Martin raises already and I'm
> not sure I have much to add (which isn't to say I necessarily agree).

I just wanted them on the record.

> However, I think the below is incorrect and I'm not sure I have made
> that point before.
>
>> Practical Matters of Security - You aren't necessarily more secure
>> because you are using DTLS-SRTP.  The complete security story requires
>> not just DTLS-SRTP, but also that both peers use identity assertions.
>> Otherwise its security properties are basically the same as security
>> descriptions.
>>
>> The default mode of operation for getUserMedia is to return media that
>> is accessible to the web site.  The same for RTCPeerConnection.  That
>> means that the site can see and modify your media in your browser,
>> even if it can't tamper with it on the network.
>
> It's certainly true that the site has access to the media with DTLS if you
> don't use identity assertions/isolated streams. However, what it doesn't
> have is *invisible* access. I.e., it must do something that is user visible,
> which allows for the detection of cheating by the site. By contrast, if SDES
> is used
> then the site can simply passively monitor all your traffic, or at least
> any that goes through its network and you can't detect it.

That's a fair point, and one I missed.  My bad.  But it's only
relevant to the extent that it is possible to observe that the
provided certificate is a phony.  It's not like the server is
obligated to provide a particular CN, so it's mostly down to just
looking at fingerprints.

It's also hard to retroactively audit due to the way (current)
implementations mint new certificates for every interaction.  I'm
fairly sure that (current) implementations don't make this
particularly easy to examine in browser chrome, but even if they did
it's hard to imagine a good usability story for accessing the
information.

v2.23.0 | Report a Bug | By Email