IETF Logo Mail Archive

Re: [rtcweb] Retransmit: Summary of Alternatives for media keying

Harald Alvestrand <harald@alvestrand.no> Thu, 28 July 2011 17:22 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 375FD21F8BA2 for <rtcweb@ietfa.amsl.com>; Thu, 28 Jul 2011 10:22:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LM3kNLAeKOcJ for <rtcweb@ietfa.amsl.com>; Thu, 28 Jul 2011 10:22:10 -0700 (PDT)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id 9C4F721F8B17 for <rtcweb@ietf.org>; Thu, 28 Jul 2011 10:22:10 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 8E85039E173 for <rtcweb@ietf.org>; Thu, 28 Jul 2011 19:20:59 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 851egv0blJ-0 for <rtcweb@ietf.org>; Thu, 28 Jul 2011 19:20:59 +0200 (CEST)
Received: from [130.129.103.155] (dhcp-679b.meeting.ietf.org [130.129.103.155]) by eikenes.alvestrand.no (Postfix) with ESMTPS id D3ADD39E13B for <rtcweb@ietf.org>; Thu, 28 Jul 2011 19:20:58 +0200 (CEST)
Message-ID: <4E319ABD.9070604@alvestrand.no>
Date: Thu, 28 Jul 2011 13:22:05 -0400
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.18) Gecko/20110617 Thunderbird/3.1.11
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <12BF9E55-662F-4762-9E47-2BBD3FA5FD93@acmepacket.com>
In-Reply-To: <12BF9E55-662F-4762-9E47-2BBD3FA5FD93@acmepacket.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [rtcweb] Retransmit: Summary of Alternatives for media keying
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jul 2011 17:22:11 -0000

Question that I could probably answer if I understood the DH key 
exchange thing:

Is it possible for anyone with packet-replacement access to the media 
path to perform a MITM attack against DH?

If so: Is it possible to deliver some token by the "high path" (where 
the SDES keys would go) that ensures that the DH key exchange is with 
someone possessing that token?

That would limit MITM attacks to attackers who had access to both the 
"high path" and the media path.

                                Harald

v2.23.0 | Report a Bug | By Email