IETF Logo Mail Archive

[rtcweb] Security Architecture: SDES support is a MUST

"Domenico Colella" <domenico.colella@ctiplanet.it> Thu, 19 July 2012 07:42 UTC

Return-Path: <domenico.colella@ctiplanet.it>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65DEC21F867D for <rtcweb@ietfa.amsl.com>; Thu, 19 Jul 2012 00:42:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.718
X-Spam-Level:
X-Spam-Status: No, score=-0.718 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fyLB9ywqXDNL for <rtcweb@ietfa.amsl.com>; Thu, 19 Jul 2012 00:42:01 -0700 (PDT)
Received: from hostingsmtp.register.it (hostingsmtp02.register.it [81.88.50.243]) by ietfa.amsl.com (Postfix) with ESMTP id 0C8A721F862F for <rtcweb@ietf.org>; Thu, 19 Jul 2012 00:41:59 -0700 (PDT)
Received: (qmail 29687 invoked from network); 19 Jul 2012 07:42:47 -0000
Received: from unknown (HELO vivaldi29.register.it) by hostingsmtp.register.it with ESMTP; 19 Jul 2012 07:42:47 -0000
Received: (from popuser@localhost) by vivaldi29.register.it (8.13.8/8.12.11/Submit) id q6J7glf6008744; Thu, 19 Jul 2012 09:42:47 +0200
Message-Id: <201207190742.q6J7glf6008744@vivaldi29.register.it>
From: Domenico Colella <domenico.colella@ctiplanet.it>
To: rtcweb@ietf.org
Date: Thu, 19 Jul 2012 09:42:47 +0200
X-RID: dDsndCNuJSjsO3RjQCUoKCMoK2MnK2M7biNtK2Q=|dDsndCNuJSjsO3Rj|+eBeJ+Bd4CcsXeAnPT3g|TElBTUJFVw==
MIME-Version: 1.0
X-Priority: 3
X-Mailer: Webmail Client v1.5
Content-Type: text/plain; charset="iso-8859-1"
Cc: daniele.filippi@ctiplanet.it
Subject: [rtcweb] Security Architecture: SDES support is a MUST
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Domenico Colella <domenico.colella@ctiplanet.it>
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jul 2012 07:42:01 -0000

In RTCWEB Security Architecture (draft-ietf-rtcweb-security-arch-03) I noticed an open issue regarding SDES support: if browser implementations MUST or MAY support it. 
I got quite scared when I saw the word MAY.
I support the MUST option, because RTCWEB can be used not only for peer-to-peer communication (i.e. Alice calling Bob), but also to access services provided by the "calling service"  (i.e.customer support, customer attendant, voicemail ... or any service delivering also RT audio/video that can be accessed through a website). In the latter case, the user usually is already logged-in the "calling service" using a secure connection (X.509 certificate have already be used to verify calling service party) and the other endpoint usually is a server/phone in company DMZ/intranet: communication is end-to-end secured and each party trusts the other. At the moment SDES has a good support and it is not that difficult to be implemented, on the contrary DTLS-SRTP it is almost unknown.
Why a company should buy ( ? expensive ?) DTLS-SRTP gateways (? and compatible with their legacy devices ?) or translators in order to support RTCWeb instead of a SRTMP server/gateway (i.e. open-source free products as Red5) and use FLASH ? At the moment FLASH is supported  by a considerably larger number of devices, and uses codecs "more compliant" to legacy devices (iLBC is not that supported by phone equipments).
Furthermore, in this scenario, the customer using i.e. the bank website knows for sure he is communicating "privately" to his bank and trusts the webserver. Why then setup a DTLS session or  check identities ? If  the customer is sending passwords, credit card numbers,... using webserver connection why do not "trust" such connection to exchange RTP keys as well ?
The word MUST is really important, because it grants that "every" browser in the near future will support it and grants system integrators, software developers and companies investing in building RT services that SDES support will be mantained.
Regards,
Domenico Colella

v2.23.0 | Report a Bug | By Email