[rtcweb] Traffic should be encrypted. (Re: Let's define the purpose of WebRTC)
Harald Alvestrand <harald@alvestrand.no> Thu, 10 November 2011 20:30 UTC
Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C99921F8B03 for <rtcweb@ietfa.amsl.com>; Thu, 10 Nov 2011 12:30:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.598
X-Spam-Level:
X-Spam-Status: No, score=-110.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2LfRb6UTCPZy for <rtcweb@ietfa.amsl.com>; Thu, 10 Nov 2011 12:30:48 -0800 (PST)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id B1A7E21F8ACE for <rtcweb@ietf.org>; Thu, 10 Nov 2011 12:30:47 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id C71F739E148 for <rtcweb@ietf.org>; Thu, 10 Nov 2011 21:30:46 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 24Pd2UHbadMn for <rtcweb@ietf.org>; Thu, 10 Nov 2011 21:30:45 +0100 (CET)
Received: from [192.168.0.14] (c213-89-141-213.bredband.comhem.se [213.89.141.213]) by eikenes.alvestrand.no (Postfix) with ESMTPS id C82A639E089 for <rtcweb@ietf.org>; Thu, 10 Nov 2011 21:30:45 +0100 (CET)
Message-ID: <4EBC3475.90706@alvestrand.no>
Date: Thu, 10 Nov 2011 21:30:45 +0100
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <CALiegfkVNVAs_MyU_-4koA4zRwSn1-FwLjY9g_oZVkhi9rSK5Q@mail.gmail.com> <387F9047F55E8C42850AD6B3A7A03C6C01349D81@inba-mail01.sonusnet.com> <845C03B2-1975-4145-8F52-8CEC9E360AF3@edvina.net> <5454E693-5C34-4C77-BA07-2A9EE9EE4AFD@cisco.com> <387F9047F55E8C42850AD6B3A7A03C6C01349FFE@inba-mail01.sonusnet.com> <1D062974A4845E4D8A343C653804920206D3B7FD@XMB-BGL-414.cisco.com> <387F9047F55E8C42850AD6B3A7A03C6C0134A105@inba-mail01.sonusnet.com> <1F2A2C70609D9E41844A2126145FC09804691DA2@HKGMBOXPRD22.polycom.com> <CALiegfmf59jb4asUu9LA6YY_aMtKEnM1Wy34KbuLEn3_h1xBXA@mail.gmail.com> <CALiegfmM1PB=VAQjfh4rW3-3C8aumHdWy9nZxD0-BWBq9Kq_tg@mail.gmail.com> <1D062974A4845E4D8A343C653804920206D3BA57@XMB-BGL-414.cisco.com> <CALiegfkWnRT8m4S9pXTxuLsc-p_bhkG3d=PX3qgiFFt5gW5yfw@mail.gmail.com> <CAD5OKxvQYVKOZF88WLCiRseg-qXQdOpKeDU_t9b-yA2GcDBT-w@mail.gmail.com> <CABcZeBOiPxz_swdaG6Aqoch1WAUtjNh4eOQy1QObCDXT_B8azg@mail.gmail.com> <CAD5OKxtp+LQBRCHgbWdJyrSRcpNQ82i64TJgGtGPrE7+GKcEog@mail.gmail .com>
In-Reply-To: <CAD5OKxtp+LQBRCHgbWdJyrSRcpNQ82i64TJgGtGPrE7+GKcEog@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------040608040904070905000500"
Subject: [rtcweb] Traffic should be encrypted. (Re: Let's define the purpose of WebRTC)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Nov 2011 20:30:49 -0000
On 11/10/2011 06:48 AM, Roman Shpount wrote: > > On Thu, Nov 10, 2011 at 12:20 AM, Eric Rescorla <ekr@rtfm.com > <mailto:ekr@rtfm.com>> wrote: > > The point is that it's very hard to anticipate which > communications media > will be used for sensitive information. To say "we don't need security > in this application because nobody will ever use it to discuss > sensitive > stuff" is short-sighted. Better simply to be secure all the time. > > > So why is 99% of the web traffic is HTTP? Do you want to force > everybody to use HTTPS? I think your argument is simply stating > encryption is good, no encryption bad, even if it is not needed or if > it does not protect anything (WebRTC application delivered over HTTP). Since you asked.... Working, but not speaking, for the company that just decided that open Web search results should go over HTTPS: yes. http://googleblog.blogspot.com/2011/10/making-search-more-secure.html Having the default Web scheme be nonencrypted and nonsecured was a reasonable choice given the cost (and regulatory hassle) of crypto at that time. Long term, it was a mistake. (BTW, Google searches did not immediately bring up verification for that claim of 99% of Web traffic being HTTP.... do you have a citation for that?) Harald
- [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Roman Shpount
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Eric Rescorla
- Re: [rtcweb] Let's define the purpose of WebRTC Cameron Byrne
- Re: [rtcweb] Let's define the purpose of WebRTC Eric Rescorla
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Neil Stratford
- Re: [rtcweb] Let's define the purpose of WebRTC Hadriel Kaplan
- Re: [rtcweb] Let's define the purpose of WebRTC José Luis Millán
- Re: [rtcweb] Let's define the purpose of WebRTC Tim Panton
- Re: [rtcweb] Let's define the purpose of WebRTC Olle E. Johansson
- Re: [rtcweb] Let's define the purpose of WebRTC Christer Holmberg
- Re: [rtcweb] Let's define the purpose of WebRTC Tim Panton
- Re: [rtcweb] Let's define the purpose of WebRTC Eric Rescorla
- Re: [rtcweb] Let's define the purpose of WebRTC Justin Uberti
- Re: [rtcweb] Let's define the purpose of WebRTC Hadriel Kaplan
- Re: [rtcweb] Let's define the purpose of WebRTC Olle E. Johansson
- Re: [rtcweb] Let's define the purpose of WebRTC Hadriel Kaplan
- Re: [rtcweb] Let's define the purpose of WebRTC Hadriel Kaplan
- Re: [rtcweb] Let's define the purpose of WebRTC Randell Jesup
- Re: [rtcweb] Let's define the purpose of WebRTC Roman Shpount
- Re: [rtcweb] Let's define the purpose of WebRTC Roman Shpount
- Re: [rtcweb] Let's define the purpose of WebRTC John Elwell
- Re: [rtcweb] Let's define the purpose of WebRTC Harald Alvestrand
- [rtcweb] SRTP - mandatory to implement vs mandato… Harald Alvestrand
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Wolfgang Beck
- Re: [rtcweb] Let's define the purpose of WebRTC Stefan Håkansson LK
- Re: [rtcweb] Let's define the purpose of WebRTC Eric Rescorla
- Re: [rtcweb] Let's define the purpose of WebRTC Harald Alvestrand
- Re: [rtcweb] Let's define the purpose of WebRTC Randell Jesup
- Re: [rtcweb] Let's define the purpose of WebRTC Randell Jesup
- Re: [rtcweb] Let's define the purpose of WebRTC Hadriel Kaplan
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Randell Jesup
- Re: [rtcweb] Let's define the purpose of WebRTC Jonathan Lennox
- Re: [rtcweb] Let's define the purpose of WebRTC Harald Alvestrand
- Re: [rtcweb] Let's define the purpose of WebRTC Wolfgang Beck
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Randell Jesup
- Re: [rtcweb] Let's define the purpose of WebRTC Harald Alvestrand
- Re: [rtcweb] Let's define the purpose of WebRTC Wolfgang Beck
- Re: [rtcweb] Let's define the purpose of WebRTC Ravindran Parthasarathi
- Re: [rtcweb] Let's define the purpose of WebRTC Olle E. Johansson
- Re: [rtcweb] SRTP - mandatory to implement vs man… Magnus Westerlund
- Re: [rtcweb] Let's define the purpose of WebRTC Cullen Jennings
- Re: [rtcweb] Let's define the purpose of WebRTC Roman Shpount
- Re: [rtcweb] Let's define the purpose of WebRTC Randell Jesup
- [rtcweb] SRTP requirement - wiretapping (Re: Let'… Harald Alvestrand
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Ravindran Parthasarathi
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Bernard Aboba
- Re: [rtcweb] surveillance in RTCWEB (was wiretapp… Bernard Aboba
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Cameron Byrne
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Ravindran Parthasarathi
- Re: [rtcweb] Let's define the purpose of WebRTC Ravindran Parthasarathi
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Cameron Byrne
- Re: [rtcweb] Let's define the purpose of WebRTC Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] Let's define the purpose of WebRTC Ravindran Parthasarathi
- Re: [rtcweb] Let's define the purpose of WebRTC Avasarala, Ranjit
- Re: [rtcweb] Let's define the purpose of WebRTC Harald Alvestrand
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Olle E. Johansson
- Re: [rtcweb] Let's define the purpose of WebRTC Avasarala, Ranjit
- Re: [rtcweb] Let's define the purpose of WebRTC Olle E. Johansson
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Ravindran Parthasarathi
- Re: [rtcweb] Let's define the purpose of WebRTC Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] Let's define the purpose of WebRTC Ravindran Parthasarathi
- Re: [rtcweb] Let's define the purpose of WebRTC Olle E. Johansson
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Ravindran, Parthasarathi
- Re: [rtcweb] Let's define the purpose of WebRTC Neil Stratford
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC DRAGE, Keith (Keith)
- Re: [rtcweb] Let's define the purpose of WebRTC Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] Let's define the purpose of WebRTC Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] Let's define the purpose of WebRTC Neil Stratford
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Ravindran, Parthasarathi
- Re: [rtcweb] Let's define the purpose of WebRTC Tim Panton
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Eric Rescorla
- Re: [rtcweb] Let's define the purpose of WebRTC Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] Let's define the purpose of WebRTC Roman Shpount
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Randell Jesup
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Justin Uberti
- Re: [rtcweb] Let's define the purpose of WebRTC Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Christer Holmberg
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Ravindran, Parthasarathi
- Re: [rtcweb] Let's define the purpose of WebRTC Eric Rescorla
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Eric Rescorla
- Re: [rtcweb] Let's define the purpose of WebRTC Roman Shpount
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Ravindran, Parthasarathi
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Eric Rescorla
- Re: [rtcweb] Let's define the purpose of WebRTC Eric Rescorla
- Re: [rtcweb] SRTP - mandatory to implement vs man… Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Randell Jesup
- Re: [rtcweb] SRTP - mandatory to implement vs man… Harald Alvestrand
- Re: [rtcweb] Let's define the purpose of WebRTC Hadriel Kaplan
- Re: [rtcweb] Let's define the purpose of WebRTC Olle E. Johansson
- [rtcweb] Traffic should be encrypted. (Re: Let's … Harald Alvestrand
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Roman Shpount
- Re: [rtcweb] Let's define the purpose of WebRTC Hadriel Kaplan
- Re: [rtcweb] Let's define the purpose of WebRTC Eric Rescorla
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Harald Alvestrand
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Roman Shpount
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Eric Rescorla
- Re: [rtcweb] Let's define the purpose of WebRTC Hadriel Kaplan
- Re: [rtcweb] Let's define the purpose of WebRTC Eric Rescorla
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Ravindran, Parthasarathi
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Harald Alvestrand
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Olle E. Johansson
- Re: [rtcweb] Let's define the purpose of WebRTC Olle E. Johansson
- Re: [rtcweb] Let's define the purpose of WebRTC Harald Alvestrand
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Roman Shpount
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Hadriel Kaplan
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Roman Shpount
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Cullen Jennings
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Eric Rescorla
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Hadriel Kaplan
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Randell Jesup
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Kevin P. Fleming
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Iñaki Baz Castillo
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Hadriel Kaplan
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Iñaki Baz Castillo
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Ravindran, Parthasarathi
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Hadriel Kaplan
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Justin Uberti
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Miguel Casas-Sanchez
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Marc Petit-Huguenin
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Tim Panton
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Harald Alvestrand
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Neil Stratford
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Justin Uberti
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Iñaki Baz Castillo
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Neil Stratford
- [rtcweb] Traffic on the list (Re: Traffic should … Harald Alvestrand
- [rtcweb] Fwd: Traffic should be encrypted. (Re: L… Wolfgang Beck
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Justin Uberti
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Neil Stratford
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Justin Uberti
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Hadriel Kaplan
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Christer Holmberg
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Neil Stratford
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Roman Shpount
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Randell Jesup
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Randell Jesup
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Neil Stratford
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Randell Jesup
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Michael Thornburgh
- Re: [rtcweb] Let's define the purpose of WebRTC Matthew Kaufman
- Re: [rtcweb] Let's define the purpose of WebRTC Matthew Kaufman
- [rtcweb] Media Synchronization (Re: Traffic shoul… Matthew Kaufman
- [rtcweb] DTMF (was Re: Traffic should be encrypte… Matthew Kaufman
- Re: [rtcweb] Let's define the purpose of WebRTC Roman Shpount
- [rtcweb] POTS lines to browser (was Re: Fwd: Traf… Matthew Kaufman
- Re: [rtcweb] POTS lines to browser (was Re: Fwd: … Wolfgang Beck
- [rtcweb] Call Security (was Re: Let's define the … Matthew Kaufman
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Tim Panton
- Re: [rtcweb] POTS lines to browser (was Re: Fwd: … Tim Panton
- Re: [rtcweb] POTS lines to browser (was Re: Fwd: … Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Media Synchronization (Re: Traffic s… Harald Alvestrand
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Tim Panton
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Justin Uberti
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Bernard Aboba
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Victor Pascual Avila
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Cullen Jennings