Re: [rtcweb] Consensus call regarding media security

Iñaki Baz Castillo <ibc@aliax.net> Thu, 29 March 2012 15:21 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC30921E8204 for <rtcweb@ietfa.amsl.com>; Thu, 29 Mar 2012 08:21:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.623
X-Spam-Level:
X-Spam-Status: No, score=-2.623 tagged_above=-999 required=5 tests=[AWL=0.054, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dB2PSjwH31Ln for <rtcweb@ietfa.amsl.com>; Thu, 29 Mar 2012 08:21:25 -0700 (PDT)
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id DD80C21E8202 for <rtcweb@ietf.org>; Thu, 29 Mar 2012 08:21:24 -0700 (PDT)
Received: by vbbez10 with SMTP id ez10so1796171vbb.31 for <rtcweb@ietf.org>; Thu, 29 Mar 2012 08:21:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=zHalwkO9kXfw4XG85Zw/BtreUgvhhKF+bFkaegIJ5FI=; b=hqMIeV4/iHIzqbMJ/dyMlcOMpfjSYERetawsdOq6RQbEUQgM4iErBUpak1AIb3ujeF yflVEpwq0g6R1t4795Uqq3qNCs4lciIobLE3eYBuvBoLNsN9x+xywty8SBkEhMa+SVv0 uLrM/1e7HGIlzdY/q/RIMepooM37NMY4CssuM2dXu2wGlzwSWe3CltciMPA70RxmjEfV PWyc7cufWEhwyNrAZcIQij5WNRVA60h10Rjxu7eFJikzdOmRasGUsjG3WwjR4SvqfHsi PJ2/L2c/73ryU4JJaKBrPuwUnhuDQcwusyoRN+Mqgrh8wwMlQEWAZ8C5G5DMxEjMzk4J GELg==
Received: by 10.52.15.233 with SMTP id a9mr2817157vdd.34.1333034484415; Thu, 29 Mar 2012 08:21:24 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.170.165 with HTTP; Thu, 29 Mar 2012 08:21:04 -0700 (PDT)
In-Reply-To: <CAD5OKxs+ijUt6pXz7OEAtQEyAwZ54rHmJFwnMg5BmL9zYCiOEQ@mail.gmail.com>
References: <4F732531.2030208@ericsson.com> <CAD5OKxs6NHha2egNSTumEaHYJ0bB6qu_nfshmBM6dntx2n49HQ@mail.gmail.com> <CALiegfn4MZYb-qCnM62T7w4EgWqrC5baN+pAYBZF84kEA7Ko6A@mail.gmail.com> <CAD5OKxtDED1vSFrw4V9TKkUzdSSXNg+S_WBrxmnFo21hjJvqMA@mail.gmail.com> <CALiegfkmckSar175LDYouvPkp0Vm1QCKhmTuiGNnD62QTDhamg@mail.gmail.com> <CAD5OKxur4FKAw8PprjfxLQVekmOWGuQegqN02mHsP+Hr-k_UNg@mail.gmail.com> <CALiegf=gZs_h4SqvQgwrb1Nec7TZZ6rpHRHgyKGVYtvED78jpw@mail.gmail.com> <CAD5OKxs+ijUt6pXz7OEAtQEyAwZ54rHmJFwnMg5BmL9zYCiOEQ@mail.gmail.com>
From: =?UTF-8?Q?I=C3=B1aki_Baz_Castillo?= <ibc@aliax.net>
Date: Thu, 29 Mar 2012 17:21:04 +0200
Message-ID: <CALiegfmFb2=AxbPpOhM5_-75O8NPmGTK275gbs9gGXgTE94NFQ@mail.gmail.com>
To: Roman Shpount <roman@telurix.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQlNv7JO0z4CnYouxMg4uNETIvDuMvMRmFHEyHqqudB//hp2DccanNyI/jgC6ZLRKo3FUCyn
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Consensus call regarding media security
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2012 15:21:25 -0000

2012/3/29 Roman Shpount <roman@telurix.com>om>:
> 1. SRTP-DTLS is required to be supported and is offered by default with no
> option to bid down to anything else.
> 2. From HTTPS session SDES SRTP can be enabled via an API method
> 3. From HTTP session RTP can be enabled via an API method
>
> I only want to allow RTP from HTTP initiated session, since I see no benefit
> of supporting SDES SRTP there. I only want to allow SDES SRTP from HTTPS
> initiated sessions, since SDES SRTP provides no security benefits when
> session description is transmitted over clear channel.
>
> With my proposal, if an application provider does not care about security,
> they will use HTTP/RTP. If they care about security, they will use
> HTTPS/DTLS-SRTP or SDES-SRTP, if interop or weather forces them to do so.
> Also, this way we do not provide false sense of security if someone decides
> to start SDES-SRTP session from HTTP.
>
> Is someone can explain to me how this is less secure, even in the airport
> wifi comparing to SDES-RTP from HTTP session, please do so.


You miss something:

1) I access some web using HTTPS with a valid certificate and so.

2) Some HTML and JavaScript is got.

3) The JS code opens a *non* secure WebSocket connection to some other
server (same domain or not, it does not matter here).

4) WebRTC signaling goes through the WebSocket connection (so forget
the initial HTTPS hyper-secure-and-verified connection).

5) SDES-SRTP is negotiated and accepted by both peers.

6) So signaling can be intercepted (unsecure WebSocket connection),
and therefore also the SDES keys. Interception possible regardless the
initial communication was HTTPS.

7) FAIL.




-- 
Iñaki Baz Castillo
<ibc@aliax.net>