IETF Logo Mail Archive

Re: [rtcweb] Resolving RTP/SDES question in Paris

"Ravindran, Parthasarathi" <pravindran@sonusnet.com> Tue, 20 March 2012 01:16 UTC

Return-Path: <pravindran@sonusnet.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0EA621E803F for <rtcweb@ietfa.amsl.com>; Mon, 19 Mar 2012 18:16:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.894
X-Spam-Level:
X-Spam-Status: No, score=-4.894 tagged_above=-999 required=5 tests=[AWL=1.705, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OYT+dbbJccol for <rtcweb@ietfa.amsl.com>; Mon, 19 Mar 2012 18:16:01 -0700 (PDT)
Received: from na3sys010aog107.obsmtp.com (na3sys010aog107.obsmtp.com [74.125.245.82]) by ietfa.amsl.com (Postfix) with ESMTP id 79F3D21E801C for <rtcweb@ietf.org>; Mon, 19 Mar 2012 18:16:01 -0700 (PDT)
Received: from usma-ex-hub1.sonusnet.com ([69.147.176.212]) (using TLSv1) by na3sys010aob107.postini.com ([74.125.244.12]) with SMTP ID DSNKT2faUWYAAkwIs1+LdKuL1vBNU3tvyRK8@postini.com; Mon, 19 Mar 2012 18:16:01 PDT
Received: from INBA-HUB02.sonusnet.com (10.70.51.87) by usma-ex-hub1.sonusnet.com (66.203.90.16) with Microsoft SMTP Server (TLS) id 14.2.247.3; Mon, 19 Mar 2012 21:16:14 -0400
Received: from INBA-MAIL01.sonusnet.com ([fe80::8d0f:e4f9:a74f:3daf]) by inba-hub02.sonusnet.com ([fe80::80b9:dc60:caf7:7dfc%11]) with mapi id 14.01.0355.002; Tue, 20 Mar 2012 06:45:56 +0530
From: "Ravindran, Parthasarathi" <pravindran@sonusnet.com>
To: Jim Barnett <Jim.Barnett@genesyslab.com>, Hadriel Kaplan <HKaplan@acmepacket.com>, Roman Shpount <roman@telurix.com>
Thread-Topic: [rtcweb] Resolving RTP/SDES question in Paris
Thread-Index: AQHM8te6ZBG/XYsMg0C4SE+GOqsWNpZtZpyg///nIgCAAAs3AIAASYaAgADU1wCAAESDgIAB8AUAgAAelICAAH0pgIAAChuAgAAC/YCAADCxgIAADEuAgAAOHICAAAWBgIAAAeoAgAAPeYCAAEVigIAAByQAgACETSA=
Date: Tue, 20 Mar 2012 01:15:54 +0000
Message-ID: <387F9047F55E8C42850AD6B3A7A03C6C0E1FFE23@inba-mail01.sonusnet.com>
References: <4F4759DC.7060303@ericsson.com><387F9047F55E8C42850AD6B3A7A03C6C0E1FEB69@inba-mail01.sonusnet.com><CALiegfnkYVEpmPV-zSL_4wOY-HiFZN-qJCQCiioaS=5NaqhLZw@mail.gmail.com><CAD5OKxvtOAxMBx6xDnyfTnEq76oDEm6uj1xL6wGjjrtKUAHy3g@mail.gmail.com><CABcZeBNZiotPmCfT53uEo+O0xw4xv6tXW1M_G-3A5BHuncsduA@mail.gmail.com><CAD5OKxvYOY5JZ2mYNGiH1poUBQkyOOycePFijH5H+SxtcdqujQ@mail.gmail.com><CABkgnnVe-b6Sv=R67bMJk_NQqQwdrRUn6rBm7Gu_CMcfPQwtEg@mail.gmail.com><CAD5OKxvZbEJ7sV4WPAYoQapzMR_QwAftj-oKg=ioMKHNT792wQ@mail.gmail.com><6F428EFD2B8C2F49A2FB1317291A76C113563C5A92@USNAVSXCHMBSA1.ndc.alcatel-lucent.com><CALiegf=jtkDCS_D0ZFe9UpbiadQ0vsJ+4MppQSbLr-wbaXNrfQ@mail.gmail.com><BLU169-W29E5B86F9E2C6F3126961C93420@phx.gbl><CALiegfk2aT+6Psr4nT-hG1G7eYRBfFCcT+25On2O4HfUXJ6-ng@mail.gmail.com><CAD6AjGSmi9j+sdGWPts20-iwGvGij05ek0OKYEPULC6B=aFpQg@mail.gmail.com><6F428EFD2B8C2F49A2FB1317291A76C113564482A7@USNAVSXCHMBSA1.ndc.alcatel-lucent.com><ADBB75F3-E20C-4EC4-B9C3-EF2E4BFF409C@phonefromhere.com><C! AD5OKxvuE V8Vbq3h7=Zgc KmREjmguvz5n-SpXr2n-EY7a_ddxg@mail.gmail.com><CALiegfk1ozOKPcDjbd3H_z2Edzh4RcZpYyJSWdw_1DJ04muQXA@mail.gmail.com><CAD5OKxu8-+0O0=eE7mD1hi=nPUpEXczGj=bRNQCQL1BW8c-c-Q@mail.gmail.com> <D75A384B-0F38-4E30-8C03-12E903A69B64@acmepacket.com> <E17CAD772E76C742B645BD4DC602CD8105EBE8CF@NAHALD.us.int.genesyslab.com>
In-Reply-To: <E17CAD772E76C742B645BD4DC602CD8105EBE8CF@NAHALD.us.int.genesyslab.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [121.242.142.186]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2012 01:16:02 -0000

Jim,

As a customer, you won't really know whether the identity (DTLS-SRTP) of call center/travel site is agent or SBC. SBC can perform MITM attack easily as extending SDES-SRTP to DTLS-SRTP for call center site is feasible.

Thanks
Partha

>-----Original Message-----
>From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf
>Of Jim Barnett
>Sent: Tuesday, March 20, 2012 4:19 AM
>To: Hadriel Kaplan; Roman Shpount
>Cc: rtcweb@ietf.org
>Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
>
>On the matter of the call center/travel site recording your call:  can't
>the far-end user agent always record your call, no matter what security
>you use?  So in the case of SDES, the call center can record at their
>SBC/switch/media server (their in-house MITM), which is easier for them,
>but even with DTLS/SRTP couldn't they always record it at the agent
>desktop, if they wanted to?
>
>- Jim
>
>-----Original Message-----
>From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf
>Of Hadriel Kaplan
>Sent: Monday, March 19, 2012 6:24 PM
>To: Roman Shpount
>Cc: rtcweb@ietf.org
>Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
>
>
>While I sympathize with the concern that requiring SRTP (regardless of
>how the key is learned) is a burden for those use-cases that literally
>don't care about SRTP and for which it does not matter, such as a
>weather announcement service or an IETF meeting broadcast, I really
>think you're 'throwing out the baby with the bath-water' to propose we
>either get everything or nothing.  People won't have the identity-stuff
>for some time, and it won't be painless to make it work and deployed.
>So what you're basically saying is "you only get RTP because you can't
>prove end-to-end security".  But such "proof" rarely exists even today.
>
>Today, when you do Email or IM over HTTPS or SMTPS, that email or IM
>only goes secure to the server you're doing SMTPS or HTTPS with.  You
>have no assurance whatsoever that it stays secure from that point on,
>nor that the server doesn't log the email/IM in its entirety.  But that
>doesn't mean there's no value in using HTTPS/SMTPS to reach that first
>server.  Quite the contrary, there's significant value in it.  Just like
>there's value in using HTTPS to reach a web store-front when purchasing
>using a credit-card, even though you have no idea what the security is
>between the web-store and your actual credit-card company.
>
>In the WebRTC context, for example, I would expect a quite-popular use-
>case for WebRTC to be Business websites, such as web-storefronts, or
>customer-support sites, or airline/hotel ticket/reservations/upgrades
>sites, etc.  When connecting to the web-page of those sites, I would
>expect them to be HTTPS once I got to some point of the click-flow
>process, if not from the beginning.  If I click a "talk to us for help"
>button, I would expect that to be secure as well, as much as the HTTPS
>portion was anyway.  In this context, only allowing them to use RTP is
>silly.  SDES is reasonably secure in this context, because there is no
>other domain the call is going to.  Yes, they have my SRTP key - doesn't
>matter; yes they can log my call - doesn't matter.  But at least my
>media is secure from my laptop to their server's domain - and that does
>matter, and it's all I ever got from using HTTPS.
>
>-hadriel
>
>
>On Mar 19, 2012, at 2:15 PM, Roman Shpount wrote:
>
>> I guess my question is, when are we going to tell the user that
>connection is "secure"? What I really do not want is making the
>distinction between secured and unsecured connection so muddy, that a
>normal user will never be able to understand the difference and will
>agree to anything. Because of this, I would like to see that if
>connection is over DTLS-SRTP with a remove party verified by an identity
>provider, user would be asked if they would like to communicate with
>remote party XYZ. If this is anything else, (DTLS-SRTP with no identity,
>SDES-SRTP, or even plain RTP), user should be asked either to allow
>unsecure communication with an unknown party, or, completely prohibited
>to do so.
>>
>> I do not see the difference, as far as security is concerned, between
>SDES-SRTP and plain RTP. If we allow SDES-SRTP for compatibility
>reasons, we might as well allow plain RTP. It would be compatible with
>more devices and as insecure as SDES-SRTP. There is no requirement that
>WebRTC application must use HTTPS for signaling. If the application is
>using HTTP, all the "sitting in the airport" examples are as unsecured
>with SDES-SRTP as they are with plain RTP.
>>
>> I do not think we would be able to force WebRTC application developers
>to create a secure application unless they would decide to create care
>and effort to develop it as such. Our goal should be to provide
>application developers with tools that would allow them to create secure
>applications and with mechanisms that would allow users to identify when
>their communications are actually secure. Everything else is just adding
>random requirements to the standard.
>> _____________
>> Roman Shpount
>>
>>
>> _______________________________________________
>> rtcweb mailing list
>> rtcweb@ietf.org
>> https://www.ietf.org/mailman/listinfo/rtcweb
>
>_______________________________________________
>rtcweb mailing list
>rtcweb@ietf.org
>https://www.ietf.org/mailman/listinfo/rtcweb
>_______________________________________________
>rtcweb mailing list
>rtcweb@ietf.org
>https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email