IETF Logo Mail Archive

Re: [rtcweb] SDES vs DTLS-SRTP revisited

Harald Alvestrand <harald@alvestrand.no> Tue, 20 March 2012 16:01 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8B4721F861D for <rtcweb@ietfa.amsl.com>; Tue, 20 Mar 2012 09:01:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nre-EFaw8YOI for <rtcweb@ietfa.amsl.com>; Tue, 20 Mar 2012 09:01:02 -0700 (PDT)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id 129C321F860F for <rtcweb@ietf.org>; Tue, 20 Mar 2012 09:01:02 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 4EC4939E132; Tue, 20 Mar 2012 17:01:01 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rnrijC6fdCqI; Tue, 20 Mar 2012 17:01:00 +0100 (CET)
Received: from [78.65.120.97] (host-78-65-120-97.homerun.telia.com [78.65.120.97]) by eikenes.alvestrand.no (Postfix) with ESMTPSA id 92EFF39E0E7; Tue, 20 Mar 2012 17:01:00 +0100 (CET)
Message-ID: <4F68A9B6.2050101@alvestrand.no>
Date: Tue, 20 Mar 2012 17:00:54 +0100
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.27) Gecko/20120216 Thunderbird/3.1.19
MIME-Version: 1.0
To: Hadriel Kaplan <HKaplan@acmepacket.com>
References: <A1B638D2082DEA4092A268AA8BEF294D194494CE64@ESESSCMS0360.eemea.ericsson.se> <CABcZeBO5xouNwMqBa-y6AqbXs-+9nU37kGEETm0DpqSWZ9tjwg@mail.gmail.com> <ABC8591A-0432-4D5A-82AB-BBE9A22360D9@acmepacket.com> <4F685C45.5080106@alvestrand.no> <E0F19DAB-4A30-42E8-AD3B-81858EBA9BC4@acmepacket.com>
In-Reply-To: <E0F19DAB-4A30-42E8-AD3B-81858EBA9BC4@acmepacket.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] SDES vs DTLS-SRTP revisited
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2012 16:01:03 -0000

On 03/20/2012 04:44 PM, Hadriel Kaplan wrote:
> On Mar 20, 2012, at 6:30 AM, Harald Alvestrand wrote:
>
>> I don't get this scenario. If Alice calls Bob using two different gateways, won't she go through a credentials and fingerprint exchange with the gateways?
>> In that case, wouldn't the fingerprint belong to the gateway?
> Yes, but the statement being made was in the context of Alice calling Bob, them seeing their browsers claim DTLS-SRTP "secured" or whatever, and them being super-geeks and checking the detailed info of what the actual DTLS fingerprints were, and finding they don't both see the same fingerprints... and that they would thus believe there was either a software bug or a malicious middleman.
So we've uncovered a requirement here: When a fingerprint is shown, it 
should clearly identify what it is the fingerprint of - in this case, 
the gateway that relays the call to Bob, not Bob.
> So my point was that's not a good conclusion to jump to, since both caller and called parties can see DTLS-SRTP "secured" mode lock-icon, but with different fingerprints, and yet it being neither a software bug nor a malicious middleman.  I realize no distinction can be made between a PSTN-gateway and a malicious MitM, by design, but that's not a good thing - because it means people will simply learn to ignore the warnings generated by the browser, because from a user perspective they'll all be false positives.
So in this case, the browser needs to not warn; it needs to say 
"connected to gateway in order to reach Bob".

v2.23.0 | Report a Bug | By Email