IETF Logo Mail Archive

Re: [rtcweb] No Interim on SDES at this juncture

Hadriel Kaplan <hadriel.kaplan@oracle.com> Fri, 21 June 2013 17:15 UTC

Return-Path: <hadriel.kaplan@oracle.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B324521F9FAB for <rtcweb@ietfa.amsl.com>; Fri, 21 Jun 2013 10:15:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.255
X-Spam-Level:
X-Spam-Status: No, score=-6.255 tagged_above=-999 required=5 tests=[AWL=-0.256, BAYES_00=-2.599, J_CHICKENPOX_111=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 44v9lvWCodDB for <rtcweb@ietfa.amsl.com>; Fri, 21 Jun 2013 10:15:05 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id DCFEE21F9FA0 for <rtcweb@ietf.org>; Fri, 21 Jun 2013 10:14:56 -0700 (PDT)
Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by aserp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r5LHErc3029122 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 21 Jun 2013 17:14:53 GMT
Received: from userz7021.oracle.com (userz7021.oracle.com [156.151.31.85]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r5LHEpq9026394 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 21 Jun 2013 17:14:52 GMT
Received: from abhmt116.oracle.com (abhmt116.oracle.com [141.146.116.68]) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r5LHEpew005119; Fri, 21 Jun 2013 17:14:51 GMT
Received: from [10.1.21.23] (/10.5.21.23) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 21 Jun 2013 10:14:50 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Hadriel Kaplan <hadriel.kaplan@oracle.com>
In-Reply-To: <2C6DDF0C-201D-4CA3-8EB0-F14B8A2D5758@cisco.com>
Date: Fri, 21 Jun 2013 13:14:49 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <CA2956C0-56B7-47E9-9EF4-9D639F8B8AD6@oracle.com>
References: <CA+9kkMDnjCNXGV0GU7x6gbbZMf4WiEuVvCRY8_Fix5tmdOB-Kg@mail.gmail.com> <AD220324-EEE7-4800-8512-FD7BADA9EC34@oracle.com> <CA+9kkMDY2Z_5_1uYJ1K_ZmrJB2a1-RE7V3aPqNHQg82DyagjCg@mail.gmail.com> <2975A93F-44DA-4020-B4DE-42E7ED98C08F@oracle.com> <51BAC9BC.6070708@ericsson.com> <94846970-4694-4EC8-AEFA-AEECEE0135AA@oracle.com> <51C02EE8.5070809@ericsson.com> <AE1A6B5FD507DC4FB3C5166F3A05A4841A2C78AD@TK5EX14MBXC273.redmond.corp.microsoft.com> <CAL02cgTFSbYSX7v3q37tsjzaPMshyyBroGWr=qmy-HGm82GJFg@mail.gmail.com> <AE1A6B5FD507DC4FB3C5166F3A05A4841A2C7EF8@TK5EX14MBXC273.redmond.corp.microsoft.com> <CAL02cgQMkHu-NqEeScT2ObfknJ+3OjXi7Y=7rUJtqeu3CbewMQ@mail.gmail.com> <8E9D2A9F-3D8B-4480-A85D-320CF30FEAA6@oracle.com> <CAL02cgT3KEb0VB9kz=QCe7Mt3oj5tZvZouFe5-Uy90Cmm0H0dQ@mail.gmail.com> <30761469-F5CC-4858-8D40-4632A7D5A682@oracle.com> <CAL02cgSS1e5zH2YRh4uTb8qxXF5Ng5y8RxRw-bGP5xmQLkiQ+Q@mail.gmail.com> <529DCF4E-2A8B-475F-8CCE-7E2ABC72EFB1@oracle.com> <2C6DDF0C-201D-4CA3-8EB0-F14B! 8A2D5758@cisco.com>
To: Dan Wing <dwing@cisco.com>
X-Mailer: Apple Mail (2.1508)
X-Source-IP: acsinet22.oracle.com [141.146.126.238]
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] No Interim on SDES at this juncture
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jun 2013 17:15:11 -0000

On Jun 21, 2013, at 12:45 PM, Dan Wing <dwing@cisco.com> wrote:

>> We've talked about that one before I think.  If jQuery is out to get you, it's game over.  It's essentially equivalent to a malicious web-server, except of course that the operator of the web-server isn't intending to be malicious (which is an important distinction).  But again, not only does jQuery have access to information such as who you're talking to and when, it can also redirect your media to a gateway of its choosing to terminate the DTLS-SRTP and record it, by fiddling with the JSON/SDP stuff.
> 
> For the attacker to succeed with the redirection of DTLS-SRTP to a server it controls, the attacker would also need to modify the SDP's a=fingerprint line which is as  trivial as the attacker's other SDP modifications.  To prevent the attacker from succeeding with such modification, we need cryptographic identity (to protect the From/To/Date/a=fingerprint and other fields), and need the browser (not JS) to verify the identity using an external service (e.g., local disk, IdP separate from the web server providing us the (compromised) JS and the SDP).  While it is true that today we don't have a way today to provide that cryptographic identity (RFC4474 does not work, draft-wing-rtcweb-identity-media written by me and Hadriel was met with silence) DTLS-SRTP creates the foundation to build cryptographic identity which can be verified by the browser itself.  Such cryptographic identity protects from this specific attack, and DTLS-SRTP protects from other attacks.

I agree - when we have such a thing, using DTLS-SRTP will have much more meaning.  But (1) there is no such thing yet, and (2) it won't make DTLS-SRTP nor DTLS-EKT any stronger than SDES for the SIP-gateway scenarios we're talking about, since the DTLS isn't going end-to-end.  I.e., none of the calls would successfully authenticate using such an out-of-band mechanism, even the good ones.

[note though I'm not saying DTLS-SRTP is useless today - quite the contrary, I hummed in favor of making it MTI back when that was decided, and I still think it should be MTI]

-hadriel

v2.23.0 | Report a Bug | By Email