IETF Logo Mail Archive

Re: [rtcweb] SDES vs DTLS-SRTP revisited

Hadriel Kaplan <HKaplan@acmepacket.com> Sat, 17 March 2012 03:35 UTC

Return-Path: <HKaplan@acmepacket.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B26F621E8014 for <rtcweb@ietfa.amsl.com>; Fri, 16 Mar 2012 20:35:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.55
X-Spam-Level:
X-Spam-Status: No, score=-2.55 tagged_above=-999 required=5 tests=[AWL=0.049, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hjr-r4BW0C25 for <rtcweb@ietfa.amsl.com>; Fri, 16 Mar 2012 20:35:22 -0700 (PDT)
Received: from etmail.acmepacket.com (etmail.acmepacket.com [216.41.24.6]) by ietfa.amsl.com (Postfix) with ESMTP id 6DC3321E800F for <rtcweb@ietf.org>; Fri, 16 Mar 2012 20:35:22 -0700 (PDT)
Received: from MAIL1.acmepacket.com (10.0.0.21) by etmail.acmepacket.com (216.41.24.6) with Microsoft SMTP Server (TLS) id 8.2.254.0; Fri, 16 Mar 2012 23:35:18 -0400
Received: from MAIL2.acmepacket.com ([169.254.2.166]) by Mail1.acmepacket.com ([169.254.1.170]) with mapi id 14.02.0283.003; Fri, 16 Mar 2012 23:35:17 -0400
From: Hadriel Kaplan <HKaplan@acmepacket.com>
To: Eric Rescorla <ekr@rtfm.com>
Thread-Topic: [rtcweb] SDES vs DTLS-SRTP revisited
Thread-Index: AQHNA+747QlBuYwNfEmBzs1v/Saxlw==
Date: Sat, 17 Mar 2012 03:35:17 +0000
Message-ID: <ABC8591A-0432-4D5A-82AB-BBE9A22360D9@acmepacket.com>
References: <A1B638D2082DEA4092A268AA8BEF294D194494CE64@ESESSCMS0360.eemea.ericsson.se> <CABcZeBO5xouNwMqBa-y6AqbXs-+9nU37kGEETm0DpqSWZ9tjwg@mail.gmail.com>
In-Reply-To: <CABcZeBO5xouNwMqBa-y6AqbXs-+9nU37kGEETm0DpqSWZ9tjwg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [216.41.24.34]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <8428E2584D1435499C5595725C213178@acmepacket.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAQAAAWE=
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] SDES vs DTLS-SRTP revisited
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Mar 2012 03:35:24 -0000

On Mar 16, 2012, at 6:32 PM, Eric Rescorla wrote:
> 
> Yes, I think the fingerprint mismatch in case 1 serves as a stronger indication
> that something was wrong, because there is no technical reason for the
> fingerprint not to match if both sides believe they are doing DTLS. I.e.,
> it always indicates either a software defect or a man in the middle.
> And the suspicious user of course should hang up, but they should also
> post pictures to /., which, I would think, serves
> as a pretty significant deterrent to providers tampering with people's calls!
> By contrast, with SDES, the attack scenario and the legitimate scenario
> look the same.

I don't think you can jump to the conclusion that there's either a software defect or a MitM.  Imagine if WebRTC user Alice calls Bob through provider-A, using Bob's telephone number.  Provider-A supports DTLS-SRTP on its PSTN gateway, so it handles that and generates a call into the PSTN for Bob, who happens to use Provider-B.  Bob is currently on a WebRTC client connected to Provider-B, and Provider-B happens to also support DTLS-SRTP on its PSTN gateway.  So both Alice and Bob see "DTLS-SRTP", but different fingerprints.  It's not a software defect.  You could argue it's a MitM (the PSTN gateways doing what they do), and certainly there may *be* someone recording the call in the middle for all you know - but you really don't know either way.  Alice dialed Bob, and got the best case scenario given the situation.

The good news is the media is secure from the browsers to the PSTN, which is not an insignificant accomplishment.  If we're worried about WiFi - and I am, for at least marketing/perception reasons if nothing else - then we've alleviated that concern.  

So then there's slashdot.  If Alice or Bob posts to slashdot, it's bad news.  But we can hardly blame Provider-A or Provider-B, since they had no alternative.  Ironically, if WebRTC supported SDES, then Provider-A and B could do that instead, and make it clear/explicit no end-to-end guarantee can be made for the call - while *still* avoiding the main concern, which is the WiFi problem.  In some sense *we*, the IETF/W3C, would be more honest if we allowed SDES (over HTTPS) for gateway cases, since that's actually the level of security being provided.  Mandating DTLS-SRTP provides a false sense of security, and false sense of insecurity if it fails.

-hadriel

v2.23.0 | Report a Bug | By Email