IETF Logo Mail Archive

Re: [rtcweb] Resolving RTP/SDES question in Paris

"Ravindran, Parthasarathi" <pravindran@sonusnet.com> Mon, 19 March 2012 06:07 UTC

Return-Path: <pravindran@sonusnet.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A36B21F84E0 for <rtcweb@ietfa.amsl.com>; Sun, 18 Mar 2012 23:07:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dKIqUhxru8DF for <rtcweb@ietfa.amsl.com>; Sun, 18 Mar 2012 23:07:27 -0700 (PDT)
Received: from na3sys010aog111.obsmtp.com (na3sys010aog111.obsmtp.com [74.125.245.90]) by ietfa.amsl.com (Postfix) with ESMTP id 9A1E221F84E7 for <rtcweb@ietf.org>; Sun, 18 Mar 2012 23:07:26 -0700 (PDT)
Received: from USMA-EX-HUB2.sonusnet.com ([69.147.176.212]) (using TLSv1) by na3sys010aob111.postini.com ([74.125.244.12]) with SMTP ID DSNKT2bNHTeu8tjd7frKZS/aNFLQ8yKx7hwK@postini.com; Sun, 18 Mar 2012 23:07:26 PDT
Received: from INBA-HUB02.sonusnet.com (10.70.51.87) by USMA-EX-HUB2.sonusnet.com (66.203.90.17) with Microsoft SMTP Server (TLS) id 14.2.247.3; Mon, 19 Mar 2012 02:07:38 -0400
Received: from INBA-MAIL01.sonusnet.com ([fe80::8d0f:e4f9:a74f:3daf]) by inba-hub02.sonusnet.com ([fe80::80b9:dc60:caf7:7dfc%11]) with mapi id 14.01.0355.002; Mon, 19 Mar 2012 11:37:20 +0530
From: "Ravindran, Parthasarathi" <pravindran@sonusnet.com>
To: Roman Shpount <roman@telurix.com>, "Ejzak, Richard P (Richard)" <richard.ejzak@alcatel-lucent.com>
Thread-Topic: [rtcweb] Resolving RTP/SDES question in Paris
Thread-Index: AQHM8te6ZBG/XYsMg0C4SE+GOqsWNpZtZpyg///nIgCAAAs3AIAASYaAgADU1wCAAESDgIAB8AUAgAAelICAAAMxAIAAeL0A
Date: Mon, 19 Mar 2012 06:07:18 +0000
Message-ID: <387F9047F55E8C42850AD6B3A7A03C6C0E1FF09B@inba-mail01.sonusnet.com>
References: <4F4759DC.7060303@ericsson.com> <387F9047F55E8C42850AD6B3A7A03C6C0E1FEB69@inba-mail01.sonusnet.com> <CALiegfnkYVEpmPV-zSL_4wOY-HiFZN-qJCQCiioaS=5NaqhLZw@mail.gmail.com> <CAD5OKxvtOAxMBx6xDnyfTnEq76oDEm6uj1xL6wGjjrtKUAHy3g@mail.gmail.com> <CABcZeBNZiotPmCfT53uEo+O0xw4xv6tXW1M_G-3A5BHuncsduA@mail.gmail.com> <CAD5OKxvYOY5JZ2mYNGiH1poUBQkyOOycePFijH5H+SxtcdqujQ@mail.gmail.com> <CABkgnnVe-b6Sv=R67bMJk_NQqQwdrRUn6rBm7Gu_CMcfPQwtEg@mail.gmail.com> <CAD5OKxvZbEJ7sV4WPAYoQapzMR_QwAftj-oKg=ioMKHNT792wQ@mail.gmail.com> <6F428EFD2B8C2F49A2FB1317291A76C113563C5A92@USNAVSXCHMBSA1.ndc.alcatel-lucent.com> <CAD5OKxuhiF9nasBsNpKH05d-Xt9LoD+ySHUvcxm3w=3rb8Oerw@mail.gmail.com>
In-Reply-To: <CAD5OKxuhiF9nasBsNpKH05d-Xt9LoD+ySHUvcxm3w=3rb8Oerw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.70.54.61]
Content-Type: multipart/alternative; boundary="_000_387F9047F55E8C42850AD6B3A7A03C6C0E1FF09Binbamail01sonus_"
MIME-Version: 1.0
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2012 06:07:30 -0000

+1

I'll add more usecase to strengthen RTP usage in WebRTC.

From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf Of Roman Shpount
Sent: Monday, March 19, 2012 9:51 AM
To: Ejzak, Richard P (Richard)
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris

+1
_____________
Roman Shpount

On Mon, Mar 19, 2012 at 12:10 AM, Ejzak, Richard P (Richard) <richard.ejzak@alcatel-lucent.com<mailto:richard.ejzak@alcatel-lucent.com>> wrote:
I would like to argue two points: 1) DTLS-SRTP with IdP is the only media security scheme that rtcweb should support; and 2) rtcweb should also support RTP (no media security) with a clear requirement on the browser UI to warn the user of the complete lack of media security.

DTLS-SRTP

Some of the arguments made against DTLS-SRTP in recent emails are valid unless it is integrated with trusted IdP that is sufficient to verify the identity of the remote party.  With this one caveat, DTLS-SRTP is equal to or (mostly) better than SDES-SRTP in almost all respects (not to be repeated here).  Even if the identity is suspect, the IdP can at least provide some degree of assurance and accountability when an issue arises.  Without that, a user has no recourse when a problem develops.

The key is that the browser UI must make clear to the user the identity of the remote party with whom media security has been established (even when it is a network gateway, in which case the identify of the gateway operator).  It should also be possible for the end user to mandate that a remote party identity is always verified before communication is allowed (perhaps even make this a requirement when media security is selected).  This is not too burdensome a requirement if established up front to help manage SPIT.

When end-to-end security is possible, then Alice knows that she's talking to Bob and vice versa.

Even when Alice is talking to someone reached via the PSTN, she can know that she has a secure media connection to a gateway owned by a particular (the identified) operator, thus establishing a significant part of the chain of accountability.  We can't improve on the security available through the PSTN, but we can improve on the security available to the point of interconnection with the identified operator (which may be different from the owner of the rtcweb application).  With DTLS-SRTP the user can have some basis for deciding whether to trust the identified operator; else (even with SDES-SRTP) you must completely trust the owner of the rtcweb application and there is no way to identify or verify any security attributes associated with the media.

Finally, there are multiple reasons to avoid supporting multiple media security schemes.  It is difficult enough to expect the end user to make sure they are comfortable with the identity of the remote party of a secure media connection, but to ask if they are comfortable with an alternative media security scheme is simply too much to expect.  Bid-down attacks are just too easy and it is impossible to verify any remote party identity with SDES-SRTP.

RTP

There are too many reasonable use cases for unsecured media for us to ignore them.  The browser should be very clear when media security is unavailable and make it easy to prevent communication without media security (perhaps as a default setting), but there are legitimate use cases in various private environments (e.g., enterprise, jail) where media security may not be allowed (or must somehow be compromised), or is just not available, that we should just support straight RTP.  As long as the user can control the conditions under which media security is disabled, I do not see a problem.

Richard Ejzak



_______________________________________________
rtcweb mailing list
rtcweb@ietf.org<mailto:rtcweb@ietf.org>
https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email