IETF Logo Mail Archive

Re: [rtcweb] SDP Security Descriptions (RFC 4568) and RTCWeb

Alan Johnston <alan.b.johnston@gmail.com> Thu, 25 April 2013 16:39 UTC

Return-Path: <alan.b.johnston@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC7F121F881C for <rtcweb@ietfa.amsl.com>; Thu, 25 Apr 2013 09:39:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.203
X-Spam-Level:
X-Spam-Status: No, score=-101.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7elP81UR1ABx for <rtcweb@ietfa.amsl.com>; Thu, 25 Apr 2013 09:39:37 -0700 (PDT)
Received: from mail-qa0-x232.google.com (mail-qa0-x232.google.com [IPv6:2607:f8b0:400d:c00::232]) by ietfa.amsl.com (Postfix) with ESMTP id ED8BC21F87C5 for <rtcweb@ietf.org>; Thu, 25 Apr 2013 09:39:36 -0700 (PDT)
Received: by mail-qa0-f50.google.com with SMTP id dx4so926563qab.16 for <rtcweb@ietf.org>; Thu, 25 Apr 2013 09:39:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:references:in-reply-to:mime-version:content-type :message-id:content-transfer-encoding:cc:x-mailer:from:subject:date :to; bh=bix/JKckf6Qe/ke+2+jIJdsRGRWNS/azoTXoUN477Gs=; b=DiPj6gdBNdHCiPtcVzAbEVEay1MymcE9/LG1iygo137RlAbZezwjsNo0Xt63qBDFIj p4i9kc+ztwS75oCNyQrKfAepjfQdIuXIXnCqwLMVgcG23CBrxdIBd7NjlbizfkK7e0sZ 2h5qM8nj3hz03Y1titwnUxIbza3jY3h7WEGsr/kX0NTWXq7R3yE10Yhy4F63cCDtGoDE p/vNcOnxMuZl7JH7lKO/+QbrNxAIQ6Ur7oZYNhfU5o8YMG9T13mM/2Gjj+lVnwMiVAj0 cuYh11ifCvK01rVhG3A0U9YuRRf60gtydmR2KKuGzEaoSgO5PSuwp0s2N77wKxNfZznQ BJHw==
X-Received: by 10.49.3.6 with SMTP id 6mr14330348qey.64.1366907976504; Thu, 25 Apr 2013 09:39:36 -0700 (PDT)
Received: from [10.172.116.17] (mobile-198-228-195-002.mycingular.net. [198.228.195.2]) by mx.google.com with ESMTPSA id ds5sm11634172qab.11.2013.04.25.09.39.34 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 25 Apr 2013 09:39:35 -0700 (PDT)
References: <3FA2E46D-C98E-4FC0-9F1D-AD595A861CE1@iii.ca>
In-Reply-To: <3FA2E46D-C98E-4FC0-9F1D-AD595A861CE1@iii.ca>
Mime-Version: 1.0 (1.0)
Content-Type: text/plain; charset="us-ascii"
Message-Id: <74300615-2293-4DCE-82A7-475F1A5A8256@gmail.com>
Content-Transfer-Encoding: quoted-printable
X-Mailer: iPhone Mail (9B206)
From: Alan Johnston <alan.b.johnston@gmail.com>
Date: Thu, 25 Apr 2013 12:39:30 -0400
To: Cullen Jennings <fluffy@iii.ca>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] SDP Security Descriptions (RFC 4568) and RTCWeb
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Apr 2013 16:39:37 -0000

I'm not a fan of SDES. However, I've come to believe that we need it for two reasons. 

1. There is a backwards compatibility reason. There are deployed systems of SRTP that use SDES or a key agreement that easily maps to it. Just as we allowed G.711 for these systems, it seems reasonable to allow SDES as well. When combined with ICE Lite in a media gateway, this is a scalable interop approach. 

2. We need it or something like it for API reasons. There are cases where the JavaScript needs to tell the browser what SRTP key to use. Since JSEP uses SDP for this API surface, SDES works for this. Obviously it is a bad idea to send this key over unsecured channels, but this is separate from this API issue. 

And just to be clear, browser to browser should use DTLS-SRTP, and only thus mode should be considered "secure" using whatever user interface a browser chooses. 

- Alan -



On Apr 25, 2013, at 11:57 AM, Cullen Jennings <fluffy@iii.ca> wrote:

> 
> The working groups committed some time ago to have a further discussion on whether SDP Security Descriptions (RFC 4568 aka SDES) would be usable as a keying method for WebRTC.  As we prepare for that discussion, we'd like to have expressions of interest or support for that approach which indicate the general outlines of support proposed.  If you wish to make such an expression of support, please send it to the chairs or the list.
> 
> Cullen, Magnus, & Ted <The Chairs>
> 
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email