Re: [rtcweb] No Interim on SDES at this juncture

Martin Thomson <martin.thomson@gmail.com> Thu, 20 June 2013 23:36 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C99F21F9FC0 for <rtcweb@ietfa.amsl.com>; Thu, 20 Jun 2013 16:36:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PaoJsI5CnHkZ for <rtcweb@ietfa.amsl.com>; Thu, 20 Jun 2013 16:36:38 -0700 (PDT)
Received: from mail-wg0-x22d.google.com (mail-wg0-x22d.google.com [IPv6:2a00:1450:400c:c00::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 729BE21F9F9E for <rtcweb@ietf.org>; Thu, 20 Jun 2013 16:36:38 -0700 (PDT)
Received: by mail-wg0-f45.google.com with SMTP id j13so6073825wgh.12 for <rtcweb@ietf.org>; Thu, 20 Jun 2013 16:36:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=J+hjIkJ+xicpY7dfg3MSiBxuhr71p71AB3CWL/jitZI=; b=yl3XoZ76yZ4c7rSNhsswHR3AHTZQsiIcc6GWbt2WQbmMRcvLfBI7PaQLg9Oi+GyKeh BksGlsTeKjYmmA0M0o2m3V2wKld2XtItupKRA5sChz3Y8woPKnVHNX/ZIyzhrbBOrXpD CMYg6hU8QGtVtuJBcj2CPrOjcR7VQTtkNSfWytxolhvq8vFIWld3SweEItW9/1QHNiP1 PbKDEDs6rcm6BHJRsqfgA1NdBpryWGItLVTVU1TXg3eSM/SqgDPvKSo8DFMzqNpxM1kY pOe+nu0k3AFEKu+GYiopbLXoJMAkMw1GhlEw1Ox6ZPdfNdFT/PV0Rh2WSJyTh2I5ByOP Nbew==
MIME-Version: 1.0
X-Received: by 10.180.20.46 with SMTP id k14mr1091506wie.14.1371771397554; Thu, 20 Jun 2013 16:36:37 -0700 (PDT)
Received: by 10.194.60.46 with HTTP; Thu, 20 Jun 2013 16:36:37 -0700 (PDT)
In-Reply-To: <9F33F40F6F2CD847824537F3C4E37DDF115D2E8D@MCHP04MSX.global-ad.net>
References: <CA+9kkMDnjCNXGV0GU7x6gbbZMf4WiEuVvCRY8_Fix5tmdOB-Kg@mail.gmail.com> <AD220324-EEE7-4800-8512-FD7BADA9EC34@oracle.com> <CA+9kkMDY2Z_5_1uYJ1K_ZmrJB2a1-RE7V3aPqNHQg82DyagjCg@mail.gmail.com> <2975A93F-44DA-4020-B4DE-42E7ED98C08F@oracle.com> <51BAC9BC.6070708@ericsson.com> <94846970-4694-4EC8-AEFA-AEECEE0135AA@oracle.com> <51C02EE8.5070809@ericsson.com> <AE1A6B5FD507DC4FB3C5166F3A05A4841A2C78AD@TK5EX14MBXC273.redmond.corp.microsoft.com> <CAL02cgTFSbYSX7v3q37tsjzaPMshyyBroGWr=qmy-HGm82GJFg@mail.gmail.com> <AE1A6B5FD507DC4FB3C5166F3A05A4841A2C7EF8@TK5EX14MBXC273.redmond.corp.microsoft.com> <CAL02cgQMkHu-NqEeScT2ObfknJ+3OjXi7Y=7rUJtqeu3CbewMQ@mail.gmail.com> <8E9D2A9F-3D8B-4480-A85D-320CF30FEAA6@oracle.com> <9F33F40F6F2CD847824537F3C4E37DDF115D2D76@MCHP04MSX.global-ad.net> <CAD5OKxvMGD=e3rHta9aLRAOAM022V0hzcp6nJbmG+GAxBohS6g@mail.gmail.com> <9F33F40F6F2CD847824537F3C4E37DDF115D2E8D@MCHP04MSX.global-ad.net>
Date: Thu, 20 Jun 2013 16:36:37 -0700
Message-ID: <CABkgnnWrygFQJyhPREk=hG2TLUS3pgmYhaC=Ozy0ekdMaay2ng@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: "Hutton, Andrew" <andrew.hutton@siemens-enterprise.com>
Content-Type: text/plain; charset=UTF-8
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] No Interim on SDES at this juncture
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jun 2013 23:36:39 -0000

On 20 June 2013 14:25, Hutton, Andrew
<andrew.hutton@siemens-enterprise.com> wrote:
> Using SRTP is always more secure than using plain RTP but again I think the
> problem to be solved is how the user is notified about the level of risk.

I'm fairly sure that the levels of trust can be very easily enumerated:

Do you trust the site? (i.e., default access level on getUserMedia or
a session that uses SDES)

Do you trust some other guy?  Where the identity of the other guy is
provided. (peerIdentity/noaccess constraint on getUserMedia, and
DTLS-SRTP, and - if it isn't a domain name - an identity provider)

Given that either default access levels on gUM or use of SDES to be
equivalent, and I think that they are to a reasonable approximation,
then the security story for SDES isn't that weak.