Re: [rtcweb] Consensus call regarding media security
"Dan Wing" <dwing@cisco.com> Wed, 28 March 2012 17:06 UTC
Return-Path: <dwing@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 937DF21E82CF for <rtcweb@ietfa.amsl.com>; Wed, 28 Mar 2012 10:06:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.455
X-Spam-Level:
X-Spam-Status: No, score=-109.455 tagged_above=-999 required=5 tests=[AWL=1.144, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VJOz3ebARUA2 for <rtcweb@ietfa.amsl.com>; Wed, 28 Mar 2012 10:06:48 -0700 (PDT)
Received: from mtv-iport-4.cisco.com (mtv-iport-4.cisco.com [173.36.130.15]) by ietfa.amsl.com (Postfix) with ESMTP id 0BFA421E82C6 for <rtcweb@ietf.org>; Wed, 28 Mar 2012 10:06:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=dwing@cisco.com; l=2627; q=dns/txt; s=iport; t=1332954408; x=1334164008; h=from:to:references:in-reply-to:subject:date:message-id: mime-version:content-transfer-encoding; bh=ckOWpr/bxm0kvKagyXzLtKzwASkytqazrMcSxuZirX0=; b=mVemxOfHtdko9UjPSrqtaWjUjDC+r9HSE7fAvDpL4N69gb1HCmifxf1F PKmjCdrYe3f0A5cxj53TBSu01yL3CO6j0kk/rcLE99Z/Ll/dnN04WbxOL pyUc72InGnsiutnAOL/qYeAMR/LRWn0oKSSfrwq6e3kVakH1Q8mjS1PoT 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhkFAOBEc0+rRDoI/2dsb2JhbAA8CakKj2KBB4IJAQEBAwEICgEXEEQHAQMCCQ8CBAEBAScHGSMKCQgBAQQBEgsXh2MEDJtznySKb4YjBI1riQeNNIFogmk
X-IronPort-AV: E=Sophos;i="4.73,662,1325462400"; d="scan'208";a="37964150"
Received: from mtv-core-3.cisco.com ([171.68.58.8]) by mtv-iport-4.cisco.com with ESMTP; 28 Mar 2012 17:06:46 +0000
Received: from dwingWS (sjc-vpn2-273.cisco.com [10.21.113.17]) by mtv-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id q2SH6juO017867; Wed, 28 Mar 2012 17:06:46 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Basil Mohamed Gohar' <abu_hurayrah@hidayahonline.org>, rtcweb@ietf.org
References: <4F732531.2030208@ericsson.com> <4F732649.5010705@hidayahonline.org>
In-Reply-To: <4F732649.5010705@hidayahonline.org>
Date: Wed, 28 Mar 2012 19:06:45 +0200
Message-ID: <0bf401cd0d05$284c50a0$78e4f1e0$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac0M8skmfauMp1u3SaeTuf3dsaXQJAAEYgdw
Content-Language: en-us
Subject: Re: [rtcweb] Consensus call regarding media security
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2012 17:06:48 -0000
> -----Original Message----- > From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On > Behalf Of Basil Mohamed Gohar > Sent: Wednesday, March 28, 2012 4:55 PM > To: rtcweb@ietf.org > Subject: Re: [rtcweb] Consensus call regarding media security > > On 03/28/2012 10:50 AM, Magnus Westerlund wrote: > > WG, > > > > In todays RTCWEB WG meeting there was discussion around media > security > > mechanism. In this meeting there was some clear consensus in the > > meeting which we would like to confirm on the list. > > > > The first was that there was overwhelming consensus that all RTP > > packets SHALL be protected by SRTP. > > > > Secondly that no one objected against making DTLS-SRTP a mandatory to > > implement and the default keying mechanism. Additional mechanisms are > > not precluded. > > > > WG participants may state their position regarding these consensus > calls > > until 12th of April when the chairs will declare the final consensus. > If > > you where present in the meeting room and comment on this, please > > indicate that. > > > > Best Regards > > > > Magnus Westerlund > > For the WG chairs > I already brought-up my concerns in the other thread, so I'll summarize > the core point I was making here. Would using SRTP *require* a central > authority for establishing authenticity, or can authenticity be > established via a point-to-point means (e.g., how it's traditionally > done via SSH [i.e., upon first connection or via previous key > exchange])? A central authority is not required. DTLS-SRTP itself doesn't use the information in the DTLS certificates (the information that might be present is ignored). Of course, if you want identity, then an identity service needs to exist. But it is possible to operate DTLS-SRTP without identity, which still provides value beyond Security Descriptions. For example, because you mentioned ssh, an 'easy' way to do DTLS-SRTP is to place the remote peer's certificate fingerprint into your local address book. No central authority is needed, and you could get an alert if/when the remote peer's certificate changes. A similar technique for HTTP is described in draft-ietf-websec-key-pinning. A similar technique for ZRTP is http://tools.ietf.org/html/rfc6189#section-12. > This is about degrees of trust that the user is will to place upon > various methods, of course. I am stating that the option should exist > for authenticity of an end point to be established outside of a central > authority (e.g., key exchange via other means). I agree that is valuable. -d
- [rtcweb] Consensus call regarding media security Magnus Westerlund
- Re: [rtcweb] Consensus call regarding media secur… Basil Mohamed Gohar
- Re: [rtcweb] Consensus call regarding media secur… Eric Rescorla
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Igor Faynberg
- Re: [rtcweb] Consensus call regarding media secur… Hadriel Kaplan
- Re: [rtcweb] Consensus call regarding media secur… Kevin P. Fleming
- Re: [rtcweb] Consensus call regarding media secur… Fabio Pietrosanti (naif)
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Fabio Pietrosanti (naif)
- Re: [rtcweb] Consensus call regarding media secur… Hadriel Kaplan
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Dan Wing
- Re: [rtcweb] Consensus call regarding media secur… Dan Wing
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Basil Mohamed Gohar
- Re: [rtcweb] Consensus call regarding media secur… Timothy B. Terriberry
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Justin Uberti
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Basil Mohamed Gohar
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Bernard Aboba
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Fabio Pietrosanti (naif)
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Magnus Westerlund
- Re: [rtcweb] Consensus call regarding media secur… Bernard Aboba
- Re: [rtcweb] Consensus call regarding media secur… Justin Uberti
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Hutton, Andrew
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Basil Mohamed Gohar
- Re: [rtcweb] Consensus call regarding media secur… Hutton, Andrew
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Ravindran, Parthasarathi
- Re: [rtcweb] Consensus call regarding media secur… Fabio Pietrosanti (naif)
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Fabio Pietrosanti (naif)
- Re: [rtcweb] Consensus call regarding media secur… Ravindran, Parthasarathi
- Re: [rtcweb] Consensus call regarding media secur… jesse
- Re: [rtcweb] Consensus call regarding media secur… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- Re: [rtcweb] Consensus call regarding media secur… Roman Shpount
- [rtcweb] Which servers to trust (Re: Consensus ca… Harald Alvestrand
- Re: [rtcweb] Which servers to trust (Re: Consensu… Iñaki Baz Castillo
- Re: [rtcweb] Which servers to trust (Re: Consensu… Iñaki Baz Castillo
- Re: [rtcweb] Which servers to trust (Re: Consensu… Randell Jesup
- Re: [rtcweb] Which servers to trust (Re: Consensu… Iñaki Baz Castillo
- Re: [rtcweb] Consensus call regarding media secur… Magnus Westerlund
- Re: [rtcweb] Consensus call regarding media secur… Eric Rescorla