IETF Logo Mail Archive

Re: [rtcweb] SDP Security Descriptions (RFC 4568) and RTCWeb

Randell Jesup <randell-ietf@jesup.org> Thu, 25 April 2013 23:40 UTC

Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 072A921F9737 for <rtcweb@ietfa.amsl.com>; Thu, 25 Apr 2013 16:40:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.949
X-Spam-Level:
X-Spam-Status: No, score=-1.949 tagged_above=-999 required=5 tests=[AWL=0.650, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q4FzOuVOKUgK for <rtcweb@ietfa.amsl.com>; Thu, 25 Apr 2013 16:40:33 -0700 (PDT)
Received: from r2-chicago.webserversystems.com (r2-chicago.webserversystems.com [173.236.101.58]) by ietfa.amsl.com (Postfix) with ESMTP id 0173B21F9724 for <rtcweb@ietf.org>; Thu, 25 Apr 2013 16:40:26 -0700 (PDT)
Received: from pool-98-111-140-34.phlapa.fios.verizon.net ([98.111.140.34]:3423 helo=[192.168.1.12]) by r2-chicago.webserversystems.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80) (envelope-from <randell-ietf@jesup.org>) id 1UVVm5-00084W-MU for rtcweb@ietf.org; Thu, 25 Apr 2013 18:40:25 -0500
Message-ID: <5179BEEF.4000600@jesup.org>
Date: Thu, 25 Apr 2013 19:40:31 -0400
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <3FA2E46D-C98E-4FC0-9F1D-AD595A861CE1@iii.ca> <20130425202238.74EF321F96A5@ietfa.amsl.com> <AE1A6B5FD507DC4FB3C5166F3A05A48416281FDB@tk5ex14mbxc272.redmond.corp.microsoft.com>
In-Reply-To: <AE1A6B5FD507DC4FB3C5166F3A05A48416281FDB@tk5ex14mbxc272.redmond.corp.microsoft.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r2-chicago.webserversystems.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jesup.org
Subject: Re: [rtcweb] SDP Security Descriptions (RFC 4568) and RTCWeb
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Apr 2013 23:40:34 -0000

On 4/25/2013 4:27 PM, Matthew Kaufman (SKYPE) wrote:
> I agree. The ability to set the cipher suite and keys from JavaScript is critical for certain applications. SDES is the best we'll get with SDP as the API. DTLS-SRTP-only would be unacceptably limiting.

So, the problems with SDES (discussed to a fare-the-well every 3 months 
for the last 1.75 years or more, so there's nothing really new here):

It exposes security keys directly to the application (or takes them from 
there).  Basically, you're back in "all your media is totally in trust 
to the application and website".  The keys aren't even end-2-end 
encrypted or even authenticated.  And even if you expose SDES bid-downs 
to the user, they don't know what they mean or how to process this 
information.

SDES basically means to me "secure against random WiFi sniffers at the 
coffeeshop", and little more than that.  I realize carriers and others 
like SDES because they make certain uses and obligations easy for them 
to meet, and interop with legacy devices and systems easier (though many 
such legacy interop systems will perforce need gateways anyways, and 
those gateways can convert from DTLS-SRTP to SDES.

Yes, some gateway scenarios might be cheaper/easier with SDES, but I see 
the primary use-cases for WebRTC to be browser-to-browser, not 
browser-legacy.  Certainly some large organizations are built around the 
VoIP/net to legacy equipment/PSTN/PBX use-case, and certainly they would 
find SDES easier.

But I think we need to weigh that against the longer term, and the 
interests of the users (not the providers) -- the users aren't generally 
at this table; the IETF is full of people who almost by definition work 
for the companies that provide data and services. (Not everyone, but most.)

I realize there are some (many) who have 
business/organizational/political reasons to avoid end-2-end 
encryption.  However, per IETF norms (RFC 2084) we should not be letting 
that decide this issue.


It's tough to find a way to allow SDES in the "connect to a gateway that 
will decrypt anyways" case, while also avoid bid-down attacks on 
browser-browser communication.  (and EKT has some of the same key 
control issues)

We can say "we enforce DTLS-SRTP only for secure, authenticated" calls 
like ekr presented (with media tainting, etc) - but that mode isn't the 
default and really can't be/won't be for many users and applications, 
making it at best an obscure option for most people. An app (or browser 
chrome) could put a "renegotiate/re-encrypt NOW with only DTLS-SRTP" 
button up, but I doubt most apps would bother, and it might be a 
struggle to get all browsers to include such an option I suspect.  And 
even that might/would be hard to convey to users.  But maybe that's the 
best we can do.  If so, it's a sad day we can't collectively figure out 
something better.

-- 
Randell Jesup
randell-ietf@jesup.org

v2.23.0 | Report a Bug | By Email