IETF Logo Mail Archive

Re: [rtcweb] DTLS-SRTP implementation diffusion: Why not SDES-SRTP?

"Fabio Pietrosanti (naif)" <lists@infosecurity.ch> Thu, 29 March 2012 07:05 UTC

Return-Path: <lists@infosecurity.ch>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9EF721E80E8 for <rtcweb@ietfa.amsl.com>; Thu, 29 Mar 2012 00:05:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.399
X-Spam-Level:
X-Spam-Status: No, score=-3.399 tagged_above=-999 required=5 tests=[AWL=-0.100, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CFoUX2IiXtx8 for <rtcweb@ietfa.amsl.com>; Thu, 29 Mar 2012 00:05:46 -0700 (PDT)
Received: from mail-ey0-f172.google.com (mail-ey0-f172.google.com [209.85.215.172]) by ietfa.amsl.com (Postfix) with ESMTP id A0DF321E80DD for <rtcweb@ietf.org>; Thu, 29 Mar 2012 00:05:44 -0700 (PDT)
Received: by eaaq11 with SMTP id q11so798950eaa.31 for <rtcweb@ietf.org>; Thu, 29 Mar 2012 00:05:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding:x-gm-message-state; bh=PMwYd1CCf2P1OOnT39iEk46EKmVI2bZsbFilVWtygQ4=; b=ULklUJ/DxTHgtAOMmvQ6PVMFQ1A2GHkQ40BfQigakIxhY7P6m2huO0+z15W6aMXZ4x ntpsTbPruz21jJKYLk+x52h4uHdNlBuS81MZ6t9c5xbQWJOaQgJ+89nHvOrAIYjbKuT6 bLiuedhEze9+dvlmmnpg25/tdskWSoUnD9PJ61dV7c8gEONw6WsXPkT8plqfe2GOn1LP 56wkCpcwPzTK7/2tHvw7ElRY1tdpr67H9RtXgFom9GK/LfRP48CRD/qjNuqZYMTjY8Vy bKfMKqBAeT3D76dFaWxr+erU3cF9ZNwZ7kysnG9fZ0uuiKQpGvWDC2AJ6u1YFwqjv2jQ tV7A==
Received: by 10.213.28.196 with SMTP id n4mr2353947ebc.0.1333004744133; Thu, 29 Mar 2012 00:05:44 -0700 (PDT)
Received: from sonyvaiop13.local (93-32-184-146.ip34.fastwebnet.it. [93.32.184.146]) by mx.google.com with ESMTPS id p57sm18586035eei.8.2012.03.29.00.05.42 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 29 Mar 2012 00:05:43 -0700 (PDT)
Sender: Fabio Pietrosanti <naif@infosecurity.ch>
Message-ID: <4F7409C4.407@infosecurity.ch>
Date: Thu, 29 Mar 2012 09:05:40 +0200
From: "Fabio Pietrosanti (naif)" <lists@infosecurity.ch>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: Iñaki Baz Castillo <ibc@aliax.net>
References: <4F73697D.5080006@infosecurity.ch> <CALiegfnF-8TCzkE9NiDsWz8PVNXtCtmpDKPYz65YLfdGVPQTqQ@mail.gmail.com>
In-Reply-To: <CALiegfnF-8TCzkE9NiDsWz8PVNXtCtmpDKPYz65YLfdGVPQTqQ@mail.gmail.com>
X-Enigmail-Version: 1.4
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-Gm-Message-State: ALoCoQlpX3W7Y49dwNOzCNJ5GWo4WrsjdJVBfh+9cRfrFlIGp5aSyR1sac4hDOLlkhrX0L+1Lhm5
Cc: "<rtcweb@ietf.org>" <rtcweb@ietf.org>
Subject: Re: [rtcweb] DTLS-SRTP implementation diffusion: Why not SDES-SRTP?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2012 07:05:48 -0000

On 3/28/12 9:53 PM, Iñaki Baz Castillo wrote:
> 2012/3/28 Fabio Pietrosanti (naif) <lists@infosecurity.ch>:
>> Hi all,
>>
>> i read that 80% of Sipit participant support SDES-SRTP but 0% support
>> DTLS-SRTP  https://www.sipit.net/SIPit29_summary .
>>
>> At SIPit there were 34 attendees from 17 companies visiting from 12
>> countries with 25 distinct VoIP implementations.
> 
> Right, but this is rtcweb, not SIP.
> 
> 
> 
>> I do not really see which is the rationale in making DTLS-SRTP mandatory
>> while plain SRTP with SDES key exchange is already so well know and used.
> 
> That's a good reason to *also* allow (and mandate) SDES-SRTP support
> in WebRTC clients, much better than the interoperability with SIP
> (again: this is rtcweb, not SIP world).

That's true, but it's also true that the "rtcweb world" will strictly
inter-operate with the "sip world".

It would be reasonable to expect that current existing PBX software
would evolve also with support for Rtcweb, to provide Web phone systems.

In particular all opensource software will setup the path for the
adoption of the standard, as we know history will repeat.

It appear me as natural behavior of diffusion of implementation, and for
that reason i see the need to "easily" inter-operate with the SIP world
is a key value point.

Creating an incompatible "media format" would require a lot of more
effort because the "amount of compatibility testing to be done with
DTLS-SRTP will be significantly higher than SDES-SRTP" .

So it would provide an advantage for the *few vendor* supporting it,
practically introducing a *technological entrance barrier*.

This is a bad practice already see in other standard bodies.

> 
> 
>> Anyone can provide some very strong and valuable point about using
>> DTLS-SRTP (considering it's weak diffusion and incompatibility risks)?
> 
> Lot of recent threads about this topic in this maillist. But also
> check a recent presentation (yesterday in IETF Pairs):
> 
> http://tools.ietf.org/agenda/83/slides/slides-83-rtcweb-3.pdf

I would like to strongly argue against the SLIDE 3 statement that
"DTLS-SRTP meets RTCWEB's technical requirements" .

DTLS-SRTP doesn't meet the RTCWEB's technical requirements because:

- It does NOT provide inter-operation with existing SIP endpoints

This is confirmed by the October 2011 SIPit data, with 80% of
participants supporting, with good interoperability, SDES but with 0%
supporting DTLS-SRTP .

In order to try to "try to improve it's non-interoperability issue" the
DTLS-SRTP is re-proposing him-selves as DTLS-SRTP-EKT .

To speaking about the fact that even EKT draft explain that:
" Today, Security Descriptions [RFC4568] is used for distributing SRTP
   keys in several different IP PBX systems and is expected to be used
   by 3GPP's Long Term Evolution (LTE). "

http://tools.ietf.org/html/draft-ietf-avt-srtp-ekt-01#section-6.1

So:
- Internt is using SDES-SRTP
- 3GPP LTE is using SDES-SRTP
- WebRTC is going to use DTLS-SRTP

I do not really see how we can rationally accept to follow this
different direction.

I mean, we are discussing about a "new standard" that's based on "new
technologies" rather than using existing, widely implemented technology.

Do we really understand how much effort we are going to cause on the
overall technological and security ecosystem by selecting DTLS-SRTP
rather than SDES-SRTP?

All US Federal Government will not be able to use WebRTC because NSA
standardized SDES-SRTP for use in Classified communication:
http://www.nsa.gov/ia/programs/mobility_program/index.shtml

The argument that DTLS is *more secure* must face the reality that
no-one is using it and that SDES-SRTP is *widely diffused and
interoperable*.

All Internet operators will have to introduce Protocol Gateway.
All mobile operators will have to introduce Protocol Gateway.

All that subjects, if using just SDES-SRTP, would just need to "update
the software they already use to run VoIP infrastructure" with no need
to handle modification to the Media for Interworking.

So definitely the choice to go for DTLS-SRTP is imho a wrong choice,
against any rationale for the diffusion of WebRTC standard, introducing
artificially complexity where it may be possible to keep it simple.

-- 
Fabio Pietrosanti
Founder, CTO

Tel: +39 02 911930893 + ext: 907
Mobile: +39 340 1801049
E-mail: fabio.pietrosanti@privatewave.com
Skype: fpietrosanti
Linkedin: http://linkedin.com/in/secret

PrivateWave Italia S.p.A.
Via Gaetano Giardino 1 - 20123 Milano - Italy
www.privatewave.com

v2.23.0 | Report a Bug | By Email