Re: [rtcweb] Consent alternative

Martin Thomson <martin.thomson@gmail.com> Wed, 22 January 2014 14:41 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32FCC1A00EC for <rtcweb@ietfa.amsl.com>; Wed, 22 Jan 2014 06:41:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AhkENdiVuKez for <rtcweb@ietfa.amsl.com>; Wed, 22 Jan 2014 06:41:29 -0800 (PST)
Received: from mail-we0-x229.google.com (mail-we0-x229.google.com [IPv6:2a00:1450:400c:c03::229]) by ietfa.amsl.com (Postfix) with ESMTP id 984091A00E7 for <rtcweb@ietf.org>; Wed, 22 Jan 2014 06:41:29 -0800 (PST)
Received: by mail-we0-f169.google.com with SMTP id u57so390512wes.0 for <rtcweb@ietf.org>; Wed, 22 Jan 2014 06:41:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=9MmFYQsMgjPfokSp0VlJcSjaiOXq3TQA6bl9rIbLy/k=; b=Sd2x0trcNf6yW6+KYPvjhSI6ClmYxyJoBoKHXJFRopf1iVUWIkGuwP5Qct9chlGz1Z /VbbMWsvZEENghOcxPVMmzipqHPJxnaylM9NOLNUW5GYEJ2q5Q0AT0HZFki6HIhhz1CV 2mIlY2oGeFnVC0SuE7htHs9P9X03MoSENQY2bVVrjvi7QZTOvFs4kyNhSfp0Y/z/kEiW m2jZ6qS2wxvalgibSZ5YIBRWWtvp9AiZczvn3ghrL8PqwfcaZA1bMVYf/ukIv7WeOqC0 j+WrfC3Oi4qEWSNrMS8W0G2s4sEKfCzDE8fHyewHCQIbpwGCA5IFlRFJGxbWK4Z5yJDp E2Lw==
MIME-Version: 1.0
X-Received: by 10.180.75.202 with SMTP id e10mr20265858wiw.50.1390401688154; Wed, 22 Jan 2014 06:41:28 -0800 (PST)
Received: by 10.227.105.132 with HTTP; Wed, 22 Jan 2014 06:41:28 -0800 (PST)
In-Reply-To: <913383AAA69FF945B8F946018B75898A2428EFD3@xmb-rcd-x10.cisco.com>
References: <CABkgnnVNnT8uoWM8T=TqbTmy11CGTeHLP=_7z5KSMSpAsp9SyQ@mail.gmail.com> <52989933.6000907@ericsson.com> <CABkgnnUX3OFUyc5PXeN0ydykBwL0HyRuaigfJKMBbuWnuhnVJg@mail.gmail.com> <E721D8C6A2E1544DB2DEBC313AF54DE22436FBD9@xmb-rcd-x02.cisco.com> <CABkgnnUy3HxvsqYfwspEQ9_g1frUuFF4rwD-hTz45UzCr1fTBw@mail.gmail.com> <913383AAA69FF945B8F946018B75898A2428EFD3@xmb-rcd-x10.cisco.com>
Date: Wed, 22 Jan 2014 15:41:28 +0100
Message-ID: <CABkgnnXU3DwE-NYHuPmHwXvN2fcOs-GCoTgr1yY4E9oELnObPg@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
Content-Type: text/plain; charset=UTF-8
Cc: "Cullen Jennings \(fluffy\)" <fluffy@cisco.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Consent alternative
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jan 2014 14:41:31 -0000

On 22 January 2014 13:29, Tirumaleswar Reddy (tireddy)
<tireddy@cisco.com> wrote:
> If we consider B attacker is also capable of sniffing packets on wire, DTLS
> heartbeat does not have any benefit over STUN consent because B can sniff
> the DTLS heartbeat request sent by A and generate response.

This is not correct, but not really important either.  DTLS ensures
that an on-path attacker is unable to observe or insert packets.  If B
is on-path and able to read signaling, it can return STUN consent.
But we've already determined that on-path attackers aren't interesting
when it comes to DoS.