Re: [rtcweb] New use-case proposed

Harald Alvestrand <harald@alvestrand.no> Fri, 11 May 2012 16:21 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B72E321F85A8 for <rtcweb@ietfa.amsl.com>; Fri, 11 May 2012 09:21:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.46
X-Spam-Level:
X-Spam-Status: No, score=-110.46 tagged_above=-999 required=5 tests=[AWL=0.139, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LvvOZYaTiNdv for <rtcweb@ietfa.amsl.com>; Fri, 11 May 2012 09:21:23 -0700 (PDT)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id 1181F21F859A for <rtcweb@ietf.org>; Fri, 11 May 2012 09:21:23 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 27DAF39E132; Fri, 11 May 2012 18:21:22 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rYN158wB4e3F; Fri, 11 May 2012 18:21:21 +0200 (CEST)
Received: from [192.168.1.16] (unknown [188.113.88.47]) by eikenes.alvestrand.no (Postfix) with ESMTPSA id 7681139E062; Fri, 11 May 2012 18:21:21 +0200 (CEST)
Message-ID: <4FAD3C87.8080908@alvestrand.no>
Date: Fri, 11 May 2012 18:21:27 +0200
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: Stefan Hakansson LK <stefan.lk.hakansson@ericsson.com>
References: <4FAD0D8C.7020701@ericsson.com>
In-Reply-To: <4FAD0D8C.7020701@ericsson.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] New use-case proposed
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2012 16:21:24 -0000

I propose to reject this use case because it requires yet another 
security redesign.
The clue is here:

>
> - The keying solution must allow each participants to encrypt to
> multiple receivers without any decryption+encryption in the middle node
>

This means that each participant must use the same encryption keys to 
all other participants; this in turn means that when someone leaves the 
group, all participants must change their encryption keys; it also means 
that as long as shared keys are used for authentication, all 
participants can impersonate all other participants.

In fact, this solution has most of the issues (except for the network 
layer deployment issue) that leads me to strongly advocate leaving 
multicast out of scope for this effort.

                Harald