Re: [rtcweb] SRTP not mandatory-to-use

[Xavier Marjou <xavier.marjou@gmail.com>]

Hi Markus,

Your mail is a nice summary. However, I just want to point out that
some enterprises want VPN and plain RTP.

Xavier

On Wed, Dec 14, 2011 at 1:23 PM,  <Markus.Isomaki@nokia.com> wrote:
> Hi Xavier,
>
>
>
> In your case the VPN use might be good enough from enterprise IT
> perspective, but not necessarily for individual employees suspicious of
> their co-workers, or the IT department, for that matter J
>
>
>
> As far as I can tell, the trend in corporate services is towards
> service-specific end-to-end security and away from L3 VPN type of catch-all
> solutions. For instance, I’m now connected to my corporate e-mail over TLS
> and to my corporate VoIP over TLS and SRTP, not having my IPSec VPN on. 5
> years ago I could only access those services using the VPN.
>
>
>
> Markus
>
>
>
>
>
> From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf Of
> ext Xavier Marjou
> Sent: 14 December, 2011 11:48
> To: rtcweb@ietf.org
> Subject: [rtcweb] SRTP not mandatory-to-use
>
>
>
> Hi,
>
>
>
> During the last IETF meeting, there seemed to be many people willing to have
> SRTP mandatory-to-use in the browser. However, I would like again to
> underline that in some contexts, it is rather desirable to deactivate, via
> the WebRTC API, the use of SRTP in order not to encrypt/decrypt at multiple
> layers.
>
>
>
> This may be the case in the following example: a company wants to use WebRTC
> for communications between its co-workers only; the web server and the
> script using WebRTC API are located on the VPN. In such a case, there is no
> need to use SRTP. The VPN already provides encryption when needed. If
> co-workers want to remotely access the VPN, an IPsec tool can already
> provide the encryption. Furthermore, if they want to remotely access the VPN
> via a 3G network, there will be encryption at layer 2 using AKA, then IPsec
> at layer 3, and again at SRTP level if mandatory-to-use.
>
>
>
> Cheers,
>
> Xavier