IETF Logo Mail Archive

Re: [rtcweb] WebRTC-SIP interop: and why SDES-SRTP is a need

Iñaki Baz Castillo <ibc@aliax.net> Wed, 04 April 2012 16:44 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D9F521F86B1 for <rtcweb@ietfa.amsl.com>; Wed, 4 Apr 2012 09:44:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.664
X-Spam-Level:
X-Spam-Status: No, score=-2.664 tagged_above=-999 required=5 tests=[AWL=0.013, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HmEmyDjrzJ8u for <rtcweb@ietfa.amsl.com>; Wed, 4 Apr 2012 09:44:08 -0700 (PDT)
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 1868C21F85DF for <rtcweb@ietf.org>; Wed, 4 Apr 2012 09:44:08 -0700 (PDT)
Received: by vbbez10 with SMTP id ez10so380095vbb.31 for <rtcweb@ietf.org>; Wed, 04 Apr 2012 09:44:07 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding:x-gm-message-state; bh=oqKYzqy1HXcJJfzfH2rStrTOX/Sx7njoM0iWtOGHfec=; b=a+LV7GAOvKZlOGVCOXsGgULgnYYgo1SC7Nu72QhmJ370LF+W28YnihZjOdGgfdWjQu U75GpW3JZnhpjaXKfYitFlKtxkX90tW/688g8OBcl5mliS8MzIFambbvpK9ZS/0kk6uO 3eIPA1zE/cCQCE/rajTwDSt6LYJz/iJM6ezJ1UBk2YkCv3r+YDp9Wn2txHgAWHDRMsK7 bZiBxRbpNpTw+us4QHqBFOqRnXxZkklyTV1wy3KFkFVML+nHZ4b6Rvw+cidgNstqjx95 k4IqLB0gCdQO8D8dW7E3NXTwwjelqpoZe5AQ9xzlda3h7pF5aNN8KL1MsTphlwzHGPk1 2Ajw==
Received: by 10.52.15.233 with SMTP id a9mr7681527vdd.34.1333557847524; Wed, 04 Apr 2012 09:44:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.170.165 with HTTP; Wed, 4 Apr 2012 09:43:47 -0700 (PDT)
In-Reply-To: <CALiegfmz6tgm9WF3KWEK5qwaBGADKFyit=egB36zkjZXNKdeHw@mail.gmail.com>
References: <CALiegfmz6tgm9WF3KWEK5qwaBGADKFyit=egB36zkjZXNKdeHw@mail.gmail.com>
From: Iñaki Baz Castillo <ibc@aliax.net>
Date: Wed, 04 Apr 2012 18:43:47 +0200
Message-ID: <CALiegfnA8_ntYd5f935P_E6vvMwjrzt+j6UhB9vjmo6h-RzfPA@mail.gmail.com>
To: rtcweb@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQkl5OSf9RxoyfquSY2sPxmQL5fvJvyDTLeIW+xmOuj6ZJaaQb27GKOzDJweX/ZXQmOwImLV
Subject: Re: [rtcweb] WebRTC-SIP interop: and why SDES-SRTP is a need
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2012 16:44:09 -0000

2012/4/3 Iñaki Baz Castillo <ibc@aliax.net>:
> Hi all,
>
> I've made two "pictures" showing WebRTC and SIP interop for two cases:
>
> 1) SDES-SRTP is allowed in WebRTC:
>      http://public.aliax.net/WebRTC/WebRTC_SIP_Interop_SDES-SRTP.png
>
> 2) Just DTLS-ETK-SRTP is allowed in WebRTC [*]
>      http://public.aliax.net/WebRTC/WebRTC_SIP_Interop_DTLS-EKT-SRTP.png
>
> [*] slides 30-35 in
> http://tools.ietf.org/agenda/83/slides/slides-83-rtcweb-3.pdf
>
>
> For those claiming to mandate *just* DTLS-EKT-SRTP in WebRTC, please
> see the *cost* of such a decision, and also:
>
> - Thanks for requiring a super Signaling+Media B2BUA/SBC in WebRTC/SIP
> interop scenarios. Some vendors will be very happy and will become
> very rich. Such a super device (also a DTLS to SDES conversor,
> including DTLS key updates to re-INVITE) will be "a bit"... expensive.
>
> - Thanks for disallowing *pure* SIP protocol usage (and instead
> requiring SIP B2BUAs/SBCs or custom WebRTC signaling to SIP conversion
> gateways). WebRTC is supposed to let the signaling protocol up to the
> application, but pure SIP protocol will not be possible since a SIP
> B2BUA/SBC is required, and those devices always break/limit the SIP
> protocol (*always*).
>
>
> So IMHO, option 2 ("just DTLS-EKT-SRTP is allowed in WebRTC") is The Barrier.


Hi, nobody cares about the implications of option 2 ???

Do all the people planning to interop with SIP assume that they'll
need the super B2BUA in the second image (without the possibility of
using a pure SIP proxy)?:

  http://public.aliax.net/WebRTC/WebRTC_SIP_Interop_DTLS-EKT-SRTP.png


BTW Fabio has sent two magistral mails explaining why DTLS is not the
panacea and why SDES can be good enough to satisfy the same level of
security than DTLS. No comments?


Regards.


-- 
Iñaki Baz Castillo
<ibc@aliax.net>

v2.23.0 | Report a Bug | By Email