Re: [rtcweb] End-to-end encryption vs end-to-end authentication (DTLS-SRTP / SDES-SRTP)

Iñaki Baz Castillo <ibc@aliax.net> Thu, 05 April 2012 18:45 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C06F521F86C2 for <rtcweb@ietfa.amsl.com>; Thu, 5 Apr 2012 11:45:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.611
X-Spam-Level:
X-Spam-Status: No, score=-2.611 tagged_above=-999 required=5 tests=[AWL=0.066, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t9Ju9SSbQW0u for <rtcweb@ietfa.amsl.com>; Thu, 5 Apr 2012 11:45:18 -0700 (PDT)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 4A54B21F86A0 for <rtcweb@ietf.org>; Thu, 5 Apr 2012 11:45:18 -0700 (PDT)
Received: by ggmi1 with SMTP id i1so1028953ggm.31 for <rtcweb@ietf.org>; Thu, 05 Apr 2012 11:45:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=BcRkwJpmFwSx0nGALRLffda4U2VLjmFdk0Rts6gxI+M=; b=WiB/3meC5larsx/qZt3qZJydTYXjS+Nt9PzrKMPvuJozG/ufQ99gyIkZ0egMxUK4Pc DQ0p5Z/2gL2V2tHj3AqLBMHu+Yci9GWQZdzhHHAqKcc/UhdK1AmK3Dcv0lwGt7KaYSd9 s+gMEgv/BgwJOvNLNpHzCIP80HI7n+dp+lm+pNZZL0YDwivTZGN2c6jeDw+YkDQOh29q Bbyrtnz1s9b/uEbSMkbWXy+fYTl2wjge5Rdm3NZ0l8DKAydXTDu1SnFiFTPB09cqYoa/ J6pbEz9U6XERdPuiTUORWwXCv1AMuukoZwp1wVXi2PbcYhMi1aGYiTFHONRQHmQ+e/4P ht0w==
Received: by 10.236.136.33 with SMTP id v21mr3599329yhi.17.1333651517802; Thu, 05 Apr 2012 11:45:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.170.165 with HTTP; Thu, 5 Apr 2012 11:44:57 -0700 (PDT)
In-Reply-To: <CAD5OKxs1nwNgaPOxcjW1=yJS-CMZLWj1rzx8wzmcHzOF6j9Z3Q@mail.gmail.com>
References: <4F7D7103.6040102@infosecurity.ch> <4F7DBEFC.6040302@alcatel-lucent.com> <4F7DD13F.2010006@infosecurity.ch> <CAD5OKxv_e9Ncw7xt3eh9jNM9HWX1snDN1wVynkFT2GPoA+y1_w@mail.gmail.com> <4F7DE01C.4040800@infosecurity.ch> <CAD5OKxtDXX1A1hewxZeFZMcs4f4o6BqCy8UYpi5LMngj2GudfQ@mail.gmail.com> <CALiegf=Bf5Q7ODUZccJiEOn-ibWk7aDx9-MGNmGLCusGGjfvxg@mail.gmail.com> <CAD5OKxs1nwNgaPOxcjW1=yJS-CMZLWj1rzx8wzmcHzOF6j9Z3Q@mail.gmail.com>
From: =?UTF-8?Q?I=C3=B1aki_Baz_Castillo?= <ibc@aliax.net>
Date: Thu, 5 Apr 2012 20:44:57 +0200
Message-ID: <CALiegfm8LjgSTLTSxvC31Z_OW33iA1jomYPa0tzrt0WBVQKAog@mail.gmail.com>
To: Roman Shpount <roman@telurix.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQkmtWP5i2JqovRXlWvh80LmBPuzqBpnkA5joAvATCvIqiU+ibuHKlH3t0aicOcI0lixznj4
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] End-to-end encryption vs end-to-end authentication (DTLS-SRTP / SDES-SRTP)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2012 18:45:18 -0000

2012/4/5 Roman Shpount <roman@telurix.com>:
> On Thu, Apr 5, 2012 at 2:19 PM, Iñaki Baz Castillo <ibc@aliax.net> wrote:
>>
>> Define such an "alternative communications channel" and explain me how
>> the signaling server cannot alter that channel.
>>
>
> I will send it to you using Frogo, my trusty carrier pidgin ;).
>
> I can read them to you (possible to modify but much harder then simple
> signaling), I can email them to you using some sort of trusted service, or I
> can call you using old fashioned telephone. I remember times when such keys
> were exchanged via fax.

So the success of DTLS (the "security end-to-end panacea") depends on
two users of any web sharing their "keys" via email, phone, or fax...

Did you forget the <sarcasm> tag? XD

-- 
Iñaki Baz Castillo
<ibc@aliax.net>