Re: [rtcweb] No Interim on SDES at this juncture

Roman Shpount <roman@telurix.com> Thu, 20 June 2013 20:58 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B70C21F9E36 for <rtcweb@ietfa.amsl.com>; Thu, 20 Jun 2013 13:58:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.772
X-Spam-Level:
X-Spam-Status: No, score=-1.772 tagged_above=-999 required=5 tests=[AWL=0.205, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wFUciuJ1+9qE for <rtcweb@ietfa.amsl.com>; Thu, 20 Jun 2013 13:58:08 -0700 (PDT)
Received: from mail-wg0-x229.google.com (mail-wg0-x229.google.com [IPv6:2a00:1450:400c:c00::229]) by ietfa.amsl.com (Postfix) with ESMTP id 5F67121F9E1F for <rtcweb@ietf.org>; Thu, 20 Jun 2013 13:58:08 -0700 (PDT)
Received: by mail-wg0-f41.google.com with SMTP id y10so30851wgg.2 for <rtcweb@ietf.org>; Thu, 20 Jun 2013 13:58:07 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=QLhsfYVD+MpRJRX+cUBXEycGxkcqE2MWHDISwMYtBqY=; b=auEDmNg0BlxQUTIjVFsUAGxTZxWOVTnKoSvfd+BiALBtUsO8Q693AVeLhPO7HlSQdN nfIC/q/ye9ktGwOhlIh2JwoH7sjnrC7OqxX7RhVy+v6togXa9OCK5Uv/KrR240rANmVv nVRCjB+zhKqni8SqenNKBlTxR5C58cF9R0oDN2X71W8e3j+Ks1TUjJlTIjoatA0nqJuS VxRYm6uyI0xBT32TQD/qVAgwbri6bYMwQPyKpIJeWP8YsSnAkhcel6OgCUOl013C+Fl7 HqpNr/M5cH/IWgjbCqQre8uOzEk7BP+2BhFHbVJspFf5Fom4yEcdARFBYgb2YX3Ihd/3 5ToA==
X-Received: by 10.180.106.163 with SMTP id gv3mr696445wib.53.1371761887282; Thu, 20 Jun 2013 13:58:07 -0700 (PDT)
Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [2a00:1450:400c:c05::231]) by mx.google.com with ESMTPSA id m3sm18726908wij.5.2013.06.20.13.58.06 for <rtcweb@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 20 Jun 2013 13:58:06 -0700 (PDT)
Received: by mail-wi0-f177.google.com with SMTP id ey16so2111514wid.4 for <rtcweb@ietf.org>; Thu, 20 Jun 2013 13:58:05 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.195.12.133 with SMTP id eq5mr6994183wjd.27.1371761885422; Thu, 20 Jun 2013 13:58:05 -0700 (PDT)
Received: by 10.216.221.202 with HTTP; Thu, 20 Jun 2013 13:58:05 -0700 (PDT)
In-Reply-To: <9F33F40F6F2CD847824537F3C4E37DDF115D2D76@MCHP04MSX.global-ad.net>
References: <CA+9kkMDnjCNXGV0GU7x6gbbZMf4WiEuVvCRY8_Fix5tmdOB-Kg@mail.gmail.com> <AD220324-EEE7-4800-8512-FD7BADA9EC34@oracle.com> <CA+9kkMDY2Z_5_1uYJ1K_ZmrJB2a1-RE7V3aPqNHQg82DyagjCg@mail.gmail.com> <2975A93F-44DA-4020-B4DE-42E7ED98C08F@oracle.com> <51BAC9BC.6070708@ericsson.com> <94846970-4694-4EC8-AEFA-AEECEE0135AA@oracle.com> <51C02EE8.5070809@ericsson.com> <AE1A6B5FD507DC4FB3C5166F3A05A4841A2C78AD@TK5EX14MBXC273.redmond.corp.microsoft.com> <CAL02cgTFSbYSX7v3q37tsjzaPMshyyBroGWr=qmy-HGm82GJFg@mail.gmail.com> <AE1A6B5FD507DC4FB3C5166F3A05A4841A2C7EF8@TK5EX14MBXC273.redmond.corp.microsoft.com> <CAL02cgQMkHu-NqEeScT2ObfknJ+3OjXi7Y=7rUJtqeu3CbewMQ@mail.gmail.com> <8E9D2A9F-3D8B-4480-A85D-320CF30FEAA6@oracle.com> <9F33F40F6F2CD847824537F3C4E37DDF115D2D76@MCHP04MSX.global-ad.net>
Date: Thu, 20 Jun 2013 16:58:05 -0400
Message-ID: <CAD5OKxvMGD=e3rHta9aLRAOAM022V0hzcp6nJbmG+GAxBohS6g@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: "Hutton, Andrew" <andrew.hutton@siemens-enterprise.com>
Content-Type: multipart/alternative; boundary=047d7bb04c90e5ff5e04df9c33af
X-Gm-Message-State: ALoCoQmyuA0+WdCs4MokwmTDz5Bw2ZX1zsr9rcQG3N2GMqBkzmyuVsCsLT++AF5Zby3h5WyCVV10
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] No Interim on SDES at this juncture
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jun 2013 20:58:09 -0000

On Thu, Jun 20, 2013 at 4:52 PM, Hutton, Andrew <
andrew.hutton@siemens-enterprise.com>; wrote:

> Agree with Hadriel here I so no additional security benefit for EKT given
> that any media gateway is going to be in cahoots with the webserver and has
> access to the key.
>
> So all we are left with is the performance benefit of using SDES support
> in the browser which is significant and reduces the barrier to deploying
> WebRTC so let's go for the option that is easy to specify, easy to deploy,
> cheap to implement (already exists in Chrome), and we are all familiar with.
>
> SDES support looks like the obvious choice.
>
>
Not to play devil's advocate, but how is it any different then arguments to
support plain RTP? All the same things apply to RTP. On top of this SRTP is
no more secure then plain RTP when communicating with a server over plain
HTTP or communicating with untrusted server over HTTPS. If we decided that
RTP is unacceptable from security point of view, then how is SRTP
acceptable?
_____________
Roman Shpount