[rtcweb] SRTP and "marketing"

"Richard L. Barnes" <rbarnes@bbn.com> Wed, 28 March 2012 09:15 UTC

Return-Path: <rbarnes@bbn.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C423721E805A for <rtcweb@ietfa.amsl.com>; Wed, 28 Mar 2012 02:15:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.536
X-Spam-Level:
X-Spam-Status: No, score=-106.536 tagged_above=-999 required=5 tests=[AWL=0.063, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VcbQB6Ay13PD for <rtcweb@ietfa.amsl.com>; Wed, 28 Mar 2012 02:15:33 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id CC3B821E804A for <rtcweb@ietf.org>; Wed, 28 Mar 2012 02:15:33 -0700 (PDT)
Received: from [128.89.254.245] (port=58318 helo=neutrino.local) by smtp.bbn.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.77 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1SCoyN-000G4s-Gh for rtcweb@ietf.org; Wed, 28 Mar 2012 05:15:19 -0400
Message-ID: <4F72D6B3.40803@bbn.com>
Date: Wed, 28 Mar 2012 11:15:31 +0200
From: "Richard L. Barnes" <rbarnes@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:11.0) Gecko/20120313 Thunderbird/11.0
MIME-Version: 1.0
To: rtcweb@ietf.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [rtcweb] SRTP and "marketing"
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2012 09:15:34 -0000

I didn't make it to the mic at the meeting today, but I wanted to 
express one concern about the possibility of making RTCWEB SRTP-only.

Hadriel mentioned the "marketing value" of having always-on encryption, 
this idea that only supporting SRTP will make RTCWEB look like something 
secure and trustworthy.  I'm concerned that this might not be the case, 
and in fact that being SRTP-only might effectively be an over-promise, 
in light of the fact the absence of universal authentication.

Hadriel noted that the competitors to this technology are Skype and 
Flash, and it's worth considering the security situation with these 
technologies, because they kind of bracket RTCWEB.  With Skype (assuming 
they've designed it properly), there is actually a universal 
authentication, under a single authority.  So you really do know that 
you're talking to whatever Skype ID you intend to, and nobody else. 
With Flash, well, does anyone expect it to be secure anyway?

What I'm concerned about in the RTCWEB context is that without a 
universal authentication/identity infrastructure, we will end up 
*promising* a secure call, but not *delivering* it.  I haven't done the 
analysis, but it does not seem implausible to me that FireSheep-like 
vulnerabilities are lurking here.

So ISTM the "marketing" argument carries with it some serious risks as 
well as some small possible benefit.

--Richard