Re: [rtcweb] Resolving RTP/SDES question in Paris

Cameron Byrne <cb.list6@gmail.com> Mon, 19 March 2012 16:26 UTC

Return-Path: <cb.list6@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F17821F87CB for <rtcweb@ietfa.amsl.com>; Mon, 19 Mar 2012 09:26:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.314
X-Spam-Level:
X-Spam-Status: No, score=-3.314 tagged_above=-999 required=5 tests=[AWL=-0.016, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TEt0kVI82kch for <rtcweb@ietfa.amsl.com>; Mon, 19 Mar 2012 09:26:50 -0700 (PDT)
Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com [209.85.210.44]) by ietfa.amsl.com (Postfix) with ESMTP id 2F3A621F87C7 for <rtcweb@ietf.org>; Mon, 19 Mar 2012 09:26:50 -0700 (PDT)
Received: by dakl33 with SMTP id l33so11276735dak.31 for <rtcweb@ietf.org>; Mon, 19 Mar 2012 09:26:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=dbLFZz2sl8Cvv8smqYap65c6SER9gX6hkJZ/yqgukC8=; b=K1NbmvjJuffswvuOoPMl6UkzarcpdwKeLU6o2T4XckyganWe+qw502Sv8Nv210OoNa qECN+ggAZEj+tLjDn8+ukWXXpVuajMlARxEe9OHU/DTeh71o6dK0SvLixIrXTKTzMhMI 10pGC3eLLje1tBRb535ZwDMf/vHDQ9zBAGgrIjq/alhtmtWaTzs+vDKmKKJOoeY4fL7T OlXFmk4akOlEQPnnVOQjIhsbl3nRwijay094lK76Mw6Kw9CrqPcbKtWb9EI/mLaA8Nxt qELKCWi9Gk9l1BFO7C+dhZ8aDRwld10SCw1FWZAdRftH6sLg0JCnZnvggbSOBxR1/6ml P7NA==
MIME-Version: 1.0
Received: by 10.68.221.65 with SMTP id qc1mr1492906pbc.166.1332174410012; Mon, 19 Mar 2012 09:26:50 -0700 (PDT)
Received: by 10.143.160.13 with HTTP; Mon, 19 Mar 2012 09:26:49 -0700 (PDT)
Received: by 10.143.160.13 with HTTP; Mon, 19 Mar 2012 09:26:49 -0700 (PDT)
In-Reply-To: <CALiegfmBJ99d=9U0zH5Se2LKAG1vmG2VogLCTmTcuADUUpSnKQ@mail.gmail.com>
References: <4F4759DC.7060303@ericsson.com> <387F9047F55E8C42850AD6B3A7A03C6C0E1FEB69@inba-mail01.sonusnet.com> <CALiegfnkYVEpmPV-zSL_4wOY-HiFZN-qJCQCiioaS=5NaqhLZw@mail.gmail.com> <CAD5OKxvtOAxMBx6xDnyfTnEq76oDEm6uj1xL6wGjjrtKUAHy3g@mail.gmail.com> <CABcZeBNZiotPmCfT53uEo+O0xw4xv6tXW1M_G-3A5BHuncsduA@mail.gmail.com> <CAD5OKxvYOY5JZ2mYNGiH1poUBQkyOOycePFijH5H+SxtcdqujQ@mail.gmail.com> <CABkgnnVe-b6Sv=R67bMJk_NQqQwdrRUn6rBm7Gu_CMcfPQwtEg@mail.gmail.com> <CAD5OKxvZbEJ7sV4WPAYoQapzMR_QwAftj-oKg=ioMKHNT792wQ@mail.gmail.com> <6F428EFD2B8C2F49A2FB1317291A76C113563C5A92@USNAVSXCHMBSA1.ndc.alcatel-lucent.com> <CALiegf=jtkDCS_D0ZFe9UpbiadQ0vsJ+4MppQSbLr-wbaXNrfQ@mail.gmail.com> <BLU169-W29E5B86F9E2C6F3126961C93420@phx.gbl> <CALiegfk2aT+6Psr4nT-hG1G7eYRBfFCcT+25On2O4HfUXJ6-ng@mail.gmail.com> <CAD6AjGSmi9j+sdGWPts20-iwGvGij05ek0OKYEPULC6B=aFpQg@mail.gmail.com> <6F428EFD2B8C2F49A2FB1317291A76C113564482A7@USNAVSXCHMBSA1.ndc.alcatel-lucent.com> <CALiegfmBJ99d=9U0zH5Se2LKAG1vmG2VogLCTmTcuADUUpSnKQ@mail.gmail.com>
Date: Mon, 19 Mar 2012 09:26:49 -0700
Message-ID: <CAD6AjGTvhiqbMeu_xS6_bU4XuTSQVH0ikeni0QXPQTe+US7MWg@mail.gmail.com>
From: Cameron Byrne <cb.list6@gmail.com>
To: Iñaki Baz Castillo <ibc@aliax.net>
Content-Type: multipart/alternative; boundary="047d7b10d0f57cd8ea04bb9b06c9"
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2012 16:26:51 -0000

On Mar 19, 2012 9:11 AM, "Iñaki Baz Castillo" <ibc@aliax.net> wrote:
>
> 2012/3/19 Ejzak, Richard P (Richard) <richard.ejzak@alcatel-lucent.com>:
> > SRTP by itself guarantees nothing.  What is the point of insisting that
the
> > browser encrypt media if you know nothing about the other endpoint of
the
> > encrypted media or even whether anyone else has keys?
>
> If I am at the airport using an open WiFi connection, I visit a web
> page using HTTPS and my browser validates the server TLS certificate,
> neither I can be sure that the server has not been hacked by
> attackers. But at least I know that nobody in the airport can monitor
> my HTTPS traffic.
>
> Indeed SRTP by itself guarantees nothing, but if the signaling path is
> secured (HTTPS or WebSocket over TLS, so SRTP-SDES becomes a secure
> solution) nobody in my network can intercept my media communication.
> IMHO that's much better than nothing (plain RTP).
>

No security tool ever guarantees anything.

They just increase the cost/time of hacking interception.

Cb
> Regards.
>
> --
> Iñaki Baz Castillo
> <ibc@aliax.net>