Re: [rtcweb] End-to-end encryption vs end-to-end authentication (DTLS-SRTP / SDES-SRTP)

"Ravindran, Parthasarathi" <> Fri, 06 April 2012 06:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 02B9011E8091 for <>; Thu, 5 Apr 2012 23:23:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.449
X-Spam-Status: No, score=-6.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5V93cDlS6CbE for <>; Thu, 5 Apr 2012 23:23:42 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 9A8CF11E8085 for <>; Thu, 5 Apr 2012 23:23:41 -0700 (PDT)
Received: from ([]) (using TLSv1) by ([]) with SMTP ID; Thu, 05 Apr 2012 23:23:41 PDT
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Fri, 6 Apr 2012 02:24:04 -0400
Received: from ([fe80::8d0f:e4f9:a74f:3daf]) by ([fe80::80b9:dc60:caf7:7dfc%11]) with mapi id 14.01.0355.002; Fri, 6 Apr 2012 11:53:35 +0530
From: "Ravindran, Parthasarathi" <>
To: "Fabio Pietrosanti (naif)" <>, "" <>
Thread-Topic: [rtcweb] End-to-end encryption vs end-to-end authentication (DTLS-SRTP / SDES-SRTP)
Thread-Index: AQHNExU2rLdj93x8tkit4g2OJGitOJaNUhqQ
Date: Fri, 06 Apr 2012 06:24:02 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [rtcweb] End-to-end encryption vs end-to-end authentication (DTLS-SRTP / SDES-SRTP)
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 06 Apr 2012 06:23:43 -0000


End-to-end looks misnomer to me as the maximum media security/authentication provided shall be between two media hops. The media hops in the RTCWeb are web-browser. So, the aim of the media security/authentication mechanism has to between two web-browsers. The intermediate elements like http proxy should not be in a position to perform MITM attack or atleast, web-browser should have the mechanism to perform post-mortem analysis that man-in-the-middle exist as HTTP proxy. I wish to see the discussion for media security/authentication between web-browser to web-browser first.

Please note that web-browser is not required to standard browser like Chrome, IE, Mozilla but web-browser shall be custom-made which is RTCWeb compliant.

AFAIK, SDES-SRTP does not provide web-browser to web-browser authentication and it shall mimic web-browser to web-browser security. I agree with Hadriel that SDES-SRTP mechanism provides marketing advance as most of the user atleast believes that the session is secured :-) but it should not be criteria for selecting key mechanism.  We shall discuss in detail about DTLS-SRTP or zRTP or any other mechanism if exists for web-browser to web-browser media security.


>-----Original Message-----
>From: [] On Behalf
>Of Fabio Pietrosanti (naif)
>Sent: Thursday, April 05, 2012 3:47 PM
>Subject: [rtcweb] End-to-end encryption vs end-to-end authentication
>i've been discussing with several friends about the current discussion
>on the security standard in this mailing lists, in particular regarding
>the topic of DTLS-SRTP trust model posted there
> .
>I found that there is no common definition for the concept of "end-to-
>end encryption" and there are a lot of misunderstanding about it.
>In particular, the fact that two peer can community by exchanging keys
>directly among them, tend to typically to be defined as end-to-end
>However the term "end-to-end encryption" have also a general
>misconception that's something that "no one can intercept" .
>Unfortunately this is not true for DTLS-SRTP, while for example it's
>true for OpenPGP/MIME or for ZRTP with SAS.
>We need to separate the 4 concepts:
>- end-to-end encryption
>Ability for a key management system to exchange keys directly without
>relying on intermediate server actively involved in encryption process.
>- end-to-end authentication
>Ability for end-user to authenticate the end-to-end encryption process
>without the need to rely on a single or multiple set of trusted third
>- end-to-site encryption
>Ability for a key management system to exchange keys with/trough the
>server with which data are exchanged, involving it in the authentication
>- end-to-site authentication
>Ability for end-user to authenticate the end-to-site encryption process
>based on the same security mechanism used to establish trust with the
>server with which data are exchanged.
>What i would like to focus is that:
>- DTLS does provide end-to-end encryption (in specific context of use)
>- DTLS does provide end-to-site authentication (rely on third party
>- ZRTP does provide end-to-end encryption (in all context of use)
>- ZRTP does provide end-to-end authentication (does not rely on third
>party trust)
>- SDES-SRTP does provide end-to-site encryption (encryption with/trough
>your server)
>- SDES-SRTP does provide end-to-site authentication (you trust your
>server involved in key exchange)
>So when we tend to think about the "how much security a technology
>provide" we should probably compare in a scale:
>  - end-to-end encryption
>  - end-to-end authentication
>  - end-to-end encryption
>  - end-to-site authentication
>  - end-to-site encryption
>  - end-to-site authentication
>So currently we can affirm that:
>- ZRTP does not rely on third party trust for effective security
>- DTLS-SRTP rely on third party trust for effective security
>- SDES-SRTP rely on third party trust for effective security
>This is the *MOST IMPORTANT* distinction for an encryption technology:
>Well, basically it seems to me that DTLS-SRTP and SDES-SRTP both require
>So, my point are to:
>- Introduce SDES-SRTP for compatibility and simplicity
>  - Specify that the Browser will need to provide indicate the security
>level to the user (like the lock of HTTPS, same security model)
>- Introduce end-to-end authentication support for DTLS-SRTP via SAS
>  - Specify that the browser will need to to provide the end-user way to
>use end-to-end authentication and indicate the security level to the
>Then it will be up to the signaling server and/or to the browser
>settings to specificy the required security model:
>- end-to-end encryption + end-to-end authentication or
>- end-to-site encryption + end-to-site authentication
>But please don't mix those two as it will be *Very difficult, near to
>impossible* to explain to the user "WHO SHOULD HE TRUST" .
>rtcweb mailing list