Re: [rtcweb] Additional keying mechanisms for media security for discussion

Iñaki Baz Castillo <ibc@aliax.net> Wed, 28 March 2012 18:02 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3430221E8193 for <rtcweb@ietfa.amsl.com>; Wed, 28 Mar 2012 11:02:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.624
X-Spam-Level:
X-Spam-Status: No, score=-2.624 tagged_above=-999 required=5 tests=[AWL=0.053, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BiGHC8Ea5H+V for <rtcweb@ietfa.amsl.com>; Wed, 28 Mar 2012 11:02:13 -0700 (PDT)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 2CF8321F8692 for <rtcweb@ietf.org>; Wed, 28 Mar 2012 11:02:13 -0700 (PDT)
Received: by vcbfk13 with SMTP id fk13so1066759vcb.31 for <rtcweb@ietf.org>; Wed, 28 Mar 2012 11:02:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=Q7ZmTj/xxBIXmfLZJNn4FlIMzZjCsZN6gDZVubzmaOw=; b=nOvLgdRx/Fl4OGHPc4WiC+t9q1aTZ7Dp6vfHlGZdHgxplU+cBPtEUCcuLaoJh9yHhk hbu4Fe3a7eIFi0VEu35tsEbUXkGmvDGGajiyS9wZYOf6Y0Q465igXdX4k+ZiXrYwGTgG MTr8MK7QwAP8sV1xqNs0pBk7ww5SdcfrRbV693SDntRPAHly9ixabXxMN8A/cTYuAJNj 7nftvNLfGZbyciszylkfiBO1qKD3grkUs5lc/9NnaXwb+JFFtwokv2XXXWGZ9qyyArUj 9cAz4ggfEBvJGXTCFMRtSBpj1Ua0V/mqsBBVYNQtNnRfPSKnN7N6hErcIe5KkIDTixYB iEUg==
Received: by 10.52.15.233 with SMTP id a9mr1190639vdd.34.1332957732695; Wed, 28 Mar 2012 11:02:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.170.165 with HTTP; Wed, 28 Mar 2012 11:01:50 -0700 (PDT)
In-Reply-To: <4F734089.9040208@ericsson.com>
References: <4F734089.9040208@ericsson.com>
From: Iñaki Baz Castillo <ibc@aliax.net>
Date: Wed, 28 Mar 2012 20:01:50 +0200
Message-ID: <CALiegfku31wMdvdxxWDf6Z3j9MPV+FYzOKXZDUN4n3Ju85H0Ng@mail.gmail.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQnmHUCxBTOqPD/WH++PIHTMVRxf5Hz3lmcFwHqSwxmPlM0owsq7HpAGaypIPZbXDHO86Zdx
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Additional keying mechanisms for media security for discussion
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2012 18:02:14 -0000

2012/3/28 Magnus Westerlund <magnus.westerlund@ericsson.com>:
> We did a consensus call if in addition to DTLS-SRTP:
>
> a) Security Description SHALL be mandatory to also implement
>
> b) Security Description SHALL NOT be mandatory to also implement
>
> This consensus call was clearly tied. We will continue to discuss this
> with the goal to make a decision at a later point.

I vote for (a). Rationale: SRTP-SDES is proven to work and it's widely
implemented. It is not the perfect solution but it's easy to implement
and much better than plain RTP.

NOTE: Of course I also vote for SRTP-DTLS to be mandatory (for which
AFAIK there is already consensus: it MUST be implemented).



> We chairs also deferred the question if EKT is a mechanism that shall or
> be recommended to be supported. So please discuss this also.

That's still less tested than DTLS-SRTP, so I vote for "SHALL NOT be
mandatory to also implement" (at least for now).


-- 
Iñaki Baz Castillo
<ibc@aliax.net>