Re: [rtcweb] Security Architecture -07 review

Martin Thomson <martin.thomson@gmail.com> Sat, 27 July 2013 15:47 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D5F821F9AB4 for <rtcweb@ietfa.amsl.com>; Sat, 27 Jul 2013 08:47:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CVYWhE3SqVjG for <rtcweb@ietfa.amsl.com>; Sat, 27 Jul 2013 08:47:34 -0700 (PDT)
Received: from mail-we0-x232.google.com (mail-we0-x232.google.com [IPv6:2a00:1450:400c:c03::232]) by ietfa.amsl.com (Postfix) with ESMTP id 5CB1D21F9AC4 for <rtcweb@ietf.org>; Sat, 27 Jul 2013 08:47:34 -0700 (PDT)
Received: by mail-we0-f178.google.com with SMTP id u57so2803121wes.9 for <rtcweb@ietf.org>; Sat, 27 Jul 2013 08:47:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=jIW3PgZECoudc1Si/DPzWcvQRRq6msjs7bYcp1UehXY=; b=anHaybA6ghJ905o3kJfbkOLQrN0WH6O7h4KKue3mZfxRkHjfIrYvkwRWbfb+LsLPbT N0lIEW84ab11EWJXF/i0bu3LauTfwRYBnkBI6OieXmnNf+86CEaFWWa6uE4Ib8Lxt5ic LMY4S3duBJMRZvlQZSo9D969JihPKjYB+N3MdQUdk3h+DKEbVKel6dibXrNaHAw9Jypp as4s2TPV0IW93tASPCWpZhiAB/Wt2Y1U4habYG8pGDptpMqYz83pdqbEUJudObDBodSL JUZN1ioZoQSX9Qj+3Rj3sS8S9n2YZdcQPkfuTz6eHRii7BphiktwsL2YBrzL1prW1RRY IJfQ==
MIME-Version: 1.0
X-Received: by 10.194.110.6 with SMTP id hw6mr38515870wjb.3.1374940053507; Sat, 27 Jul 2013 08:47:33 -0700 (PDT)
Received: by 10.194.60.46 with HTTP; Sat, 27 Jul 2013 08:47:33 -0700 (PDT)
In-Reply-To: <22027904-8F7D-4CB7-B002-39973D201D7A@cisco.com>
References: <CABkgnnWUZXBRneGnRsA9Xo-rrdw7nAsBR+5SL6SRyjbR+Egfgw@mail.gmail.com> <D96D0971-E3A7-4E96-B3F4-83C2044252B7@cisco.com> <CABkgnnW71aGwgaX3oBYofQaHP7pFyyh9mGifXdFL=NYiJ+qfYw@mail.gmail.com> <3F737E1C-BBF9-4399-8B7D-B50FB4A2FFC0@cisco.com> <CABkgnnXq4fJf2dCTKaU_O1LLagVVKqnwnnLXS4ZmEwyH+5wKZQ@mail.gmail.com> <22027904-8F7D-4CB7-B002-39973D201D7A@cisco.com>
Date: Sat, 27 Jul 2013 08:47:33 -0700
Message-ID: <CABkgnnWsZ+BVqsW9QxcyBJCvRYipfq1-wKgePbsptHMX8otm5Q@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Dan Wing <dwing@cisco.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Security Architecture -07 review
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jul 2013 15:47:35 -0000

On 25 July 2013 17:34, Dan Wing <dwing@cisco.com> wrote:
> We could envision a more sophisticated mechanism, based on lots of different criteria, where different public/private key pairs are used and where some are destroyed immediately after certain calls.  For example, I might want to use a public/private key pair for all of my work calls and leave that static (as I want that identity to stick with me) but an ephemeral, one-time-only public/private key pair when not engaging in phone calls related to my work, such as calling my psychologist.

I believe that we've (EKR and I, I don't know if this made it to
meetings or lists) discussed the need for some application-level
control over these credentials.  I think that the idea was to allow
sites to specify a credential key that would be used to index a table
of credentials.  Of course, every origin would have to use a different
table, which could impose some storage requirements on the browser,
requiring some sort or space management to avoid exploitation.  By
selecting a random credential key for each call (bear with me
regarding terminology, I'm making this up as I go) a site could
effectively create a new set of credentials for that call.

Of course, the site could also choose to generate new credentials for
every call to make it impossible (or at least very difficult) to audit
calls made on that site, if that is something we cared about.  I do
think that in the absence of the identity provider system, that is the
only advantage that DTLS-SRTP brings, so we'd have to be quite careful
here.  I don't know what the right answer is.