Re: [rtcweb] Security Architecture -07 review
Martin Thomson <martin.thomson@gmail.com> Sat, 27 July 2013 15:47 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D5F821F9AB4 for <rtcweb@ietfa.amsl.com>; Sat, 27 Jul 2013 08:47:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CVYWhE3SqVjG for <rtcweb@ietfa.amsl.com>; Sat, 27 Jul 2013 08:47:34 -0700 (PDT)
Received: from mail-we0-x232.google.com (mail-we0-x232.google.com [IPv6:2a00:1450:400c:c03::232]) by ietfa.amsl.com (Postfix) with ESMTP id 5CB1D21F9AC4 for <rtcweb@ietf.org>; Sat, 27 Jul 2013 08:47:34 -0700 (PDT)
Received: by mail-we0-f178.google.com with SMTP id u57so2803121wes.9 for <rtcweb@ietf.org>; Sat, 27 Jul 2013 08:47:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=jIW3PgZECoudc1Si/DPzWcvQRRq6msjs7bYcp1UehXY=; b=anHaybA6ghJ905o3kJfbkOLQrN0WH6O7h4KKue3mZfxRkHjfIrYvkwRWbfb+LsLPbT N0lIEW84ab11EWJXF/i0bu3LauTfwRYBnkBI6OieXmnNf+86CEaFWWa6uE4Ib8Lxt5ic LMY4S3duBJMRZvlQZSo9D969JihPKjYB+N3MdQUdk3h+DKEbVKel6dibXrNaHAw9Jypp as4s2TPV0IW93tASPCWpZhiAB/Wt2Y1U4habYG8pGDptpMqYz83pdqbEUJudObDBodSL JUZN1ioZoQSX9Qj+3Rj3sS8S9n2YZdcQPkfuTz6eHRii7BphiktwsL2YBrzL1prW1RRY IJfQ==
MIME-Version: 1.0
X-Received: by 10.194.110.6 with SMTP id hw6mr38515870wjb.3.1374940053507; Sat, 27 Jul 2013 08:47:33 -0700 (PDT)
Received: by 10.194.60.46 with HTTP; Sat, 27 Jul 2013 08:47:33 -0700 (PDT)
In-Reply-To: <22027904-8F7D-4CB7-B002-39973D201D7A@cisco.com>
References: <CABkgnnWUZXBRneGnRsA9Xo-rrdw7nAsBR+5SL6SRyjbR+Egfgw@mail.gmail.com> <D96D0971-E3A7-4E96-B3F4-83C2044252B7@cisco.com> <CABkgnnW71aGwgaX3oBYofQaHP7pFyyh9mGifXdFL=NYiJ+qfYw@mail.gmail.com> <3F737E1C-BBF9-4399-8B7D-B50FB4A2FFC0@cisco.com> <CABkgnnXq4fJf2dCTKaU_O1LLagVVKqnwnnLXS4ZmEwyH+5wKZQ@mail.gmail.com> <22027904-8F7D-4CB7-B002-39973D201D7A@cisco.com>
Date: Sat, 27 Jul 2013 08:47:33 -0700
Message-ID: <CABkgnnWsZ+BVqsW9QxcyBJCvRYipfq1-wKgePbsptHMX8otm5Q@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Dan Wing <dwing@cisco.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Security Architecture -07 review
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jul 2013 15:47:35 -0000
On 25 July 2013 17:34, Dan Wing <dwing@cisco.com> wrote: > We could envision a more sophisticated mechanism, based on lots of different criteria, where different public/private key pairs are used and where some are destroyed immediately after certain calls. For example, I might want to use a public/private key pair for all of my work calls and leave that static (as I want that identity to stick with me) but an ephemeral, one-time-only public/private key pair when not engaging in phone calls related to my work, such as calling my psychologist. I believe that we've (EKR and I, I don't know if this made it to meetings or lists) discussed the need for some application-level control over these credentials. I think that the idea was to allow sites to specify a credential key that would be used to index a table of credentials. Of course, every origin would have to use a different table, which could impose some storage requirements on the browser, requiring some sort or space management to avoid exploitation. By selecting a random credential key for each call (bear with me regarding terminology, I'm making this up as I go) a site could effectively create a new set of credentials for that call. Of course, the site could also choose to generate new credentials for every call to make it impossible (or at least very difficult) to audit calls made on that site, if that is something we cared about. I do think that in the absence of the identity provider system, that is the only advantage that DTLS-SRTP brings, so we'd have to be quite careful here. I don't know what the right answer is.
- [rtcweb] Security Architecture -07 review Martin Thomson
- Re: [rtcweb] Security Architecture -07 review Martin Thomson
- Re: [rtcweb] Security Architecture -07 review Dan Wing
- Re: [rtcweb] Security Architecture -07 review Martin Thomson
- Re: [rtcweb] Security Architecture -07 review Dan Wing
- Re: [rtcweb] Security Architecture -07 review Martin Thomson
- Re: [rtcweb] Security Architecture -07 review Dan Wing
- Re: [rtcweb] Security Architecture -07 review Martin Thomson