[liberationtech] RTCWEB and secure multimedia communication on the web.
Gregory Maxwell
gmaxwell at gmail.com
Fri Mar 23 11:26:53 PDT 2012
On Fri, Mar 23, 2012 at 2:16 PM, Fabio Pietrosanti (naif)
<lists at infosecurity.ch> wrote:
>> The head of the most recent discussion is at:
>> http://www.ietf.org/mail-archive/web/rtcweb/current/msg03526.html
>
> Are there any specific reason for which they suggested SRTP-DTLS vs
> SRTP-ZRTP as a key exchange system?
One argument I've seen is that users won't bother with the ZRTP
authentication string. But I think it's also partially cultural
inertia (the IETF likes TLS a lot) and part
things-which-have-been-implemented, too.
See also: http://tools.ietf.org/html/draft-ietf-rtcweb-security-02
I'm not personally all that keen on DTLS— but I think this is an
actual case where the details don't matter much. If the API (which
can always be extended later) can give you a value derived from the
ephemeral session keys (e.g. a hash of the session key) you can do
ZRTP style mutual auth yourself in the web application for improve
MITM resistance that doesn't depend on trustworthy central
authorities— while keeping the same compatible (and externally
indistinguishable) always secure layer.
Moreover, the future argument for security in the protocols are all
much easier when you're only arguing over the details among secure
protocols. The big step is getting the traffic encrypted and
authenticated at all.
More information about the liberationtech
mailing list