Opened 8 years ago

Closed 8 years ago

#30 closed defect (fixed)

Wiretapping

Reported by: bernard_aboba@… Owned by: draft-ietf-rtcweb-use-cases-and-requirements@…
Priority: critical Milestone: milestone1
Component: use-cases-and-requirements Version: 1.0
Severity: In WG Last Call Keywords:
Cc:

Description

In several sections of the document, the phrase "It is essential
that the communication cannot be wiretapped [RFC2804]" is used.
The phrase is used in Sections 3.2.1.1, 3.2.11.1, 3.2.12.1, 3.2.13.1,
3.3.1.1 and 3.2.3.1, but not in 3.2.14.1 (which also does not
reference F20).

Given the recent revelations, and the discussion of SRTP/SDES at
IETF 87, I would suggest the following:

  1. Use of more precise terminology than what is in F20. For example,

I think what we are asking for in many of the F20 scenarios is
per-packet encryption and integrity protection of media,
utilizing keys known only by the endpoints, as well as support
for perfect forward secrecy.

  1. Inclusion of a reference to F20 in Section 3.2.14.1 (Distributed

Music Band). Not sure why protection against snooping wouldn't be
relevant in this use case (there are countries where musicians
have been severely punished).

  1. Consideration of the requirement in gateway scenarios. For gateway scenarios such as 3.3.1.1, the e2e key management

requirement probably isn't realistic, so maybe we need to
just cite F35/F36 for that case.

Change History (2)

comment:1 Changed 8 years ago by bernard_aboba@…

  • Component changed from rtp-usage to use-cases-and-requirements

comment:2 Changed 8 years ago by bernard_aboba@…

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.