Re: Call for adoption - use case for "Trusted application, untrusted intermediary" from Sergio Garcia Murillo on 2018-11-28 (public-webrtc@w3.org from November 2018)

From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Date: Wed, 28 Nov 2018 10:09:18 +0100
To: Eric Rescorla <ekr@rtfm.com>
Cc: Nils Ohlmeier <nohlmeier@mozilla.com>, public-webrtc@w3.org
Message-ID: <5da12d88-4419-613a-a33c-a1ceae68e4ab@gmail.com>

On 28/11/2018 0:28, Eric Rescorla wrote:
>
>     No we aren't because it is a completely different scenario. Even
>     if the outher keys are compromising by using it in the app, the
>     inner dtls keys are not and on worst scenario we would be on same
>     scenario as what we are today in webrtc 1.0.
>
> It's a different scenario but the same reasoning applies: having the 
> JS (and more importantly, some intermediate server) creates a number 
> of vectors for passive attack. And because the data is in the clear at 
> the SFU, then you have the possibility for a completely passive 
> attack. This is one of the primary reasons why we required DTLS-SRTP 
> and not SDES for basic WebRTC.

JS can clone the media stream and just send the media to a rogue server, 
no need to worry about intercepting keys.

Best regards

Sergio

Received on Wednesday, 28 November 2018 09:06:08 UTC