RTCWEB Media Privacy draftjohnstonrtcwebmediaprivacy00 Alan Johnston alan b

RTCWEB Media Privacy draft-johnston-rtcweb-media-privacy-00 Alan Johnston <alan. b. johnston@gmail. com> Phil Zimmermann <prz@mit. edu> June 8, 2011 RTCWEB WG Virtual Interim 1

Is Media Privacy Important? • Assumptions: – RTCWEB signaling may not be standardized – RTCWEB media will be transported using RTP – RTCWEB media security provided by SRTP • Media privacy is all about key management • Both browsers need SRTP keys • In some cases, web servers need SRTP keys – If providing media services • Should RTCWEB browser users have any expectations of media privacy? • If so, we must choose key management carefully June 8, 2011 RTCWEB WG Virtual Interim 2

Media Privacy Approaches • SDES – SRTP keys shared with web server over signaling channel – If sent over encrypted channel, provides privacy against some attackers, but key is known to web server and anything that logs web traffic • DTLS-SRTP – DTLS handshake in media path generates SRTP keys – Authentication of handshake done via PKI or exchange of key fingerprint over an integrity protected signaling channel – Integrity protected signaling channels not available for SIP, and RTCWEB may not even standardize signaling • ZRTP – Performs Diffie-Hellman key agreement in media path to generate SRTP keys, no reliance on signaling channel – Authentication done using key continuity with the opportunity for users to compare Short Authentication Strings June 8, 2011 RTCWEB WG Virtual Interim 3

Next Steps • WG interest in further investigation of media privacy for RTCWEB? June 8, 2011 RTCWEB WG Virtual Interim 4