Message info
To: From:Fabio Pietrosanti (naif) Subject:Re: [rtcweb] SRTP and "marketing" Date:Thu, 29 Mar 2012 08:27:19 +0200

On 3/29/12 7:42 AM, Roman Shpount wrote:
> I actually believe that if sufficient
> monitoring constraints are not build into a browser (not to record but
> at least to monitor who the browser is exchanging data with and using
> what protocols), WebRTC would be simply disabled in most enterprises as
> a security risk.

Your concern would be addressed by the use of SDES-SRTP rather than

SDES-SRTP would provide, in the context of WebRTC, the transport of SDES
key over HTTP(S) and so would let all existing methods for HTTP/HTTPS
inspection to works fine.

Technology for inspection of HTTP/HTTPS traffic already exists, are
widely deployed and so if we transport keying material over HTTP (with
SDES-SRTP), all Enterprises will already have their existing
infrastructure in-place.

Fabio Pietrosanti
Founder, CTO

Tel: +39 02 911930893 + ext: 907
Mobile: +39 340 1801049
Skype: fpietrosanti

PrivateWave Italia S.p.A.
Via Gaetano Giardino 1 - 20123 Milano - Italy
rtcweb mailing list