Message info
 
To: From:Fabio Pietrosanti (naif) Subject:Re: [rtcweb] SRTP and "marketing" Date:Thu, 29 Mar 2012 08:27:19 +0200
 

On 3/29/12 7:42 AM, Roman Shpount wrote:
> I actually believe that if sufficient
> monitoring constraints are not build into a browser (not to record but
> at least to monitor who the browser is exchanging data with and using
> what protocols), WebRTC would be simply disabled in most enterprises as
> a security risk.

Your concern would be addressed by the use of SDES-SRTP rather than
DTLS-SRTP.

SDES-SRTP would provide, in the context of WebRTC, the transport of SDES
key over HTTP(S) and so would let all existing methods for HTTP/HTTPS
inspection to works fine.

Technology for inspection of HTTP/HTTPS traffic already exists, are
widely deployed and so if we transport keying material over HTTP (with
SDES-SRTP), all Enterprises will already have their existing
infrastructure in-place.


--
Fabio Pietrosanti
Founder, CTO

Tel: +39 02 911930893 + ext: 907
Mobile: +39 340 1801049
E-mail: fabio.pietrosanti@privatewave.com
Skype: fpietrosanti
Linkedin: http://linkedin.com/in/secret

PrivateWave Italia S.p.A.
Via Gaetano Giardino 1 - 20123 Milano - Italy
www.privatewave.com
_______________________________________________
rtcweb mailing list
rtcweb@ietf.org
https://www.ietf.org/mailman/listinfo/rtcweb