RTCWEB M. Kaufman Internet-Draft Skype Intended status: Standards Track June 30, 2011 Expires: January 1, 2012 Client Security User Interface Requirements for RTCWEB draft-kaufman-rtcweb-security-ui-00 Abstract This document calls for a requirement to be imposed on RTCWEB client user interfaces whereby the user may inspect the current media security status. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 1, 2012. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Kaufman Expires January 1, 2012 [Page 1] Internet-Draft Client Security UI for RTCWEB June 2011 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Security Inspector Requirements for Clients . . . . . . . . . . 3 3. Other Advantages . . . . . . . . . . . . . . . . . . . . . . . 4 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 4 Kaufman Expires January 1, 2012 [Page 2] Internet-Draft Client Security UI for RTCWEB June 2011 1. Introduction RTCWEB clients - including, but not limited to web browsers - should transmit and receive audio and video media over an encrypted channel whenever practical. It is important for a user to be able to determine the level of security provided for the currently-active media channel(s). This document provides a set of requirements that - if implemented - provide the user with that ability. 2. Security Inspector Requirements for Clients A client MUST provide a user interface through which a user may determine the security characteristics for the currently-audible audio stream(s). A client MUST provide a user interface through which a user may determine the security characteristics for currently-visible video stream(s). A client MUST provide a user interface through which a user may determine the security characteristics for transmissions of their microphone audio. A client MUST provide a user interface through which a user may determine the security characteristics for transmissions of their camera video. The "security characteristics" MUST include an indication as to whether or not the transmission is encrypted, and if so, a brief description of the cipher in use. (For example: "AES-CBC" or "Null Cipher".) If the transmission is encrypted, the "security characteristics" MUST include an indication as to the source of the keying material, particularly whether the keying material was delivered out-of-band (from a server) or was generated as a result of a pairwise negotiation. If possible for the cryptosystem in use, the "security characteristics" MUST include information regarding the authenticity of the far station identity. (For example, in the case of a self- signed certificate with RSA key the contents of the certificate and the key fingerprint.) If possible for the cryptosystem in use, the "security characteristics" SHOULD include a Short Authentication String which may be used by the user to authenticate the far station identity and Kaufman Expires January 1, 2012 [Page 3] Internet-Draft Client Security UI for RTCWEB June 2011 keying integrity (specifically, the presence or lack of a man-in-the- middle that may be in collusion with the service provider to attempt to bypass authentication tests) by communicating this string out-of- band with the far party. If the transmission is encrypted, the "security characteristics" SHOULD indicate whether or not the keying algorithm is able to provide perfect forward secrecy. In the case of a web browser client, the "display of security characteristics" MUST take the form of an inspection panel or dialog provided by the browser chrome, as any user interface rendered in- browser cannot be sufficiently trusted. 3. Other Advantages In addition to the security advantages provided to users, this requirement will simplify debugging, particularly when building interoperable clients. 4. Security Considerations These requirements enhance the communication security experienced by "interested users", that is to say users who are sufficiently careful that they utilize these mechanisms to actually inspect the security of their communications. Like the ability to inspect SSL certificates for HTTPS/TLS connections, this ability is of little use to those who do not actively choose to use it, but is critical to a subset of the user population. Author's Address Matthew Kaufman Skype 3210 Porter Drive Palo Alto, California 95060 US Phone: +1 831 440 8771 Email: matthew.kaufman@skype.net Kaufman Expires January 1, 2012 [Page 4]