[AG-TECH] AG Security

S.Booth spb at epcc.ed.ac.uk
Fri Jul 19 09:00:09 CDT 2002


On Thu, 18 Jul 2002, Robert Olson wrote:

> this is exactly what happens now with the secure room. the venues server 
> distributes session keys to the media tools, which then use their own 
> encryption mechanisms (currently AES/Rijndael).
> 
> What makes use of the secure room somewhat cumbersome is the configuration 
> of the access list for the room (which is necessary to eliminate lurkers - 
> if there's no ACL, anyone could come in and be handed the encryption keys).
> 
> Making this process much more transparent is one of the goals we have for AG2.
> 
> --bob
> 
> At 12:58 PM 7/18/2002 -0600, Don Morton wrote:
> >Maybe I'm missing something, but RAT has an encryption feature
> >(which I've never tried).  Isn't it possible to just use this,
> >to at least minimize chances of audio being "snooped?"  Or
> >am I being grossly simplistic?? :)
> 

If you have an alternative method of key dissemenation (encrypted email
snail mail secure website etc). Both VIC and RAT allow you to type a
key-string into the
gui to enable encryption in any virtual venue not just a secure room. The
interesting thing is that video/audio streams using a different key (or
not encrypted at all) don't show up in rat/vic because they are discarded
as not being valid RTP packets.
The main pain with this process is that you have to enter a key for each
instance of rat/vic. 

Personally I don't like enforcing security by having ACLs on secure rooms. 
This implies that the encryption key is generated by the venues server and
we therefore have to trust the venues server (not that we don't trust you
but its the principle of the thing) An alternative model would be that the
meeting organiser generated a token for each expected participant
containing the encryption key and the time of the meeting. The token is
public key encrypted. These can then be stored on the venues server, sent
by email, stored on a public website whatever.

				Stephen
======================================================================
|epcc| Dr Stephen P Booth             Project Manager           |epcc|
|epcc| s.booth at epcc.ed.ac.uk          Phone 0131 650 5746       |epcc|
======================================================================





More information about the ag-tech mailing list