Document Action: 'Web Real-Time Communication Use-cases and Requirements' to Informational RFC (draft-ietf-rtcweb-use-cases-and-requirements-16.txt)
The IESG <iesg-secretary@ietf.org> Fri, 23 January 2015 18:37 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEAD81A8702; Fri, 23 Jan 2015 10:37:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sn7xkITuNsJ5; Fri, 23 Jan 2015 10:37:17 -0800 (PST)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BAEF91A871D; Fri, 23 Jan 2015 10:37:14 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Document Action: 'Web Real-Time Communication Use-cases and Requirements' to Informational RFC (draft-ietf-rtcweb-use-cases-and-requirements-16.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 5.10.0.p8
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150123183714.27411.87824.idtracker@ietfa.amsl.com>
Date: Fri, 23 Jan 2015 10:37:14 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf-announce/IEqfqVDpzm9m3ametyqXI_p8mus>
Cc: rtcweb mailing list <rtcweb@ietf.org>, rtcweb chair <rtcweb-chairs@tools.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: ietf@ietf.org
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jan 2015 18:37:19 -0000
The IESG has approved the following document: - 'Web Real-Time Communication Use-cases and Requirements' (draft-ietf-rtcweb-use-cases-and-requirements-16.txt) as Informational RFC This document is the product of the Real-Time Communication in WEB-browsers Working Group. The IESG contact persons are Richard Barnes and Ben Campbell. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-rtcweb-use-cases-and-requirements/ Technical Summary This document discusses a number of usages of browser based real-time communication and data transfer capabilities and establish requirements for these usages. The document is intended to be used both in IETF and W3C during the development of the WebRTC specifications. Working Group Summary The document has been under development during a longer period and a larger number of use cases has been proposed then what is included in the document. These that have been included has been considered the most basic, most relevant to core functionality and without significant controversies. Document Quality There has been some concerns about the structure of the document, but the WG see no significant need to address this. The document is requested to be published as a documentation of the core consideration around usages that was of interest during the first part of the WebRTC work. The other expected usage of this document will be to analyze if the resulting protocol solution will enable the considered use cases. The document has been reviewed and commented on by a significant number of people within the WG, including persons active in the W3C WEBRTC WG. Personnel Magnus Westerlund is the Document Shepherd. Richard Barnes is the Responsible Area Director. RFC Editor Note One minor change to address Stephen's DISCUSS. OLD: A malicious web application might use the browser to perform Denial Of Service (DOS) attacks on NAT infrastructure, or on peer devices. Also, a malicious web application might silently establish outgoing, and accept incoming, streams on an already established connection. NEW: A malicious web application might use the browser to perform Denial Of Service (DOS) attacks on NAT infrastructure, or on peer devices. For example, a malicious web application might leak TURN credentials to unauthorized parties, allowing them to consume the TURN server's bandwidth. To address this risk, Web applications should be prepared to revoke TURN credentials and issue new ones. Also, a malicious web application might silently establish outgoing, and accept incoming, streams on an already established connection.