Re: Off-topic: making WebRTC work in practice (Re: a brief pondering)

[Harald Alvestrand <harald@alvestrand.no>]

Since I've been part of almost every single one of the removals that 
Cullen refers to, it's no surprise that my perspective differs.

The push towards apps is, to my mind, mostly pushing towards *mobile* 
apps - they try to push users into the Android/IOS ecosystems because 
that's where most of the users are, and therefore most of the money is. 
On the desktop, the single vendor focusing near-exclusively on an app 
solution is Zoom.

Once you have a mobile-focused codebase, it is easy to come to depend on 
features (like, obviously, sending IP packets directly to your peer or 
other entities without going through WebRTC's protocol stack) that would 
be a security disaster if introduced into the Web ecosystem. (One can 
argue that they are a security disaster in the mobile-app ecosystem as 
well, but that's a different story.)

FWIW, the W3C has half a dozen extension documents to the WebRTC API.

That's where things are put while we try to make sure the core specs are 
in a state one can refer to as "stable" - which includes 
implementations, and yes, includes removing stuff that nobody's been 
able to show can be implemented in a browser. This is part of what the 
IETF process is supposed to do between "proposed standard" and 
"standard" (but rarely does).

The process of feature removal in no way blocks the implementation of 
new features. But the lack of a stable base specification is hampering 
(not blocking) the work of defining extensions.

Cluster 238 is eagerly awaited.

Harald


On 4/2/20 10:30 PM, Cullen Jennings wrote:
> Many of the things you need to do this were identified in developing WebRTC and put in specs. Many of them had the API in W3C specs that you need. But then the W3C marked them at risk because browser vendors did not implement them and removed them. Now if you write a patch to browser them implements them, they will not accept the patch because it is not in the spec.
>
> The net effect is what is possible in the browsers experience is just worse than what is possible with non browser clients (it did not need to be like this but it is). Because of this you see all the major meeting systems heavily push users towards using a downloaded client instead of the browser experience.
>
> The basic problem AFAIC is that at W3C, the browser have a defacto veto on anything so the API is not a negotiation between the the apps need and the browsers provide, it is more of a fait acompli of what Chrome is willing to provide. Anything chrome does not want to do, will effectively get removed from the spec because it will not have enough implementations. Once the app vendors realized that, most of them moved their focus outside of the browsers which is really unfortunate as the browsers protect the users from many security problems you are seeing today.
>
>> On Apr 1, 2020, at 5:53 AM, Carsten Bormann <cabo@tzi.org> wrote:
>>
>> In the university, a lot of WebRTC is using Jitsi as a tool.
>> This works mostly well, with occasional surprises.
>> What we could use now is a better way to diagnose these surprises.
>> This requires WebRTC knowledge that our IT people don’t have.
>> A WebRTC troubleshooting guide that I could point them to would be most helpful.
>> (Debugging and fixing Jitsi so it works reliably with both Firefox and Chrome would also help.)
>>
>> Grüße, Carsten
>>
>>
>>> On 2020-03-22, at 06:45, Carsten Bormann <cabo@tzi.org> wrote:
>>>
>>> On 2020-03-21, at 16:54, Livingood, Jason <Jason_Livingood@comcast.com> wrote:
>>>> what can this community (and similar/adjacent ones) do productively together to help
>>> The one thing that would be most useful for me right now would be a document with operational considerations for keeping WebRTC running (e.g., How not to mess it up with your firewall).
>>>
>>> Grüße, Carsten
>>>