IETF Logo Mail Archive

Re: Off-topic: making WebRTC work in practice (Re: a brief pondering)

Phillip Hallam-Baker <phill@hallambaker.com> Mon, 06 April 2020 03:21 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4ABD3A0D03 for <ietf@ietfa.amsl.com>; Sun, 5 Apr 2020 20:21:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.644
X-Spam-Level:
X-Spam-Status: No, score=-1.644 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ofkb_68JWmG for <ietf@ietfa.amsl.com>; Sun, 5 Apr 2020 20:21:23 -0700 (PDT)
Received: from mail-ot1-f47.google.com (mail-ot1-f47.google.com [209.85.210.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 281393A0D04 for <ietf@ietf.org>; Sun, 5 Apr 2020 20:21:23 -0700 (PDT)
Received: by mail-ot1-f47.google.com with SMTP id a6so13862623otb.10 for <ietf@ietf.org>; Sun, 05 Apr 2020 20:21:23 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5JmD0R0innrXrrEsoVNaWLUxlENNRzNLwIYtpF1sW7o=; b=IZymOT6Tn4BNrJojmK5KPymKe0DXPduj20YaKI85/voK2+M9XMf7bzFqQern/1vHZ9 ALLkm+VJQiVgos9AZ8AZmEkIrH8jRBioxKCAV8qf3K+xrBtDFCgZZdjHGgqLYu8+JKQ4 Y2GtlFRS1AkBomyMLUbo19u5KXwC49fgl/lnp29UCGamD/okmVXIZEBV0GAzJ57SGO1v sJXv0bGnQz0ohQOTk+lW9z7+gYAuzaqXtp8EfibC46Gd9BzpKJu3dVtgbc6nYXh05NWo lOwekpiyEGki1WnLDWm3A1JlRZLpPOyxiy7hyf5ELr3va+qYNiP8VxKkb2RU9sIbaHpA 4PbA==
X-Gm-Message-State: AGi0PuYIc8tCY1iYRYa99GbxXB4j/TB4ClavMnUCnUagbWSHnqYRWG1R sbYc1vFwW79+vI2DdpANr6oO/p4l+qL5oGOMXPar5ARE
X-Google-Smtp-Source: APiQypL8iUJZPYpSRzMBTaBJgOzNTx9EHVvZKkO0fLNMF4xUr0l3mvQF96SThyftdV7AE6Tl8eDr7skagt7FGGSg+Do=
X-Received: by 2002:a4a:e144:: with SMTP id p4mr15824186oot.55.1586143282345; Sun, 05 Apr 2020 20:21:22 -0700 (PDT)
MIME-Version: 1.0
References: <fd6b7ee2-cdbe-14a1-0087-ce61282b22f6@lear.ch> <29D0DCA7-1D72-428F-A6DD-05511D90C039@cable.comcast.com> <31A798F0-9DE0-4231-A768-76BA9A1A2180@tzi.org> <E1FD746D-0BCD-4ECC-BB9B-75DFA05AA9DC@tzi.org> <C9836670-02D6-4A01-8BD2-9F7FDBC990E5@iii.ca> <cce76641-a2d9-a3d6-4d59-55cf2ca31abe@alvestrand.no> <20200405164223.GS88064@kduck.mit.edu> <8EAE0555-F97E-4EFC-A99B-A8F0113C5FA9@gmail.com> <014901d60b9f$ebf75990$c3e60cb0$@acm.org> <37688278-b70e-e10d-1aea-cfa3dfa81334@network-heretics.com>
In-Reply-To: <37688278-b70e-e10d-1aea-cfa3dfa81334@network-heretics.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Sun, 05 Apr 2020 23:21:11 -0400
Message-ID: <CAMm+LwiiNY=skFAgqAVnybHBLoKssyXgCFuVCrmdck5eMsM_iA@mail.gmail.com>
Subject: Re: Off-topic: making WebRTC work in practice (Re: a brief pondering)
To: Keith Moore <moore@network-heretics.com>
Cc: IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e838e205a296c2db"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/jiu748SyGMl9EzCvpV79U_DNJEc>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2020 03:21:25 -0000

On Sun, Apr 5, 2020 at 7:21 PM Keith Moore <moore@network-heretics.com>
wrote:

> On 4/5/20 7:14 PM, Larry Masinter wrote:
>
> > There should be no benefit to native app except for vendor lock-in.
>
> Well, don't discount vendor lock-in.   But of course if the app can
> communicate directly between peers, whereas the browser cannot, that
> consumes fewer resources than routing the traffic through the vendor's
> servers, and likely provides better service to users also.   An app is
> also better positioned to act as spyware.
>

I did some of that Web stuff back in the day. I was even the first person
to write a WebMail server. But really, why are we trying to run everything
through one client stack? And in particular one with roughly four UNIX-es
worth of complexity in it at this point?

Proprietary apps do provide an opportunity to load malware. But ever since
JavaScript was added into the Web without any thought for the security
consequences, the Browser is hardly better in that respect.

I would much rather it was possible to do my email, social media and
conferencing through a single app that was not the same app as my Web
browser. I don't want my contacts information to share an address space
with active code from a Web site. I don't want my private keys or my
plaintext messages sharing context either.

We need an open standard for such a client. Because that is the only way
users can be assured the client they are downloading hasn't got a backdoor.
It isn't a perfect guarantee but it is better than the situation I have now
where my messaging provider reconfigures its app every ten days or so.
Being forced to install code updates from a single source is a security
risk in itself. And don't tell me that frequent updates are necessary for
security, if the code is so buggy it has to have an urgent security patch
more than once a month, you are doing it wrong.

v2.23.0 | Report a Bug | By Email