Re: [MMUSIC] The floodgates are open
Harald Alvestrand <harald@alvestrand.no> Mon, 15 October 2012 11:33 UTC
Return-Path: <harald@alvestrand.no>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22F9311E809B for <mmusic@ietfa.amsl.com>; Mon, 15 Oct 2012 04:33:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.336
X-Spam-Level:
X-Spam-Status: No, score=-110.336 tagged_above=-999 required=5 tests=[AWL=0.262, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9GD-Xl0d76aC for <mmusic@ietfa.amsl.com>; Mon, 15 Oct 2012 04:33:03 -0700 (PDT)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id BE75011E809A for <mmusic@ietf.org>; Mon, 15 Oct 2012 04:33:02 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 499C239E149 for <mmusic@ietf.org>; Mon, 15 Oct 2012 13:33:00 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09rxBRojt8IM for <mmusic@ietf.org>; Mon, 15 Oct 2012 13:32:59 +0200 (CEST)
Received: from hta-dell.lul.corp.google.com (unknown [IPv6:2620:0:1043:1:be30:5bff:fede:bcdc]) by eikenes.alvestrand.no (Postfix) with ESMTPSA id D45FD39E127 for <mmusic@ietf.org>; Mon, 15 Oct 2012 13:32:58 +0200 (CEST)
Message-ID: <507BF46A.7040400@alvestrand.no>
Date: Mon, 15 Oct 2012 13:32:58 +0200
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121011 Thunderbird/16.0.1
MIME-Version: 1.0
To: mmusic@ietf.org
References: <CABkgnnWSTDok4-48g-vFGM_zk0ykU-BvrOWfpffAfJeZd41EGA@mail.gmail.com> <CA+9kkMDau2CtFLUq34w1FZrX-MqcVqLV=3PTtfGSFFosBN_5CA@mail.gmail.com> <BLU402-EAS111872991D73BA79867F64893730@phx.gbl>
In-Reply-To: <BLU402-EAS111872991D73BA79867F64893730@phx.gbl>
Content-Type: multipart/alternative; boundary="------------090607070500010607000906"
Subject: Re: [MMUSIC] The floodgates are open
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Oct 2012 11:33:04 -0000
On 10/13/2012 02:44 AM, Bernard Aboba wrote:
> A receiver can stop responding to STUN binding requests. However, this will take a while to take effect and it is all or nothing. With a sender-based congestion control scheme there may not be a way for the receiver to indicate a limit, and even in a receiver-based scheme TMMBR messages aren't acknowledged.
For TMMBR, that's wrong - TMMBR messages are supposed to result in a
TMMBN being sent, even if the TMMBN shows a bandwidth that is not
affected by the TMMBR.
RFC 5104 section 4.2.2.2:
A TMMBN message SHALL be scheduled for transmission after the
reception of a TMMBR message with an FCI entry identifying this media
sender. Only a single TMMBN SHALL be sent, even if more than one
TMMBR message is received between the scheduling of the transmission
and the actual transmission of the TMMBN message. The TMMBN message
indicates the bounding tuples and their owners at the time of
transmitting the message.
But I'm not sure it matters in the scenario we're discussing.
Remember that the theory for voice hammer is that we're dealing with an adversary's Javascript running
in the sender's browser, but we're NOT dealing with a compromised browser (or the attacker could just send the
packets without bothering with any of this permission stuff).
If it's needed, it does show a requirement that we might want to carry through to RMCAT (that the recipient
will want to get an ack that the sender has agreed to abide by a certain bandwidth limit).
>
> On Oct 12, 2012, at 16:25, "Ted Hardie" <ted.ietf@gmail.com> wrote:
>
>> So, possibly I am completely misunderstanding the state of play here,
>> but I thought that we had come to the understanding that ICE gave you
>> a boolean consent *for the length of the consent freshness* (and that
>> we could (n theory, at least alter the length of the consent freshness
>> to handle the risk of voice-hammer style attacks). In other words,
>> that boolean exposes you to risk only for the time of the consent
>> freshness, not for all time, and this mitigated the risk sufficiently.
>>
>> What have I missed?
>>
>> Ted
>>
>> On Fri, Oct 12, 2012 at 2:59 PM, Martin Thomson
>> <martin.thomson@gmail.com> wrote:
>>> The consent that ICE provides is strictly Boolean.
>>>
>>> There is no way to distinguish between consent to receive 4kbps audio
>>> and 5Mbps video. This creates an exposure for services and endpoints
>>> that support receipt of media, in particular contact centres and other
>>> services that are necessarily open to incoming sessions by default.
>>>
>>> This working group has an analogous problem. The consent to entertain
>>> modifications to ICE did not stipulate any constraints on volume.
>>> Looking to exploit that shortcoming, Bernard and I have submitted a
>>> draft that addresses the protocol shortcoming:
>>>
>>> http://tools.ietf.org/html/draft-thomson-mmusic-rtcweb-bw-consent-00
>>> _______________________________________________
>>> mmusic mailing list
>>> mmusic@ietf.org
>>> https://www.ietf.org/mailman/listinfo/mmusic
>> _______________________________________________
>> mmusic mailing list
>> mmusic@ietf.org
>> https://www.ietf.org/mailman/listinfo/mmusic
> _______________________________________________
> mmusic mailing list
> mmusic@ietf.org
> https://www.ietf.org/mailman/listinfo/mmusic
- Re: [MMUSIC] The floodgates are open Martin Thomson
- [MMUSIC] The floodgates are open Martin Thomson
- Re: [MMUSIC] The floodgates are open Olivier CrĂȘte
- Re: [MMUSIC] The floodgates are open Ted Hardie
- Re: [MMUSIC] The floodgates are open Bernard Aboba
- Re: [MMUSIC] The floodgates are open Harald Alvestrand
- Re: [MMUSIC] The floodgates are open Martin Thomson
- Re: [MMUSIC] The floodgates are open Martin Thomson