Re: [MMUSIC] The floodgates are open
Ted Hardie <ted.ietf@gmail.com> Fri, 12 October 2012 23:25 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F20F521F86DF for <mmusic@ietfa.amsl.com>; Fri, 12 Oct 2012 16:25:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.512
X-Spam-Level:
X-Spam-Status: No, score=-3.512 tagged_above=-999 required=5 tests=[AWL=0.087, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rGMR5CFUuJ+a for <mmusic@ietfa.amsl.com>; Fri, 12 Oct 2012 16:25:56 -0700 (PDT)
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 638D521F86D0 for <mmusic@ietf.org>; Fri, 12 Oct 2012 16:25:56 -0700 (PDT)
Received: by mail-vb0-f44.google.com with SMTP id fc26so3984173vbb.31 for <mmusic@ietf.org>; Fri, 12 Oct 2012 16:25:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=QFbILGa4ThOc78T+zAdDYELJF07NwEVfzBxgvyEnATk=; b=TlMPWti+8zkU/OzNraWdOtvr1jC8uMxv6DMT3gRRLtPuxJUh2xP6G/WmWGb+YOEcf6 ubOTD1wTVHrG/jUtHQaa310DUb4pwyeM8Q6gonzTsO2iYWNx06Ey/Q+bMBOkgSQik0j2 fVZMz/gY5kV6pLUxWieFhrEj9TdbKpEAAssIru0YQwhFDyGbi314SwiWfNNfCaZZ2lvT 657BMhjIPYbTCSxK59IXANs0FeIqLWoQbvwBV7IaBNJ460qr57cWjtERJKr2rlW6XYV6 uqTWS4v/rNacAzh012mEfirfUWHnP0HoFWkZPq+uLKjxnvFVRIXNfoO2H+EYj0oOv3l4 zbJQ==
MIME-Version: 1.0
Received: by 10.220.238.148 with SMTP id ks20mr3361534vcb.5.1350084355738; Fri, 12 Oct 2012 16:25:55 -0700 (PDT)
Received: by 10.58.245.39 with HTTP; Fri, 12 Oct 2012 16:25:55 -0700 (PDT)
In-Reply-To: <CABkgnnWSTDok4-48g-vFGM_zk0ykU-BvrOWfpffAfJeZd41EGA@mail.gmail.com>
References: <CABkgnnWSTDok4-48g-vFGM_zk0ykU-BvrOWfpffAfJeZd41EGA@mail.gmail.com>
Date: Fri, 12 Oct 2012 16:25:55 -0700
Message-ID: <CA+9kkMDau2CtFLUq34w1FZrX-MqcVqLV=3PTtfGSFFosBN_5CA@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "mmusic@ietf.org" <mmusic@ietf.org>
Subject: Re: [MMUSIC] The floodgates are open
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Oct 2012 23:25:57 -0000
So, possibly I am completely misunderstanding the state of play here, but I thought that we had come to the understanding that ICE gave you a boolean consent *for the length of the consent freshness* (and that we could (n theory, at least alter the length of the consent freshness to handle the risk of voice-hammer style attacks). In other words, that boolean exposes you to risk only for the time of the consent freshness, not for all time, and this mitigated the risk sufficiently. What have I missed? Ted On Fri, Oct 12, 2012 at 2:59 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > The consent that ICE provides is strictly Boolean. > > There is no way to distinguish between consent to receive 4kbps audio > and 5Mbps video. This creates an exposure for services and endpoints > that support receipt of media, in particular contact centres and other > services that are necessarily open to incoming sessions by default. > > This working group has an analogous problem. The consent to entertain > modifications to ICE did not stipulate any constraints on volume. > Looking to exploit that shortcoming, Bernard and I have submitted a > draft that addresses the protocol shortcoming: > > http://tools.ietf.org/html/draft-thomson-mmusic-rtcweb-bw-consent-00 > _______________________________________________ > mmusic mailing list > mmusic@ietf.org > https://www.ietf.org/mailman/listinfo/mmusic
- Re: [MMUSIC] The floodgates are open Martin Thomson
- [MMUSIC] The floodgates are open Martin Thomson
- Re: [MMUSIC] The floodgates are open Olivier CrĂȘte
- Re: [MMUSIC] The floodgates are open Ted Hardie
- Re: [MMUSIC] The floodgates are open Bernard Aboba
- Re: [MMUSIC] The floodgates are open Harald Alvestrand
- Re: [MMUSIC] The floodgates are open Martin Thomson
- Re: [MMUSIC] The floodgates are open Martin Thomson