[MMUSIC] New Liaison Statement, "W3C WEBRTC WG to IETF MMUSIC WG"

Liaison Statement Management Tool <lsmt@ietf.org> Mon, 03 April 2017 15:30 UTC

Return-Path: <lsmt@ietf.org>
X-Original-To: mmusic@ietf.org
Delivered-To: mmusic@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C023F129408; Mon, 3 Apr 2017 08:30:36 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Liaison Statement Management Tool <lsmt@ietf.org>
To: "Flemming Andreasen" <fandreas@cisco.com>, "Bo Burman" <bo.burman@ericsson.com>
Cc: Adam Roach <adam@nostrum.com>, Flemming Andreasen <fandreas@cisco.com>, Ben Campbell <ben@nostrum.com>, stefhak@gmail.com, Bo Burman <bo.burman@ericsson.com>, Alexey Melnikov <aamelnikov@fastmail.fm>, alvestrand@gmail.com, Multiparty Multimedia Session Control Discussion List <mmusic@ietf.org>, bernard.aboba@gmail.com
X-Test-IDTracker: no
X-IETF-IDTracker: 6.49.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <149123343669.13157.18402606352918183703.idtracker@ietfa.amsl.com>
Date: Mon, 03 Apr 2017 08:30:36 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/z-BjKpQpjrHq6RBKlc1gY14mpoQ>
Subject: [MMUSIC] New Liaison Statement, "W3C WEBRTC WG to IETF MMUSIC WG"
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Apr 2017 15:30:37 -0000

Title: W3C WEBRTC WG to IETF MMUSIC WG
Submission Date: 2017-04-03
URL of the IETF Web page: https://datatracker.ietf.org/liaison/1511/
Please reply by 2017-04-16
From: Bernard Aboba <bernard.aboba@gmail.com>
To: Flemming Andreasen <fandreas@cisco.com>,Bo Burman <bo.burman@ericsson.com>
Cc: Adam Roach <adam@nostrum.com>,Flemming Andreasen <fandreas@cisco.com>,Ben Campbell <ben@nostrum.com>,Bo Burman <bo.burman@ericsson.com>,Alexey Melnikov <aamelnikov@fastmail.fm>,Multiparty Multimedia Session Control Discussion List <mmusic@ietf.org>
Response Contacts: bernard.aboba@gmail.com, alvestrand@gmail.com, stefhak@gmail.com
Technical Contacts: 
Purpose: For action

Body: Colleagues:

In the W3C WEBRTC WG, an issue has been submitted relating to playout of unverified media:
https://github.com/w3c/webrtc-pc/issues/849

It has been suggested that if the browser is configured to do so, that playout be allowed for a limited period
(e.g. 5 seconds) prior to fingerprint verification:
https://github.com/w3c/webrtc-pc/pull/1026

Section 6.2 of draft-ietf-mmusic-4572-update-13 contains the following text, carried over from RFC 4572:

Note that when the offer/answer model is being used, it is possible
for a media connection to outrace the answer back to the offerer.
Thus, if the offerer has offered a 'setup:passive' or 'setup:actpass'
role, it MUST (as specified in RFC 4145 [7]) begin listening for an
incoming connection as soon as it sends its offer. However, it MUST
NOT assume that the data transmitted over the TLS connection is valid
until it has received a matching fingerprint in an SDP answer. If
the fingerprint, once it arrives, does not match the client's
certificate, the server endpoint MUST terminate the media connection
with a bad_certificate error, as stated in the previous paragraph.

Given the outstanding issue relating to handling of unverified media, the Chairs of the W3C WEBRTC WG
would like to request clarification from the IETF MMUSIC WG as to the meaning of the "MUST NOT" in the
above paragraph. In particular, what is it permitted for a WebRTC implementation to do with received data prior
to verification? For example:

1. May data received over the data channel be provided to the web application prior to verification?
2. May received media be played out prior to verification?
Attachments:

    webrtc-liason-to-mmusic copy.pdf
    https://www.ietf.org/lib/dt/documents/LIAISON/liaison-2017-04-03-w3c-webrtc-mmusic-w3c-webrtc-wg-to-ietf-mmusic-wg-attachment-1.pdf