Re: [rtcweb] Security issue: consent refresh
Randell Jesup <randell-ietf@jesup.org> Tue, 01 November 2011 17:56 UTC
Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADCB71F0C75 for <rtcweb@ietfa.amsl.com>; Tue, 1 Nov 2011 10:56:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[AWL=0.048, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZTta8TbZqgvk for <rtcweb@ietfa.amsl.com>; Tue, 1 Nov 2011 10:56:10 -0700 (PDT)
Received: from r2-chicago.webserversystems.com (r2-chicago.webserversystems.com [173.236.101.58]) by ietfa.amsl.com (Postfix) with ESMTP id EF5071F0C3B for <rtcweb@ietf.org>; Tue, 1 Nov 2011 10:56:09 -0700 (PDT)
Received: from pool-173-49-135-74.phlapa.fios.verizon.net ([173.49.135.74] helo=[192.168.1.12]) by r2-chicago.webserversystems.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <randell-ietf@jesup.org>) id 1RLIVx-0007q7-2n for rtcweb@ietf.org; Tue, 01 Nov 2011 12:52:45 -0500
Message-ID: <4EB031DC.5000909@jesup.org>
Date: Tue, 01 Nov 2011 13:52:28 -0400
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <3FACD0E9-449A-4897-8997-F76B5A41A34E@acmepacket.com>, <4EAA7B02.4010400@ericsson.com>, <2308DE02-0E63-4CCF-8889-F2E79204C7AF@acmepacket.com> <BLU152-W43CF37AEAAABA865489C1393D60@phx.gbl> <4EB00369.3020908@ericsson.com>
In-Reply-To: <4EB00369.3020908@ericsson.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r2-chicago.webserversystems.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jesup.org
X-Source:
X-Source-Args:
X-Source-Dir:
Subject: Re: [rtcweb] Security issue: consent refresh
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2011 17:56:10 -0000
On 11/1/2011 10:34 AM, Magnus Westerlund wrote: > However, we still have a pretty big issue to figure out when it comes to > legacy devices and that is congestion/rate control. We are going to need > it, and I really wonder if we can make exceptions to this at all. And if > the legacy device don't implement even basic RTCP then this is a real > issue. > > We added some text in the new version of WebRTC's usage of RTP document. > https://datatracker.ietf.org/doc/draft-ietf-rtcweb-rtp-usage/ > > 8.3. Legacy Interop Limitations > > Congestion control interoperability with most type of legacy devices, > even using an translator could be difficult. There are numerous > reasons for this: > > No RTCP Support: There exist legacy implementations that does not > even implement RTCP at all. Thus no feedback at all is provided. Typically these devices aren't using codecs that can be throttled, so lack of congestion control doesn't really matter here. (G.711, G.729, etc). In theory you could switch codecs to a supported-but-lower-bandwidth codec, of course, but there would be no way to tell them to switch. Effectively you're talking to a non-CC device; it will work or it won't. I've never seen a 2-way video endpoint that didn't support RTCP in some way (though some are broken in odd ways) - they might exist, but I haven't seen one. > RTP/AVP Minimal RTCP Interval of 5s: RTP [RFC3550] under the RTP/AVP > profile specifies a recommended minimal fixed interval of 5 > seconds. Sending RTCP report blocks as seldom as 5 seconds makes > it very difficult for a sender to use these reports and react to > any congestion event. Congestion control based on AVP RTCP reports is possible, but with a very slow convergence time and unclear fairness results. It does "work" in practice if not over-stressed. I used such algorithms in the past for interop with "standard" videophones and endpoints (while operating my device in AVPF mode). Such algorithms are likely significantly unfair in practice, though they may be fair "on average". Congestion control here is more useful as a way to provide adaptation to link bandwidth for a single application than to provide sharing of a link. > RTP/AVP Scaled Minimal Interval: If a legacy device uses the scaled > minimal RTCP compound interval, the "RECOMMENDED value for the > reduced minimum in seconds is 360 divided by the session bandwidth > in kilobits/second" ([RFC3550], section 6.2). The minimal > interval drops below a second, still several times the RTT in > almost all paths in the Internet, when the session bandwidht > becomes 360 kbps. A session bandwidth of 1 Mbps still has a > minimal interval of 360 ms. Thus, with the exception for rather > high bandwidth sessions, getting frequent enough RTCP Report > Blocks to report on the order of the RTT is very difficult as long > as the legacy device uses the RTP/AVP profile. This is in most cases much better than AVP timings, though not good. "Typical" usages might yield 300-1500ms RTCP intervals (much better than 5000ms avg.) > RTP/AVPF Supporting Legacy Device: If a legacy device supports RTP/ > AVPF, then that enables negotation of important parameters for > frequent reporting, such as the "trr-int" parameter, and the > possibility that the end-point supports some useful feedback > format for congestion control purpose such as TMMBR [RFC5104]. Even without TMMBR, a RR-based CC algorithm with a fairly fast reporting interval should be able to provide some level of fairness and quick response (though far worse delay control). > It has been suggested on the RTCWEB mailing list that if > interoperating with really limited legacy devices an WebRTC end-point > may not send more than 64 kbps of media streams, to avoid it causing > massive congestion on most paths in the Internet when communicating > with a legacy node not providing sufficient feedback for effective > congestion control. This warrants further discussion as there is > clearly a number of link layers that don't even provide that amount > of bit-rate consistently, and that assumes no competing traffic. > > We need to discuss if there is a reasonable way to resolve this or if > this puts as strict or even stricter requirements then to support ICE. -- Randell Jesup randell-ietf@jesup.org
- [rtcweb] Security issue: consent refresh Hadriel Kaplan
- Re: [rtcweb] Security issue: consent refresh Magnus Westerlund
- Re: [rtcweb] Security issue: consent refresh Hadriel Kaplan
- Re: [rtcweb] Security issue: consent refresh Bernard Aboba
- Re: [rtcweb] Security issue: consent refresh Magnus Westerlund
- Re: [rtcweb] Security issue: consent refresh Randell Jesup