Re: [rtcweb] Requiring ICE for RTC calls

Tim Panton <tim@phonefromhere.com> Tue, 27 September 2011 20:54 UTC

Return-Path: <tim@phonefromhere.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B957221F8F22 for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 13:54:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.751
X-Spam-Level:
X-Spam-Status: No, score=-1.751 tagged_above=-999 required=5 tests=[AWL=-0.848, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, MIME_QP_LONG_LINE=1.396]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rlOSd+t57WoQ for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 13:54:20 -0700 (PDT)
Received: from zimbra.westhawk.co.uk (zimbra.westhawk.co.uk [192.67.4.167]) by ietfa.amsl.com (Postfix) with ESMTP id 13C0321F8EE5 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 13:54:20 -0700 (PDT)
Received: from [192.168.0.103] (udp089063uds.ucsf.edu [169.230.111.60]) by zimbra.westhawk.co.uk (Postfix) with ESMTP id 99D2137A902; Tue, 27 Sep 2011 22:09:54 +0100 (BST)
References: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com> <CAD6AjGSmz5T_F+SK2EoBQm6T-iRKp7dd4j8ZAF5JKdbbyomZQA@mail.gmail.com> <CALiegfmO54HC+g9L_DYn4jtXAAbLEvS++qxKa6TNrLDREs9SeA@mail.gmail.com> <4E80984A.903@skype.net> <CALiegfmyvTb57WVooKryS-ubfcg+w5gZ+zfO1zzBLn3609AzaA@mail.gmail.com> <4E809EE6.2050702@skype.net> <2E239D6FCD033C4BAF15F386A979BF510F1087@sonusinmail02.sonusnet.com> <BLU152-W62B7F2AC3F0D5B6E277CB993F00@phx.gbl> <CAD5OKxt=P3jg9N0weFUZLvUYQxyeXa+9YMtpc8wn7osuPQmTpg@mail.gmail.com> <CAD5OKxtVCgiFV_iAYd1w0uZZcS5+gsixOHJ0jGN=0CMdq++kdg@mail.gmail.com> <84254826-C357-4FB5-810D-C453A2D1304C@phonefromhere.com> <CAD5OKxt1mn-pcWW01a1wT0yCToaL1NL5Fjt-NJbJYmx=Ygrk6Q@mail.gmail.com> <BLU152-W641047D45C0DF6A490EEF193F00@phx.gbl> <CAD5OKxtC+7oBe5Y+EGhX7f0SneGEmW0YoM9sPSXoRFjBxq0F4A@mail.gmail.com> <69C442D8-0B6E-4EC8-814E-52CDC8DB578B@edvina.net> <CALiegf=E+1m6YpOSeG9bBOwmw8T7X5hp+TE+HmvuXGHzxtSdYg@mail.gmail.com>
In-Reply-To: <CALiegf=E+1m6YpOSeG9bBOwmw8T7X5hp+TE+HmvuXGHzxtSdYg@mail.gmail.com>
Mime-Version: 1.0 (iPhone Mail 8J2)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=utf-8
Message-Id: <899FDFD0-F5FD-4C74-8DE9-4484AA131FE1@phonefromhere.com>
X-Mailer: iPhone Mail (8J2)
From: Tim Panton <tim@phonefromhere.com>
Date: Tue, 27 Sep 2011 13:56:57 -0700
To: =?utf-8?Q?I=C3=B1aki_Baz_Castillo?= <ibc@aliax.net>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Requiring ICE for RTC calls
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2011 20:54:20 -0000

Sent from my iPhone

On 27 Sep 2011, at 13:27, Iñaki Baz Castillo <ibc@aliax.net> wrote:

> 2011/9/27 Olle E. Johansson <oej@edvina.net>et>:
>> Sometimes we need to move forward. After many years of insecure calls having
>> issues with traversing NATs everywhere, I think enough is enough and it's
>> time to provide a better solution.
> 
> I also agree. The IETF has produced lot of security specifications for
> SIP but vendors have implemented nothing (or just a few of them).
> 
> SIP is mostly deployed in islands, and each island defines its own
> security constrains (usually no security at all as the island itself
> is a secure wallen garden). Rtcweb is like a new island (a very big
> island), and it will also become the island with major number of
> malicious users and site providers. So let's add all the security
> constrains we can in order to make it secure.
> 
> Legacy SIP vendors/providers/manufactures should react if they want to
> offer services on top of rtcweb.
> 
> -- 
> Iñaki Baz Castillo

But it is worth remembering that many of those SIP deployments have the phones on a separate (V)LAN from which the browsers would be firewalled. So it wouldn't be a simple drop in case even if the browser did have a 100% SIP deskphone emulation. 

Tim.