Re: [rtcweb] A plea for simplicity, marketability - and... who are we designing RTCWEB for?
Iñaki Baz Castillo <ibc@aliax.net> Thu, 20 October 2011 15:57 UTC
Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A900621F8C92 for <rtcweb@ietfa.amsl.com>; Thu, 20 Oct 2011 08:57:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.632
X-Spam-Level:
X-Spam-Status: No, score=-2.632 tagged_above=-999 required=5 tests=[AWL=0.045, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ys7Z9S1oz51I for <rtcweb@ietfa.amsl.com>; Thu, 20 Oct 2011 08:57:37 -0700 (PDT)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 2ABAE21F8C7D for <rtcweb@ietf.org>; Thu, 20 Oct 2011 08:57:37 -0700 (PDT)
Received: by vcbfo1 with SMTP id fo1so3117304vcb.31 for <rtcweb@ietf.org>; Thu, 20 Oct 2011 08:57:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.155.81 with SMTP id r17mr586040vcw.6.1319126256576; Thu, 20 Oct 2011 08:57:36 -0700 (PDT)
Received: by 10.220.118.143 with HTTP; Thu, 20 Oct 2011 08:57:36 -0700 (PDT)
In-Reply-To: <CAD5OKxtLZvEc6DyVqJmf8dMvao2=EJdSUBdRBpu-_BViFKwBFw@mail.gmail.com>
References: <9C8CA816-65FB-41A0-999C-4C43128CAAB4@danyork.org> <BLU152-W43CB8DACCEA54AA5558B2493EA0@phx.gbl> <E857C96A-0E73-486F-BF23-36BA897B449C@cisco.com> <BLU152-W19B31DA6C6DB2FE60FC51C93EB0@phx.gbl> <CABcZeBNbSk-4kfzNtXUSnFMhkcockTXudAYzEET30a0v+-kxBA@mail.gmail.com> <CAD5OKxtLZvEc6DyVqJmf8dMvao2=EJdSUBdRBpu-_BViFKwBFw@mail.gmail.com>
Date: Thu, 20 Oct 2011 17:57:36 +0200
Message-ID: <CALiegf=NZOV0Wx6vLzfpZ3gNQLYHAxftRMLiTzsvyoj8ZXK3iw@mail.gmail.com>
From: Iñaki Baz Castillo <ibc@aliax.net>
To: Roman Shpount <roman@telurix.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] A plea for simplicity, marketability - and... who are we designing RTCWEB for?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2011 15:57:37 -0000
2011/10/20 Roman Shpount <roman@telurix.com>: > This application will never setup a P2P call between two browsers, it is > always between provider and the browser, so it can ask for relaxed security > since it only calls its own IP. There is long rationale about this topic in the list. Security cannot (MUST NOT) be relaxed, never, because just the human can determine when to allow "relaxed security" (and we don't want that a malicius site asks the human user "press Accept Relaxed Security and you can win a car". The browser has no way to determine whether the destination of *all* the calls is a "trusted" server or not. Also you are asuming that the media is sent to the same IP of the web server (in case a RTCweb scenario does not include user2user calls). This is a too much simplified scenario, and you miss that a DNS A record can point to N IP's, and you also miss the case in which the webserver has an IP different than the media server (regardless they both are located within the same provider infrastucture). The browser cannot determine it by itself, so security is always a need, and IMHO it's a bad idea to allow a very corner case in which such security could be relaxed. -- Iñaki Baz Castillo <ibc@aliax.net>
- [rtcweb] A plea for simplicity, marketability - a… Dan York
- Re: [rtcweb] A plea for simplicity, marketability… Harald Alvestrand
- Re: [rtcweb] A plea for simplicity, marketability… Iñaki Baz Castillo
- Re: [rtcweb] A plea for simplicity, marketability… Wolfgang Beck
- Re: [rtcweb] A plea for simplicity, marketability… Saúl Ibarra Corretgé
- Re: [rtcweb] A plea for simplicity, marketability… Iñaki Baz Castillo
- Re: [rtcweb] A plea for simplicity, marketability… Saúl Ibarra Corretgé
- Re: [rtcweb] A plea for simplicity, marketability… Bernard Aboba
- Re: [rtcweb] A plea for simplicity, marketability… Aaron Clauson
- Re: [rtcweb] A plea for simplicity, marketability… Cullen Jennings
- Re: [rtcweb] A plea for simplicity, marketability… Cullen Jennings
- Re: [rtcweb] A plea for simplicity, marketability… Bernard Aboba
- Re: [rtcweb] A plea for simplicity, marketability… Iñaki Baz Castillo
- Re: [rtcweb] A plea for simplicity, marketability… Olle E. Johansson
- Re: [rtcweb] A plea for simplicity, marketability… Iñaki Baz Castillo
- Re: [rtcweb] A plea for simplicity, marketability… Roman Shpount
- Re: [rtcweb] A plea for simplicity, marketability… Roman Shpount
- Re: [rtcweb] A plea for simplicity, marketability… Iñaki Baz Castillo
- Re: [rtcweb] A plea for simplicity, marketability… Olle E. Johansson
- Re: [rtcweb] A plea for simplicity, marketability… Eric Rescorla
- Re: [rtcweb] A plea for simplicity, marketability… Roman Shpount
- Re: [rtcweb] A plea for simplicity, marketability… Eric Rescorla
- Re: [rtcweb] A plea for simplicity, marketability… Iñaki Baz Castillo
- Re: [rtcweb] A plea for simplicity, marketability… Bernard Aboba
- [rtcweb] Single-origin and consent Randell Jesup
- Re: [rtcweb] Single-origin and consent Harald Alvestrand
- Re: [rtcweb] Single-origin and consent Bernard Aboba
- Re: [rtcweb] A plea for simplicity, marketability… Ravindran Parthasarathi
- Re: [rtcweb] A plea for simplicity, marketability… Iñaki Baz Castillo
- Re: [rtcweb] A plea for simplicity, marketability… Wolfgang Beck
- Re: [rtcweb] A plea for simplicity, marketability… Iñaki Baz Castillo
- Re: [rtcweb] A plea for simplicity, marketability… Randell Jesup
- Re: [rtcweb] A plea for simplicity, marketability… Iñaki Baz Castillo
- Re: [rtcweb] A plea for simplicity, marketability… Iñaki Baz Castillo
- Re: [rtcweb] A plea for simplicity, marketability… Matthew Kaufman
- Re: [rtcweb] A plea for simplicity, marketability… Harald Alvestrand
- Re: [rtcweb] A plea for simplicity, marketability… Wolfgang Beck
- Re: [rtcweb] A plea for simplicity, marketability… Iñaki Baz Castillo
- Re: [rtcweb] A plea for simplicity, marketability… Wolfgang Beck
- Re: [rtcweb] A plea for simplicity, marketability… Iñaki Baz Castillo
- Re: [rtcweb] A plea for simplicity, marketability… Wolfgang Beck