Re: [rtcweb] Alexey Melnikov's No Objection on draft-ietf-rtcweb-alpn-03: (with COMMENT)

Martin Thomson <martin.thomson@gmail.com> Fri, 29 April 2016 10:06 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83B4912D0C0; Fri, 29 Apr 2016 03:06:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pts6THuCed4O; Fri, 29 Apr 2016 03:06:04 -0700 (PDT)
Received: from mail-ig0-x229.google.com (mail-ig0-x229.google.com [IPv6:2607:f8b0:4001:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D20412D09B; Fri, 29 Apr 2016 03:06:04 -0700 (PDT)
Received: by mail-ig0-x229.google.com with SMTP id bi2so17634834igb.0; Fri, 29 Apr 2016 03:06:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=ow5qHgmM7rN7eYECPfwtgPMHGirybJqFv+fsuCG9PHA=; b=s0OIPZ3JqlStiXb9hG/djh+8S42z3jfpslbKLckdB5PBxCGwKQmeEkLg7U9VeUgqTb sI71u0ozpVafGQGSWrhLTYl/gGJG02AQ2y1BbGNHs3/yw9o7sm6gAfcn0LUau9GYi8/X fLcM8e5vHO8nDjJAJFtLOf/bsnhdEH2O13Tr1IXwRdWm46UL77YVJOmk7JdKkW4Bs8ua S0NPDsDXnAmYNdpoWaP8xeEHPt6jVCflZy+ANWlqILV6APNbrlZQDzadjbpnt79GeiaN l0tzAiOAYYNmYoynSiKqrI/swQwPeQXEqoD8mddxcFVpBev63EZTEHzkyh5B40J3eLXd xUlw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=ow5qHgmM7rN7eYECPfwtgPMHGirybJqFv+fsuCG9PHA=; b=nBcg1aPgZrzPSGlqmXXO33vVadV5ns0p9gJOAEnFaISIFOcoLD4cY/dIOSDQTRgs/m VuBtoNPAIGVcn6K7fmRqoXAIV6/AYAVuJTThUCBWrmjFAymL3NgbWl60lVqDp4n9241J iG9UDYpssiSNWE1BciAZY0S7SuDY/dClLbHWbqjV14VFzPt/MHUZcEUwtPWK/N1/R2dd jafSlWzJg8Pacm8GoUangdlUp4ivFMXWJqBzpmRgFTom7FC/GkQhXnTBxzp9euzarW8l My7JzBGIOd6KoTA0Wa3vPqS763gYns1Ok9UFgfsv59r0rxOnLckKbhLx4wqHqfFBuS80 JyTA==
X-Gm-Message-State: AOPr4FUnWPxjJHOho8rUYuOiIoiPiMwu+mY7mKbyjNIg6N8LE0gohRf2AfhXcofmIjKWgSMIS9A8OCUdU8t6mA==
MIME-Version: 1.0
X-Received: by 10.50.101.169 with SMTP id fh9mr3460489igb.58.1461924363582; Fri, 29 Apr 2016 03:06:03 -0700 (PDT)
Received: by 10.36.43.82 with HTTP; Fri, 29 Apr 2016 03:06:03 -0700 (PDT)
In-Reply-To: <1461922209.247721.593209417.4B4A0912@webmail.messagingengine.com>
References: <20160428160109.27729.26050.idtracker@ietfa.amsl.com> <CABkgnnVMu0_hXChcAk54AzEnE70PmAe45cBtsevv7TuD+iKnTA@mail.gmail.com> <1461922209.247721.593209417.4B4A0912@webmail.messagingengine.com>
Date: Fri, 29 Apr 2016 20:06:03 +1000
Message-ID: <CABkgnnVy2tEqVvfDsfLMEmPW3nsJpWG7WsvJ+ieybNOaiF7AdA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Alexey Melnikov <aamelnikov@fastmail.fm>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/-jMSDsQeZ2IkC_UTBD6HaRY7Kgg>
Cc: draft-ietf-rtcweb-alpn@ietf.org, Sean Turner <turners@ieca.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>, The IESG <iesg@ietf.org>, rtcweb-chairs@ietf.org
Subject: Re: [rtcweb] Alexey Melnikov's No Objection on draft-ietf-rtcweb-alpn-03: (with COMMENT)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Apr 2016 10:06:06 -0000

On 29 April 2016 at 19:30, Alexey Melnikov <aamelnikov@fastmail.fm> wrote:
> 1) Do RTP middleboxes frequently forward content, or records content for
> later access by entities other than
>    the authenticated peer?
> 2) If the answer to 1) is "yes", why would RTP middlebox software
> developers bother to update software to comply with this specification?

(I should really read my own doc before answering.)

Yes, middleboxes do this all the time.  However, they don't need to
update their software.  Endpoints that implement this spec will assume
that the absence of ALPN means that there is no confidentiality.  And
I realize now that I never actually said that.  That was extremely
remiss of me...

https://github.com/martinthomson/drafts/commit/21b84074a671bd