Re: [rtcweb] Solutions sought for non-ICE RTC calls, not +1 (Re: Requiring ICE for RTC calls)

Roman Shpount <roman@telurix.com> Tue, 27 September 2011 22:10 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FD5121F9025 for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 15:10:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.605
X-Spam-Level:
X-Spam-Status: No, score=-1.605 tagged_above=-999 required=5 tests=[AWL=-0.589, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yFkOnYuQkqJq for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 15:10:51 -0700 (PDT)
Received: from mail-yi0-f44.google.com (mail-yi0-f44.google.com [209.85.218.44]) by ietfa.amsl.com (Postfix) with ESMTP id F113221F901D for <rtcweb@ietf.org>; Tue, 27 Sep 2011 15:10:50 -0700 (PDT)
Received: by yic13 with SMTP id 13so6852873yic.31 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 15:13:28 -0700 (PDT)
Received: by 10.236.78.200 with SMTP id g48mr52763553yhe.12.1317161607984; Tue, 27 Sep 2011 15:13:27 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by mx.google.com with ESMTPS id t23sm25397802yhd.3.2011.09.27.15.13.27 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 27 Sep 2011 15:13:27 -0700 (PDT)
Received: by gyd12 with SMTP id 12so7027109gyd.31 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 15:13:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.34.138 with SMTP id z10mr39584935pbi.105.1317161606678; Tue, 27 Sep 2011 15:13:26 -0700 (PDT)
Received: by 10.68.55.39 with HTTP; Tue, 27 Sep 2011 15:13:26 -0700 (PDT)
In-Reply-To: <CABcZeBOoF6MNSpATG2+_e99iRq7Jf9OoWWNCa=qRGW_v+maoHA@mail.gmail.com>
References: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com> <CAD6AjGSmz5T_F+SK2EoBQm6T-iRKp7dd4j8ZAF5JKdbbyomZQA@mail.gmail.com> <CALiegfmO54HC+g9L_DYn4jtXAAbLEvS++qxKa6TNrLDREs9SeA@mail.gmail.com> <4E80984A.903@skype.net> <CALiegfmyvTb57WVooKryS-ubfcg+w5gZ+zfO1zzBLn3609AzaA@mail.gmail.com> <4E809EE6.2050702@skype.net> <2E239D6FCD033C4BAF15F386A979BF510F1087@sonusinmail02.sonusnet.com> <BLU152-W62B7F2AC3F0D5B6E277CB993F00@phx.gbl> <CAD5OKxt=P3jg9N0weFUZLvUYQxyeXa+9YMtpc8wn7osuPQmTpg@mail.gmail.com> <CAD5OKxtVCgiFV_iAYd1w0uZZcS5+gsixOHJ0jGN=0CMdq++kdg@mail.gmail.com> <CAOJ7v-3PrnNyesL+x-mto9Q9djjiJ13QZHXCiGfY1mv3nubrqQ@mail.gmail.com> <CAD5OKxsKTHCuBQdUnGQtGfF7NmZZExLe9Q9B9cNR=483neuHPQ@mail.gmail.com> <CAOJ7v-1rzdmviAnGknVZmrU_TDNoC3NmWd1g6iyx0WzZ4xB3Pw@mail.gmail.com> <4E820825.9090101@skype.net> <CAD5OKxvmKi3Py0gNcTdREdfS07hA-=f6L+u8KKVgSWztMft9kQ@mail.gmail.com> <CALiegfmL4VSRE+kgs5kXzQc3mCHnKpU-EAbVPKO4QNEYLKje=A@mail.gmail.com> <4E821E47.4080205@alvestrand.no> <CALiegfndBhod6Hoq6h63795x8f=ew28rDys=Fx8ScwVpVJwp1Q@mail.gmail.com> <CABcZeBOoF6MNSpATG2+_e99iRq7Jf9OoWWNCa=qRGW_v+maoHA@mail.gmail.com>
Date: Tue, 27 Sep 2011 18:13:26 -0400
Message-ID: <CAD5OKxubnxLAqybCgnBXpKR9S0rBEsoDg9enCaverjVWYad7Ew@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary=bcaec5216303ad8a1a04adf39574
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Solutions sought for non-ICE RTC calls, not +1 (Re: Requiring ICE for RTC calls)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2011 22:10:52 -0000

Eric,

I would suggest we should have an ability to disable ICE/SRTP in browser
settings altogether for debugging purposes and have an ability to add a web
site to browser settings (or assign it to intranet zone), which would enable
this web site to setup calls without ICE/SRTP. This way a developer can
disable these protocols to test things, and user can take an action to say
that it trust a certain web site and allows it to place calls anywhere. I
would think browser settings are outside of the standards document, but we
at least should have requirements for ICE-required and SRTP as SHOULD, not
MUST.
_____________
Roman Shpount


On Tue, Sep 27, 2011 at 5:55 PM, Eric Rescorla <ekr@rtfm.com> wrote:

>
>
> On Tue, Sep 27, 2011 at 1:05 PM, Iñaki Baz Castillo <ibc@aliax.net> wrote:
>>
>> In the same way, web browsers could come pre-configured with an
>> enabled checkbox:
>>
>>  [X] don't allow unsecure calls
>>
>> The user could disable such checkbox. Anyhow, when a call is being
>> established and the WebRTC stack realizes that the peer does not
>> support ICE and/or SRTP, it could warn the user by showing something
>> like a pop-up ("This call is not secure"), also providing a button
>> "Don't show again for this site".
>>
>
> Again, the reason for ICE is the threat to other people using the browser
> as a vector.
> For this reason, allowing the user to disable the security feature is quite
> problematic.
>
> -Ekr
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>
>