Re: [rtcweb] Final plea about SRTP
Randell Jesup <randell-ietf@jesup.org> Fri, 04 May 2012 17:05 UTC
Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0BF621F85FC for <rtcweb@ietfa.amsl.com>; Fri, 4 May 2012 10:05:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.345
X-Spam-Level:
X-Spam-Status: No, score=-2.345 tagged_above=-999 required=5 tests=[AWL=0.254, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sUHOsNhVJ50j for <rtcweb@ietfa.amsl.com>; Fri, 4 May 2012 10:05:21 -0700 (PDT)
Received: from r2-chicago.webserversystems.com (r2-chicago.webserversystems.com [173.236.101.58]) by ietfa.amsl.com (Postfix) with ESMTP id 800DD21F85FB for <rtcweb@ietf.org>; Fri, 4 May 2012 10:05:21 -0700 (PDT)
Received: from pool-108-16-41-249.phlapa.fios.verizon.net ([108.16.41.249] helo=[192.168.1.12]) by r2-chicago.webserversystems.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <randell-ietf@jesup.org>) id 1SQLwV-0006G7-CX for rtcweb@ietf.org; Fri, 04 May 2012 12:05:20 -0500
Message-ID: <4FA40C0F.3000702@jesup.org>
Date: Fri, 04 May 2012 13:04:15 -0400
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20120420 Thunderbird/12.0
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <CAD5OKxtSvdu9gMqfb3ptw5aQJt1NZKLJ1UB_vKRWDXCZurD+1w@mail.gmail.com> <BDA69428-93F2-475B-ABBB-5DE539671DD1@iii.ca> <CAD5OKxs+oZj47DrTSnvaLV7-jNEPOkxjZfJuC5F2fo71kB3-4g@mail.gmail.com> <BLU169-DS251D322307BC173FD221AE932F0@phx.gbl> <CAD5OKxvahkBEs6iVuuyrwuYXzcbKKPvVWL5rx02d6DOhtX_0Cg@mail.gmail.com> <4FA3754D.6020004@ericsson.com> <CAD5OKxs3zhxecnXCjsbKzeWNvyJCUy_31pnXKv+orT-T6-FtLg@mail.gmail.com>
In-Reply-To: <CAD5OKxs3zhxecnXCjsbKzeWNvyJCUy_31pnXKv+orT-T6-FtLg@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r2-chicago.webserversystems.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jesup.org
X-Source:
X-Source-Args:
X-Source-Dir:
Subject: Re: [rtcweb] Final plea about SRTP
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2012 17:05:22 -0000
On 5/4/2012 12:41 PM, Roman Shpount wrote: > > On Fri, May 4, 2012 at 2:21 AM, Magnus Westerlund > <magnus.westerlund@ericsson.com <mailto:magnus.westerlund@ericsson.com>> > wrote: > I think the bid-down problem is one of the largest for most people. > > I do not think we need to support auto-negotiation of RTP vs SRTP. Also, > RTP should not be allowed from HTTPS sessions, so I do not think bid > down is a problem at all. You forget that bid-down includes bid-downs by the JS or server (which are not trusted in our model), not just by on-path attackers. > I also see a great benefit with always using SRTP, in that we will > get rid of RTP profile > negotiation. There will be no need to support any other RTP profile > than SAVPF. > > I do see a benefit of using one RTP profile only, but this will require > WebRTC to use yet another feature that had almost no real life use. This > will also ensure that RTCP will need to be re-encoded (as probably RTP) > when processing calls to anything outside of WebRTC world. I used to work on hardware endpoints that have been using SAVPF since 2004, with hundreds of thousands of units in the field. -- Randell Jesup randell-ietf@jesup.org
- [rtcweb] Final plea about SRTP Roman Shpount
- Re: [rtcweb] Final plea about SRTP Cullen Jennings
- Re: [rtcweb] Final plea about SRTP Roman Shpount
- Re: [rtcweb] Final plea about SRTP Bernard Aboba
- Re: [rtcweb] Final plea about SRTP Roman Shpount
- Re: [rtcweb] Final plea about SRTP jesse
- [rtcweb] SAVPF history (Re: Final plea about SRTP) Harald Alvestrand
- Re: [rtcweb] Final plea about SRTP Magnus Westerlund
- Re: [rtcweb] Final plea about SRTP Fabio Pietrosanti (naif)
- Re: [rtcweb] Final plea about SRTP Magnus Westerlund
- Re: [rtcweb] Final plea about SRTP Roman Shpount
- Re: [rtcweb] Final plea about SRTP Randell Jesup
- Re: [rtcweb] Final plea about SRTP Roman Shpount
- Re: [rtcweb] SAVPF history (Re: Final plea about … Roman Shpount
- Re: [rtcweb] SAVPF history (Re: Final plea about … Magnus Westerlund
- Re: [rtcweb] SAVPF history (Re: Final plea about … Randell Jesup