IETF Logo Mail Archive

Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-channel-12.txt> (WebRTC Data Channels) to Proposed Standard

"Wyss, Felix" <Felix.Wyss@inin.com> Sun, 12 October 2014 15:16 UTC

Return-Path: <Felix.Wyss@inin.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D59911A1A37 for <rtcweb@ietfa.amsl.com>; Sun, 12 Oct 2014 08:16:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jdHAtWLjx1et for <rtcweb@ietfa.amsl.com>; Sun, 12 Oct 2014 08:16:06 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0692.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::692]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E00431A1B34 for <rtcweb@ietf.org>; Sun, 12 Oct 2014 08:16:05 -0700 (PDT)
Received: from CY1PR0501MB1578.namprd05.prod.outlook.com (25.161.161.152) by CY1PR0501MB1529.namprd05.prod.outlook.com (25.161.161.139) with Microsoft SMTP Server (TLS) id 15.0.1049.19; Sun, 12 Oct 2014 15:15:43 +0000
Received: from CY1PR0501MB1579.namprd05.prod.outlook.com (25.161.161.153) by CY1PR0501MB1578.namprd05.prod.outlook.com (25.161.161.152) with Microsoft SMTP Server (TLS) id 15.0.1049.19; Sun, 12 Oct 2014 15:15:41 +0000
Received: from CY1PR0501MB1579.namprd05.prod.outlook.com ([25.161.161.153]) by CY1PR0501MB1579.namprd05.prod.outlook.com ([25.161.161.153]) with mapi id 15.00.1049.012; Sun, 12 Oct 2014 15:15:41 +0000
From: "Wyss, Felix" <Felix.Wyss@inin.com>
To: Harald Alvestrand <harald@alvestrand.no>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Thread-Topic: [rtcweb] Last Call: <draft-ietf-rtcweb-data-channel-12.txt> (WebRTC Data Channels) to Proposed Standard
Thread-Index: AQHP5CPxgL7/P4TbxUqqTVTHzTRXYJwplZVAgAA1HQCAAKtdYIAADzmAgAAmfQCAAFWsAIAAG4cggAEmdgCAAEBzwA==
Date: Sun, 12 Oct 2014 15:15:39 +0000
Message-ID: <7d1a8bc1a73a48688746c0da01d0e78a@CY1PR0501MB1579.namprd05.prod.outlook.com>
References: <20141010004836.12666.88765.idtracker@ietfa.amsl.com> <91953101b2634ec69d14e120ea62d929@CY1PR0501MB1579.namprd05.prod.outlook.com> <CABkgnnWE7czWqi4vQRb5d50N2k95joc_Zcvw6w6g7SOjU9b+9g@mail.gmail.com> <03a3bbbc282b4e6d88d587931b46b5f8@CY1PR0501MB1579.namprd05.prod.outlook.com> <57B40110-2F21-4893-B77C-54F46D18567F@lurchi.franken.de> <1DE35922-E890-40C2-87E9-C8C12235920E@phonefromhere.com> <E53B9B7E-37F0-495C-B1BA-DE0A48AC6D73@lurchi.franken.de> <abdfd3ef58dd40028e8d5e2248b5a995@CY1PR0501MB1579.namprd05.prod.outlook.com> <543A5570.7060208@alvestrand.no>
In-Reply-To: <543A5570.7060208@alvestrand.no>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [107.147.12.61]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:CY1PR0501MB1578;UriScan:;
x-exchange-antispam-report-test: UriScan:;
x-forefront-prvs: 0362BF9FDB
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(51704005)(199003)(189002)(50986999)(21056001)(76176999)(54356999)(101416001)(66066001)(20776003)(40100003)(31966008)(64706001)(122556002)(74316001)(2656002)(4396001)(87936001)(95666004)(99286002)(2501002)(97736003)(99396003)(105586002)(76576001)(106116001)(106356001)(93886004)(85852003)(85306004)(108616004)(33646002)(86362001)(77096002)(76482002)(230783001)(92566001)(80022003)(107046002)(107886001)(120916001)(46102003)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR0501MB1578; H:CY1PR0501MB1579.namprd05.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:CY1PR0501MB1529;
X-OriginatorOrg: inin.com
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/2c7sPSFOu9JqMhCtAXe8B37AEmc
Subject: Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-channel-12.txt> (WebRTC Data Channels) to Proposed Standard
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Oct 2014 15:16:09 -0000

> Given that the middle box has to:
> 
> - decrypt and encrypt all packets (because the keys are different)
> - assert its own identity towards both endpoints (because otherwise DTLS doesn't work)
> - be trusted by both endpoints (otherwise it's a MITM attack by definition)
All these are not relevant with respect to how the SCTP packets get from one WebRTC endpoint to the other.  That's really all the data channels care about.  The rest is opaque to them, assumed a given and the concern of other layers in the WebRTC stack.

> - manage SCTP congestion control independently on the two legs (because that's how SCTP works)
Can you please elaborate on why you believe that's required?  As I understand it, from SCTP's perspective in WebRTC DTLS represents the IP layer.  Doesn't that mean congestion control is strictly above DTLS and SCTP should not care about how many hops its packets go through and whether any of these hops decrypt/re-encrypt the packets or pass them on as-is? 

> I don't see the reshuffling of packets between channel numbers to be an excessive *additional* burden.
I respectfully disagree as it adds unnecessary complexity.  Michael furthermore has made a good argument on why it's not that simple.  To add to his concerns: are we certain that none of the application protocols using the data channels will ever reference stream IDs of one SCTP stream in the data of another SCTP stream?  If that ever were the case, the middlebox would have to understand these application protocols and rewrite the stream data, not just the SCTP packets. 

I furthermore have still not seen a convincing argument for requiring this abstraction leak from the lower level by using the DTLS role for something unrelated to DTLS' purpose.  Whether an endpoint started as server or client is completely irrelevant to the payload data transported over it.  While it may be a seemingly convenient hack to avoid explicit conflict resolution, abstraction leaks like that invariably have unintended consequences--as we can see here.  

> The kind of "middle box" that "just shuffles bits" while doing something to them or with them in addition doesn't exist in the WebRTC context.
Well, then it should.  I presented a use-case of a middlebox that records and/or performs analytics of the WebRTC session media.  That is a common application in VoIP. 

--Felix

v2.23.0 | Report a Bug | By Email