IETF Logo Mail Archive

Re: [rtcweb] Consent alternative

"Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com> Wed, 04 December 2013 05:08 UTC

Return-Path: <mperumal@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDEE71ADFEE for <rtcweb@ietfa.amsl.com>; Tue, 3 Dec 2013 21:08:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.502
X-Spam-Level:
X-Spam-Status: No, score=-14.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YMV4Tho5VDtw for <rtcweb@ietfa.amsl.com>; Tue, 3 Dec 2013 21:08:07 -0800 (PST)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) by ietfa.amsl.com (Postfix) with ESMTP id 3086C1ADFCA for <rtcweb@ietf.org>; Tue, 3 Dec 2013 21:08:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2604; q=dns/txt; s=iport; t=1386133684; x=1387343284; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=IRxo7NouCeyAAO1P3jN7ZtiyznZU3puejuB0zcp0HyU=; b=BROEZzbA6pFCh4NBNkNzYEGYXOjaeZMSUY0D11Bajf3r9jTtOhJ6Uhny AvFERdntCWLRttfKY/EkoAD78XzpBj5R865z1I/QzdsPWIt9cBqzJDZMW Xfm8/1DdYWd3S8YaZhsYO7nTAqu0NhzrhnobhkhivsLK/k2sH737B8AtW Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiQFADW4nlKtJV2c/2dsb2JhbABagweBC4J6tXkYgQYWdIIlAQEBBCMRRQwEAgEIEQQBAQMCBh0DAgICHxEUAQgIAgQKBAUIh2cDD7EliF4NhzEXgSmLRIFgFhsHBoJlNYETA5YpjkWFOYMpgio
X-IronPort-AV: E=Sophos;i="4.93,822,1378857600"; d="scan'208";a="289256139"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-3.cisco.com with ESMTP; 04 Dec 2013 05:08:02 +0000
Received: from xhc-rcd-x10.cisco.com (xhc-rcd-x10.cisco.com [173.37.183.84]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id rB4582DZ030141 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 4 Dec 2013 05:08:02 GMT
Received: from xmb-rcd-x02.cisco.com ([169.254.4.34]) by xhc-rcd-x10.cisco.com ([173.37.183.84]) with mapi id 14.03.0123.003; Tue, 3 Dec 2013 23:08:02 -0600
From: "Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com>
To: Martin Thomson <martin.thomson@gmail.com>
Thread-Topic: [rtcweb] Consent alternative
Thread-Index: AQHO77AWPi9LFgXOuUGt5r/tDp7yvppB3ZQQgAB7WQCAAAzaoIAAsFYAgABlrPA=
Date: Wed, 04 Dec 2013 05:08:01 +0000
Message-ID: <E721D8C6A2E1544DB2DEBC313AF54DE224373610@xmb-rcd-x02.cisco.com>
References: <CABkgnnVNnT8uoWM8T=TqbTmy11CGTeHLP=_7z5KSMSpAsp9SyQ@mail.gmail.com> <52989933.6000907@ericsson.com> <CABkgnnUX3OFUyc5PXeN0ydykBwL0HyRuaigfJKMBbuWnuhnVJg@mail.gmail.com> <E721D8C6A2E1544DB2DEBC313AF54DE22436FBD9@xmb-rcd-x02.cisco.com> <CABkgnnUy3HxvsqYfwspEQ9_g1frUuFF4rwD-hTz45UzCr1fTBw@mail.gmail.com> <E721D8C6A2E1544DB2DEBC313AF54DE22437073A@xmb-rcd-x02.cisco.com> <CABkgnnVOuG9pNRA8RzBYOhTHUih0RASchVHxYsnYQk8fDs_VLA@mail.gmail.com>
In-Reply-To: <CABkgnnVOuG9pNRA8RzBYOhTHUih0RASchVHxYsnYQk8fDs_VLA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [72.163.208.79]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: "Cullen Jennings (fluffy)" <fluffy@cisco.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Consent alternative
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Dec 2013 05:08:10 -0000

|I think that you have missed the point here. The point is that A and
|B share a DTLS connection, and B uses ICE to convince A to send
|packets for that connection to C. 

Can you describe that in terms of a real-world use case? I don't see how that is different from a 3PCC scenario where the 3PCC (e.g a call center agent) talks to both A and C, and transfers A to C (aka full-consult transfer). 

|All this requires is that B is able to spoof the source address of 
|packets to appear as coming from C.

B doesn't have to spoof anything at all -- for the ICE connectivity check to succeed b/w A and C, B just needs to send A's ice-ufrag and ice-pwd to C and vice versa.

Muthu

|-----Original Message-----
|From: Martin Thomson [mailto:martin.thomson@gmail.com]
|Sent: Tuesday, December 03, 2013 10:25 PM
|To: Muthu Arul Mozhi Perumal (mperumal)
|Cc: rtcweb@ietf.org; Magnus Westerlund; Cullen Jennings (fluffy)
|Subject: Re: [rtcweb] Consent alternative
|
|On 3 December 2013 04:48, Muthu Arul Mozhi Perumal (mperumal)
|<mperumal@cisco.com> wrote:
|> That's a typical third party call control (3PCC) use case where B (3PCC)
|> mangles call signaling + SDP b/w A and C and sets up the media session
|> between them. The security of ICE (as defined in RFC5245) is rooted in the
|> ice-ufrag and ice-pwd exchanged in call signaling. If a 3PCC can mangle
|> them, ICE can't prevent the connectivity check from succeeding.
|>
|>
|>
|> If it is deemed a problem, it might need an ICE extension to fail the
|> connectivity check b/w A and C.
|
|I think that you have missed the point here.  The point is that A and
|B share a DTLS connection, and B uses ICE to convince A to send
|packets for that connection to C.  All this requires is that B is able
|to spoof the source address of packets to appear as coming from C.
|It's got nothing to do with 3PCC scenarios.

v2.23.0 | Report a Bug | By Email