Re: [rtcweb] Let's define the purpose of WebRTC

Iñaki Baz Castillo <> Wed, 09 November 2011 19:34 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4C1E811E8099 for <>; Wed, 9 Nov 2011 11:34:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.637
X-Spam-Status: No, score=-2.637 tagged_above=-999 required=5 tests=[AWL=0.040, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9e1RzlI3NEpc for <>; Wed, 9 Nov 2011 11:34:18 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id B443D11E8091 for <>; Wed, 9 Nov 2011 11:34:18 -0800 (PST)
Received: by vcbfk1 with SMTP id fk1so1972494vcb.31 for <>; Wed, 09 Nov 2011 11:34:18 -0800 (PST)
Received: by with SMTP id fq4mr6912007vdc.32.1320867258121; Wed, 09 Nov 2011 11:34:18 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Wed, 9 Nov 2011 11:33:56 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
From: =?UTF-8?Q?I=C3=B1aki_Baz_Castillo?= <>
Date: Wed, 9 Nov 2011 20:33:56 +0100
Message-ID: <>
To: "Muthu Arul Mozhi Perumal (mperumal)" <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [rtcweb] Let's define the purpose of WebRTC
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 09 Nov 2011 19:34:19 -0000

2011/11/9 Muthu Arul Mozhi Perumal (mperumal) <>om>:
> |That's *your* problem. But you want to translate
> |*your* problem into WebRTC users by making their
> |communications non secure.
> Well, most often you as a WebRTC user will be the one who would want to reach someone behind legacy systems

You could consider that people in internet is not so excited with the
possibility of making a legacy PSTN from the browser. In fact, calling
a PSTN number from a web has no added value at all. Users already have
their legacy PSTN phones.

> |Implementing SRTP is really easier and cheap.
> Sure, in a browser. But, may not be for a provider.

Sure they can scale their systems.

> |You, telcos, have the specs and the tools to upgrade your
> |non-secure SIP devices. Do it.
> If you are willing to pay for it, I don't see why the tolcos won't -:)

I should not pay a telco for making my call safe. The telco should do it.

> |*My* security should NOT depend on the security
> |implemented in the peer (since I cannot trust the
> |peer, never).
> Good luck. You peer could be a media gateway sitting somewhere in the Internet converting SRTP to RTP and sending to the other part of the world.

Of course, but at least, I will know that the call is secure within my
local network. Imagine I open my laptop in an airport, connect to a
open WiFi (cautive portal) and make a call to another user via web,
but the server must route it (via a SIP gateway) to a SIP softswitch,
and that makes my call to use plain RTP. I'm in an airport, in an open
WiFi network. Bad.

But if my call uses SRTP until the SIP media gateway, then it could
use plain RTP in the PSTN network. That's not so dangerous.

Iñaki Baz Castillo