Re: [rtcweb] consent freshness and ICE-lite

"Muthu Arul Mozhi Perumal (mperumal)" <> Tue, 17 July 2012 05:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B5D2E11E809C for <>; Mon, 16 Jul 2012 22:42:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -10.448
X-Spam-Status: No, score=-10.448 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Qds-I1grBAi2 for <>; Mon, 16 Jul 2012 22:42:35 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 9813C21F85F7 for <>; Mon, 16 Jul 2012 22:42:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=16794; q=dns/txt; s=iport; t=1342503801; x=1343713401; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=ql/b0W/PenLFtW1mZ63uC0BtEUCUXAcQDZH4bcxb2z0=; b=FmE8j4OaX0D39yaFyQZVlkO6ssuFthDc8nfeak0M1tGuT2GV4V9sKeVI W8rSu1TRv4zm3bLpiivlSpXqHl2AT5sl6BxF9XiwG8nEo/RRHDs57L9lD DhwG7WXOiOBo05nIjZ5RkrO1oHd1Jd/CnWpi9av6YYi0RbTEB9oQI/0mW c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos; i="4.77,599,1336348800"; d="scan'208,217"; a="102468646"
Received: from ([]) by with ESMTP; 17 Jul 2012 05:43:20 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id q6H5hKoU028495 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 17 Jul 2012 05:43:20 GMT
Received: from ([]) by ([]) with mapi id 14.02.0298.004; Tue, 17 Jul 2012 00:43:19 -0500
From: "Muthu Arul Mozhi Perumal (mperumal)" <>
To: Bernard Aboba <>, "Ejzak, Richard P (Richard)" <>
Thread-Topic: [rtcweb] consent freshness and ICE-lite
Thread-Index: AQHNY8w9W2cZs2lHjUu9YW6rsDo7W5cs7BwA
Date: Tue, 17 Jul 2012 05:43:18 +0000
Message-ID: <>
References: <> <BLU401-EAS266337B57B89CAB7E5E2D3893DB0@phx.gbl>
In-Reply-To: <BLU401-EAS266337B57B89CAB7E5E2D3893DB0@phx.gbl>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
x-tm-as-product-ver: SMEX-
x-tm-as-result: No--45.772200-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: multipart/alternative; boundary="_000_E721D8C6A2E1544DB2DEBC313AF54DE2012D4DFExmbrcdx02ciscoc_"
MIME-Version: 1.0
Cc: "" <>
Subject: Re: [rtcweb] consent freshness and ICE-lite
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 17 Jul 2012 05:42:36 -0000

Right, consent is requested by the sender and granted by the receiver. While one side has granted consent for receiving on a candidate pair, the other side could have revoked it. So consent verification/freshness is unilateral.

A gateway/browser implementing ICE-lite will only be able to grant consent to send, but will not be able to request consent. So, a malicious application can use it for sending unwanted traffic.

Liveness determines continued connectivity on a candidate pair. Since the networks paths can be asymmetric, both ends need to perform the liveness test.


From: [] On Behalf Of Bernard Aboba
Sent: Tuesday, July 17, 2012 9:03 AM
To: Ejzak, Richard P (Richard)
Subject: Re: [rtcweb] consent freshness and ICE-lite

Consent freshness and liveness is used to assure a browser that the recipient has authorized it to
send media and that it is still there. So if a gateway wants to receive, answer Binding Requests
sent to it.

If a gateway is on the public Internet, supports ICE lite and does not send a Binding Request
to a browser, but does implement RFC 6263, then NAT bindings can be kept alive and media
should still flow.  So I think this is viable.

On Jul 16, 2012, at 18:13, "Ejzak, Richard P (Richard)" <<>> wrote:

Sections 4.2, 4.4 and 5.3 of draft-ietf-rtcweb-security-arch-03.txt have text that seems to be contradictory.  In particular, 5.3 requires support of ICE-lite at server gateways but each endpoint is described as sending ICE binding requests for ICE consent verification in 4.2 (which is it?).  4.4 also requires RTCWeb implementations to perform periodic binding requests to verify consent freshness.  Is a server gateway an RTCWeb implementation subject to this requirement?  I thought that one of the reasons the WG decided to use binding requests instead of binding indications to allow bilateral consent initiated by a single endpoint (in particular, so that an RTCWeb browser could interoperate with either a server gateway implementing ICE-lite or a non-RTCWeb endpoint not implementing the RTCWeb consent freshness procedures in such a way that only the RTCWeb browser needed to send periodic binding requests to maintain bilateral consent freshness).

Does a binding request provide unilateral or bilateral consent verification/freshness?

Is a server gateway implementing ICE-lite required to send ICE binding requests anyway for consent verification and/or consent freshness, or is it sufficient for such an implementation to indicate its own consent by just responding to received binding requests?

Do we care about compatibility with ICE compliant endpoints that do not use binding requests for consent freshness?

Does a browser treat a response to a binding request the same as a received binding request for consent freshness?

It would be helpful to have clear answers to these questions in the security architecture document.


Richard Ejzak

rtcweb mailing list<>