Re: [rtcweb] Let's define the purpose of WebRTC
Iñaki Baz Castillo <ibc@aliax.net> Wed, 09 November 2011 11:58 UTC
Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A4B221F8C78 for <rtcweb@ietfa.amsl.com>; Wed, 9 Nov 2011 03:58:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.337
X-Spam-Level:
X-Spam-Status: No, score=-2.337 tagged_above=-999 required=5 tests=[AWL=-0.260, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_93=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bhrhVBVdf9TV for <rtcweb@ietfa.amsl.com>; Wed, 9 Nov 2011 03:58:45 -0800 (PST)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 88BF621F8B52 for <rtcweb@ietf.org>; Wed, 9 Nov 2011 03:58:45 -0800 (PST)
Received: by vcbfk1 with SMTP id fk1so1485020vcb.31 for <rtcweb@ietf.org>; Wed, 09 Nov 2011 03:58:45 -0800 (PST)
Received: by 10.52.187.68 with SMTP id fq4mr4042412vdc.32.1320839925053; Wed, 09 Nov 2011 03:58:45 -0800 (PST)
MIME-Version: 1.0
Received: by 10.220.107.206 with HTTP; Wed, 9 Nov 2011 03:58:23 -0800 (PST)
In-Reply-To: <1D062974A4845E4D8A343C653804920206D3B9C1@XMB-BGL-414.cisco.com>
References: <CALiegfkVNVAs_MyU_-4koA4zRwSn1-FwLjY9g_oZVkhi9rSK5Q@mail.gmail.com> <8A61D801-D14D-408B-9875-63C37D0CC166@acmepacket.com> <CABw3bnPE=OY_h5bM7GA6wgrXiOBL8P4J0kw1jLv-GSpHAbg=Cg@mail.gmail.com> <CABcZeBNqdkh8u=gwOvKfDCQA7rXdAyQkfaM1r2Sx10787btP6A@mail.gmail.com> <B10FEFF6-0ADC-4DB1-83BB-50A11C65EC35@acmepacket.com> <CABcZeBNSXtim_VqzqAd8Z-u4zWSjaYmsVZPN=7sDYkJsgtRAHA@mail.gmail.com> <4EB7E6A5.70209@alvestrand.no> <F8003BA9-BCD8-4F02-B514-8B883FF90F91@acmepacket.com> <387F9047F55E8C42850AD6B3A7A03C6C01349D81@inba-mail01.sonusnet.com> <845C03B2-1975-4145-8F52-8CEC9E360AF3@edvina.net> <5454E693-5C34-4C77-BA07-2A9EE9EE4AFD@cisco.com> <387F9047F55E8C42850AD6B3A7A03C6C01349FFE@inba-mail01.sonusnet.com> <1D062974A4845E4D8A343C653804920206D3B7FD@XMB-BGL-414.cisco.com> <387F9047F55E8C42850AD6B3A7A03C6C0134A105@inba-mail01.sonusnet.com> <1F2A2C70609D9E41844A2126145FC09804691DA2@HKGMBOXPRD22.polycom.com> <CALiegfmf59jb4asUu9LA6YY_aMtKEnM1Wy34KbuLEn3_h1xBXA@mail.gmail.com> <1D062974A4845E4D8A343C653804920206D3B9C1@XMB-BGL-414.cisco.com>
From: Iñaki Baz Castillo <ibc@aliax.net>
Date: Wed, 09 Nov 2011 12:58:23 +0100
Message-ID: <CALiegfmM1PB=VAQjfh4rW3-3C8aumHdWy9nZxD0-BWBq9Kq_tg@mail.gmail.com>
To: "Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Let's define the purpose of WebRTC
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2011 11:58:46 -0000
2011/11/9 Muthu Arul Mozhi Perumal (mperumal) <mperumal@cisco.com>: > I am thinking we could burn SRTP into the browser such that the decision of whether or not to use SRTP vests solely with the browser. The "browser" cannot decide that. Probably you mean the user, that person that in 99.999% of cases does not know what "encryption" or "SRTP" is, and in 85% of cases does not matter about security. > If a WebRTC browser is exchanging media with another WebRTC browser they always do SRTP/SRTCP. The browser has NO way to determine whether it's exchanging media with another browser or not. And what you state is that, in case the peer does not annouce support for SRTP then the browser should downgrade security to plain RTP. The user (web visitor) has no way to know whether the WebRTC application will contact a WebRTC browser or another device at the media plane. > If either side isn't WebRTC compliant they end up with RTP/RTCP. So no security. Bad. > This way we don't need to trust the JS, instead trust only the browser. You mean the user. > We can also interoperate with legacy devices without taxing them. Sorry, but WebRTC is about "realtime communications for the Web", rather than "SIP business coming to the Web". SIP uses RTP, including RFC's about SRTP. If you want SIP interoperability with a WebRTC device, then make your work as vendor and add security to your SIP devices rather than asking no-security for WebRTC. Please, take a look to XMPP/Jingle !! They implement SRTP and ICE from the beginning!! *Do* your homeworks as SIP vendor. This is a problem of SIP vendors/telcos, this is not a problem of WebRTC. You should implement SRTP in your legacy and non-secure SIP devices and make them valid for communication across the open Internet in which security is a MUST (Internet is not a telco wallen garden). The main purpose of WebRTC is not to interoperate with insecure devices, do we all agree here? I don't support this kind of arguments in favour of non mandating SRTP. PS: Somebody could argue that, in the Web, neither HTTPS or WebSocket+TLS is a MUST but optional per website, so why to make SRTP mandatory? That would be a very different argument I could understand and discuss about. But forcing a *new* specification to be insecure just to allow interoperability with non-secure devices is not welcome. WebRTC is for the Web, not for SIP. PS: This kind of discussions give the reason to recent comments like the one from Tim Parton. This WG is too much focused on SIP vendors/telcos which are not fully interested in RTC communications in pure Web/Internet environments, but in making the web browsers a new SIP phone for integratting them into their telco business. Bad. PS: I'm also interested in interoperability between WebRTC browsers and SIP devices (as much as you), but I assume that just a few SIP devices MUST be able to interop with WebRTC (those that have done their homeworks by implementing SRTP and ICE). And those discussions are becoming very boring. There are not new arguments at all. It seems than within next weeks/months, SIP telcos/vendors will continue requesting not mandatory SRTP just to facilitate their business without investing in improving their non-secure devices. This is a no-go. Regards. -- Iñaki Baz Castillo <ibc@aliax.net>
- [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Roman Shpount
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Eric Rescorla
- Re: [rtcweb] Let's define the purpose of WebRTC Cameron Byrne
- Re: [rtcweb] Let's define the purpose of WebRTC Eric Rescorla
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Neil Stratford
- Re: [rtcweb] Let's define the purpose of WebRTC Hadriel Kaplan
- Re: [rtcweb] Let's define the purpose of WebRTC José Luis Millán
- Re: [rtcweb] Let's define the purpose of WebRTC Tim Panton
- Re: [rtcweb] Let's define the purpose of WebRTC Olle E. Johansson
- Re: [rtcweb] Let's define the purpose of WebRTC Christer Holmberg
- Re: [rtcweb] Let's define the purpose of WebRTC Tim Panton
- Re: [rtcweb] Let's define the purpose of WebRTC Eric Rescorla
- Re: [rtcweb] Let's define the purpose of WebRTC Justin Uberti
- Re: [rtcweb] Let's define the purpose of WebRTC Hadriel Kaplan
- Re: [rtcweb] Let's define the purpose of WebRTC Olle E. Johansson
- Re: [rtcweb] Let's define the purpose of WebRTC Hadriel Kaplan
- Re: [rtcweb] Let's define the purpose of WebRTC Hadriel Kaplan
- Re: [rtcweb] Let's define the purpose of WebRTC Randell Jesup
- Re: [rtcweb] Let's define the purpose of WebRTC Roman Shpount
- Re: [rtcweb] Let's define the purpose of WebRTC Roman Shpount
- Re: [rtcweb] Let's define the purpose of WebRTC John Elwell
- Re: [rtcweb] Let's define the purpose of WebRTC Harald Alvestrand
- [rtcweb] SRTP - mandatory to implement vs mandato… Harald Alvestrand
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Wolfgang Beck
- Re: [rtcweb] Let's define the purpose of WebRTC Stefan Håkansson LK
- Re: [rtcweb] Let's define the purpose of WebRTC Eric Rescorla
- Re: [rtcweb] Let's define the purpose of WebRTC Harald Alvestrand
- Re: [rtcweb] Let's define the purpose of WebRTC Randell Jesup
- Re: [rtcweb] Let's define the purpose of WebRTC Randell Jesup
- Re: [rtcweb] Let's define the purpose of WebRTC Hadriel Kaplan
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Randell Jesup
- Re: [rtcweb] Let's define the purpose of WebRTC Jonathan Lennox
- Re: [rtcweb] Let's define the purpose of WebRTC Harald Alvestrand
- Re: [rtcweb] Let's define the purpose of WebRTC Wolfgang Beck
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Randell Jesup
- Re: [rtcweb] Let's define the purpose of WebRTC Harald Alvestrand
- Re: [rtcweb] Let's define the purpose of WebRTC Wolfgang Beck
- Re: [rtcweb] Let's define the purpose of WebRTC Ravindran Parthasarathi
- Re: [rtcweb] Let's define the purpose of WebRTC Olle E. Johansson
- Re: [rtcweb] SRTP - mandatory to implement vs man… Magnus Westerlund
- Re: [rtcweb] Let's define the purpose of WebRTC Cullen Jennings
- Re: [rtcweb] Let's define the purpose of WebRTC Roman Shpount
- Re: [rtcweb] Let's define the purpose of WebRTC Randell Jesup
- [rtcweb] SRTP requirement - wiretapping (Re: Let'… Harald Alvestrand
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Ravindran Parthasarathi
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Bernard Aboba
- Re: [rtcweb] surveillance in RTCWEB (was wiretapp… Bernard Aboba
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Cameron Byrne
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Ravindran Parthasarathi
- Re: [rtcweb] Let's define the purpose of WebRTC Ravindran Parthasarathi
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Cameron Byrne
- Re: [rtcweb] Let's define the purpose of WebRTC Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] Let's define the purpose of WebRTC Ravindran Parthasarathi
- Re: [rtcweb] Let's define the purpose of WebRTC Avasarala, Ranjit
- Re: [rtcweb] Let's define the purpose of WebRTC Harald Alvestrand
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Olle E. Johansson
- Re: [rtcweb] Let's define the purpose of WebRTC Avasarala, Ranjit
- Re: [rtcweb] Let's define the purpose of WebRTC Olle E. Johansson
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Ravindran Parthasarathi
- Re: [rtcweb] Let's define the purpose of WebRTC Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] Let's define the purpose of WebRTC Ravindran Parthasarathi
- Re: [rtcweb] Let's define the purpose of WebRTC Olle E. Johansson
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Ravindran, Parthasarathi
- Re: [rtcweb] Let's define the purpose of WebRTC Neil Stratford
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC DRAGE, Keith (Keith)
- Re: [rtcweb] Let's define the purpose of WebRTC Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] Let's define the purpose of WebRTC Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] Let's define the purpose of WebRTC Neil Stratford
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Ravindran, Parthasarathi
- Re: [rtcweb] Let's define the purpose of WebRTC Tim Panton
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Eric Rescorla
- Re: [rtcweb] Let's define the purpose of WebRTC Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] Let's define the purpose of WebRTC Roman Shpount
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Randell Jesup
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Justin Uberti
- Re: [rtcweb] Let's define the purpose of WebRTC Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Christer Holmberg
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Ravindran, Parthasarathi
- Re: [rtcweb] Let's define the purpose of WebRTC Eric Rescorla
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Eric Rescorla
- Re: [rtcweb] Let's define the purpose of WebRTC Roman Shpount
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Ravindran, Parthasarathi
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Eric Rescorla
- Re: [rtcweb] Let's define the purpose of WebRTC Eric Rescorla
- Re: [rtcweb] SRTP - mandatory to implement vs man… Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Randell Jesup
- Re: [rtcweb] SRTP - mandatory to implement vs man… Harald Alvestrand
- Re: [rtcweb] Let's define the purpose of WebRTC Hadriel Kaplan
- Re: [rtcweb] Let's define the purpose of WebRTC Olle E. Johansson
- [rtcweb] Traffic should be encrypted. (Re: Let's … Harald Alvestrand
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Roman Shpount
- Re: [rtcweb] Let's define the purpose of WebRTC Hadriel Kaplan
- Re: [rtcweb] Let's define the purpose of WebRTC Eric Rescorla
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Harald Alvestrand
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Roman Shpount
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Eric Rescorla
- Re: [rtcweb] Let's define the purpose of WebRTC Hadriel Kaplan
- Re: [rtcweb] Let's define the purpose of WebRTC Eric Rescorla
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Ravindran, Parthasarathi
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Harald Alvestrand
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Olle E. Johansson
- Re: [rtcweb] Let's define the purpose of WebRTC Olle E. Johansson
- Re: [rtcweb] Let's define the purpose of WebRTC Harald Alvestrand
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Roman Shpount
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Hadriel Kaplan
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Roman Shpount
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Cullen Jennings
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Eric Rescorla
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Hadriel Kaplan
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Randell Jesup
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Kevin P. Fleming
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Iñaki Baz Castillo
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Hadriel Kaplan
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Iñaki Baz Castillo
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Ravindran, Parthasarathi
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Hadriel Kaplan
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Justin Uberti
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Miguel Casas-Sanchez
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Marc Petit-Huguenin
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Tim Panton
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Harald Alvestrand
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Neil Stratford
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Justin Uberti
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Iñaki Baz Castillo
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Neil Stratford
- [rtcweb] Traffic on the list (Re: Traffic should … Harald Alvestrand
- [rtcweb] Fwd: Traffic should be encrypted. (Re: L… Wolfgang Beck
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Justin Uberti
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Neil Stratford
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Justin Uberti
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Hadriel Kaplan
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Christer Holmberg
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Neil Stratford
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Roman Shpount
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Randell Jesup
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Randell Jesup
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Neil Stratford
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Randell Jesup
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Michael Thornburgh
- Re: [rtcweb] Let's define the purpose of WebRTC Matthew Kaufman
- Re: [rtcweb] Let's define the purpose of WebRTC Matthew Kaufman
- [rtcweb] Media Synchronization (Re: Traffic shoul… Matthew Kaufman
- [rtcweb] DTMF (was Re: Traffic should be encrypte… Matthew Kaufman
- Re: [rtcweb] Let's define the purpose of WebRTC Roman Shpount
- [rtcweb] POTS lines to browser (was Re: Fwd: Traf… Matthew Kaufman
- Re: [rtcweb] POTS lines to browser (was Re: Fwd: … Wolfgang Beck
- [rtcweb] Call Security (was Re: Let's define the … Matthew Kaufman
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Tim Panton
- Re: [rtcweb] POTS lines to browser (was Re: Fwd: … Tim Panton
- Re: [rtcweb] POTS lines to browser (was Re: Fwd: … Iñaki Baz Castillo
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] Media Synchronization (Re: Traffic s… Harald Alvestrand
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Tim Panton
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Justin Uberti
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Bernard Aboba
- Re: [rtcweb] Traffic should be encrypted. (Re: Le… Victor Pascual Avila
- Re: [rtcweb] Let's define the purpose of WebRTC Iñaki Baz Castillo
- Re: [rtcweb] SRTP requirement - wiretapping (Re: … Cullen Jennings