Re: [rtcweb] Requiring ICE for RTC calls

Tim Panton <tim@phonefromhere.com> Tue, 27 September 2011 04:46 UTC

Return-Path: <tim@phonefromhere.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85D9421F84FB for <rtcweb@ietfa.amsl.com>; Mon, 26 Sep 2011 21:46:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.98
X-Spam-Level:
X-Spam-Status: No, score=-1.98 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_SORBS_WEB=0.619]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hDPW2TaDAWoL for <rtcweb@ietfa.amsl.com>; Mon, 26 Sep 2011 21:46:58 -0700 (PDT)
Received: from zimbra.westhawk.co.uk (zimbra.westhawk.co.uk [192.67.4.167]) by ietfa.amsl.com (Postfix) with ESMTP id BBB8221F84FD for <rtcweb@ietf.org>; Mon, 26 Sep 2011 21:46:57 -0700 (PDT)
Received: from [10.10.3.110] (unknown [216.38.153.2]) by zimbra.westhawk.co.uk (Postfix) with ESMTP id C6CAE37A902; Tue, 27 Sep 2011 06:02:20 +0100 (BST)
Mime-Version: 1.0 (Apple Message framework v1244.3)
Content-Type: multipart/alternative; boundary="Apple-Mail=_2E1F0472-25AC-401D-9F6C-CF82C4F01390"
From: Tim Panton <tim@phonefromhere.com>
In-Reply-To: <CAD5OKxvUOadaU0dnB7-Ho9cZ92VY+4Owuhj7oKPCx9Jy1iwT1Q@mail.gmail.com>
Date: Mon, 26 Sep 2011 21:49:18 -0700
Message-Id: <C2DF2C51-B3F7-443D-A047-7E6FB03E6D20@phonefromhere.com>
References: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com> <CAD6AjGSmz5T_F+SK2EoBQm6T-iRKp7dd4j8ZAF5JKdbbyomZQA@mail.gmail.com> <CALiegfmO54HC+g9L_DYn4jtXAAbLEvS++qxKa6TNrLDREs9SeA@mail.gmail.com> <4E80984A.903@skype.net> <CALiegfmyvTb57WVooKryS-ubfcg+w5gZ+zfO1zzBLn3609AzaA@mail.gmail.com> <4E809EE6.2050702@skype.net> <CAD5OKxvUOadaU0dnB7-Ho9cZ92VY+4Owuhj7oKPCx9Jy1iwT1Q@mail.gmail.com>
To: Roman Shpount <roman@telurix.com>
X-Mailer: Apple Mail (2.1244.3)
Cc: Randell Jesup <randell-ietf@jesup.org>, rtcweb@ietf.org
Subject: Re: [rtcweb] Requiring ICE for RTC calls
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2011 04:46:58 -0000

On 26 Sep 2011, at 09:26, Roman Shpount wrote:

> 
> On Mon, Sep 26, 2011 at 11:48 AM, Matthew Kaufman <matthew.kaufman@skype.net> wrote:
> And "interoperability with SIP-PSTN providers" is only relevant if you are trying to turn the browser into another phone. We have enough phones. What we don't have are new real-time communication experiences that can only be created within this environment.
> 
> Are we deliberately creating an island? To be honest, I actually wanted to put RTC in the phone, instead of SIP. I think it would be a great idea to have desktop phone which runs a webkit browser with RTC and serves as an advanced display phone for a PBX. If RTC would not support no-ICE non-RTP calls, my only option would be to ignore the standard. So, in a sense we do not have enough phones.

I am confused. Which phones today connect directly to a SIP to PSTN gateway ? I'd guess none. 
Almost all of them go through some registrar and/or proxy.  

> 
> I think you point in a lot of ways is similar to the argument that we should disable HTTP and leave only HTTPS since it is the only secure way to communicate and everything else would be an attack vector.

No, HTTP today does not let me probe the innards of your network ( inside your firewall) just by sending 
a legal but evil payload. If you permit webRTC without ICE, then the browser can be told to fake up UDP packets
and send them to anywhere on your inner LAN. DOS-city.

Tim.