Re: [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-and-requirements-11
Magnus Westerlund <magnus.westerlund@ericsson.com> Tue, 17 September 2013 11:59 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C687111E80FD for <rtcweb@ietfa.amsl.com>; Tue, 17 Sep 2013 04:59:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.369
X-Spam-Level:
X-Spam-Status: No, score=-104.369 tagged_above=-999 required=5 tests=[AWL=-0.720, BAYES_50=0.001, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DeFQqOjz-MCA for <rtcweb@ietfa.amsl.com>; Tue, 17 Sep 2013 04:59:40 -0700 (PDT)
Received: from mailgw2.ericsson.se (mailgw2.ericsson.se [193.180.251.37]) by ietfa.amsl.com (Postfix) with ESMTP id 9E5EA11E8234 for <rtcweb@ietf.org>; Tue, 17 Sep 2013 04:59:36 -0700 (PDT)
X-AuditID: c1b4fb25-b7eff8e000000eda-d1-523844263c6f
Received: from ESESSHC008.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw2.ericsson.se (Symantec Mail Security) with SMTP id C8.01.03802.62448325; Tue, 17 Sep 2013 13:59:35 +0200 (CEST)
Received: from [127.0.0.1] (153.88.183.149) by smtp.internal.ericsson.com (153.88.183.44) with Microsoft SMTP Server id 14.2.328.9; Tue, 17 Sep 2013 13:59:34 +0200
Message-ID: <5238446D.8050700@ericsson.com>
Date: Tue, 17 Sep 2013 14:00:45 +0200
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: "Cullen Jennings (fluffy)" <fluffy@cisco.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>, "draft-ietf-rtcweb-use-cases-and-requirements@tools.ietf.org" <draft-ietf-rtcweb-use-cases-and-requirements@tools.ietf.org>
References: <C5E08FE080ACFD4DAE31E4BDBF944EB11667BBA0@xmb-aln-x02.cisco.com>
In-Reply-To: <C5E08FE080ACFD4DAE31E4BDBF944EB11667BBA0@xmb-aln-x02.cisco.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuphluLIzCtJLcpLzFFi42KZGfG3RlfdxSLIYPsBFovNNycxWnRMZrNY +6+d3YHZY8rvjaweS5b8ZPL4cvkzWwBzFJdNSmpOZllqkb5dAlfG6b60gs1xFY8mTmJvYJzo 2cXIySEhYCIx9W4LC4QtJnHh3nq2LkYuDiGBw4wSXTOuM0M4yxklTu+/yApSxSugLfF5ymEm EJtFQFXi762pYDabgIXEzR+NbCC2qECwRPv2r2wQ9YISJ2c+AdsgInCTUeLnSvkuRg4OYQFf iW1LVUDCQgI+Eod+zwUr5wQJ/5nEDHGQpMS2RcfYQWxmAQOJI4vmsELY8hLNW2czQ/RqSzQ0 dbBOYBSchWTbLCQts5C0LGBkXsXInpuYmZNebrSJERiiB7f8Vt3BeOecyCFGaQ4WJXHezXpn AoUE0hNLUrNTUwtSi+KLSnNSiw8xMnFwSjUwCtcaOMt/PV+t9v3p17bG3kmCj2dJeCywafVp WPGdzdzZ0JWjwfi9y7lZG/XynGxE78zOvX5a4J6mc8an+/GZasklbhMSRU4+X6ai7bfwUrl9 +ew5RizFZpvfVPvdvCby4kidBfeeU2euLdjTfVQr+2GURJ/Rky1py95c4OxLeL37GpPXpE47 JZbijERDLeai4kQADqxulx8CAAA=
Subject: Re: [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-and-requirements-11
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2013 11:59:46 -0000
Hi, I have reviewed the Use Case and Requirements draft (v11) in the WG last call. I have the following comments on this document. I have found a number of issues that I definitely needs to be fixed prior to any publication request. 1. First of all I like to bring up a document structure problem. When reviewing this it is difficult to follow what requirements that are added for the different use cases. I would propose that each Use Case or general section that describe something that causes new requirements that hasn't been listed yet in the document to define the Requirement there. Something like this: 3.2.2.1. Description This use-case is almost identical to the Simple Video Communication Service use-case (Section 3.2.1). The difference is that one of the users is behind a NAT that blocks UDP traffic. 3.2.2.2. Derived Requirements F1, F2, F3, F4, F5, F8, F9, F10, F20, F25, F28 A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11, A12 New Requirement: F29 The browser must be able to send streams and data to a peer in the presence of NATs that block UDP traffic. This makes the incremental use cases much more understandable in how they add requirements. This I think will also affect Section 3.1 which will need to include the requirement definitions created by these general considerations. However, I do suggest that you leave the collection of all requirements in place for easy reference. 2. Section 1: The document focuses on requirements related to real-time media streams and data exchange. Requirements related to privacy, signalling between the browser and web server etc. are currently not considered. I think this needs to be rewritten. The draft actually do consider a number of high level security and privacy concerns. 3. Section 2: If you have no definitions, do remove the section, rather then leaving it TBD. 4. Section 3.1 o Clients can be on wideband (10s of Mbits/sec) o Clients can be on narrowband (10s to 100s of Kbits/sec) Due to the usage of the terms wideband and narrowband I think you need to be more explicit about what is actually referred to here. My assumption is network throughput capability. And in these cases maybe expressing this explicitly is a better choice. 5. Section 3.1: o Clients can be on networks with any type (as described in RFC4787) of NAT. I think "any type" is unclear here, as there are no types defined in that RFC unless you are trying to express the difference between basic NAT and NAPT, which I don't believe you are. I think you should use something like this: o Clients can be on networks with a NAT using any type of Mapping and Filtering behaviors (as described in RFC4787). 6. Section 3.2.1.1: It is essential that the communication cannot be wiretapped [RFC2804]. This sentence returns a number of times in this document. I think it is a general security requirement that applies to probably all of the use cases. If there is one use case that don't need to enable protection against this, then please be explicit about that. My Suggestion is to move this into the general considerations section. 7. Section 3.2.1.1: In addition, it is required that browsers enable the media and data security keys to be cryptographically bound to the user identity. I think this sentence is actually subtly wrong in a couple of ways. First of all it talks about "the identity", where I think it should be talking about "a identity". This can both the human users identity, but also a role identity, like Police Officer. Secondly, binding it to the security keys without putting requirements on the keying and key-exchange mechanism to prevent man in the middles empties this requirement. I would recommend that you reformulate this to a high level requirement without going into mechanism. For example: In addition, it is required that browsers enables binding an identity of the user's choice to his end of the secured communication and that such mechanism prevent man in the middle attacks. 8. Section 3.2.1.1 One user has an unreliable Internet connection. It sometimes loses packets, and sometimes goes down completely. I guess the requirement here is to handle this in a graceful way from media transport and rendering perspective. The packet loss is also unclear as I don't know if the intention is to capture spurious packet losses due to the link media, or congestion losses. I think some expansion of this is needed. 9. Section 3.2.1.1: One user is located behind a Network Address Translator (NAT). What is the point being stressed here that isn't covered by the general consideration in 3.1 that says: o Clients can be on networks with any type (as described in RFC4787) of NAT. Section 3.2.2.2: 3.2.2.2. Derived Requirements F1, F2, F3, F4, F5, F8, F9, F10, F20, F25, F28, F29 A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11, A12 How come this list of Derived Requirements are shorter than for the parent use case which has the following list: 3.2.1.2. Derived Requirements F1, F2, F3, F4, F5, F8, F9, F10, F20, F25, F28, F35, F36, F38, F39 A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11, A12, A25, A26 If each use case is listing all the requirement then it needs to be consistently done and actually list all that applies. If there are requirements from the parent that doesn't apply that may even be worth explicitly mentioning. This comments applies to all use cases as there appears to be general inconsistencies. 10. Section 3.2.3.1: 3.2.3.1. Description This use-case is almost identical to the Simple Video Communication Service use-case (Section 3.2.1). The difference is that one of the users is behind a FW that only allows http traffic. If a firewall only allows HTTP traffic, then can we really assume that the firewall administrator per default will accept WebRTC Media and Data traffic? I am far from certain of this, and think on a requirement level needs to express a situation where the firewall administrator allows WebRTC across its FW, or at least can easily configure a rule to block it. Thus resulting in that any solution for this needs to be easily identifiable and possible to block. See also PNTAW@ietf.org mailing list. 11. Section 3.2.8.1: But in addition to this, one of the users can share what is being displayed on her/his screen with a peer. The user can choose to share the entire screen, part of the screen (part selected by the user) or what a selected applicaton displays with the peer. Does this needs mentioning of additional high level security requirements? 12. Section 3.2.10.1: The service providers are interconnected by some means, but exchange no more information about the users than what can be carried using SIP. NOTE: More profiling of what this means may be needed. The Note, can it be removed, or do we need additional text in this document? 13. Section 3.2.10.1: The same issues with connectivity apply. I don't understand this comment. What is it intended to refer to? 14. Section 3.2.11.1: Before the game starts, and during game breaks, the talent scout and the manager have a 1-1 audiovisual communication session. Only the rear facing camera of the mobile phone is used. On the display of the mobile phone, the video of the club manager is shown with a picture-in-picture thumbnail of the rear facing camera (self-view). On the display of the desktop, the video of the talent scout is shown with a picture-in-picture thumbnail of the desktop camera (self- view). I get a bit confused with what is the front and rear of my smart phone. I would consider the display side the front side, and the rear the other big side of my block shaped mobile phone. I suggest using other terms. 15. Section 3.2.14.1: Discussion: This use-case was briefly discussed at the Quebec webrtc meeting and it got support. So far the only concrete requirement (A17) derived is that the application must be able to ask the browser to treat the audio signal as audio (in contrast to speech). However, the use case should be further analysed to determine other requirements (could be e.g. on delay mic->speaker, level control of audio signals, etc.). I think this Discussion points needs to be dealt with before we can publish this document. I would consider the question if this needs more analysis a open issue. 16. Section 3.3.2.1: Alice uses her web browser with a service that allows her to call PSTN numbers. Alice calls 1-800-gofedex. Alice should be able to hear the initial prompts from the fedex IVR and when the IVR says press 1, there should be a way for Alice to navigate the IVR. Can you please expand IVR. 17. Section 3.3.3.1: The organization has an internal network set up with an aggressive firewall handling access to the Internet. If users cannot physically access the internal network, they can establish a Virtual Private Network (VPN). I think the requirements or limitations the above paragraph try to express is not clear. There is some missing assumptions of location of server related to clients that is not covered. Thus it is not clear what requirements this results in. Can you please expand this to something that is understandable. 18. Section 3.3.3.1: This use-case adds requirements on support for fast stream switches F7, on encryption of media and on ability to traverse very restrictive FWs. Regarding the restricted FWs, my comment 10) applies to also this comment. 19. Section 4.2: F14 The browser must be able to measure the level F15 The browser must be able to change the level in audio streams. Can you please make explicit what type level you think should be measured or changed, energy, "voice activity"? 20. Section 4.2 F19 Streams and data must be able to pass through limited middleboxes. What type of limitations are you considering in this requirement? 21. Section 4.2 I note that F30, and F36 may be affected by earlier comments on the underlying reason for these requirements and need additional text or clarifications. 22. Section 4.2: F37 The browser must be able to send streams and data to a peer in the presence of FWs that only allows http(s) traffic. I think this requirement should have a caveat along the lines: when FW policy allos WebRTC traffic. 23. Section 5: Change the TBD to a statement that there are no IANA actions in this document. 24. Section 6.2: These security considerations are really security requirements on the browser or the API. I don't know if would be better to move them to relevant use case sections, or leave them in place. 25. Section 7: 13. Enable company coop without being able to decipher http:// www.ietf.org/mail-archive/web/rtcweb/current/msg04461.html What is "coop" in the above? 26. Please run a spell checker on the document prior to submitting the update. 27. Ensure that the ID nits issues are not real issues: == Line 667 has weird spacing: '...resence of NA...' == Line 785 has weird spacing: '...of that strea...' Cheers Magnus Westerlund ---------------------------------------------------------------------- Multimedia Technologies, Ericsson Research EAB/TVM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-and-… Cullen Jennings (fluffy)
- Re: [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-… Stefan Håkansson LK
- Re: [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-… Magnus Westerlund
- Re: [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-… Bernard Aboba
- [rtcweb] TURN server address via DHCP, WGLC of dr… Karl Stahl
- Re: [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-… Hutton, Andrew
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Harald Alvestrand
- Re: [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-… Karl Stahl
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Bernard Aboba
- [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-and-… Karl Stahl
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Marc Abrams
- [rtcweb] [mmusic] WGLC of draft-ietf-rtcweb-use-c… Karl Stahl
- [rtcweb] [mmusic] TURN server address via DHCP, W… Karl Stahl
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Hutton, Andrew
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Marc Abrams
- Re: [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-… Hutton, Andrew
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Hutton, Andrew
- Re: [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-… Sergio Garcia Murillo
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Tirumaleswar Reddy (tireddy)
- Re: [rtcweb] TURN server address via DHCP, WGLC o… cb.list6
- Re: [rtcweb] [mmusic] WGLC of draft-ietf-rtcweb-u… Dan Wing
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Karl Stahl
- Re: [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-… Chenxin (Xin)
- Re: [rtcweb] additional ICE info Bernard Aboba
- Re: [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-… Karl Stahl
- Re: [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-… Chenxin (Xin)
- Re: [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-… Karl Stahl
- Re: [rtcweb] additional ICE info Dan Wing
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Cullen Jennings (fluffy)
- Re: [rtcweb] additional ICE info Harald Alvestrand
- Re: [rtcweb] additional ICE info Dan Wing
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Karl Stahl
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Harald Alvestrand
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Markus.Isomaki
- Re: [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-… Chenxin (Xin)
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Karl Stahl
- Re: [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-… Karl Stahl
- Re: [rtcweb] TURN server address via DHCP, WGLC o… cb.list6
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Cullen Jennings (fluffy)
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Justin Uberti
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Karl Stahl
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Jeremy Laurenson (jlaurens)
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Justin Uberti
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Martin Thomson
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Bernard Aboba
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Jeremy Laurenson (jlaurens)
- [rtcweb] [mmusic] TURN server address via DHCP, W… Karl Stahl
- Re: [rtcweb] [mmusic] WGLC of draft-ietf-rtcweb-u… Magnus Westerlund
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Saverio Vardaro
- Re: [rtcweb] additional ICE info Martin Thomson
- Re: [rtcweb] [mmusic] WGLC of draft-ietf-rtcweb-u… Karl Stahl
- Re: [rtcweb] [mmusic] TURN server address via DHC… Cullen Jennings (fluffy)
- Re: [rtcweb] [mmusic] TURN server address via DHC… Karl Stahl
- Re: [rtcweb] [mmusic] WGLC of draft-ietf-rtcweb-u… Christer Holmberg
- Re: [rtcweb] [mmusic] TURN server address via DHC… Justin Uberti
- Re: [rtcweb] [mmusic] TURN server address via DHC… cb.list6
- [rtcweb] Payload Types assignments was Re: SV: [m… Magnus Westerlund
- Re: [rtcweb] TURN server address via DHCP, WGLC o… Karl Stahl
- Re: [rtcweb] [mmusic] TURN server address via DHC… Karl Stahl
- Re: [rtcweb] [mmusic] WGLC of draft-ietf-rtcweb-u… Karl Stahl
- Re: [rtcweb] [mmusic] TURN server address via DHC… Justin Uberti
- Re: [rtcweb] Payload Types assignments was Re: SV… Karl Stahl
- Re: [rtcweb] Payload Types assignments was Re: SV… Harald Alvestrand
- Re: [rtcweb] Payload Types assignments was Re: SV… BeckW
- Re: [rtcweb] Payload Types assignments was Re: SV… Ted Hardie
- Re: [rtcweb] Payload Types assignments was Re: SV… BeckW
- Re: [rtcweb] Payload Types assignments was Re: SV… Harald Alvestrand
- Re: [rtcweb] Payload Types assignments was Re: SV… Martin Thomson
- Re: [rtcweb] Payload Types assignments was Re: SV… Harald Alvestrand
- Re: [rtcweb] Payload Types assignments was Re: SV… BeckW
- Re: [rtcweb] Payload Types assignments was Re: SV… Martin Thomson
- Re: [rtcweb] Payload Types assignments was Re: SV… Ted Hardie
- Re: [rtcweb] Payload Types assignments was Re: SV… Lee, Richard FTC
- Re: [rtcweb] Payload Types assignments was Re: SV… Dan Wing
- Re: [rtcweb] Payload Types assignments was Re: SV… BeckW
- Re: [rtcweb] Payload Types assignments was Re: SV… Karl Stahl
- [rtcweb] [mmusic] Anycast discovery, Was TURN ser… Karl Stahl
- [rtcweb] [avtext] Payload Types assignments was R… Karl Stahl
- [rtcweb] [tram] Payload Types assignments Karl Stahl
- Re: [rtcweb] [tram] Payload Types assignments Colin Perkins
- Re: [rtcweb] [tram] Payload Types assignments Karl Stahl
- Re: [rtcweb] [tram] Payload Types assignments Magnus Westerlund
- Re: [rtcweb] [tram] Payload Types assignments Charles Eckel (eckelcu)
- Re: [rtcweb] [tram] Payload Types assignments Colin Perkins
- Re: [rtcweb] [tram] Payload Types assignments Harald Alvestrand
- Re: [rtcweb] [tram] Payload Types assignments Karl Stahl
- Re: [rtcweb] [tram] Payload Types assignments Karl Stahl
- Re: [rtcweb] [tram] Payload Types assignments Karl Stahl
- Re: [rtcweb] [tram] Payload Types assignments Harald Alvestrand
- Re: [rtcweb] [tram] Payload Types assignments Karl Stahl