Re: [rtcweb] Let's define the purpose of WebRTC

Christer Holmberg <christer.holmberg@ericsson.com> Sun, 06 November 2011 13:08 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A67A221F8482 for <rtcweb@ietfa.amsl.com>; Sun, 6 Nov 2011 05:08:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.867
X-Spam-Level:
X-Spam-Status: No, score=-5.867 tagged_above=-999 required=5 tests=[AWL=-0.168, BAYES_00=-2.599, J_CHICKENPOX_43=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zjDpv5U3NbPf for <rtcweb@ietfa.amsl.com>; Sun, 6 Nov 2011 05:08:32 -0800 (PST)
Received: from mailgw10.se.ericsson.net (mailgw10.se.ericsson.net [193.180.251.61]) by ietfa.amsl.com (Postfix) with ESMTP id 9B7FE21F8480 for <rtcweb@ietf.org>; Sun, 6 Nov 2011 05:08:31 -0800 (PST)
X-AuditID: c1b4fb3d-b7c26ae0000035b9-14-4eb686cecb70
Received: from esessmw0184.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw10.se.ericsson.net (Symantec Mail Security) with SMTP id 1A.68.13753.EC686BE4; Sun, 6 Nov 2011 14:08:30 +0100 (CET)
Received: from ESESSCMS0356.eemea.ericsson.se ([169.254.1.57]) by esessmw0184.eemea.ericsson.se ([10.2.3.53]) with mapi; Sun, 6 Nov 2011 14:08:30 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Hadriel Kaplan <HKaplan@acmepacket.com>, =?iso-8859-1?Q?I=F1aki_Baz_Castillo?= <ibc@aliax.net>
Date: Sun, 6 Nov 2011 14:05:55 +0100
Thread-Topic: [rtcweb] Let's define the purpose of WebRTC
Thread-Index: AQHMnDaOf7Rk7jbqSkasPb/KQmbKSJWf0SIv
Message-ID: <7F2072F1E0DE894DA4B517B93C6A058522357173C1@ESESSCMS0356.eemea.ericsson.se>
References: <CALiegfkVNVAs_MyU_-4koA4zRwSn1-FwLjY9g_oZVkhi9rSK5Q@mail.gmail.com>, <8A61D801-D14D-408B-9875-63C37D0CC166@acmepacket.com>
In-Reply-To: <8A61D801-D14D-408B-9875-63C37D0CC166@acmepacket.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAA==
Cc: "<rtcweb@ietf.org>" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Let's define the purpose of WebRTC
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Nov 2011 13:08:32 -0000

Hi,

I totally agree with Hadriel's statement :)

...but I still care about security. However, for me the biggest issue is not whether *usage* of SRTP is mandated or not, but that I am able to use it with SDES. Yes, because of legacy interoperability :)

Regards,

Christer


________________________________________
From: rtcweb-bounces@ietf.org [rtcweb-bounces@ietf.org] On Behalf Of Hadriel Kaplan [HKaplan@acmepacket.com]
Sent: Sunday, November 06, 2011 5:45 AM
To: Iñaki Baz Castillo
Cc: <rtcweb@ietf.org>
Subject: Re: [rtcweb] Let's define the purpose of WebRTC

On Nov 5, 2011, at 9:35 AM, Iñaki Baz Castillo wrote:

> Hi, in theory WebRTC is about realtime communications for the Web, but
> there is interest in making it interoperable with SIP networks. So:
>
> - Who is interested in interoperability with SIP? telcos (and me).

I think that's an exaggeration, or perhaps a simplification, or generalization - well, some X-ation anyway. :)

There is a ton of SIP in the Enterprise market, and they're not "Telcos".  Enterprises deploy a lot of web servers and web applications as well, obviously - some for the public Internet, and some for their intranet (which may happen to be through VPNs over the public Internet).


> - What does require "interoperability with SIP"? does it mean that
> WebRTC should allow plain RTP and no ICE? This has been discussed many
> times in this WG: Security in the media plane MUST NOT be optional, it
> MUST be a MUST. So sorry, but a legacy SIP device not implementing
> SRTP+ICE cannot interoperate with a WebRTC endoint. Period.

I don't think one can lump SRTP together with ICE as an all-or-nothing binary choice of "security".  The two solve very different problems.  The WG may end up deciding both have to be used in the end, but the decision should be made independently.

I don't see a way to let WebRTC happen without ICE, for example, simply for the consent portion of it - we can't trust the Javascript well enough to do without it.  But supporting plaintext RTP isn't about trusting/not-trusting the Javascript - it's more akin to allowing web-applications to use HTTP vs. HTTPS.  Are we going to mandate HTTPS be used as well?

There are web applications which don't care about securing their content.  A game app, for example, might not care about secure media and might not want to use SRTP because they have to use a central media server mixer or announcement server or whatever, and don't want to take the hit for SRTP on it.  Another example is a website for creating virtual greeting cards, which might use WebRTC to record a personal greeting to go with the virtual card, and might not want to take the hit to secure media to their recording servers. (I don't know if they're popular elsewhere, but in the US these virtual greeting e-card things are popular for sending birthday/anniversary/etc. greetings, and most of them are plaintext HTTP)

-hadriel

_______________________________________________
rtcweb mailing list
rtcweb@ietf.org
https://www.ietf.org/mailman/listinfo/rtcweb