Re: [rtcweb] Requiring ICE for RTC calls

Iñaki Baz Castillo <ibc@aliax.net> Mon, 26 September 2011 15:26 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04E6121F8BF6 for <rtcweb@ietfa.amsl.com>; Mon, 26 Sep 2011 08:26:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.639
X-Spam-Level:
X-Spam-Status: No, score=-2.639 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8mC18Jnk3o2H for <rtcweb@ietfa.amsl.com>; Mon, 26 Sep 2011 08:26:54 -0700 (PDT)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 7007221F8B06 for <rtcweb@ietf.org>; Mon, 26 Sep 2011 08:26:54 -0700 (PDT)
Received: by vcbfo11 with SMTP id fo11so4055332vcb.31 for <rtcweb@ietf.org>; Mon, 26 Sep 2011 08:29:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.69.18 with SMTP id a18mr5939406vdu.430.1317050977193; Mon, 26 Sep 2011 08:29:37 -0700 (PDT)
Received: by 10.220.94.200 with HTTP; Mon, 26 Sep 2011 08:29:37 -0700 (PDT)
In-Reply-To: <4E80984A.903@skype.net>
References: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com> <CAD6AjGSmz5T_F+SK2EoBQm6T-iRKp7dd4j8ZAF5JKdbbyomZQA@mail.gmail.com> <CALiegfmO54HC+g9L_DYn4jtXAAbLEvS++qxKa6TNrLDREs9SeA@mail.gmail.com> <4E80984A.903@skype.net>
Date: Mon, 26 Sep 2011 17:29:37 +0200
Message-ID: <CALiegfmyvTb57WVooKryS-ubfcg+w5gZ+zfO1zzBLn3609AzaA@mail.gmail.com>
From: =?UTF-8?Q?I=C3=B1aki_Baz_Castillo?= <ibc@aliax.net>
To: Matthew Kaufman <matthew.kaufman@skype.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: Randell Jesup <randell-ietf@jesup.org>, rtcweb@ietf.org
Subject: Re: [rtcweb] Requiring ICE for RTC calls
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Sep 2011 15:26:55 -0000

2011/9/26 Matthew Kaufman <matthew.kaufman@skype.net>et>:
> For example, an evil overlord that creates a web site for allowing its
> clients to attack systems behind a firewall could relax those requirements
> and not mandate ICE/SRTP when opening arbitrary connections to systems
> behind said firewall.
>
> The "configuration" must be retrieved by the WebRTC client *from the system
> it will be sending traffic to*... the best format we have for that is to
> send a (rate-limited) STUN connectivity check with short-term credentials
> and see if it is replied to properly. That's how ICE works.

I understand your points and I agree. That would be the perfect scenario.

But I'm worried about the price to pay for these security constrains
(no interoperability with 95% of SIP-PSTN providers within next 3-5
years).

Regards.


-- 
Iñaki Baz Castillo
<ibc@aliax.net>