Re: [rtcweb] draft-jesup-rtcweb-data-00 posted
Eric Rescorla <ekr@rtfm.com> Tue, 25 October 2011 14:20 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B65D721F84CE for <rtcweb@ietfa.amsl.com>; Tue, 25 Oct 2011 07:20:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.965
X-Spam-Level:
X-Spam-Status: No, score=-102.965 tagged_above=-999 required=5 tests=[AWL=0.012, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mAkbeOLooz5Z for <rtcweb@ietfa.amsl.com>; Tue, 25 Oct 2011 07:20:58 -0700 (PDT)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 223F421F84CD for <rtcweb@ietf.org>; Tue, 25 Oct 2011 07:20:58 -0700 (PDT)
Received: by vcbfo1 with SMTP id fo1so592976vcb.31 for <rtcweb@ietf.org>; Tue, 25 Oct 2011 07:20:57 -0700 (PDT)
Received: by 10.52.175.165 with SMTP id cb5mr27802569vdc.47.1319552457604; Tue, 25 Oct 2011 07:20:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.161.20 with HTTP; Tue, 25 Oct 2011 07:20:17 -0700 (PDT)
In-Reply-To: <D3C41C1C-3586-4A22-8040-C7F0E22B41A7@acmepacket.com>
References: <4EA5EA46.1010803@jesup.org> <D3C41C1C-3586-4A22-8040-C7F0E22B41A7@acmepacket.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 25 Oct 2011 07:20:17 -0700
Message-ID: <CABcZeBPuDZKCQgZ4RV-_zMrp2wa1EjM-w74VA=TuDzY3UY0HtQ@mail.gmail.com>
To: Hadriel Kaplan <HKaplan@acmepacket.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: Randell Jesup <randell-ietf@jesup.org>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] draft-jesup-rtcweb-data-00 posted
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Oct 2011 14:20:58 -0000
On Tue, Oct 25, 2011 at 1:02 AM, Hadriel Kaplan <HKaplan@acmepacket.com> wrote: > > Hi Randell, > What do you think about the following additional requirements: > > Req. 7: Data streams MUST provide fragmentation at a layer above UDP, such that IP-layer fragmentation does not occur no matter how large a message/buffer the Javascript application passes down to the Browser to be sent out. > > Req. 8: The data stream transport protocol MUST NOT encode IP addresses inside its protocol fields; doing so reveals potentially private information, and leads to failure if the address is depended upon. I don't really understand what this means. In general, the peer has access to your IP address information from ICE. > Req. 9: The data stream protocol SHOULD support unbounded-length "messages" (i.e., a virtual socket stream) at the application layer, for such things as image-file-transfer; or else it MUST support at least a maximum application-layer message size of 4GB. > > Req. 10: The data stream packet format/encoding MUST be such that it is impossible for a malicious Javascript to generate an application message crafted such that it could be interpreted as a native protocol over UDP - such as UPnP, RTP, SNMP, STUN, etc. I'm not sure this is really an issue the way you raise it. It's clear that you shouldn't be able to generate messages that appear to be STUN or RTP but that's necessary for demux to work right. However, given that the other side has consented, I don't see that confusion with other protocols being an issue. The kind of intercepting proxies that we found for HTTP don't seem to be a feature of the UDP environment. -Ekr
- [rtcweb] draft-jesup-rtcweb-data-00 posted Randell Jesup
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Hadriel Kaplan
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Eric Rescorla
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Randell Jesup
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Ted Hardie
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Hadriel Kaplan
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Eric Rescorla
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Hadriel Kaplan
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Randell Jesup
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Hadriel Kaplan
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Eric Rescorla
- Re: [rtcweb] draft-jesup-rtcweb-data-00 posted Cullen Jennings