IETF Logo Mail Archive

Re: [rtcweb] WG Last Call for draft-ietf-rtcweb-stun-consent-freshness

Muthu Arul Mozhi Perumal <muthu.arul@gmail.com> Mon, 25 August 2014 10:55 UTC

Return-Path: <muthu.arul@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 726331A902C for <rtcweb@ietfa.amsl.com>; Mon, 25 Aug 2014 03:55:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fSgKLwRZD-8D for <rtcweb@ietfa.amsl.com>; Mon, 25 Aug 2014 03:55:10 -0700 (PDT)
Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A9731A9029 for <rtcweb@ietf.org>; Mon, 25 Aug 2014 03:55:09 -0700 (PDT)
Received: by mail-wi0-f177.google.com with SMTP id ho1so2318451wib.16 for <rtcweb@ietf.org>; Mon, 25 Aug 2014 03:55:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=KNgAs7eY4nV17yo/DWySbCr0vUqlkyw7IP/o7677vmU=; b=Nc43Was+tzn1tVj80PYY6vFbomeogHIUzjZ4ww+PgDRIOX1WpJL/2IY1LdqFluL9iM e1I6wBrARh58TvZKE64AmfRnnk3/ioZXh+Ze2L9N731J3ZEbvl4VCm9CMkvK//EuJpe8 YAd6yMA/v6ThdmbzfDqg8NlKg1vioz/DvQ6xXRTtrWZrY4APz1fMv/r/pAhaOvS1eETs U0Y0qWGjp389wEoJwCczA0Ef2OiQhuuF55Um1huWt6690s54Yq/3nHgYOTnUQ5L44DBI yKfRAqBcssyWHqlrMnoIcrK2StLbpyo3T452LwU8zTSN3/nSxCL+W9dpDJIvSGYL1jML Larw==
MIME-Version: 1.0
X-Received: by 10.180.108.147 with SMTP id hk19mr14399766wib.4.1408964108552; Mon, 25 Aug 2014 03:55:08 -0700 (PDT)
Received: by 10.180.197.168 with HTTP; Mon, 25 Aug 2014 03:55:08 -0700 (PDT)
In-Reply-To: <009001cfbe4f$6b92f280$42b8d780$@co.in>
References: <CA+9kkMCZT1XW4LLaJ4Nq2DbrxD59cYnjLo5JXn9fjEb8pyamaQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D41CDC3@ESESSMB209.ericsson.se> <CAKz0y8zycsyr9m4BA=-8xOaWkU+Sog5Mbz7K-oN3woqi++mVzg@mail.gmail.com> <53F451CF.10705@alvestrand.no> <001b01cfbc94$fccd5310$f667f930$@co.in> <CAKz0y8zNM3rc3XC6JqrK+d4hXiT5TomhNM+W2twg0+-83-pFow@mail.gmail.com> <CABkgnnUnfB5bskH4zWRfBMdHbSoqftV5Fo_GEXoLt9XCH9Tt_w@mail.gmail.com> <CAD5OKxsT9Vdm0=tjk9WsLAH4ekbAizgyjm--168TrOf8UAYGZw@mail.gmail.com> <CABkgnnXUpibu8kWYmbJJJT2J3RNGXFV8LbceLijgG0U-pGY2xQ@mail.gmail.com> <CAKz0y8z_oBf2efavfOLgzqE1R8sZstefZ1tvwwJLkhRskXZERQ@mail.gmail.com> <CAD5OKxsSqA=cki_fSaqAPP0GXCv_kHr6571C+K9ze4ceHCGYdQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D427B68@ESESSMB209.ericsson.se> <D01D6B42.104F8%rmohanr@cisco.com> <009001cfbe4f$6b92f280$42b8d780$@co.in>
Date: Mon, 25 Aug 2014 16:25:08 +0530
Message-ID: <CAKz0y8y3=0_-jwWiviR_Uj6tSq75NEq92Ocergc_NvFk2h_72Q@mail.gmail.com>
From: Muthu Arul Mozhi Perumal <muthu.arul@gmail.com>
To: Parthasarathi R <partha@parthasarathi.co.in>
Content-Type: multipart/alternative; boundary="e89a8f3ba5b53111850501720513"
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/DhUZxZ4LcVF69W18w0nW9rOXDoM
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] WG Last Call for draft-ietf-rtcweb-stun-consent-freshness
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Aug 2014 10:55:13 -0000

I thought a "SHOULD perform" is more appropriate for a WebRTC device as it
doesn't implement the public API and might run a proprietary/native app
running in a constrained environment and the overhead of performing the
periodic consent might overweigh the benefits. However, I don't have an
issue of making it a MUST -- at least no one has objected so far. I hear
the following options from the discussions so far:

Option 1:
WebRTC browser - MUST
WebRTC device - MUST
Other (WebRTC/non-WebRTC) entities - MAY

Option 2:
Any WebRTC entity doing full ICE - MUST
Other (WebRTC/non-WebRTC) entities - MAY

Obviously, #2 is stronger than #1 and also covers a WebRTC gateway doing
full ICE. I would like to hear from others as well..

Muthu

On Sat, Aug 23, 2014 at 2:54 AM, Parthasarathi R <partha@parthasarathi.co.in
> wrote:

>  Hi Ram/Muthu,
>
>
>
> There is a terminology variation here. As per the current overview
> document, WebRTC device supports full WebRTC protocol requirement which
> includes consent-check. In case consent check is excluded from WebRTC
> device,  the new definition has to be provided for “WebRTC device” in
> –overview draft. I don’t think that WebRTC device definition has to be
> changed now.
>
>
>
> IMO, WebRTC device & WebRTC browser MUST support consent check. As
> discussed in another mail thread, there is an need to define “WebRTC
> endpoint” which relaxes the lot of WebRTC protocol requirement based on the
> specific deployment like Enterprise, LTE EPC. “WebRTC Endpoint” & “WebRTC
> Gateway” MAY support consent check.
>
>
>
> I have highlighted Full ICE as a criteria for “WebRTC Endpoint” & “WebRTC
> Gateway” in
> http://www.ietf.org/mail-archive/web/rtcweb/current/msg12938.html as it
> helps the implementers to decide whether consent check has to be
> implemented in their “WebRTC Endpoint”/ “WebRTC Gateway” or not. As “WebRTC
> Endpoint” is yet to defined and “WebRTC gateway” is just now proposed in
> -11 overview draft,  I have proposed the text as
>
>
>
> “Full ICE supporting WebRTC entities  MUST support consent freshness.”
>
>
>
> Please let me your opinion on the same.
>
>
>
> Also, I agree with Muthu’s statement to indicates the other requirement
> for WebRTC entities to include consent check are:
>
> “to use the mechanism to make it more secure or compute RTT or carry
> network information”
>
>
>
>
>
> Thanks
>
> Partha
>
>
>
>
>
>
>
> *From:* rtcweb [mailto:rtcweb-bounces@ietf.org] *On Behalf Of *Ram Mohan
> R (rmohanr)
> *Sent:* Friday, August 22, 2014 9:48 PM
> *To:* Christer Holmberg; Roman Shpount; Muthu Arul Mozhi Perumal
>
> *Cc:* rtcweb@ietf.org
> *Subject:* Re: [rtcweb] WG Last Call for
> draft-ietf-rtcweb-stun-consent-freshness
>
>
>
> Right. I think we had discussed this in the past and added the below text
> in the draft
>
>
>
> " WebRTC endpoints are required to support full ICE as specified in
>
>    section 3.4 of [I-D.ietf-rtcweb-transports <http://tools.ietf.org/html/draft-ietf-rtcweb-stun-consent-freshness-05#ref-I-D.ietf-rtcweb-transports>].  However, when WebRTC
>
>    endpoints interwork with other endpoints that support only ICE-lite
>
>    (e.g. gateways) those endpoints will not generate consent checks, but
>
>    just respond to consent checks they receive”
>
>
> Isn’t this sufficient ?
>
>
> Ram
>
>
>
> *From: *Christer Holmberg <christer.holmberg@ericsson.com>
> *Date: *Friday, 22 August 2014 9:29 pm
> *To: *Roman Shpount <roman@telurix.com>, Muthu Arul Mozhi Perumal <
> muthu.arul@gmail.com>
> *Cc: *"rtcweb@ietf.org" <rtcweb@ietf.org>
> *Subject: *Re: [rtcweb] WG Last Call for
> draft-ietf-rtcweb-stun-consent-freshness
>
>
>
> Hi,
>
>
>
> An ICE-lite endpoint must already today *REPLY* to STUN requests - consent
> freshness does not change that.
>
>
>
> But, I don't think an ICE-lite endpoint shall be mandated to *SEND*
> consent freshness requests.
>
>
>
> Regards,
>
>
>
> Christer
>
>
>
>
>  ------------------------------
>
> *From:* rtcweb [rtcweb-bounces@ietf.org] on behalf of Roman Shpount [
> roman@telurix.com]
> *Sent:* Friday, 22 August 2014 4:37 PM
> *To:* Muthu Arul Mozhi Perumal
> *Cc:* rtcweb@ietf.org
> *Subject:* Re: [rtcweb] WG Last Call for
> draft-ietf-rtcweb-stun-consent-freshness
>
> On Fri, Aug 22, 2014 at 1:25 AM, Muthu Arul Mozhi Perumal <
> muthu.arul@gmail.com> wrote:
>
>  draft-ietf-rtcweb-stun-consent-freshness is about making the WebRTC
> browser more secure. It however allows an RTP endpoint (that also does ICE)
> to use the mechanism to make it more secure or compute RTT or carry network
> information or whatever. However, requiring every RTP endpoint perform it
> seems asking too much.
>
>
>
> My take:
>
> WebRTC browser - MUST
>
> WebRTC devide - SHOULD
>
> Other RTP entities (including WebRTC gateway) - MAY
>
>
>
>
>
>  I would say that all full ICE endpoint interworking with WebRTC MUST
> implement consent freshness. ICE-LITE will not implement, but MUST respond
> (unless someone defines it, but once you start sending STUN request you
> might as well do full ICE, so I do not see much point in it). And to
> conclude strongly encourage full ICE implementation for security and other
> reasons.
>
> _____________
> Roman Shpount
>
>
>

v2.23.0 | Report a Bug | By Email